Index: webform_report.inc =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/webform_report/Attic/webform_report.inc,v retrieving revision 1.1.2.19 diff -u -r1.1.2.19 webform_report.inc --- webform_report.inc 28 Oct 2008 13:26:51 -0000 1.1.2.19 +++ webform_report.inc 10 Feb 2010 02:24:57 -0000 @@ -8,7 +8,7 @@ */ function _webform_report_get_webforms() { $webforms = array(); - $result = db_query("SELECT nid, title FROM {node} WHERE type = 'webform'"); + $result = db_query(db_rewrite_sql("SELECT nid, title FROM {node} WHERE type = 'webform'")); while ($row = db_fetch_object($result)) { $webforms[$row->nid] = t($row->title); @@ -24,7 +24,7 @@ */ function _webform_report_get_components($nid) { $components = array(); - $result = db_query("SELECT c.cid, c.name FROM {webform_component} c WHERE c.type <> 'fieldset' AND c.nid = '$nid' ORDER BY c.weight"); + $result = db_query("SELECT c.cid, c.name FROM {webform_component} c WHERE c.type <> 'fieldset' AND c.nid = %d ORDER BY c.weight", $nid); while ($row = db_fetch_object($result)) { $component_name = substr($row->name, 0, 65); @@ -54,9 +54,8 @@ LEFT JOIN {users} u ON s.uid = u.uid WHERE d.nid = c.nid AND c.nid = s.nid - AND s.nid = '" . $node->wnid . "' - ORDER BY d.sid, c.cid, d.no DESC, c.name, d.data - "); + AND s.nid = %d + ORDER BY d.sid, c.cid, d.no DESC, c.name, d.data", $node->wnid); } /** @@ -81,7 +80,7 @@ $fields[-5] = array('data' => t('Edit'), 'field' => -5, 'sort' => $_GET['sort']); while ($row = db_fetch_object($data)) { if (!isset($fields[$row->cid])) { - $fields[$row->cid] = array('data' => $row->name, 'field' => $row->cid, 'sort' => $_GET['sort']); + $fields[$row->cid] = array('data' => check_plain($row->name), 'field' => $row->cid, 'sort' => $_GET['sort']); } // Begin data. // The value '0' means that a group of checkboxes has no selection. @@ -98,9 +97,9 @@ $values[$row->sid][-2] = array('data' => date('Y-m-d', $row->submitted), 'field' => -2); $values[$row->sid][-3] = array('data' => date('H:s', $row->submitted), 'field' => -3); $values[$row->sid][-4] = array('data' => $row->remote_addr, 'field' => -4); - $values[$row->sid][-5] = array('data' => '' . t('edit') . '', 'field' => -5); + $values[$row->sid][-5] = array('data' => l('edit', 'node/'. $row->nid . '/submission/' . $row->sid . '/edit'), 'field' => -5); // The attribute 'field' is used to preserve the cid, as array_multisort re-indexes the array. - $values[$row->sid][$row->cid] = array('data' => $row->data, 'field' => $row->cid); + $values[$row->sid][$row->cid] = array('data' => filter_xss($row->data), 'field' => $row->cid); } else { // This will prevent empty table cells from being omitted by filling them with blanks. @@ -212,7 +211,7 @@ array_multisort($column[$node->sort_col], (int)$node->sort, $values); // Keep only fields requested in report criteria. - _webform_report_prepare_report_data(&$fields, &$values, $node); + _webform_report_prepare_report_data($fields, $values, $node); // Filter the table values. if ($node->filter_type != 0) { @@ -222,7 +221,7 @@ $values = _webform_report_add_data_links($fields, $values); // Display number of rows after description. - $output .= $node->description . " (" . count($values) . " " . t('results') . ")

"; + $output .= filter_xss_admin($node->description) . " (" . count($values) . " " . t('results') . ")

"; $output .= _webform_report_pager($fields, $values, $node); } else { @@ -279,15 +278,15 @@ $data = &$values[$key2][$key1]['data']; if ($key1 == -1) { - $data = '' . $data . ''; + $data = l($data, 'user/' . _webform_report_get_uid_for_user($data)); } else { if (valid_email_address($data)) { - $data = '' . $data . ''; + $data = l($data, 'mailto:' . $data); } else { if (valid_url($data, TRUE)) { - $data = '' . $data . ''; + $data = l($data, $data); } } } @@ -356,7 +355,7 @@ * @return a uid for the specified user */ function _webform_report_get_uid_for_user($name) { - $result = db_query("SELECT uid FROM {users} WHERE name = '" . $name . "'"); + $result = db_query("SELECT uid FROM {users} WHERE name = '%s'", $name); $user = db_fetch_object($result); return $user->uid; } @@ -371,7 +370,7 @@ if (user_access('access webform reports')) { $header = array(t('View'), t('Edit'), t('Delete')); - $result = db_query("SELECT nid, title FROM {node} WHERE type='webform_report'"); + $result = db_query(db_rewrite_sql("SELECT nid, title FROM {node} WHERE type='webform_report'")); while ($node = db_fetch_object($result)) { $rows[] = array(l($node->title,'node/' . $node->nid), @@ -381,7 +380,7 @@ } $output = theme_table($header, $rows, array('class' => 'webform')); - drupal_set_title($node->title); + drupal_set_title(check_plain($node->title)); } return $output; } @@ -404,45 +403,31 @@ // Break the array into chunks for pagination. $pages = array_chunk($values, $results_per_page, TRUE); - if (!$_GET['page']) { - $_GET['page'] = '1'; - } - $output = theme_table($fields, $pages[($_GET['page'] - 1)], array('class' => 'webform_report')); - $output .= '
