Merge branch '6.x-0.4-dev' of git.drupal.org:sandbox/spficklin/1337878 into 6.x-0.4-dev

tripal_bulk_loader/tripal_bulk_loader.admin.inc

@@ -11,24 +11,24 @@
 function tripal_bulk_loader_admin_template() {
   $output = '';
 
-  $output .= '<br><h3>Quick Links:</h3>';
-  $output .= l('Create a new bulk loader template', 'admin/tripal/tripal_bulk_loader_template/create') . "<br>";
-  $output .= l('Edit a bulk loader template', 'admin/tripal/tripal_bulk_loader_template/edit') . "<br>";
-  $output .= l('Delete a bulk loader template', 'admin/tripal/tripal_bulk_loader_template/delete') . "<br>";
-  $output .= l('Export a bulk loader template', 'admin/tripal/tripal_bulk_loader_template/export') . "<br>";
-  $output .= l('Import a bulk loader template', 'admin/tripal/tripal_bulk_loader_template/import') . "<br>";
-  $output .= '<br>';
+  $output .= '<br /><h3>Quick Links:</h3>';
+  $output .= l(t('Create a new bulk loader template'), 'admin/tripal/tripal_bulk_loader_template/create') . "<br />";
+  $output .= l(t('Edit a bulk loader template'), 'admin/tripal/tripal_bulk_loader_template/edit') . "<br />";
+  $output .= l(t('Delete a bulk loader template'), 'admin/tripal/tripal_bulk_loader_template/delete') . "<br />";
+  $output .= l(t('Export a bulk loader template'), 'admin/tripal/tripal_bulk_loader_template/export') . "<br />";
+  $output .= l(t('Import a bulk loader template'), 'admin/tripal/tripal_bulk_loader_template/import') . "<br />";
+  $output .= '<br />';
 
   $output .= '<h3>Module Description:</h3>';
   $output .= '<p>This module provides the ability to create loading templates for any tab-delimited '
     . 'data file allowing it to be loaded into chado. The Loading Templates are a direct mapping '
     . 'between the columns in your file and the columns in chado tables. As such to use this tool '
     . 'you need to be very familar with the chado schema -See '
-    . l('Chado -Getting Started', 'http://gmod.org/wiki/Chado_-_Getting_Started')
+    . l(t('Chado -Getting Started'), 'http://gmod.org/wiki/Chado_-_Getting_Started')
     . '. The ability to add constants and specify foreign key contraints is also provided '
     . 'in order for the loader to fill chado columns which may be required but are not specified '
     . 'in your input file.</p>';
-  $output .= '<br>';
+  $output .= '<br />';
 
   $output .= '<h3>Setup Instructions</h3>';
   $output .= '<p>After intallation of the bulk loader module, the following tasks should be performed:</p>';
@@ -95,7 +95,7 @@ function tripal_bulk_loader_configuration_form($form_state = NULL) {
         fixing the error (manual intervention needed).</div>'),
       'none' => t('Do not use transactions<div class="description">This is not recommended.</div>')
     ),
-    '#default_value' => variable_get('tripal_bulk_loader_transactions','row')
+    '#default_value' => variable_get('tripal_bulk_loader_transactions',   'row')
   );
 
   $form['speed']['lock'] = array(
@@ -112,8 +112,7 @@ function tripal_bulk_loader_configuration_form($form_state = NULL) {
     '#default_value' => variable_get('tripal_bulk_loader_lock', 'ROW EXCLUSIVE'),
   );
 
-
- $form['submit1'] = array(
+  $form['submit1'] = array(
     '#type' => 'submit',
     '#value' => t('Save')
   );
@@ -129,7 +128,7 @@ function tripal_bulk_loader_configuration_form_submit($form, $form_state) {
   variable_set('tripal_bulk_loader_prepare', $form_state['values']['prepare']);
   variable_set('tripal_bulk_loader_disable_triggers', $form_state['values']['disable_triggers']);
   variable_set('tripal_bulk_loader_skip_validation', $form_state['values']['no_validate']);
-  variable_set('tripal_bulk_loader_transactions',$form_state['values']['transactions']);
+  variable_set('tripal_bulk_loader_transactions', $form_state['values']['transactions']);
   variable_set('tripal_bulk_loader_lock', $form_state['values']['lock']);
 
