| 1 |
<?php |
<?php |
| 2 |
/* $Id: wishlist.module,v 1.38.2.2 2007/11/23 18:38:33 smclewin Exp $ */ |
/* $Id: wishlist.module,v 1.38.2.3 2008/06/28 21:22:10 smclewin Exp $ */ |
| 3 |
// Wishlist management module for Drupal. |
// Wishlist management module for Drupal. |
| 4 |
// Written by Scott McLewin and Melanie Paul-McLewin. |
// Written by Scott McLewin and Melanie Paul-McLewin. |
| 5 |
// drupal AT mclewin DOT com |
// drupal AT mclewin DOT com |
| 6 |
|
|
| 7 |
|
|
| 8 |
|
// Random value to pass into drupal_get_token()/drupal_valid_token() to protect action oriented URLs. |
| 9 |
|
define(WISHLIST_SEC_TOKEN_VALUE, 'ajf8e7yf8723r4rhdcmfhai23746yfn,cjfy'); |
| 10 |
|
define(WISHLIST_SEC_TOKEN_NAME, 'wlatkn'); // WishListActionToKeN - just a somewhat meaningful string that is likely to be unique. |
| 11 |
|
|
| 12 |
|
|
| 13 |
|
|
| 14 |
/** PHP4 compatibliibility **/ |
/** PHP4 compatibliibility **/ |
| 15 |
if (!function_exists('stripos')) { |
if (!function_exists('stripos')) { |
| 16 |
function stripos($str, $needle) { |
function stripos($str, $needle) { |
| 135 |
$links['wishlist_get_this_gift'] = array( |
$links['wishlist_get_this_gift'] = array( |
| 136 |
'title' => t('Get this gift'), |
'title' => t('Get this gift'), |
| 137 |
'href' => "wishlist/item/$node->nid/purchase", |
'href' => "wishlist/item/$node->nid/purchase", |
| 138 |
|
'query' => WISHLIST_SEC_TOKEN_NAME.'='.drupal_get_token(WISHLIST_SEC_TOKEN_VALUE), |
| 139 |
); |
); |
| 140 |
} |
} |
| 141 |
} else if(!$user->uid) { |
} else if(!$user->uid) { |
| 814 |
// Under a preview of a new node there is nothing to see and no nid value just yet. Skip this code. |
// Under a preview of a new node there is nothing to see and no nid value just yet. Skip this code. |
| 815 |
if(!is_null($node->nid) && $node->nid > 0) { |
if(!is_null($node->nid) && $node->nid > 0) { |
| 816 |
// Retrieve all of the records showing what the currently logged in user purchaed on this item. |
// Retrieve all of the records showing what the currently logged in user purchaed on this item. |
| 817 |
$result = db_query(db_rewrite_sql('SELECT p.wishlist_purch_wid, p.wishlist_purch_buyer_uid, p.wishlist_purch_quantity FROM {wishlist_purchased} p WHERE p.wishlist_purch_buyer_uid = @uid AND p.wishlist_purch_nid = @nid', 'p', 'wishlist_purch_buyer_nid'), array('@uid' => $user->uid, '@nid' => $node->nid)); |
$result = db_query(db_rewrite_sql('SELECT p.wishlist_purch_wid, p.wishlist_purch_buyer_uid, p.wishlist_purch_quantity FROM {wishlist_purchased} p WHERE p.wishlist_purch_buyer_uid = %d AND p.wishlist_purch_nid = %d', 'p', 'wishlist_purch_buyer_nid'), $user->uid, $node->nid); |
| 818 |
$header = array( |
$header = array( |
| 819 |
array('data' => t('Quantity<br>You<br>Purchased')), |
array('data' => t('Quantity<br>You<br>Purchased')), |
| 820 |
array('data' => t('Action')) |
array('data' => t('Action')) |
| 827 |
} |
} |
| 828 |
$rows[] = array( |
$rows[] = array( |
| 829 |
array('data' => $wishlist_purch->wishlist_purch_quantity), |
array('data' => $wishlist_purch->wishlist_purch_quantity), |
| 830 |
array('data' => l($action_str, "wishlist/item/$node->nid/return/$wishlist_purch->wishlist_purch_wid")) |
array('data' => l($action_str, "wishlist/item/$node->nid/return/$wishlist_purch->wishlist_purch_wid", array(), WISHLIST_SEC_TOKEN_NAME.'='.drupal_get_token(WISHLIST_SEC_TOKEN_VALUE))) |
| 831 |
); |
); |
| 832 |
} |
} |
| 833 |
if ($rows) { |
if ($rows) { |
| 1056 |
} else { |
} else { |
| 1057 |
$rowdata[] = array('data' => |
$rowdata[] = array('data' => |
| 1058 |
(user_access('access wishlists') && $node->item_quantity_requested > $node->item_quantity_purchased) ? |
(user_access('access wishlists') && $node->item_quantity_requested > $node->item_quantity_purchased) ? |
| 1059 |
l(t('Get this gift'), "wishlist/item/$node->nid/purchase") |
l(t('Get this gift'), "wishlist/item/$node->nid/purchase", array(), WISHLIST_SEC_TOKEN_NAME.'='.drupal_get_token(WISHLIST_SEC_TOKEN_VALUE)) |
| 1060 |
: (($node->item_quantity_purchased >= $node->item_quantity_requested) ? t('(none left to purchase)') |
: (($node->item_quantity_purchased >= $node->item_quantity_requested) ? t('(none left to purchase)') |
| 1061 |
: l(t('Login to get this gift'), 'user/login'))); |
: l(t('Login to get this gift'), 'user/login'))); |
| 1062 |
} |
} |
| 1107 |
* output for display (via theme('page', ...)) |
* output for display (via theme('page', ...)) |
| 1108 |
*/ |
*/ |
| 1109 |
function _wishlist_item_action_handler($nid, $action, $wishlist_purch_id) { |
function _wishlist_item_action_handler($nid, $action, $wishlist_purch_id) { |
| 1110 |
|
|
| 1111 |
|
|
| 1112 |
|
// Verify that the action URL is being called from a page that was offered up to |
| 1113 |
|
// the current user. The drupal_get_token()/drupal_valid_token() pair ensure |
| 1114 |
|
// a degree of security against cross site scripting vulnerabilities |
| 1115 |
|
if(!drupal_valid_token($_GET[WISHLIST_SEC_TOKEN_NAME], WISHLIST_SEC_TOKEN_VALUE, false)) { |
| 1116 |
|
return t('Failed to validate the action security token. This may be due to 1) Allowing anonymous users to take action on wishlist items on your site (they cannot) 2) A cross site scripting attempt 3) An error in the wishlist module where an action URL was not given a security token.'); |
| 1117 |
|
return; |
| 1118 |
|
} |
| 1119 |
|
|
| 1120 |
|
|
| 1121 |
|
|
| 1122 |
if(!is_numeric($nid)) { |
if(!is_numeric($nid)) { |
| 1123 |
watchdog('error', t('Invalid node argument to wishlist_item_action_handler[@nid]', array('@nid' => $nid))); |
watchdog('error', t('Invalid node argument to wishlist_item_action_handler[@nid]', array('@nid' => $nid))); |
| 1124 |
return theme('page', t('Invalid node argument to wishlist_item_action_handler[@nid]', array('@nid' => $nid))); |
return theme('page', t('Invalid node argument to wishlist_item_action_handler[@nid]', array('@nid' => $nid))); |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch