Merge branch '6.x-1617096-unify_coding_style' of git.drupal.org:sandbox/spficklin/1337878 into 6.x-1617096-unify_coding_style

tripal_core/tripal_core.api.inc

@@ -218,18 +218,18 @@ function tripal_core_chado_insert($table, $values, $options) {
   $iplaceholders = array(); // contains $1/$2 placeholders for the prepare query
   $idatatypes = array(); //contains the data type of the fields (int, text, etc.)
   $i = 1;
-  foreach ($insert_values as $field => $value){
+  foreach ($insert_values as $field => $value) {
     $ifields[] = $field;
     $ivalues[] = $value;
-    $iplaceholders[] = '$'.$i;
+    $iplaceholders[] = '$' . $i;
     $i++;
-    if(strcmp($value,'__NULL__')==0){
+    if (strcmp($value, '__NULL__')==0) {
       $itypes[] = "NULL";
       $idatatypes[] = "NULL";
     }
-    elseif(strcasecmp($table_desc['fields'][$field]['type'],'serial')==0 or
-      strcasecmp($table_desc['fields'][$field]['type'],'int')==0 or
-      strcasecmp($table_desc['fields'][$field]['type'],'integer')==0){
+    elseif (strcasecmp($table_desc['fields'][$field]['type'], 'serial')==0 OR
+      strcasecmp($table_desc['fields'][$field]['type'], 'int')==0 OR
+      strcasecmp($table_desc['fields'][$field]['type'], 'integer')==0) {
       $itypes[] = "%d";
       $idatatypes[] = 'int';
     }
@@ -246,11 +246,12 @@ function tripal_core_chado_insert($table, $values, $options) {
       $status = chado_query($prepare_sql);
 
       if (!$status) {
-        watchdog('tripal_core',"tripal_core_chado_insert: not able to prepare '%name' statement for: %sql", array('%name' => $options['statement_name'], '%sql' => $sql), 'WATCHDOG ERROR');
+        watchdog('tripal_core', "tripal_core_chado_insert: not able to prepare '%name' statement for: %sql", array('%name' => $options['statement_name'], '%sql' => $sql), 'WATCHDOG ERROR');
         return FALSE;
-       }
-    } else {
-      $sql = "INSERT INTO {$table} (" . implode(", ",$ifields) . ") VALUES (". implode(", ",$itypes) .")";
+      }
+    }
+    else {
+      $sql = "INSERT INTO {$table} (" . implode(", ", $ifields) . ") VALUES (" . implode(", ", $itypes) . ")";
     }
   }
 
@@ -265,7 +266,7 @@ function tripal_core_chado_insert($table, $values, $options) {
       $primary_key = array();
       if (!is_array($table_desc['primary key'])) {
         $table_desc['primary key'] = array();
-        watchdog('tripal_core',"tripal_core_chado_insert: %table not defined in tripal schema api", array('%table' => $table), 'WATCHDOG WARNING');
+        watchdog('tripal_core', "tripal_core_chado_insert: %table not defined in tripal schema api", array('%table' => $table), 'WATCHDOG WARNING');
       }
       foreach ($table_desc['primary key'] as $field) {
         $value = db_last_insert_id($table, $field);
@@ -274,7 +275,7 @@ function tripal_core_chado_insert($table, $values, $options) {
       return $values;
     }
     else {
-      watchdog('tripal_core',"tripal_core_chado_insert: not able to execute prepared statement '%name' with values: %values", array('%name' => $options['statement_name'], '%values' => print_r($values,1)), 'WATCHDOG ERROR');
+      watchdog('tripal_core', "tripal_core_chado_insert: not able to execute prepared statement '%name' with values: %values", array('%name' => $options['statement_name'], '%values' => print_r($values, TRUE)), 'WATCHDOG ERROR');
       return FALSE;
     }
   }
@@ -988,6 +989,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
     }
 