 }
@@ -146,7 +145,7 @@ function tripal_bulk_loader_modify_template_base_form($form_state = NULL, $mode)
   $form = array();
 
    // get template id from path and rebuild form
-   if ($_GET['template_id']) {
+  if ($_GET['template_id']) {
     if (preg_match('/^\d+$/', $_GET['template_id'])) {
       $form_state['storage']['template_id'] = $_GET['template_id'];
     }
@@ -159,7 +158,7 @@ function tripal_bulk_loader_modify_template_base_form($form_state = NULL, $mode)
     $form_state['storage']['record2priority'] = array();
     foreach ($form_state['storage']['template'] as $priority => $record_array) {
       if (!is_array($record_array)) {
-      continue; }
+        continue; }
       $form_state['storage']['record2priority'][$record_array['record_id']] = $priority;
     }
   }
@@ -171,15 +170,15 @@ function tripal_bulk_loader_modify_template_base_form($form_state = NULL, $mode)
 
   if ($form_state['storage']['template_id']) {
     $form['template_name'] = array(
-        '#type' => 'item',
-        '#title' => 'Template',
-        '#value' => $form_state['storage']['template_name'],
-        '#weight' => 1,
+      '#type' => 'item',
+      '#title' => 'Template',
+      '#value' => $form_state['storage']['template_name'],
+      '#weight' => 1,
     );
   }
   else {
     if (preg_match('/create/', $mode)) {
-     $form['new_template_name'] = array(
+      $form['new_template_name'] = array(
         '#type' => 'textfield',
         '#title' => 'Template Name',
         '#weight' => 1,
@@ -264,11 +263,11 @@ function tripal_bulk_loader_modify_template_base_form($form_state = NULL, $mode)
         $form['records']['records-data'][$priority] = array(
           'title' => array(
             '#type' => 'markup',
-            '#value' => $table_array['record_id'],
+            '#value' => filter_xss($table_array['record_id']),
           ),
           'chado_table' => array(
             '#type' => 'markup',
-            '#value' => $table_array['table'],
+            '#value' => filter_xss($table_array['table']),
           ),
           'mode' => array(
             '#type' => 'item',
@@ -394,6 +393,7 @@ function tripal_bulk_loader_modify_template_base_form($form_state = NULL, $mode)
     '#value' => $value,
     '#weight' => 4,
   );
+
   return $form;
 }
 
@@ -423,8 +423,8 @@ function tripal_bulk_loader_modify_template_base_form_submit($form, &$form_state
       $form_state['storage']['record2priority'] = array();
       foreach ($form_state['storage']['template'] as $priority => $record_array) {
         if (!is_array($record_array)) {
-         continue;
-         }
+          continue;
+        }
         $form_state['storage']['record2priority'][$record_array['record_id']] = $priority;
       }
     break;
@@ -444,11 +444,11 @@ function tripal_bulk_loader_modify_template_base_form_submit($form, &$form_state
     case 'Save Order':
       $new_template = $form_state['storage']['template'];
       // unset old elements
-       $form_state['storage']['record2priority'] = array();
+      $form_state['storage']['record2priority'] = array();
       foreach ($new_template as $priority => $record_array) {
         if (preg_match('/\d+/', $priority)) {
-           unset($new_template[$priority]);
-         }
+          unset($new_template[$priority]);
+        }
       }
       //set elements in new order
       foreach ($form_state['values']['records-data'] as $item) {
@@ -514,7 +514,7 @@ function tripal_bulk_loader_modify_template_base_form_submit($form, &$form_state
         unset($form_state['storage']['record2priority'][$form_state['storage']['template'][$priority]['record_id']]);
         unset($form_state['storage']['template'][$priority]);
       }
-      drupal_set_message('Deleted Field from Template.');
+      drupal_set_message(t('Deleted Field from Template.'));
     break;
   } //end of switch
 
@@ -524,7 +524,7 @@ function tripal_bulk_loader_modify_template_base_form_submit($form, &$form_state
     'template_array' => serialize($form_state['storage']['template'])
   );
   drupal_write_record('tripal_bulk_loader_template', $record, array('template_id'));
-  drupal_set_message('Template Saved.');
+  drupal_set_message(t('Template Saved.'));
 
 }
 
@@ -605,7 +605,7 @@ function tripal_bulk_loader_import_export_template_form($form_state = NULL, $mod
   );
 
   if (preg_match('/import/', $mode)) {
-   $form['new_template_name'] = array(
+    $form['new_template_name'] = array(
       '#type' => 'textfield',
       '#title' => 'Template Name',
       '#weight' => 1,
@@ -670,7 +670,7 @@ function tripal_bulk_loader_import_export_template_form_submit($form, &$form_sta
       );
       drupal_write_record('tripal_bulk_loader_template', $record);
       if ($record->template_id) {
-        drupal_set_message('Successfully imported Tripal Bulk Loader Template.');
+        drupal_set_message(t('Successfully imported Tripal Bulk Loader Template.'));
       }
     break;
   }
@@ -694,20 +694,20 @@ function tripal_bulk_loader_import_export_template_form_submit($form, &$form_sta
  *   A form array to be rendered by drupal_get_form
  */
 function tripal_bulk_loader_edit_template_record_form(&$form_state = NULL) {
-   $form['#cache'] = TRUE; // Make sure the form is cached.
+  $form['#cache'] = TRUE; // Make sure the form is cached.
 
    // get template id from path
-   $template_id = ($_GET['template_id'] !== NULL) ? $_GET['template_id'] : $form_state['values']['template_id'];
+  $template_id = ($_GET['template_id'] !== NULL) ? $_GET['template_id'] : $form_state['values']['template_id'];
 
-   // if there is no template supplied don't return rest of form
-   if (!$template_id) {
-     return $form;
-   }
+  // if there is no template supplied don't return rest of form
+  if (!$template_id) {
+    return $form;
+  }
 
   // Pre-process values/defaults ---------------------------
 
-   // If this is the first load of the form (no form state) we need to initialize some variables
-   if (!$form_state['storage']['template']) {
+  // If this is the first load of the form (no form state) we need to initialize some variables
+  if (!$form_state['storage']['template']) {
     $sql = "SELECT * FROM {tripal_bulk_loader_template} WHERE template_id=%d";
     $template = db_fetch_object(db_query($sql, $template_id));
     $form_state['storage']['template_array'] = unserialize($template->template_array);
@@ -716,8 +716,8 @@ function tripal_bulk_loader_edit_template_record_form(&$form_state = NULL) {
     $form_state['storage']['record2priority'] = array();
     foreach ($form_state['storage']['template_array'] as $priority => $record_array) {
       if (!is_array($record_array)) {
-         continue;
-       }
+        continue;
+      }
       $form_state['storage']['record2priority'][$record_array['record_id']] = $priority;
     }
 
@@ -727,10 +727,10 @@ function tripal_bulk_loader_edit_template_record_form(&$form_state = NULL) {
     $template = $form_state['storage']['template'];
   }
 
-   // get the record_id from the path
-   if ($_GET['record_id'] !== NULL) {
-     $form_state['values']['field_group'] = $_GET['record_id'];
-     $form_state['storage']['original_priority'] = $_GET['record_id'];
+  // get the record_id from the path
+  if ($_GET['record_id'] !== NULL) {
+    $form_state['values']['field_group'] = $_GET['record_id'];
+    $form_state['storage']['original_priority'] = $_GET['record_id'];
   }
 
