Fixed bug with drupal_eval and tripal_core_exclude_type_by_default hook. If a quote was present in the string being evaluated it would create errors

tripal_analysis/tripal_analysis.module

@@ -129,8 +129,8 @@ function chado_analysis_insert($node) {
   $analysis_id = $node->analysis_id;
   if ($analysis_id) {
     $sql = "SELECT analysis_id ".
-             "FROM {Analysis} ".
-             "WHERE analysis_id = %d ";
+           "FROM {Analysis} ".
+           "WHERE analysis_id = %d ";
     $previous_db = tripal_db_set_active('chado');
     $analysis = db_fetch_object(db_query($sql, $node->analysis_id));
     tripal_db_set_active($previous_db);

tripal_core/api/tripal_core.api.inc

@@ -1677,7 +1677,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
   $fields_to_remove = module_invoke_all('exclude_field_from_' . $table . '_by_default');
   foreach ($fields_to_remove as $field_name => $criteria) {
     //replace >field_name<  with the current field name &
-    $criteria = preg_replace('/>field_name< /', $field_name, $criteria);
+    $criteria = preg_replace('/>field_name< /', addslashes($field_name), $criteria);
     // if field_value needed we can't deal with this field yet
     if (preg_match('/>field_value< /', $criteria)) {
       break;
@@ -1708,7 +1708,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
     // if there are fields of that type to remove
     if (is_array($field_types[$field_type])) {
       //replace >field_name<  with the current field name &
-      $criteria = preg_replace('/>field_name< /', $field_name, $criteria);
+      $criteria = preg_replace('/>field_name< /', addslashes($field_name), $criteria);
       foreach ($field_types[$field_type] as $field_name) {
         // if field_value needed we can't deal with this field yet
         if (preg_match('/>field_value< /', $criteria)) {
@@ -1765,7 +1765,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
         if (!isset($object->{$field_name})) {
           break;
         }
-        $criteria = preg_replace('/>field_value< /', $object->{$field_name}, $criteria);
+        $criteria = preg_replace('/>field_value< /', addslashes($object->{$field_name}), $criteria);
         //if criteria then remove from query
         // @coder-ignore: only module designers can populate $criteria -not security risk
         $success = drupal_eval('<?php return ' . $criteria . '; ?>');
@@ -2127,7 +2127,7 @@ function tripal_core_expand_chado_vars($object, $type, $to_expand, $table_option
  * @ingroup tripal_chado_api
  */
 function tripal_core_exclude_type_by_default() {
-  return array('text' => "strlen('&gt;field_value&lt; ') > 100");
+  return array('text' => 'strlen("&gt;field_value&lt; ") > 100');
 }
 
 /**

tripal_feature/api/tripal_feature.api.inc

@@ -190,7 +190,7 @@ function tripal_feature_analysis_insert_property($analysis_id = NULL, $feature_i
 
   // check that the incoming arguments are correct
   if (($analysis_id and !$feature_id) or
-    (!$analysis_id and $feature_id)) {
+      (!$analysis_id and $feature_id)) {
     watchdog('tripal_feature',
       'tripal_feature_analysis_insert_property: Both an analysis ID and feature ID should be specified',
       array(), WATCHDOG_WARNING);