From 624a690b3df514c6a5cec626f64f5266abd6d8eb Mon Sep 17 00:00:00 2001 From: skodak Date: Sun, 25 May 2008 09:39:02 +0000 Subject: [PATCH] MDL-14679 first part of datalib conversion --- admin/user.php | 6 +- admin/user/lib.php | 14 +- course/report/log/lib.php | 12 +- lang/en_utf8/help/richtext.html | 2 +- lib/datalib.php | 327 +++++++++++++------------------- mod/forum/subscribers.php | 25 +-- user/filters/courserole.php | 28 +-- user/filters/date.php | 10 +- user/filters/globalrole.php | 7 +- user/filters/lib.php | 15 +- user/filters/profilefield.php | 35 +++- user/filters/select.php | 21 +- user/filters/simpleselect.php | 10 +- user/filters/text.php | 35 +++- 14 files changed, 260 insertions(+), 287 deletions(-) diff --git a/admin/user.php b/admin/user.php index 0eb045da65..f02ca42f48 100644 --- a/admin/user.php +++ b/admin/user.php @@ -150,10 +150,10 @@ $sort = "firstname"; } - $extrasql = $ufiltering->get_sql_filter(); - $users = get_users_listing($sort, $dir, $page*$perpage, $perpage, '', '', '', $extrasql); + list($extrasql, $params) = $ufiltering->get_sql_filter(); + $users = get_users_listing($sort, $dir, $page*$perpage, $perpage, '', '', '', $extrasql, $params); $usercount = get_users(false); - $usersearchcount = get_users(false, '', true, "", "", '', '', '', '', '*', $extrasql); + $usersearchcount = get_users(false, '', true, null, "", '', '', '', '', '*', $extrasql, $params); if ($extrasql !== '') { print_heading("$usersearchcount / $usercount ".get_string('users')); diff --git a/admin/user/lib.php b/admin/user/lib.php index fe57cdb50b..3167b40eb3 100644 --- a/admin/user/lib.php +++ b/admin/user/lib.php @@ -10,7 +10,7 @@ function add_selection_all($ufiltering) { global $SESSION; $guest = get_guest(); - $sqlwhere = $ufiltering->get_sql_filter("id<>{$guest->id} AND deleted <> 1"); + $sqlwhere = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id)); if ($rs = get_recordset_select('user', $sqlwhere, 'fullname', 'id,'.sql_fullname().' AS fullname')) { while ($user = rs_fetch_next_record($rs)) { @@ -23,18 +23,18 @@ function add_selection_all($ufiltering) { } function get_selection_data($ufiltering) { - global $SESSION; + global $SESSION, $DB; // get the SQL filter $guest = get_guest(); - $sqlwhere = $ufiltering->get_sql_filter("id<>{$guest->id} AND deleted <> 1"); + list($sqlwhere, $params) = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id)); - $total = count_records_select('user', "id<>{$guest->id} AND deleted <> 1"); - $acount = count_records_select('user', $sqlwhere); + $total = $DB->count_records_select('user', "id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id)); + $acount = $DB->count_records_select('user', $sqlwhere, $params); $scount = count($SESSION->bulk_users); $userlist = array('acount'=>$acount, 'scount'=>$scount, 'ausers'=>false, 'susers'=>false, 'total'=>$total); - $userlist['ausers'] = get_records_select_menu('user', $sqlwhere, 'fullname', 'id,'.sql_fullname().' AS fullname', 0, MAX_BULK_USERS); + $userlist['ausers'] = $DB->get_records_select_menu('user', $sqlwhere, $params, 'fullname', 'id,'.sql_fullname().' AS fullname', 0, MAX_BULK_USERS); if ($scount) { if ($scount < MAX_BULK_USERS) { @@ -43,7 +43,7 @@ function get_selection_data($ufiltering) { $bulkusers = array_slice($SESSION->bulk_users, 0, MAX_BULK_USERS, true); $in = implode(',', $bulkusers); } - $userlist['susers'] = get_records_select_menu('user', "id IN ($in)", 'fullname', 'id,'.sql_fullname().' AS fullname'); + $userlist['susers'] = $DB->get_records_select_menu('user', "id IN ($in)", null, 'fullname', 'id,'.sql_fullname().' AS fullname'); } return $userlist; diff --git a/course/report/log/lib.php b/course/report/log/lib.php index 5a82e73c93..8d3b201fa4 100644 --- a/course/report/log/lib.php +++ b/course/report/log/lib.php @@ -49,11 +49,7 @@ function print_mnet_log_selector_form($hostid, $course, $selecteduser=0, $select // If looking at a different host, we're interested in all our site users if ($hostid == $CFG->mnet_localhost_id && $course->id != SITEID) { - if ($selectedgroup) { // If using a group, only get users in that group. - $courseusers = get_group_users($selectedgroup, 'u.lastname ASC', '', 'u.id, u.firstname, u.lastname, u.idnumber'); - } else { - $courseusers = get_course_users($course->id, '', '', 'u.id, u.firstname, u.lastname, u.idnumber'); - } + $courseusers = get_users_by_capability($context, 'moodle/course:view', '', 'lastname ASC, firstname ASC', '','u.id, u.firstname, u.lastname, u.idnumber',$selectedgroup,null, false); } else { $courseusers = get_site_users("u.lastaccess DESC", "u.id, u.firstname, u.lastname, u.idnumber"); } @@ -307,11 +303,7 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today' $users = array(); if ($course->id != SITEID) { - if ($selectedgroup) { // If using a group, only get users in that group. - $courseusers = get_group_users($selectedgroup, 'u.lastname ASC', '', 'u.id, u.firstname, u.lastname, u.idnumber'); - } else { - $courseusers = get_course_users($course->id, '', '', 'u.id, u.firstname, u.lastname, u.idnumber'); - } + $courseusers = get_users_by_capability($context, 'moodle/course:view', '', 'lastname ASC, firstname ASC', '','u.id, u.firstname, u.lastname, u.idnumber',$selectedgroup,null, false); } else { $courseusers = get_site_users("u.lastaccess DESC", "u.id, u.firstname, u.lastname, u.idnumber"); } diff --git a/lang/en_utf8/help/richtext.html b/lang/en_utf8/help/richtext.html index c7ef61ed98..7ac3c64382 100644 --- a/lang/en_utf8/help/richtext.html +++ b/lang/en_utf8/help/richtext.html @@ -5,7 +5,7 @@ print_string("htmleditordisabledadmin"); } else if (!$USER->htmleditor) { print_string("htmleditordisabled"); - } else if (!can_use_richtext_editor()) { + } else if (!can_use_html_editor()) { print_string("htmleditordisabledbrowser"); } else { print_string("htmleditoravailable"); diff --git a/lib/datalib.php b/lib/datalib.php index 7ccb47b946..6441a953dd 100644 --- a/lib/datalib.php +++ b/lib/datalib.php @@ -69,73 +69,76 @@ function get_admin () { * @return object */ function get_admins() { - - global $CFG; + global $DB; $sql = "SELECT ra.userid, SUM(rc.permission) AS permission, MIN(ra.id) AS adminid - FROM " . $CFG->prefix . "role_capabilities rc - JOIN " . $CFG->prefix . "context ctx - ON ctx.id=rc.contextid - JOIN " . $CFG->prefix . "role_assignments ra - ON ra.roleid=rc.roleid AND ra.contextid=ctx.id - WHERE ctx.contextlevel=10 - AND rc.capability IN ('moodle/site:config', - 'moodle/legacy:admin', - 'moodle/site:doanything') - GROUP BY ra.userid + FROM {role_capabilities} rc + JOIN {context} ctx ON ctx.id=rc.contextid + JOIN {role_assignments} ra ON ra.roleid=rc.roleid AND ra.contextid=ctx.id + WHERE ctx.contextlevel=10 AND rc.capability IN (?, ?, ?) + GROUP BY ra.userid HAVING SUM(rc.permission) > 0"; + $params = array('moodle/site:config', 'moodle/legacy:admin', 'moodle/site:doanything'); $sql = "SELECT u.*, ra.adminid - FROM " . $CFG->prefix . "user u - JOIN ($sql) ra - ON u.id=ra.userid - ORDER BY ra.adminid ASC"; + FROM {user} u + JOIN ($sql) ra + ON u.id=ra.userid + ORDER BY ra.adminid ASC"; - return get_records_sql($sql); + return $DB->get_records_sql($sql, $params); } function get_courses_in_metacourse($metacourseid) { - global $CFG; + global $DB; - $sql = "SELECT c.id,c.shortname,c.fullname FROM {$CFG->prefix}course c, {$CFG->prefix}course_meta mc WHERE mc.parent_course = $metacourseid - AND mc.child_course = c.id ORDER BY c.shortname"; + $sql = "SELECT c.id, c.shortname, c.fullname + FROM {course} c, {course_meta} mc + WHERE mc.parent_course = ? AND mc.child_course = c.id + ORDER BY c.shortname"; + $params = array($metacourseid); - return get_records_sql($sql); + return $DB->get_records_sql($sql, $params); } -function get_courses_notin_metacourse($metacourseid,$count=false) { +function get_courses_notin_metacourse($metacourseid) { + global $DB; - global $CFG; - - if ($count) { - $sql = "SELECT COUNT(c.id)"; + if ($alreadycourses = get_courses_in_metacourse($metacourseid)) { + $alreadycourses = implode(',',array_keys($alreadycourses)); + $alreadycourses = "AND c.id NOT IN ($alreadycourses)"; } else { - $sql = "SELECT c.id,c.shortname,c.fullname"; + $alreadycourses = ""; } - $alreadycourses = get_courses_in_metacourse($metacourseid); + $sql = "SELECT c.id,c.shortname,c.fullname + FROM {course} c + WHERE c.id != ? and c.id != ".SITEID." and c.metacourse != 1 + $alreadycourses + ORDER BY c.shortname"; + $params = array($metacourseid); - $sql .= " FROM {$CFG->prefix}course c WHERE ".((!empty($alreadycourses)) ? "c.id NOT IN (".implode(',',array_keys($alreadycourses)).") - AND " : "")." c.id !=$metacourseid and c.id != ".SITEID." and c.metacourse != 1 ".