Index: webform_report.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/webform_report/Attic/webform_report.inc,v
retrieving revision 1.1.2.19
diff -u -r1.1.2.19 webform_report.inc
--- webform_report.inc 28 Oct 2008 13:26:51 -0000 1.1.2.19
+++ webform_report.inc 6 Feb 2010 19:21:36 -0000
@@ -8,7 +8,7 @@
*/
function _webform_report_get_webforms() {
$webforms = array();
- $result = db_query("SELECT nid, title FROM {node} WHERE type = 'webform'");
+ $result = db_query(db_rewrite_sql("SELECT nid, title FROM {node} WHERE type = 'webform'"));
while ($row = db_fetch_object($result)) {
$webforms[$row->nid] = t($row->title);
@@ -24,7 +24,7 @@
*/
function _webform_report_get_components($nid) {
$components = array();
- $result = db_query("SELECT c.cid, c.name FROM {webform_component} c WHERE c.type <> 'fieldset' AND c.nid = '$nid' ORDER BY c.weight");
+ $result = db_query("SELECT c.cid, c.name FROM {webform_component} c WHERE c.type <> 'fieldset' AND c.nid = %d ORDER BY c.weight", $nid);
while ($row = db_fetch_object($result)) {
$component_name = substr($row->name, 0, 65);
@@ -54,9 +54,8 @@
LEFT JOIN {users} u ON s.uid = u.uid
WHERE d.nid = c.nid
AND c.nid = s.nid
- AND s.nid = '" . $node->wnid . "'
- ORDER BY d.sid, c.cid, d.no DESC, c.name, d.data
- ");
+ AND s.nid = %d
+ ORDER BY d.sid, c.cid, d.no DESC, c.name, d.data", $node->wnid);
}
/**
@@ -100,7 +99,7 @@
$values[$row->sid][-4] = array('data' => $row->remote_addr, 'field' => -4);
$values[$row->sid][-5] = array('data' => '' . t('edit') . '', 'field' => -5);
// The attribute 'field' is used to preserve the cid, as array_multisort re-indexes the array.
- $values[$row->sid][$row->cid] = array('data' => $row->data, 'field' => $row->cid);
+ $values[$row->sid][$row->cid] = array('data' => filter_xss($row->data), 'field' => $row->cid);
}
else {
// This will prevent empty table cells from being omitted by filling them with blanks.
@@ -212,7 +211,7 @@
array_multisort($column[$node->sort_col], (int)$node->sort, $values);
// Keep only fields requested in report criteria.
- _webform_report_prepare_report_data(&$fields, &$values, $node);
+ _webform_report_prepare_report_data($fields, $values, $node);
// Filter the table values.
if ($node->filter_type != 0) {
@@ -356,7 +355,7 @@
* @return a uid for the specified user
*/
function _webform_report_get_uid_for_user($name) {
- $result = db_query("SELECT uid FROM {users} WHERE name = '" . $name . "'");
+ $result = db_query("SELECT uid FROM {users} WHERE name = '%s'", $name);
$user = db_fetch_object($result);
return $user->uid;
}
@@ -371,7 +370,7 @@
if (user_access('access webform reports')) {
$header = array(t('View'), t('Edit'), t('Delete'));
- $result = db_query("SELECT nid, title FROM {node} WHERE type='webform_report'");
+ $result = db_query(db_rewrite_sql("SELECT nid, title FROM {node} WHERE type='webform_report'"));
while ($node = db_fetch_object($result)) {
$rows[] = array(l($node->title,'node/' . $node->nid),
@@ -381,7 +380,7 @@
}
$output = theme_table($header, $rows, array('class' => 'webform'));
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
}
return $output;
}
@@ -404,45 +403,31 @@
// Break the array into chunks for pagination.
$pages = array_chunk($values, $results_per_page, TRUE);
- if (!$_GET['page']) {
- $_GET['page'] = '1';
- }
- $output = theme_table($fields, $pages[($_GET['page'] - 1)], array('class' => 'webform_report'));
- $output .= '';
+
+ // Grab the 'page' query parameter.
+ // Taken from pager_query() in pager.inc
+ $page = isset($_GET['page']) ? $_GET['page'] : '';
+
+ // Convert comma-separated $page to an array, used by other functions.