 
@@ -855,8 +855,8 @@ function tripal_bulk_loader_edit_template_record_form_submit($form, &$form_state
       $success = drupal_write_record('tripal_bulk_loader_template', $form_state['storage']['template'], array('template_id'));
 
       if ($success) {
-        drupal_set_message('Successfully Updated Template Record');
-        drupal_set_message('Template Saved.');
+        drupal_set_message(t('Successfully Updated Template Record'));
+        drupal_set_message(t('Template Saved.'));
 
         $path = explode('?', $form_state['storage']['referring URL']);
         parse_str($path[1], $query);
@@ -864,7 +864,7 @@ function tripal_bulk_loader_edit_template_record_form_submit($form, &$form_state
         drupal_goto($path[0], $query);
       }
       else {
-        drupal_set_message('Unable to Save Template!', 'error');
+        drupal_set_message(t('Unable to Save Template!'), 'error');
         watchdog('T_bulk_loader',
           'Unable to save bulk loader template: %template',
           array('%template' => print_r($form_state['storage']['template'], TRUE)),
@@ -902,32 +902,32 @@ function tripal_bulk_loader_edit_template_record_form_submit($form, &$form_state
  */
 function tripal_bulk_loader_add_template_field_form(&$form_state = NULL) {
   $form = array();
-   $form['#cache'] = TRUE; // Make sure the form is cached.
+  $form['#cache'] = TRUE; // Make sure the form is cached.
 
-   // get template id from path
-   $template_id = ($_GET['template_id']) ? $_GET['template_id'] : $form_state['values']['template_id'];
+  // get template id from path
+  $template_id = ($_GET['template_id']) ? $_GET['template_id'] : $form_state['values']['template_id'];
 
-   // if there is no template supplied don't return rest of form
-   if (!$template_id) {
-     return $form;
-   }
+  // if there is no template supplied don't return rest of form
+  if (!$template_id) {
+    return $form;
+  }
 
   // Pre-set Variables needed for form proper------------------------------------------
 
    // If this is the first load of the form (no form state) we need to initialize some variables
-   if (!$form_state['storage']['template']) {
+  if (!$form_state['storage']['template']) {
     $sql = "SELECT * FROM {tripal_bulk_loader_template} WHERE template_id=%d";
     $template = db_fetch_object(db_query($sql, $template_id));
     $form_state['storage']['template_array'] = unserialize($template->template_array);
     $form_state['storage']['template'] = $template;
 
     $form_state['storage']['record2priority'] = array();
-    foreach ($form_state['storage']['template_array'] as $priority => $record_array) {
-      if (!is_array($record_array)) {
-        continue;
-      }
-      $form_state['storage']['record2priority'][$record_array['record_id']] = $priority;
+  foreach ($form_state['storage']['template_array'] as $priority => $record_array) {
+    if (!is_array($record_array)) {
+      continue;
     }
+    $form_state['storage']['record2priority'][$record_array['record_id']] = $priority;
+  }
 
     $form_state['storage']['referring URL'] = $_SERVER["HTTP_REFERER"];
   }
@@ -958,8 +958,8 @@ function tripal_bulk_loader_add_template_field_form(&$form_state = NULL) {
   }
 
    // get the record_id from the path
-   if ($_GET['record_id'] !== NULL) {
-     $form_state['values']['field_group'] = $_GET['record_id'];
+  if ($_GET['record_id'] !== NULL) {
+    $form_state['values']['field_group'] = $_GET['record_id'];
     if (preg_match('/\d+/', $_GET['record_id'])) {
       $priority = $form_state['values']['field_group'];
       $table = $form_state['storage']['template_array'][$priority]['table'];
@@ -1311,9 +1311,9 @@ function tripal_bulk_loader_add_template_field_form(&$form_state = NULL) {
     $form['add_fields']['additional']['regex_transform']['new_regex']['replace']['#description'] .= '<p>'
       .'The following references are also available for spreadsheet fields: <b><#column:<i>number</i>#></b>. '
       .'This allows you to substitute other spreadsheet values into the current field. For example, '
-      .'if you had the following line:<br>'
+      .'if you had the following line:<br />'
       . $tab . 'SNP' . $tab . '15-Jan-2011' . $tab . '1' . $tab . '54' . $tab . 'Contig34355'
-      .'<br> and your current field is for column #1 and you\'re inserting into the chado field '
+      .'<br /> and your current field is for column #1 and you\'re inserting into the chado field '
       .'feature.uniquename then you might want to add in the data to ensure your uniquename is '
       .'unique. The Match Pattern is (.*) to select all the first column and the Replacement '
       .'Pattern could be \1_<#column:2#> which would insert SNP_15-Jan-2011 into the database.</p>';
@@ -1441,8 +1441,8 @@ function tripal_bulk_loader_add_template_field_form_submit($form, &$form_state)
       $success = drupal_write_record('tripal_bulk_loader_template', $form_state['storage']['template'], array('template_id'));
 