     //if criteria then remove from query
+    // @coder-ignore: only module designers can populate $criteria -not security risk
     $success = drupal_eval('<?php return ' . $criteria . '; ?>');
 //    watchdog('tripal_core',
 //      'Evaluating criteria (%criteria) for field %field in tripal_core_generate_chado_var for %table evaluated to %success',
@@ -1023,6 +1025,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
           break;
         }
         //if criteria then remove from query
+        // @coder-ignore: only module designers can populate $criteria -not security risk
         $success = drupal_eval('<?php return ' . $criteria . '; ?>');
 //        watchdog('tripal_core',
 //          'Evaluating criteria (%criteria) for field %field of $type in tripal_core_generate_chado_var for %table evaluated to %success',
@@ -1053,6 +1056,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
       if (db_table_exists('chado_' . $table)) {
         // that has a foreign key to this one ($table_desc['primary key'][0]
         // and to the node table (nid)
+        // @coder-ignore: acting on chado schema rather then drupal schema therefore, table prefixing does not apply
         $sql = "SELECT %s, nid FROM chado_%s WHERE %s=%d";
         $mapping = db_fetch_object(db_query(
           $sql,
@@ -1074,6 +1078,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
         }
         $criteria = preg_replace('/&gt;field_value&lt; /', $object->{$field_name}, $criteria);
         //if criteria then remove from query
+        // @coder-ignore: only module designers can populate $criteria -not security risk
         $success = drupal_eval('<?php return ' . $criteria . '; ?>');
 //      watchdog('tripal_core',
 //        'Evaluating criteria (%criteria) for field %field in tripal_core_generate_chado_var for   %table evaluated to %success',
@@ -1444,7 +1449,7 @@ function chado_query($sql) {
 
   // Execute the query on the chado database/schema
   // Use the persistent chado connection if it already exists
-  $persistent_connection = variable_get('tripal_perisistent_chado',NULL);
+  $persistent_connection = variable_get('tripal_perisistent_chado', NULL);
   if ($persistent_connection) {
     $previously_active_db = $active_db;
     $active_db = $persistent_connection;
@@ -1900,17 +1905,19 @@ function tripal_db_persistent_chado() {
   global $db_url;
 
   // get connection if it already exists
-  $connection = variable_get('tripal_perisistent_chado',NULL);
+  $connection = variable_get('tripal_perisistent_chado', NULL);
 
   if ($connection) {
     return $connection;
 
   // Otherwise we need to set it
-  } else {
+  }
+  else {
     if (is_array($db_url) && isset($db_url['chado'])) {
       $connection = db_connect($db_url['chado']);
       variable_set('tripal_perisistent_chado', $connection);
-    } else {
+    }
+    else {
       $connection = db_connect($db_url);
       variable_set('tripal_perisistent_chado', $connection);
     }
@@ -1941,9 +1948,9 @@ function tripal_db_start_transaction() {
 function tripal_db_set_savepoint_transaction($savepoint, $release = FALSE) {
   // Postgresql requires a savepoint of the same name to be unset before re-use
   if ($release) {
-    chado_query("RELEASE SAVEPOINT %s",$savepoint);
+    chado_query("RELEASE SAVEPOINT %s", $savepoint);
   }
-  chado_query("SAVEPOINT %s",$savepoint);
+  chado_query("SAVEPOINT %s", $savepoint);
 }
 
 /**
@@ -1965,7 +1972,7 @@ function tripal_db_commit_transaction() {
 function tripal_db_rollback_transaction($savepoint = NULL) {
 
   if ($savepoint) {
-    chado_query("ROLLBACK TO SAVEPOINT %s",$savepoint);
+    chado_query("ROLLBACK TO SAVEPOINT %s", $savepoint);
   }
   else {
     chado_query("ROLLBACK");
@@ -2142,6 +2149,7 @@ function tripal_get_chado_custom_schema($table) {
 function tripal_core_chado_schema_exists() {
 
   // This is postgresql-specific code to check the existence of the chado schema
+  // @coder-ignore: acting on pg_catalog schema rather then drupal schema therefore, table prefixing does not apply
   $sql = "SELECT nspname FROM pg_catalog.pg_namespace WHERE nspname = 'chado'";
   if (db_fetch_object(db_query($sql))) {
     return TRUE;

tripal_core/tripal_core.coder_ignores.txt

@@ -2,20 +2,17 @@
 ; file:line:warning-type
 ; where warning-type is one of security, style, sql, i18n, comment, etc.
 