((empty($count)) ? " ORDER BY c.shortname" : ""); - - return get_records_sql($sql); + return $DB->get_records_sql($sql, $params); } function count_courses_notin_metacourse($metacourseid) { - global $CFG; - - $alreadycourses = get_courses_in_metacourse($metacourseid); - - $sql = "SELECT COUNT(c.id) AS notin FROM {$CFG->prefix}course c - WHERE ".((!empty($alreadycourses)) ? "c.id NOT IN (".implode(',',array_keys($alreadycourses)).") - AND " : "")." c.id !=$metacourseid and c.id != ".SITEID." and c.metacourse != 1"; + global $DB; - if (!$count = get_record_sql($sql)) { - return 0; + if ($alreadycourses = get_courses_in_metacourse($metacourseid)) { + $alreadycourses = implode(',',array_keys($alreadycourses)); + $alreadycourses = "AND c.id NOT IN ($alreadycourses)"; + } else { + $alreadycourses = ""; } - return $count->notin; + $sql = "SELECT COUNT(c.id) + FROM {course} c + WHERE c.id != ? and c.id != ".SITEID." and c.metacourse != 1 + $alreadycourses"; + $params = array($metacourseid); + + return $DB->count_records_sql($sql, $params); } /** @@ -144,81 +147,71 @@ function count_courses_notin_metacourse($metacourseid) { * If $coursid specifies the site course then this function searches * through all undeleted and confirmed users * - * @uses $CFG - * @uses SITEID * @param int $courseid The course in question. * @param int $groupid The group in question. * @param string $searchtext ? * @param string $sort ? - * @param string $exceptions ? + * @param array $exceptions ? * @return object */ -function search_users($courseid, $groupid, $searchtext, $sort='', $exceptions='') { - global $CFG; +function search_users($courseid, $groupid, $searchtext, $sort='', array $exceptions=null) { + global $DB; $LIKE = sql_ilike(); $fullname = sql_fullname('u.firstname', 'u.lastname'); if (!empty($exceptions)) { - $except = ' AND u.id NOT IN ('. $exceptions .') '; + list($exceptions, $params) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'ex0000', false); + $except = "AND u.id $exceptions"; } else { - $except = ''; + $except = ""; + $params = array(); } if (!empty($sort)) { - $order = ' ORDER BY '. $sort; + $order = "ORDER BY $sort"; } else { - $order = ''; + $order = ""; } - $select = 'u.deleted = \'0\' AND u.confirmed = \'1\''; + $select = "u.deleted = 0 AND u.confirmed = 1 AND ($fullname $LIKE :search1 OR u.email $LIKE :search2)"; + $params['search1'] = "%$searchtext%"; + $params['search2'] = "%$searchtext%"; if (!$courseid or $courseid == SITEID) { - return get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email - FROM {$CFG->prefix}user u - WHERE $select - AND ($fullname $LIKE '%$searchtext%' OR u.email $LIKE '%$searchtext%') - $except $order"); - } else { + $sql = "SELECT u.id, u.firstname, u.lastname, u.email + FROM {user} u + WHERE $select + $except + $order"; + return $DB->get_records_sql($sql, $params); + } else { if ($groupid) { -//TODO:check. Remove group DB dependencies. - return get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email - FROM {$CFG->prefix}user u, - {$CFG->prefix}groups_members gm - WHERE $select AND gm.groupid = '$groupid' AND gm.userid = u.id - AND ($fullname $LIKE '%$searchtext%' OR u.email $LIKE '%$searchtext%') - $except $order"); + $sql = "SELECT u.id, u.firstname, u.lastname, u.email + FROM {user} u + JOIN {groups_members} gm ON gm.userid = u.id + WHERE $select AND gm.groupid = :groupid + $except + $order"; + $params['groupid'] = $groupid; + return $DB->get_records_sql($sql, $params); + } else { $context = get_context_instance(CONTEXT_COURSE, $courseid); $contextlists = get_related_contexts_string($context); - $users = get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email - FROM {$CFG->prefix}user u, - {$CFG->prefix}role_assignments ra - WHERE $select AND ra.contextid $contextlists AND ra.userid = u.id - AND ($fullname $LIKE '%$searchtext%' OR u.email $LIKE '%$searchtext%') - $except $order"); + + $sql = "SELECT u.id, u.firstname, u.lastname, u.email + FROM {user} u + JOIN {role_assignments} ra ON ra.userid = u.id + WHERE $select AND ra.contextid $contextlists + $except + $order"; + return $DB->get_records_sql($sql, $params); } - return $users; } } - -/** - * Returns a list of all site users - * Obsolete, just calls get_course_users(SITEID) - * - * @uses SITEID - * @deprecated Use {@link get_course_users()} instead. - * @param string $fields A comma separated list of