'; - if ($_GET['page'] > 1) { - $output .= '' . t('« first') .''; - $output .= '' . t('‹ previous') .''; - } - $output .= ''; - $css_class = 'pager-next-active'; - foreach($pages as $key => $page) { - switch($_GET['page']) { - case($key + 1): - $css_class = 'pager-current'; - break; - case(1): - $css_class = 'pager-first active'; - break; - case(count($pages)): - $css_class = 'pager-last active'; - break; - default: - $css_class = 'pager-next active'; - break; - } - if ($css_class == 'pager-current') { - $output .= '' . ($key + 1) . ''; - } - else { - $output .= '' . ($key + 1) . ''; - } - } - $output .= ''; - if ($_GET['page'] < count($pages)) { - $output .= '' . t('next ›') .''; - $output .= '' . t('last »') .''; - } - $output .= '
'; + + // Grab the 'page' query parameter. + // Taken from pager_query() in pager.inc + $page = isset($_GET['page']) ? $_GET['page'] : ''; + + // Convert comma-separated $page to an array, used by other functions. + // Taken from pager_query() in pager.inc + $pager_page_array = explode(',', $page); + + // format the table with the current page + if ($page == '') $page = 0; + $output = theme_table($fields, $pages[$page], array('class' => 'webform_report')); + + // Put some magic in the two global variables + // Based on code in pager_query() in pager.inc + $pager_total[0] = count($pages); + $pager_page_array[0] = + max(0, min( + (int)$pager_page_array[0], + ((int)$pager_total[0]) - 1) + ); + + // Add the pager to the output. + $output .= theme('pager', NULL, $results_per_page, 0); + return $output; } Index: webform_report.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/webform_report/webform_report.module,v retrieving revision 1.2.2.55.2.37 diff -u -r1.2.2.55.2.37 webform_report.module --- webform_report.module 28 Oct 2008 13:45:38 -0000 1.2.2.55.2.37 +++ webform_report.module 6 Feb 2010 19:13:47 -0000 @@ -167,7 +167,7 @@ // Populate webform_report-specific node variables only if no new data has been submitted via a form. if (empty($_POST['wnid'])) { $additions = db_fetch_object(db_query("SELECT wnid, kcid, description, sort, filter_type, filter_value, results_per_page, components - FROM {webform_report} WHERE nid = '" . $node->nid . "'")); + FROM {webform_report} WHERE nid = %d", $node->nid)); // Unpack components (slashes added for MySQL compatibility). $components = unserialize(stripslashes($additions->components)); @@ -217,7 +217,7 @@ function webform_report_insert($node) { db_query("INSERT INTO {webform_report} (nid, description) VALUES (%d, '%s')", $node->nid, $node->description); - watchdog('webform_report', 'Webform report "'.$node->title.'" added', NULL, WATCHDOG_NOTICE); // log it + watchdog('webform_report', 'Webform report @title added', array('@title' => $node->title), WATCHDOG_NOTICE); // log it } /** @@ -227,14 +227,14 @@ // What to update, based on url arguments. if(arg(2) == 'add' | arg(2) == 'edit') { if(arg(4) == 'criteria') { - db_query("UPDATE {webform_report}u SET wnid = %d, kcid = %d, sort = %d, components = '%s', filter_type = %d, filter_value = '%s', results_per_page = %d - WHERE nid = '" . $node->nid . "'", $node->wnid, $node->kcid, $node->sort, addslashes(serialize($node->components)), $node->filter_type, - $node->filter_value, $node->results_per_page + db_query("UPDATE {webform_report} SET wnid = %d, kcid = %d, sort = %d, components = '%s', filter_type = %d, filter_value = '%s', results_per_page = %d + WHERE nid = %d", $node->wnid, $node->kcid, $node->sort, addslashes(serialize($node->components)), $node->filter_type, + $node->filter_value, $node->results_per_page, $node->nid ); } else { db_query("UPDATE {webform_report} SET description = '%s' WHERE nid = '" . $node->nid . "'", $node->description); - watchdog('webform_report', 'Webform report "'.$node->title.'" updated', NULL, WATCHDOG_NOTICE); // log it + watchdog('webform_report', 'Webform report @title updated', array('@title' => $node->title), WATCHDOG_NOTICE); // log it } } } @@ -243,8 +243,8 @@ * Implementation of hook_delete */ function webform_report_delete($node) { - db_query("DELETE FROM {webform_report} WHERE nid = '$node->nid'"); - watchdog('webform_report', 'Webform report "'.$node->title.'" deleted', NULL, WATCHDOG_NOTICE); // log it + db_query("DELETE FROM {webform_report} WHERE nid = %d", $node->nid); + watchdog('webform_report', 'Webform report @title deleted', array('@title' => $node->title), WATCHDOG_NOTICE); // log it } function webform_report_validate($node, &$form) { @@ -416,7 +416,7 @@ '#type' => 'checkboxes', '#title' => t('Include components'), '#description' => t('Select all of the components to include in this report and click Preview to display the results'), - '#options' => $meta_components + $webform_components + array(-5 => t('Edit link')), + '#options' => array_map('filter_xss', $meta_components + $webform_components + array(-5 => t('Edit link'))), '#default_value' => $default, '#required' => TRUE, '#weight' => 5