-; This select statement is acting upon the pg_catalog schema rather then the Drupal
-; schema and thus the curly brackets ({}) are not needed.
-tripal_core.schema.api.inc:54:sql
-tripal_core.schema.api.inc:59:sql
-tripal_core.api.inc:1953:sql
-
 ; This query selects from a non-drupal schema where the database prefixes are not
 ; applied and thus the curcly brackets ({}) are not needed
-tripal_core.api.inc:971:sql
+tripal_core.schema.api.inc:55:sql
+tripal_core.schema.api.inc:61:sql
+tripal_core.api.inc:1060:sql
+tripal_core.api.inc:2153:sql
 
 ; Only module designers can create the criteria evaluated by drupal_eval since it
-; is designed in a hook. Since module designers can already write php code to act on 
-; the database and the criteria is never subject to user input, this is not a security 
+; is designed in a hook. Since module designers can already write php code to act on
+; the database and the criteria is never subject to user input, this is not a security
 ; risk.
-tripal_core.api.inc:906:security
-tripal_core.api.inc:941:security
-tripal_core.api.inc:992:security
+tripal_core.api.inc:993:security
+tripal_core.api.inc:1029:security
+tripal_core.api.inc:1082:security

tripal_core/tripal_core.schema.api.inc

@@ -51,11 +51,13 @@
 function tripal_core_get_chado_tables($include_custom = NULL) {
   if (is_array($db_url) AND array_key_exists('chado', $db_url)) {
     $previous_db = tripal_db_set_active('chado');
+    // @coder-ignore: acting on pg_catalog schema rather then drupal schema therefore, table prefixing does not apply
     $sql = 'SELECT tablename FROM pg_tables';
     $resource = db_query($sql);
     tripal_db_set_active($previous_db);
   }
   else {
+    // @coder-ignore: acting on pg_catalog schema rather then drupal schema therefore, table prefixing does not apply
     $sql = "SELECT tablename FROM pg_tables WHERE schemaname='chado'";
     $resource = db_query($sql);
   }

tripal_cv/tripal_cv.coder_ignores.txt

@@ -4,8 +4,4 @@
 
 ; This query selects from a non-drupal schema where the database prefixes are not
 ; applied and thus the curcly brackets ({}) are not needed
-tripal_cv.module:1059:sql
-
-; Need to use POST since this is part of a JS callback
-tripal_cv.module:407:security
-tripal_cv.module:813:security
+tripal_cv.module:1062:sql

tripal_cv/tripal_cv.module

@@ -404,7 +404,7 @@ function tripal_cv_select_form() {
 function tripal_ajax_cv_edit() {
 
   // get the database id, build the form and then return the JSON object
-  $cvid = $_POST['cvid'];
+  $cvid = filter_xss($_POST['cvid']);
   $form = drupal_get_form('tripal_cv_edit_form', $cvid);
   drupal_json(array('status' => TRUE, 'data' => $form));
 
@@ -810,7 +810,7 @@ function tripal_cv_add_cvterm_callback() {
 
   // Retrieve the form from the cache
   $form_state = array('storage' => NULL);
-  $form_build_id = $_POST['form_build_id'];
+  $form_build_id = filter_xss($_POST['form_build_id']);
   $form = form_get_cache($form_build_id, $form_state);
 
