Index: webform_report.inc
===================================================================
--- webform_report.inc (revision 101)
+++ webform_report.inc (working copy)
@@ -24,7 +24,7 @@
*/
function _webform_report_get_components($nid) {
$components = array();
- $result = db_query("SELECT c.cid, c.name FROM {webform_component} c WHERE c.type <> 'fieldset' AND c.nid = '$nid' ORDER BY c.weight");
+ $result = db_query("SELECT c.cid, c.name FROM {webform_component} c WHERE c.type <> 'fieldset' AND c.nid = %d ORDER BY c.weight", $nid);
while ($row = db_fetch_object($result)) {
$component_name = substr($row->name, 0, 65);
@@ -54,9 +54,8 @@
LEFT JOIN {users} u ON s.uid = u.uid
WHERE d.nid = c.nid
AND c.nid = s.nid
- AND s.nid = '" . $node->wnid . "'
- ORDER BY d.sid, c.cid, d.no DESC, c.name, d.data
- ");
+ AND s.nid = %d
+ ORDER BY d.sid, c.cid, d.no DESC, c.name, d.data", $node->wnid);
}
/**
@@ -100,7 +99,7 @@
$values[$row->sid][-4] = array('data' => $row->remote_addr, 'field' => -4);
$values[$row->sid][-5] = array('data' => '' . t('edit') . '', 'field' => -5);
// The attribute 'field' is used to preserve the cid, as array_multisort re-indexes the array.
- $values[$row->sid][$row->cid] = array('data' => $row->data, 'field' => $row->cid);
+ $values[$row->sid][$row->cid] = array('data' => filter_xss($row->data), 'field' => $row->cid);
}
else {
// This will prevent empty table cells from being omitted by filling them with blanks.
@@ -212,7 +211,7 @@
array_multisort($column[$node->sort_col], (int)$node->sort, $values);
// Keep only fields requested in report criteria.
- _webform_report_prepare_report_data(&$fields, &$values, $node);
+ _webform_report_prepare_report_data($fields, $values, $node);
// Filter the table values.
if ($node->filter_type != 0) {
@@ -356,7 +355,7 @@
* @return a uid for the specified user
*/
function _webform_report_get_uid_for_user($name) {
- $result = db_query("SELECT uid FROM {users} WHERE name = '" . $name . "'");
+ $result = db_query("SELECT uid FROM {users} WHERE name = '%s'", $name);
$user = db_fetch_object($result);
return $user->uid;
}
@@ -381,7 +380,7 @@
}
$output = theme_table($header, $rows, array('class' => 'webform'));
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
}
return $output;
}
@@ -404,45 +403,31 @@
// Break the array into chunks for pagination.
$pages = array_chunk($values, $results_per_page, TRUE);
- if (!$_GET['page']) {
- $_GET['page'] = '1';
- }
- $output = theme_table($fields, $pages[($_GET['page'] - 1)], array('class' => 'webform_report'));
- $output .= '';
+
+ // Grab the 'page' query parameter.
+ // Taken from pager_query() in pager.inc
+ $page = isset($_GET['page']) ? $_GET['page'] : '';
+
+ // Convert comma-separated $page to an array, used by other functions.
+ // Taken from pager_query() in pager.inc
+ $pager_page_array = explode(',', $page);
+
+ // format the table with the current page
+ if ($page == '') $page = 0;
+ $output = theme_table($fields, $pages[$page], array('class' => 'webform_report'));
+
+ // Put some magic in the two global variables
+ // Based on code in pager_query() in pager.inc
+ $pager_total[0] = count($pages);
+ $pager_page_array[0] =
+ max(0, min(
+ (int)$pager_page_array[0],
+ ((int)$pager_total[0]) - 1)
+ );
+
+ // Add the pager to the output.
+ $output .= theme('pager', NULL, $results_per_page, 0);
+
return $output;
}
Index: webform_report.module
===================================================================
--- webform_report.module (revision 101)
+++ webform_report.module (working copy)
@@ -167,7 +167,7 @@
// Populate webform_report-specific node variables only if no new data has been submitted via a form.
if (empty($_POST['wnid'])) {
$additions = db_fetch_object(db_query("SELECT wnid, kcid, description, sort, filter_type, filter_value, results_per_page, components
- FROM {webform_report} WHERE nid = '" . $node->nid . "'"));
+ FROM {webform_report} WHERE nid = %d", $node->nid));
// Unpack components (slashes added for MySQL compatibility).
$components = unserialize(stripslashes($additions->components));
@@ -217,7 +217,7 @@
function webform_report_insert($node) {
db_query("INSERT INTO {webform_report} (nid, description)
VALUES (%d, '%s')", $node->nid, $node->description);
- watchdog('webform_report', 'Webform report "'.$node->title.'" added', NULL, WATCHDOG_NOTICE); // log it
+ watchdog('webform_report', 'Webform report @title added', array('@title' => $node->title), WATCHDOG_NOTICE); // log it
}
/**
@@ -227,14 +227,14 @@
// What to update, based on url arguments.
if(arg(2) == 'add' | arg(2) == 'edit') {
if(arg(4) == 'criteria') {
- db_query("UPDATE {webform_report}u SET wnid = %d, kcid = %d, sort = %d, components = '%s', filter_type = %d, filter_value = '%s', results_per_page = %d
- WHERE nid = '" . $node->nid . "'", $node->wnid, $node->kcid, $node->sort, addslashes(serialize($node->components)), $node->filter_type,
- $node->filter_value, $node->results_per_page
+ db_query("UPDATE {webform_report} SET wnid = %d, kcid = %d, sort = %d, components = '%s', filter_type = %d, filter_value = '%s', results_per_page = %d
+ WHERE nid = %d", $node->wnid, $node->kcid, $node->sort, addslashes(serialize($node->components)), $node->filter_type,
+ $node->filter_value, $node->results_per_page, $node->nid
);
}
else {
db_query("UPDATE {webform_report} SET description = '%s' WHERE nid = '" . $node->nid . "'", $node->description);
- watchdog('webform_report', 'Webform report "'.$node->title.'" updated', NULL, WATCHDOG_NOTICE); // log it
+ watchdog('webform_report', 'Webform report @title updated', array('@title' => $node->title), WATCHDOG_NOTICE); // log it
}
}
}
@@ -243,8 +243,8 @@
* Implementation of hook_delete
*/
function webform_report_delete($node) {
- db_query("DELETE FROM {webform_report} WHERE nid = '$node->nid'");
- watchdog('webform_report', 'Webform report "'.$node->title.'" deleted', NULL, WATCHDOG_NOTICE); // log it
+ db_query("DELETE FROM {webform_report} WHERE nid = %d", $node->nid);
+ watchdog('webform_report', 'Webform report @title deleted', array('@title' => $node->title), WATCHDOG_NOTICE); // log it
}
function webform_report_validate($node, &$form) {