From 52df926b8d7d1c284bc4f6dcf6ce4d8a74730087 Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Fri, 4 Mar 2011 17:25:58 -0800
Subject: [PATCH] Only show profiles of local users

---
 plugins/Directory/actions/userdirectory.php   | 29 +++++++++++--------
 .../lib/sortablesubscriptionlist.php          | 11 +++++++
 2 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/plugins/Directory/actions/userdirectory.php b/plugins/Directory/actions/userdirectory.php
index 7b8dbbdf60..60ab43693b 100644
--- a/plugins/Directory/actions/userdirectory.php
+++ b/plugins/Directory/actions/userdirectory.php
@@ -119,7 +119,8 @@ class UserdirectoryAction extends Action
         parent::prepare($args);
 
         $this->page   = ($this->arg('page')) ? ($this->arg('page') + 0) : 1;
-        $this->filter = $this->arg('filter') ? $this->arg('filter') : 'all';
+        $filter       = $this->arg('filter');
+        $this->filter = isset($filter) ? $filter : 'all';
         $this->sort   = $this->arg('sort');
         $this->order  = $this->boolean('asc'); // ascending or decending
 
@@ -225,26 +226,30 @@ class UserdirectoryAction extends Action
      */
     function getUsers()
     {
-        $offset = ($this->page - 1) * PROFILES_PER_PAGE;
-        $limit  =  PROFILES_PER_PAGE + 1;
 
         $profile = new Profile();
 
-        // XXX Any chance of SQL injection here?
+        $offset = ($this->page - 1) * PROFILES_PER_PAGE;
+        $limit  = PROFILES_PER_PAGE + 1;
+        $sort   = $this->getSortKey();
+        $sql    = 'SELECT profile.* FROM profile, user WHERE profile.id = user.id';
 
         if ($this->filter != 'all') {
-            $profile->whereAdd(
-                sprintf('LEFT(lower(nickname), 1) = \'%s\'', $this->filter)
+            $sql .= sprintf(
+                ' AND LEFT(LOWER(profile.nickname), 1) = \'%s\'',
+                $this->filter
             );
         }
 
-        $sort  = $this->getSortKey();
-        $order = ($this->order) ? 'ASC' : 'DESC';
+        $sql .= sprintf(
+            ' ORDER BY profile.%s %s, profile.nickname DESC LIMIT %d, %d',
+            $sort,
+            ($this->order) ? 'ASC' : 'DESC',
+            $offset,
+            $limit
+        );
 
-        $profile->orderBy("$sort $order, nickname");
-        $profile->limit($limit, $offset);
-
-        $profile->find();
+        $profile->query($sql);
 
         return $profile;
     }
diff --git a/plugins/Directory/lib/sortablesubscriptionlist.php b/plugins/Directory/lib/sortablesubscriptionlist.php
index 2a412a628d..a22aeadb3d 100644
--- a/plugins/Directory/lib/sortablesubscriptionlist.php
+++ b/plugins/Directory/lib/sortablesubscriptionlist.php
@@ -245,4 +245,15 @@ class SortableSubscriptionListItem extends SubscriptionListItem
         $this->out->elementEnd('td');
     }
 
+    /**
+     * Only show the tags if we're logged in
+     */
+    function showTags()
+    {
+         if (common_logged_in()) {
+            parent::showTags();
+        }
+
+    }
+
 }