fields to be returned from the chosen table. - * @return object|false {@link $USER} records or false if error. - */ -function get_site_users($sort='u.lastaccess DESC', $fields='*', $exceptions='') { - - return get_course_users(SITEID, $sort, $exceptions, $fields); -} - - /** * Returns a subset of users * @@ -235,10 +228,9 @@ function get_site_users($sort='u.lastaccess DESC', $fields='*', $exceptions='') * @param string $fields A comma separated list of fields to be returned from the chosen table. * @return object|false|int {@link $USER} records unless get is false in which case the integer count of the records found is returned. False is returned if an error is encountered. */ -function get_users($get=true, $search='', $confirmed=false, $exceptions='', $sort='firstname ASC', - $firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='') { - - global $CFG; +function get_users($get=true, $search='', $confirmed=false, array $exceptions=null, $sort='firstname ASC', + $firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='', array $extraparams=null) { + global $DB; if ($get && !$recordsperpage) { debugging('Call to get_users with $get = true no $recordsperpage limit. ' . @@ -250,36 +242,45 @@ function get_users($get=true, $search='', $confirmed=false, $exceptions='', $sor $LIKE = sql_ilike(); $fullname = sql_fullname(); - $select = 'username <> \'guest\' AND deleted = 0'; + $select = " username <> :guest AND deleted = 0"; + $params = array('guest'=>'guest'); if (!empty($search)){ $search = trim($search); - $select .= " AND ($fullname $LIKE '%$search%' OR email $LIKE '%$search%') "; + $select .= " AND ($fullname $LIKE :search1 OR email $LIKE :search2 OR username = :search3)"; + $params['search1'] = "%$search%"; + $params['search2'] = "%$search%"; + $params['search3'] = "$search"; } if ($confirmed) { - $select .= ' AND confirmed = \'1\' '; + $select .= " AND confirmed = 1"; } if ($exceptions) { - $select .= ' AND id NOT IN ('. $exceptions .') '; + list($exceptions, $eparams) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'ex0000', false); + $params = $params + $eparams; + $except = " AND id $exceptions"; } if ($firstinitial) { - $select .= ' AND firstname '. $LIKE .' \''. $firstinitial .'%\''; + $select .= " AND firstname $LIKE :fni"; + $params['fni'] = "$firstinitial%"; } if ($lastinitial) { - $select .= ' AND lastname '. $LIKE .' \''. $lastinitial .'%\''; + $select .= " AND lastname $LIKE :lni"; + $params['lni'] = "$lastinitial%"; } if ($extraselect) { - $select .= " AND $extraselect "; + $select .= " AND $extraselect"; + $params = $params + (array)$extraparams; } if ($get) { - return get_records_select('user', $select, $sort, $fields, $page, $recordsperpage); + return $DB->get_records_select('user', $select, $params, $sort, $fields, $page, $recordsperpage); } else { - return count_records_select('user', $select); + return $DB->count_records_select('user', $select, $params); } } @@ -289,7 +290,6 @@ function get_users($get=true, $search='', $confirmed=false, $exceptions='', $sor * * longdesc * - * @uses $CFG * @param string $sort ? * @param string $dir ? * @param int $categoryid ? @@ -302,40 +302,46 @@ function get_users($get=true, $search='', $confirmed=false, $exceptions='', $sor */ function get_users_listing($sort='lastaccess', $dir='ASC', $page=0, $recordsperpage=0, - $search='', $firstinitial='', $lastinitial='', $extraselect='') { - - global $CFG; + $search='', $firstinitial='', $lastinitial='', $extraselect='', array $extraparams=null) { + global $DB; $LIKE = sql_ilike(); $fullname = sql_fullname(); - $select = "deleted <> '1'"; + $select = "deleted <> 1"; + $params = array(); if (!empty($search)) { $search = trim($search); - $select .= " AND ($fullname $LIKE '%$search%' OR email $LIKE '%$search%' OR username='$search') "; + $select .= " AND ($fullname $LIKE :search1 OR email $LIKE :search2 OR username = :search3)"; + $params['search1'] = "%$search%"; + $params['search2'] = "%$search%"; + $params['search3'] = "$search"; } if ($firstinitial) { - $select .= ' AND firstname '. $LIKE .' \''. $firstinitial .'%\' '; + $select .= " AND firstname $LIKE :fni"; + $params['fni'] = "$firstinitial%"; } - if ($lastinitial) { - $select .= ' AND lastname '. $LIKE .' \''. $lastinitial .'%\' '; + $select .= " AND lastname $LIKE :lni"; + $params['lni'] = "$lastinitial%"; } if ($extraselect) { - $select .