       if ($success) {
-        drupal_set_message('Successfully Added Field to Template');
-        drupal_set_message('Template Saved.');
+        drupal_set_message(t('Successfully Added Field to Template'));
+        drupal_set_message(t('Template Saved.'));
 
         $path = explode('?', $form_state['storage']['referring URL']);
         parse_str($path[1], $query);
@@ -1450,7 +1450,7 @@ function tripal_bulk_loader_add_template_field_form_submit($form, &$form_state)
         drupal_goto($path[0], $query);
       }
       else {
-        drupal_set_message('Unable to Save Template!', 'error');
+        drupal_set_message(t('Unable to Save Template!'), 'error');
         watchdog('T_bulk_loader',
           'Unable to save bulk loader template: %template',
           array('%template' => print_r($form_state['storage']['template'], TRUE)),
@@ -1469,7 +1469,7 @@ function tripal_bulk_loader_add_template_field_form_submit($form, &$form_state)
       // Add transformation rule to original field
       $form_state['storage']['regex']['pattern'][] = '/' . $form_state['values']['pattern'] . '/';
       $form_state['storage']['regex']['replace'][] = $form_state['values']['replace'];
-      drupal_set_message('Successfully Added Transformation Rule');
+      drupal_set_message(t('Successfully Added Transformation Rule'));
 
     }
     elseif ($op == 'Save Transformation Rule Order') {
@@ -1526,20 +1526,20 @@ function tripal_bulk_loader_add_template_field_form_submit($form, &$form_state)
  */
 function tripal_bulk_loader_edit_template_field_form(&$form_state = NULL) {
   $form = array();
-   $form['#cache'] = TRUE; // Make sure the form is cached.
+  $form['#cache'] = TRUE; // Make sure the form is cached.
 
-   // get template id from path
-   $template_id = ($_GET['template_id']) ? $_GET['template_id'] : $form_state['values']['template_id'];
+  // get template id from path
+  $template_id = ($_GET['template_id']) ? $_GET['template_id'] : $form_state['values']['template_id'];
 
-   // if there is no template supplied don't return rest of form
-   if (!$template_id) {
-     return $form;
-   }
+  // if there is no template supplied don't return rest of form
+  if (!$template_id) {
+    return $form;
+  }
 
   // Pre-set Variables needed for form proper------------------------------------------
 
-   // If this is the first load of the form (no form state) we need to initialize some variables
-   if (!$form_state['storage']['template']) {
+  // If this is the first load of the form (no form state) we need to initialize some variables
+  if (!$form_state['storage']['template']) {
     $sql = "SELECT * FROM {tripal_bulk_loader_template} WHERE template_id=%d";
     $template = db_fetch_object(db_query($sql, $template_id));
     $form_state['storage']['template_array'] = unserialize($template->template_array);
@@ -1548,8 +1548,8 @@ function tripal_bulk_loader_edit_template_field_form(&$form_state = NULL) {
     $form_state['storage']['record2priority'] = array();
     foreach ($form_state['storage']['template_array'] as $priority => $record_array) {
       if (!is_array($record_array)) {
-         continue;
-       }
+        continue;
+      }
       $form_state['storage']['record2priority'][$record_array['record_id']] = $priority;
     }
 