+ // Taken from pager_query() in pager.inc
+ $pager_page_array = explode(',', $page);
+
+ // format the table with the current page
+ if ($page == '') $page = 0;
+ $output = theme_table($fields, $pages[$page], array('class' => 'webform_report'));
+
+ // Put some magic in the two global variables
+ // Based on code in pager_query() in pager.inc
+ $pager_total[0] = count($pages);
+ $pager_page_array[0] =
+ max(0, min(
+ (int)$pager_page_array[0],
+ ((int)$pager_total[0]) - 1)
+ );
+
+ // Add the pager to the output.
+ $output .= theme('pager', NULL, $results_per_page, 0);
+
return $output;
}
Index: webform_report.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/webform_report/webform_report.module,v
retrieving revision 1.2.2.55.2.37
diff -u -r1.2.2.55.2.37 webform_report.module
--- webform_report.module 28 Oct 2008 13:45:38 -0000 1.2.2.55.2.37
+++ webform_report.module 6 Feb 2010 19:13:47 -0000
@@ -167,7 +167,7 @@
// Populate webform_report-specific node variables only if no new data has been submitted via a form.
if (empty($_POST['wnid'])) {
$additions = db_fetch_object(db_query("SELECT wnid, kcid, description, sort, filter_type, filter_value, results_per_page, components
- FROM {webform_report} WHERE nid = '" . $node->nid . "'"));
+ FROM {webform_report} WHERE nid = %d", $node->nid));
// Unpack components (slashes added for MySQL compatibility).
$components = unserialize(stripslashes($additions->components));
@@ -217,7 +217,7 @@
function webform_report_insert($node) {
db_query("INSERT INTO {webform_report} (nid, description)
VALUES (%d, '%s')", $node->nid, $node->description);
- watchdog('webform_report', 'Webform report "'.$node->title.'" added', NULL, WATCHDOG_NOTICE); // log it
+ watchdog('webform_report', 'Webform report @title added', array('@title' => $node->title), WATCHDOG_NOTICE); // log it
}
/**
@@ -227,14 +227,14 @@
// What to update, based on url arguments.
if(arg(2) == 'add' | arg(2) == 'edit') {
if(arg(4) == 'criteria') {
- db_query("UPDATE {webform_report}u SET wnid = %d, kcid = %d, sort = %d, components = '%s', filter_type = %d, filter_value = '%s', results_per_page = %d
- WHERE nid = '" . $node->nid . "'", $node->wnid, $node->kcid, $node->sort, addslashes(serialize($node->components)), $node->filter_type,
- $node->filter_value, $node->results_per_page
+ db_query("UPDATE {webform_report} SET wnid = %d, kcid = %d, sort = %d, components = '%s', filter_type = %d, filter_value = '%s', results_per_page = %d
+ WHERE nid = %d", $node->wnid, $node->kcid, $node->sort, addslashes(serialize($node->components)), $node->filter_type,
+ $node->filter_value, $node->results_per_page, $node->nid
);
}
else {
db_query("UPDATE {webform_report} SET description = '%s' WHERE nid = '" . $node->nid . "'", $node->description);
- watchdog('webform_report', 'Webform report "'.$node->title.'" updated', NULL, WATCHDOG_NOTICE); // log it
+ watchdog('webform_report', 'Webform report @title updated', array('@title' => $node->title), WATCHDOG_NOTICE); // log it
}
}
}
@@ -243,8 +243,8 @@
* Implementation of hook_delete
*/
function webform_report_delete($node) {
- db_query("DELETE FROM {webform_report} WHERE nid = '$node->nid'");
- watchdog('webform_report', 'Webform report "'.$node->title.'" deleted', NULL, WATCHDOG_NOTICE); // log it
+ db_query("DELETE FROM {webform_report} WHERE nid = %d", $node->nid);
+ watchdog('webform_report', 'Webform report @title deleted', array('@title' => $node->title), WATCHDOG_NOTICE); // log it
}
function webform_report_validate($node, &$form) {
@@ -416,7 +416,7 @@
'#type' => 'checkboxes',
'#title' => t('Include components'),
'#description' => t('Select all of the components to include in this report and click Preview to display the results'),
- '#options' => $meta_components + $webform_components + array(-5 => t('Edit link')),
+ '#options' => array_map('filter_xss', $meta_components + $webform_components + array(-5 => t('Edit link'))),
'#default_value' => $default,
'#required' => TRUE,
'#weight' => 5