= " AND $extraselect "; + $select .= " AND $extraselect"; + $params = $params + (array)$extraparams; } if ($sort) { - $sort = ' ORDER BY '. $sort .' '. $dir; + $sort = " ORDER BY $sort $dir"; } /// warning: will return UNCONFIRMED USERS - return get_records_sql("SELECT id, username, email, firstname, lastname, city, country, lastaccess, confirmed, mnethostid - FROM {$CFG->prefix}user - WHERE $select $sort", $page, $recordsperpage); + return $DB->get_records_sql("SELECT id, username, email, firstname, lastname, city, country, lastaccess, confirmed, mnethostid + FROM {user} + WHERE $select + $sort", $params, $page, $recordsperpage); } @@ -343,16 +349,13 @@ function get_users_listing($sort='lastaccess', $dir='ASC', $page=0, $recordsperp /** * Full list of users that have confirmed their accounts. * - * @uses $CFG - * @return object + * @return array of unconfirmed users */ function get_users_confirmed() { - global $CFG; - return get_records_sql("SELECT * - FROM {$CFG->prefix}user - WHERE confirmed = 1 - AND deleted = 0 - AND username <> 'guest'"); + global $DB; + return $DB->get_records_sql("SELECT * + FROM {user} + WHERE confirmed = 1 AND deleted = 0 AND username <> ?", array('guest')); } @@ -365,14 +368,13 @@ function get_users_confirmed() { * @return course A {@link $COURSE} object for the site */ function get_site() { - - global $SITE; + global $SITE, $DB; if (!empty($SITE->id)) { // We already have a global to use, so return that return $SITE; } - if ($course = get_record('course', 'category', 0)) { + if ($course = $DB->get_record('course', array('category'=>0))) { return $course; } else { return false; @@ -433,37 +435,6 @@ function get_courses($categoryid="all", $sort="c.sortorder ASC", $fields="c.*") } } return $visiblecourses; - -/* - $teachertable = ""; - $visiblecourses = ""; - $sqland = ""; - if (!empty($categoryselect)) { - $sqland = "AND "; - } - if (!empty($USER->id)) { // May need to check they are a teacher - if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM))) { - $visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')"; - $teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course = c.id"; - } - } else { - $visiblecourses = "$sqland c.visible > 0"; - } - - if ($categoryselect or $visiblecourses) { - $selectsql = "{$CFG->prefix}course c $teachertable WHERE $categoryselect $visiblecourses"; - } else { - $selectsql = "{$CFG->prefix}course c $teachertable"; - } - - $extrafield = str_replace('ASC','',$sort); - $extrafield = str_replace('DESC','',$extrafield); - $extrafield = trim($extrafield); - if (!empty($extrafield)) { - $extrafield = ','.$extrafield; - } - return get_records_sql("SELECT ".((!empty($teachertable)) ? " DISTINCT " : "")." $fields $extrafield FROM $selectsql ".((!empty($sort)) ? "ORDER BY $sort" : "")); - */ } @@ -528,44 +499,9 @@ function get_courses_page($categoryid="all", $sort="c.sortorder ASC", $fields="c } rs_close($rs); return $visiblecourses; - -/** - - $categoryselect = ""; - if ($categoryid != "all" && is_numeric($categoryid)) { - $categoryselect = "c.category = '$categoryid'"; - } - - $teachertable = ""; - $visiblecourses = ""; - $sqland = ""; - if (!empty($categoryselect)) { - $sqland = "AND "; - } - if (!empty($USER) and !empty($USER->id)) { // May need to check they are a teacher - if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM))) { - $visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')"; - $teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course=c.id"; - } - } else { - $visiblecourses = "$sqland c.visible > 0"; - } - - if ($limitfrom !== "") { - $limit = sql_paging_limit($limitfrom, $limitnum); - } else { - $limit = ""; - } - - $selectsql = "{$CFG->prefix}course c $teachertable WHERE $categoryselect $visiblecourses"; - - $totalcount = count_records_sql("SELECT COUNT(DISTINCT c.id) FROM $selectsql"); - - return get_records_sql("SELECT $fields FROM $selectsql ".((!empty($sort)) ? "ORDER BY $sort" : "")." $limit"); - */ } -/* +/** * Retrieve course records with the course managers and other related records * that we need for print_course(). This allows print_courses() to do its job * in a constant number of DB queries, regardless of the number of courses, @@ -2143,7 +2079,7 @@ function print_object($object) { echo '
' . htmlspecialchars(print_r($object,true)) . '