@@ -1919,9 +1919,9 @@ function tripal_bulk_loader_edit_template_field_form(&$form_state = NULL) {
     $form['edit_fields']['additional']['regex_transform']['new_regex']['replace']['#description'] .= '<p>'
       .'The following references are also available for spreadsheet fields: <b><#column:<i>number</i>#></b>. '
       .'This allows you to substitute other spreadsheet values into the current field. For example, '
-      .'if you had the following line:<br>'
+      .'if you had the following line:<br />'
       . $tab . 'SNP' . $tab . '15-Jan-2011' . $tab . '1' . $tab . '54' . $tab . 'Contig34355'
-      .'<br> and your current field is for column #1 and you\'re inserting into the chado field '
+      .'<br /> and your current field is for column #1 and you\'re inserting into the chado field '
       .'feature.uniquename then you might want to add in the data to ensure your uniquename is '
       .'unique. The Match Pattern is (.*) to select all the first column and the Replacement '
       .'Pattern could be \1_<#column:2#> which would insert SNP_15-Jan-2011 into the database.</p>';
@@ -2062,8 +2062,8 @@ function tripal_bulk_loader_edit_template_field_form_submit($form, &$form_state)
       $success = drupal_write_record('tripal_bulk_loader_template', $form_state['storage']['template'], array('template_id'));
 
       if ($success) {
-        drupal_set_message('Successfully Updated Field');
-        drupal_set_message('Template Saved.');
+        drupal_set_message(t('Successfully Updated Field'));
+        drupal_set_message(t('Template Saved.'));
 
         $path = explode('?', $form_state['storage']['referring URL']);
         parse_str($path[1], $query);
@@ -2071,7 +2071,7 @@ function tripal_bulk_loader_edit_template_field_form_submit($form, &$form_state)
         drupal_goto($path[0], $query);
       }
       else {
-        drupal_set_message('Unable to Save Template!', 'error');
+        drupal_set_message(t('Unable to Save Template!'), 'error');
         watchdog('T_bulk_loader',
           'Unable to save bulk loader template: %template',
           array('%template' => print_r($form_state['storage']['template'], TRUE)),
@@ -2104,11 +2104,11 @@ function tripal_bulk_loader_edit_template_field_form_submit($form, &$form_state)
       $success = drupal_write_record('tripal_bulk_loader_template', $form_state['storage']['template'], array('template_id'));
 
       if ($success) {
-        drupal_set_message('Successfully Added Transformation Rule');
-        drupal_set_message('Template Saved.');
+        drupal_set_message(t('Successfully Added Transformation Rule'));
+        drupal_set_message(t('Template Saved.'));
       }
       else {
-        drupal_set_message('Unable to Save Template!', 'error');
+        drupal_set_message(t('Unable to Save Template!'), 'error');
         watchdog('T_bulk_loader',
           'Unable to save bulk loader template: %template',
           array('%template' => print_r($form_state['storage']['template'], TRUE)),
@@ -2141,11 +2141,11 @@ function tripal_bulk_loader_edit_template_field_form_submit($form, &$form_state)
       $success = drupal_write_record('tripal_bulk_loader_template', $form_state['storage']['template'], array('template_id'));
 
       if ($success) {
-        drupal_set_message('Successfully Reordered Transformation Rules');
-        drupal_set_message('Template Saved.');
+        drupal_set_message(t('Successfully Reordered Transformation Rules'));
+        drupal_set_message(t('Template Saved.'));
       }
       else {
-        drupal_set_message('Unable to Save Template!', 'error');
+        drupal_set_message(t('Unable to Save Template!'), 'error');
         watchdog('T_bulk_loader',
           'Unable to save bulk loader template: %template',
           array('%template' => print_r($form_state['storage']['template'], TRUE)),
@@ -2169,11 +2169,11 @@ function tripal_bulk_loader_edit_template_field_form_submit($form, &$form_state)
       $success = drupal_write_record('tripal_bulk_loader_template', $form_state['storage']['template'], array('template_id'));
 