   // Preparing to process the form
@@ -1056,6 +1056,7 @@ function tripal_cv_update_cvtermpath($cvid = NULL, $job_id = NULL) {
   print "\nUpdating cvtermpath for $cv->name...\n";
 
   // now fill the cvtermpath table
+  // @coder-ignore: using a function rather then tablename therefore table prefixing doesn't apply
   $sql = "SELECT * FROM fill_cvtermpath('%s')";
   db_query($sql, $cv->name);
   tripal_db_set_active($previous_db);

tripal_cv/tripal_cv.views.inc

@@ -41,7 +41,7 @@ function tripal_cv_views_data() {
     );
     foreach ($tables as $tablename) {
       if (!tripal_views_is_integrated($tablename, 10)) {
-        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename,TRUE);
+        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename, TRUE);
         tripal_views_integration_add_entry($table_integration_array);
       }
     }
@@ -56,7 +56,7 @@ function tripal_cv_views_data() {
     );
     foreach ($tables as $tablename) {
       if (!tripal_views_is_integrated($tablename, 10)) {
-        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename,FALSE);
+        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename, FALSE);
         tripal_views_integration_add_entry($table_integration_array);
       }
     }

tripal_db/tripal_db.module

@@ -188,7 +188,7 @@ function tripal_db_select_form() {
  */
 function tripal_ajax_db_edit() {
   // get the database id, build the form and then return the JSON object
-  $dbid = $_POST['dbid'];
+  $dbid = filter_xss($_POST['dbid']);
   $form = drupal_get_form('tripal_db_form', $dbid);
   drupal_json(array('status' => TRUE, 'data' => $form));
 }
@@ -364,4 +364,3 @@ function tripal_db_form_submit($form, &$form_state) {
 
   return '';
 }
-

tripal_feature/fasta_loader.php

@@ -651,9 +651,11 @@ function tripal_feature_fasta_loader_handle_feature($name, $uname, $db_id, $acce
 
   // add in the analysis link
   if ($analysis_id) {
+    // @coder-ignore: non-drupal table thus table prefixing doesn't apply
     $analysis_link_sql = 'SELECT * FROM analysisfeature WHERE analysis_id=%d AND feature_id=%d';
     $analysis_link = db_fetch_object(db_query($analysis_link_sql, $analysis_id, $feature->feature_id));
     if (!$analysis_link) {
+      // @coder-ignore: non-drupal table thus table prefixing doesn't apply
       $sql = "INSERT INTO analysisfeature (analysis_id, feature_id) VALUES (%d, %d)";
       $result = db_query($sql, $analysis_id, $feature->feature_id);
       if (!$result) {
@@ -666,9 +668,11 @@ function tripal_feature_fasta_loader_handle_feature($name, $uname, $db_id, $acce
    // now add the database cross reference
   if ($db_id) {
     // check to see if this accession reference exists, if not add it
+    // @coder-ignore: non-drupal table thus table prefixing doesn't apply
     $dbxrefsql = "SELECT * FROM dbxref WHERE db_id = %d and accession = '%s'";
     $dbxref = db_fetch_object(db_query($dbxrefsql, $db_id, $accession));
     if (!$dbxref) {
+      // @coder-ignore: non-drupal table thus table prefixing doesn't apply
       $sql = "INSERT INTO dbxref (db_id,accession) VALUES (%d, '%s')";
       $result = db_query($sql, $db_id, $accession);
       if (!$result) {

tripal_feature/gff_loader.php

@@ -158,6 +158,8 @@ function tripal_feature_gff3_load_form_validate($form, &$form_state) {
     form_set_error('gff_file', t("Cannot find the file on the system. Check that the file exists or that the web server has permissions to read the file."));
   }
 
+  // @coder-ignore: there are no functions being called here
+  // @todo: break each line of this conditional into separate variables to make more readable
   if (($add_only AND ($update OR $refresh OR $remove)) OR
     ($update AND ($add_only OR $refresh OR $remove)) OR
     ($refresh AND ($update OR $add_only OR $remove)) OR
@@ -237,6 +239,7 @@ function tripal_feature_load_gff3($gff_file, $organism_id, $analysis_id, $add_on
 
