Only show profiles of local users

2011-03-04 17:25:58 -08:00 · 2011-03-04 17:25:58 -08:00 · 52df926b8d
parent b89f390b33
commit 52df926b8d
2 changed files with 28 additions and 12 deletions
--- a/plugins/Directory/actions/userdirectory.php
+++ b/plugins/Directory/actions/userdirectory.php
@ -119,7 +119,8 @@ class UserdirectoryAction extends Action
        parent::prepare($args);

        $this->page   = ($this->arg('page')) ? ($this->arg('page') + 0) : 1;
-        $this->filter = $this->arg('filter') ? $this->arg('filter') : 'all';
+        $filter       = $this->arg('filter');
+        $this->filter = isset($filter) ? $filter : 'all';
        $this->sort   = $this->arg('sort');
        $this->order  = $this->boolean('asc'); // ascending or decending

@ -225,26 +226,30 @@ class UserdirectoryAction extends Action
     */
    function getUsers()
    {
-        $offset = ($this->page - 1) * PROFILES_PER_PAGE;
-        $limit  =  PROFILES_PER_PAGE + 1;

        $profile = new Profile();

-        // XXX Any chance of SQL injection here?
+        $offset = ($this->page - 1) * PROFILES_PER_PAGE;
+        $limit  = PROFILES_PER_PAGE + 1;
+        $sort   = $this->getSortKey();
+        $sql    = 'SELECT profile.* FROM profile, user WHERE profile.id = user.id';

        if ($this->filter != 'all') {
-            $profile->whereAdd(
-                sprintf('LEFT(lower(nickname), 1) = \'%s\'', $this->filter)
+            $sql .= sprintf(
+                ' AND LEFT(LOWER(profile.nickname), 1) = \'%s\'',
+                $this->filter
            );
        }

-        $sort  = $this->getSortKey();
-        $order = ($this->order) ? 'ASC' : 'DESC';
+        $sql .= sprintf(
+            ' ORDER BY profile.%s %s, profile.nickname DESC LIMIT %d, %d',
+            $sort,
+            ($this->order) ? 'ASC' : 'DESC',
+            $offset,
+            $limit
+        );

-        $profile->orderBy("$sort $order, nickname");
-        $profile->limit($limit, $offset);
-
-        $profile->find();
+        $profile->query($sql);

        return $profile;
    }
--- a/plugins/Directory/lib/sortablesubscriptionlist.php
+++ b/plugins/Directory/lib/sortablesubscriptionlist.php
@ -245,4 +245,15 @@ class SortableSubscriptionListItem extends SubscriptionListItem
        $this->out->elementEnd('td');
    }

+    /**
+     * Only show the tags if we're logged in
+     */
+    function showTags()
+    {
+         if (common_logged_in()) {
+            parent::showTags();
+        }
+
+    }
+
 }