'; } -/* +/** * Check whether a course is visible through its parents * path. * @@ -2242,7 +2178,7 @@ function user_can_create_courses() { } /** - * get the list of categories the current user can create courses in + * Get the list of categories the current user can create courses in * @return array */ function get_creatable_categories() { @@ -2258,5 +2194,4 @@ function get_creatable_categories() { return $creatablecats; } -// vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140: ?> diff --git a/mod/forum/subscribers.php b/mod/forum/subscribers.php index 061610c010..b7e327a01f 100644 --- a/mod/forum/subscribers.php +++ b/mod/forum/subscribers.php @@ -7,11 +7,11 @@ $group = optional_param('group',0,PARAM_INT); // change of group $edit = optional_param('edit',-1,PARAM_BOOL); // Turn editing on and off - if (! $forum = get_record("forum", "id", $id)) { + if (! $forum = $DB->get_record("forum", array("id"=>$id))) { print_error("Forum ID is incorrect"); } - if (! $course = get_record("course", "id", $forum->course)) { + if (! $course = $DB->get_record("course", array("id"=>$forum->course))) { print_error("Could not find this course!"); } @@ -31,10 +31,10 @@ add_to_log($course->id, "forum", "view subscribers", "subscribers.php?id=$forum->id", $forum->id, $cm->id); - $strsubscribeall = get_string("subscribeall", "forum"); + $strsubscribeall = get_string("subscribeall", "forum"); $strsubscribenone = get_string("subscribenone", "forum"); - $strsubscribers = get_string("subscribers", "forum"); - $strforums = get_string("forums", "forum"); + $strsubscribers = get_string("subscribers", "forum"); + $strforums = get_string("forums", "forum"); $navigation = build_navigation($strsubscribers, $cm); @@ -129,27 +129,16 @@ } $subscriberlist = implode(',', $subscriberarray); - unset($subscriberarray); - /// Get search results excluding any users already subscribed if (!empty($frm->searchtext) and $previoussearch) { - $searchusers = search_users($course->id, $currentgroup, $frm->searchtext, 'firstname ASC, lastname ASC', $subscriberlist); + $searchusers = search_users($course->id, $currentgroup, $frm->searchtext, 'firstname ASC, lastname ASC', $subscriberarray); } /// If no search results then get potential subscribers for this forum excluding users already subscribed if (empty($searchusers)) { - if ($currentgroup) { - $users = get_group_users($currentgroup, 'firstname ASC, lastname ASC', $subscriberlist); - } else { - $users = get_course_users($course->id, 'firstname ASC, lastname ASC', $subscriberlist); - } - if (!$users) { - $users = array(); - } - + $users = get_users_by_capability($context, 'moodle/course:view', '', 'firstname ASC, lastname ASC', '','',$currentgroup,$subscriberlist, false); } - $searchtext = (isset($frm->searchtext)) ? $frm->searchtext : ""; $previoussearch = ($previoussearch) ? '1' : '0'; diff --git a/user/filters/courserole.php b/user/filters/courserole.php index f200322e63..dcab916ff9 100644 --- a/user/filters/courserole.php +++ b/user/filters/courserole.php @@ -78,16 +78,21 @@ class user_filter_courserole extends user_filter_type { /** * Returns the condition to be used with SQL where * @param array $data filter settings - * @return string the filtering condition or null if the filter is disabled + * @return array sql string and $params */ function get_sql_filter($data) { global $CFG; - $value = addslashes($data['value']); - $roleid = $data['roleid']; - $categoryid = $data['categoryid']; + static $counter = 0; + $name = 'ex_courserole'.$counter++; + + $value = $data['value']; + $roleid = (int)$data['roleid']; + $categoryid = (int)$data['categoryid']; + + $params = array(); if (empty($value) and empty($roleid) and empty($categoryid)) { - return ''; + return array('', $params); } $timenow = round(time(), 100); // rounding - enable sql caching @@ -99,13 +104,14 @@ class user_filter_courserole extends user_filter_type { $where .= " AND c.category=$categoryid"; } if ($value) { - $where .= " AND c.shortname ".sql_ilike()." '$value'"; + $where .= " AND c.shortname ".sql_ilike()." :$name"; + $params[$name] = $value; } - return "id IN (SELECT userid - FROM {$CFG->prefix}role_assignments a - INNER JOIN {$CFG->prefix}context b ON a.contextid=b.id - INNER JOIN {$CFG->prefix}course c ON b.instanceid=c.id - WHERE $where)"; + return array("id IN (SELECT userid + FROM {role_assignments} a + INNER JOIN {context} b ON a.contextid=b.id + INNER JOIN {course} c ON b.instanceid=c.id + WHERE $where)", $params); } /** diff --git a/user/filters/date.php b/user/filters/date.php index 17e72f772a..7a6965dc7b 100755 --- a/user/filters/date.php +++ b/user/filters/date.php @@ -81,15 +81,15 @@ class user_filter_date extends user_filter_type { /** * Returns the condition to be used with SQL where * @param array $data filter settings - * @return string the filtering condition or null if the filter is disabled + * @return array sql string and $params */ function get_sql_filter($data) { - $after = $data['after']; - $before = $data['before']; + $after = (int)$data['after']; + $before = (int)$data['before']; $field = $this->_field; if (empty($after) and empty($before)) { - return ''; + return array('', array()); } $res = "$field > 0" ; @@ -100,7 +100,7 @@ class user_filter_date extends user_filter_type { if ($before) { $res .= " AND $field <= $before"; } - return $res; + return array($res, array()); } /** diff --git a/user/filters/globalrole.php b/user/filters/globalrole.php index d877356e92..82b4691e5c 100644 --- a/user/filters/globalrole.php +++ b/user/filters/globalrole.php @@ -57,18 +57,19 @@ class user_filter_globalrole extends user_filter_type { /** * Returns the condition to be used with SQL where * @param array $data filter settings - * @return string the filtering condition or null if the filter is disabled + * @return array sql string and $params */ function get_sql_filter($data) { global $CFG; - $value = $data['value']; + $value = (int)$data['value']; $timenow = round(time(), 100); - return "id IN (SELECT userid + $sql = "id IN (SELECT userid FROM {$CFG->prefix}role_assignments a WHERE a.contextid=".SYSCONTEXTID." AND a.roleid=$value AND a.timestart<$timenow AND (a.timeend=0 OR a.timeend>$timenow))"; + return array($sql, array()); } /** diff --git a/user/filters/lib.php b/user/filters/lib.php index 08a65dda4d..e3ad9a1453 100644 --- a/user/filters/lib.php +++ b/user/filters/lib.php @@ -142,15 +142,17 @@ class user_filtering { /** * Returns sql where statement based on active user filters * @param string $extra sql - * @return string + * @param array named params (recommended prefix ex) + * @return array sql string and $params */ - function get_sql_filter($extra='') { + function get_sql_filter($extra='', array $params=null) { global $SESSION; $sqls = array(); if ($extra != '') { $sqls[] = $extra; } + $params = (array)$params; if (!empty($SESSION->user_filtering)) { foreach ($SESSION->user_filtering as $fname=>$datas) { @@ -159,15 +161,18 @@ class user_filtering { } $field = $this->_fields[$fname]; foreach($datas as $i=>$data) { - $sqls[] = $field->get_sql_filter($data); + list($s, $p) = $field->get_sql_filter($data); + $sqls[] = $s; + $params = $params + $p; } } } if (empty($sqls)) { - return ''; + return array('', array()); } else { - return implode(' AND ', $sqls); + $sqls = implode(' AND ', $sqls); + return array($sqls, $params); } } diff --git a/user/filters/profilefield.php b/user/filters/profilefield.php index 454a4e23c1..650d715e7b 100644 --- a/user/filters/profilefield.php +++ b/user/filters/profilefield.php @@ -97,10 +97,12 @@ class user_filter_profilefield extends user_filter_type { /** * Returns the condition to be used with SQL where * @param array $data filter settings - * @return string the filtering condition or null if the filter is disabled + * @return array sql string and $params */ function get_sql_filter($data) { global $CFG; + static $counter = 0; + $name = 'ex_profilefield'.$counter++; $profile_fields = $this->get_profile_fields(); if (empty($profile_fields)) { @@ -109,10 +111,11 @@ class user_filter_profilefield extends user_filter_type { $profile = $data['profile']; $operator = $data['operator']; - $value = addslashes($data['value']); + $value = $data['value']; + $params = array(); if (!array_key_exists($profile, $profile_fields)) { - return ''; + return array('', array()); } $where = ""; @@ -125,17 +128,29 @@ class user_filter_profilefield extends user_filter_type { switch($operator) { case 0: // contains - $where = "data $ilike '%$value%'"; break; + $where = "data $ilike :$name"; + $params[$name] = "%$value%"; + break; case 1: // does not contain - $where = "data NOT $ilike '%$value%'"; break; + $where = "data NOT $ilike :$name"; + $params[$name] = "%$value%"; + break; case 2: // equal to - $where = "data $ilike '$value'"; break; + $where = "data $ilike :$name"; + $params[$name] = "$value"; + break; case 3: // starts with - $where = "data $ilike '$value%'"; break; + $where = "data $ilike :$name"; + $params[$name] = "$value%"; + break; case 4: // ends with - $where = "data $ilike '%$value'"; break; + $where = "data $ilike :$name"; + $params[$name] = "%$value"; + break; case 5: // empty - $where = "data=''"; break; + $where = "data=:$name"; + $params[$name] = ""; + break; case 6: // is not defined $op = " NOT IN "; break; case 7: // is defined @@ -150,7 +165,7 @@ class user_filter_profilefield extends user_filter_type { if ($where !== '') { $where = "WHERE $where"; } - return "id $op (SELECT userid FROM {$CFG->prefix}user_info_data $where)"; + return array("id $op (SELECT userid FROM {user_info_data} $where)", $params); } /** diff --git a/user/filters/select.php b/user/filters/select.php index 49c6e3bb74..725c05b587 100644 --- a/user/filters/select.php +++ b/user/filters/select.php @@ -80,22 +80,31 @@ class user_filter_select extends user_filter_type { /** * Returns the condition to be used with SQL where * @param array $data filter settings - * @return string the filtering condition or null if the filter is disabled + * @return array sql string and $params */ function get_sql_filter($data) { + static $counter = 0; + $name = 'ex_select'.$counter++; + $operator = $data['operator']; - $value = addslashes($data['value']); + $value = $data['value']; $field = $this->_field; + $params = array(); + switch($operator) { case 1: // equal to - $res = "='$value'"; break; + $res = "=:$name"; + $params[$name] = $value; + break; case 2: // not equal to - $res = "<>'$value'"; break; + $res = "<>:$name"; + $params[$name] = $value; + break; default: - return ''; + return array('', array()); } - return $field.$res; + return array($field.$res, $params); } /** diff --git a/user/filters/simpleselect.php b/user/filters/simpleselect.php index 94e7578035..f25453fe8b 100644 --- a/user/filters/simpleselect.php +++ b/user/filters/simpleselect.php @@ -58,15 +58,19 @@ class user_filter_simpleselect extends user_filter_type { /** * Returns the condition to be used with SQL where * @param array $data filter settings - * @return string the filtering condition or null if the filter is disabled + * @return array sql string and $params */ function get_sql_filter($data) { - $value = addslashes($data['value']); + static $counter = 0; + $name = 'ex_simpleselect'.$counter++; + + $value = $data['value']; + $params = array(); $field = $this->_field; if ($value == '') { return ''; } - return "$field='$value'"; + return array("$field=:$name", array($name=>$value)); } /** diff --git a/user/filters/text.php b/user/filters/text.php index 24d5497d77..a5ffbab596 100644 --- a/user/filters/text.php +++ b/user/filters/text.php @@ -72,13 +72,18 @@ class user_filter_text extends user_filter_type { /** * Returns the condition to be used with SQL where * @param array $data filter settings - * @return string the filtering condition or null if the filter is disabled + * @return array sql string and $params */ function get_sql_filter($data) { + static $counter = 0; + $name = 'ex_text'.$counter++; + $operator = $data['operator']; - $value = addslashes($data['value']); + $value = $data['value']; $field = $this->_field; + $params = array(); + if ($operator != 5 and $value === '') { return ''; } @@ -87,21 +92,33 @@ class user_filter_text extends user_filter_type { switch($operator) { case 0: // contains - $res = "$ilike '%$value%'"; break; + $res = "$ilike :$name"; + $params[$name] = "%$value%"; + break; case 1: // does not contain - $res = "NOT $ilike '%$value%'"; break; + $res = "NOT $ilike :$name"; + $params[$name] = "%$value%"; + break; case 2: // equal to - $res = "$ilike '$value'"; break; + $res = "$ilike :$name"; + $params[$name] = "$value"; + break; case 3: // starts with - $res = "$ilike '$value%'"; break; + $res = "$ilike :$name"; + $params[$name] = "$value%"; + break; case 4: // ends with - $res = "$ilike '%$value'"; break; + $res = "$ilike :$name"; + $params[$name] = "%$value"; + break; case 5: // empty - $res = "=''"; break; + $res = "=:$name"; + $params[$name] = ""; + break; default: return ''; } - return $field.' '.$res; + return array($field.' '.$res, $params); } /** -- 2.39.5