   // get the controlled vocaubulary that we'll be using.  The
   // default is the 'sequence' ontology
+  // @coder-ignore: non-drupal schema thus table prefixing does not apply
   $sql = "SELECT * FROM cv WHERE name = '%s'";
   $cv = db_fetch_object(db_query($sql, 'sequence'));
   if (!$cv) {
@@ -245,6 +248,7 @@ function tripal_feature_load_gff3($gff_file, $organism_id, $analysis_id, $add_on
   }
 
   // get the organism for which this GFF3 file belongs
+  // @coder-ignore: non-drupal schema thus table prefixing does not apply
   $sql = "SELECT * FROM organism WHERE organism_id = %d";
   $organism = db_fetch_object(db_query($sql, $organism_id));
 
@@ -908,6 +912,7 @@ function tripal_feature_load_gff3_alias($feature, $aliases) {
 
     // check to see if we have a NULL publication in the pub table.  If not,
     // then add one.
+    // @coder-ignore: non-drupal schema thus table prefixing does not apply
     $pubsql = "SELECT * FROM {pub} WHERE uniquename = 'null'";
     $pub = db_fetch_object(db_query($pubsql));
     if (!$pub) {

tripal_feature/syncFeatures.php

@@ -344,6 +344,7 @@ function tripal_feature_sync_feature($feature_id) {
   // if we have a chado feature, we want to check to see if we have a node
   $cfsql = "SELECT * FROM {chado_feature} ".
           "WHERE feature_id = %d";
+  // @coder-ignore: don't need to use db_rewrite_sql() since need all nodes regardless of access control
   $nsql =  "SELECT * FROM {node} ".
           "WHERE nid = %d";
   $chado_feature = db_fetch_object(db_query($cfsql, $feature->feature_id));

tripal_feature/tripal_feature.admin.inc

@@ -837,7 +837,7 @@ function tripal_feature_aggregator_form_submit($form, &$form_state) {
  */
 function tripal_feature_aggregator_ajax_edit() {
   // get the database id, build the form and then return the JSON object
-  $type_id = $_POST['type_id'];
+  $type_id = filter_xss($_POST['type_id']);
   $form = drupal_get_form('tripal_feature_aggregator_form', $type_id);
   drupal_json(array('status' => TRUE, 'data' => $form));
 }

tripal_feature/tripal_feature.coder_ignores.txt

@@ -0,0 +1,21 @@
+; The file should be formatted this way :
+; file:line:warning-type
+; where warning-type is one of security, style, sql, i18n, comment, etc.
+
+; This query selects from a non-drupal schema where the database prefixes are not
+; applied and thus the curcly brackets ({}) are not needed
+fasta_loader.php:655:sql
+fasta_loader.php:659:sql
+fasta_loader.php:672:sql
+fasta_loader.php:676:sql
+gff_loader.php:243:sql
+gff_loader.php:252:sql
+gff_loader.php:919:sql
+
+; This is a multi-line conditional that needs to be re-written to be more readable
+gff_loader.php:164:style
+gff_loader.php:165:style
+gff_loader.php:166:style
+
+; Don't need to use db_rewrite_sql() since need all nodes regardless of access control
+syncFeatures.php:425:sql

tripal_feature/tripal_feature.module

@@ -2441,3 +2441,13 @@ function tripal_feature_job_describe_args($callback, $args) {
   return $new_args;
 }
 
+/**
+ * Implements hook_coder_ignore().
+ * Defines the path to the file (tripal_core.coder_ignores.txt) where ignore rules for coder are stored
+ */
+function tripal_feature_coder_ignore() {
+  return array(
+    'path' => drupal_get_path('module', 'tripal_feature'),
+    'line prefix' => drupal_get_path('module', 'tripal_feature'),
+  );
+}