       if ($success) {
-        drupal_set_message('Successfully Reordered Transformation Rules');
-        drupal_set_message('Template Saved.');
+        drupal_set_message(t('Successfully Reordered Transformation Rules'));
+        drupal_set_message(t('Template Saved.'));
       }
       else {
-        drupal_set_message('Unable to Save Template!', 'error');
+        drupal_set_message(t('Unable to Save Template!'), 'error');
         watchdog('T_bulk_loader',
           'Unable to save bulk loader template: %template',
           array('%template' => print_r($form_state['storage']['template'], TRUE)),
@@ -2207,7 +2207,7 @@ function tripal_bulk_loader_edit_template_field_form_submit($form, &$form_state)
 function tripal_bulk_loader_add_field_ahah() {
 
   $form_state = array('storage' => NULL, 'submitted' => FALSE);
-  $form_build_id = $_POST['form_build_id'];
+  $form_build_id = filter_xss($_POST['form_build_id']);
   $form = form_get_cache($form_build_id, $form_state);
   $args = $form['#parameters'];
   $form_id = array_shift($args);
@@ -2242,7 +2242,7 @@ function tripal_bulk_loader_add_field_ahah() {
 function tripal_bulk_loader_edit_field_ahah() {
 
   $form_state = array('storage' => NULL, 'submitted' => FALSE);
-  $form_build_id = $_POST['form_build_id'];
+  $form_build_id = filter_xss($_POST['form_build_id']);
   $form = form_get_cache($form_build_id, $form_state);
   $args = $form['#parameters'];
   $form_id = array_shift($args);

tripal_bulk_loader/tripal_bulk_loader.coder_ignores.txt

@@ -0,0 +1,11 @@
+; The file should be formatted this way :
+; file:line:warning-type
+; where warning-type is one of security, style, sql, i18n, comment, etc.
+
+; all variables are filtered
+tripal_bulk_loader.admin.inc:398:security
+tripal_bulk_loader.constants.inc::260:security
+
+; doesn't need to be filtered b/c all variables set in code and not subjected to
+; user input
+tripal_bulk_loader.constants.inc:376:security

tripal_bulk_loader/tripal_bulk_loader.constants.inc

@@ -160,15 +160,15 @@ function tripal_bulk_loader_set_constants_form($form_state, $node) {
           $group = $field['group_id'];
           $form['exposed_fields']['existing'][$group][$index] = array(
             '#type' => 'markup',
-            '#value' => $field['value'],
+            '#value' => filter_xss($field['value']),
           );
         }
       }
 
       $form['exposed_fields']['existing'][$group]['delete'] = array(
         '#type' => 'markup',
-        '#value' => l(t('Edit'), 'node/' . $node->nid . '/constants/' . $group . '/edit') . '<br />'  .
-          l(t('Delete'), 'node/' . $node->nid . '/constants/' . $group . '/delete'),
+        '#value' => filter_xss(l(t('Edit'), 'node/' . $node->nid . '/constants/' . $group . '/edit') . '&nbsp&nbsp|&nbsp&nbsp'  .
+          l(t('Delete'), 'node/' . $node->nid . '/constants/' . $group . '/delete')),
       );
 
     }
@@ -364,6 +364,7 @@ function theme_tripal_bulk_loader_set_constants_form($form) {
       $i++;
     }
     //drupal_add_tabledrag('mytable', 'order', 'sibling', 'weight-group');
+    // @coder-ignore: no user input thus don't need to filter
     $form['exposed_fields']['existing'] = array(
       '#type' => 'markup',
       '#value' => theme('table', $header, $rows, array('id' => 'mytable')) . '<br />'
@@ -509,7 +510,7 @@ function tripal_bulk_loader_edit_constant_set_form_submit($form, $form_state) {
         );
       }
     }
-    drupal_set_message('The constant set was successfully updated.');
+    drupal_set_message(t('The constant set was successfully updated.'));
 
   }
 
@@ -562,7 +563,7 @@ function tripal_bulk_loader_delete_constant_set_form_submit($form, $form_state)
   $nid = $form_state['values']['nid'];
   if ($nid && $form_state['values']['confirm']) {
     db_query("DELETE FROM {tripal_bulk_loader_constants} WHERE nid=%d AND group_id=%d", $nid, $group_id);
-    drupal_set_message('Constant set successfully deleted.');
+    drupal_set_message(t('Constant set successfully deleted.'));
   }
 
 }

tripal_bulk_loader/tripal_bulk_loader.install

@@ -9,14 +9,14 @@
  * Implements hook_install
  */
 function tripal_bulk_loader_install() {
-   drupal_install_schema('tripal_bulk_loader');
+  drupal_install_schema('tripal_bulk_loader');
 }
 
 /**
  * Implements hook_uninstall
  */
 function tripal_bulk_loader_uninstall() {
-   drupal_uninstall_schema('tripal_bulk_loader');
+  drupal_uninstall_schema('tripal_bulk_loader');
 }
 
 /**

tripal_bulk_loader/tripal_bulk_loader.loader.inc

@@ -144,7 +144,7 @@ function tripal_bulk_loader_load_data($nid) {
 
     // Add tables being inserted into to a list to be treated differently
     // this is used to acquire locks on these tables
-    if (preg_match('/insert/',$record_array['mode'])) {
+    if (preg_match('/insert/', $record_array['mode'])) {
       $tables[$record_array['table']] = $record_array['table'];
     }
 
@@ -257,7 +257,7 @@ function tripal_bulk_loader_load_data($nid) {
     }
 
     // Start Transaction
-    switch (variable_get('tripal_bulk_loader_transactions','row')) {
+    switch (variable_get('tripal_bulk_loader_transactions', 'row')) {
       case "none":
         break;
       case "all":
@@ -431,9 +431,9 @@ function process_data_array_for_line($priority, &$data, &$default_data, $field2c
       // a field is considered missing if it cannot be null and there is no default
       // value for it or it is of type 'serial'
       if ($def['not null'] == 1 and !array_key_exists($field, $insert_values) and !isset($def['default']) and strcmp($def['type'], serial)!=0) {
-         $msg = 'Line ' . $line_num . ' ' . $table_data['record_id'] . ' (' . $table_data['mode'] . ') Missing Database Required Value: ' . $table . '.' . $field;
-         watchdog('T_bulk_loader', $msg, array(), WATCHDOG_NOTICE);
-         $data[$priority]['error'] = TRUE;
+        $msg = 'Line ' . $line_num . ' ' . $table_data['record_id'] . ' (' . $table_data['mode'] . ') Missing Database Required Value: ' . $table . '.' . $field;
+        watchdog('T_bulk_loader', $msg, array(), WATCHDOG_NOTICE);
+        $data[$priority]['error'] = TRUE;
       }
     }
   } //end of if optional record
@@ -485,8 +485,8 @@ function process_data_array_for_line($priority, &$data, &$default_data, $field2c
 
   if (!preg_match('/select/', $table_data['mode'])) {
     // Use prepared statement?
-    if (variable_get('tripal_bulk_loader_prepare',TRUE)) {
-      $options = array('statement_name' => 'record_'.$priority);
+    if (variable_get('tripal_bulk_loader_prepare', TRUE)) {
+      $options = array('statement_name' => 'record_' . $priority);
       if ($line_num == 1 && $group_index == 1) {
         $options['prepare'] = TRUE;
       }
@@ -635,8 +635,8 @@ function tripal_bulk_loader_regex_tranform_values($values, $table_data, $line) {
 
   foreach ($table_data['regex_transform'] as $field => $regex_array) {
     if (!is_array($regex_array['replace'])) {
-       continue;
-     }
+      continue;
+    }
 
     //print 'Match:'.print_r($regex_array['pattern'],TRUE)."\n";
     //print 'Replace:'.print_r($regex_array['replace'],TRUE)."\n";
@@ -680,8 +680,8 @@ function tripal_bulk_loader_flatten_array($values) {
     if (is_array($v)) {
       $vstr = array();
       foreach ($v as $vk => $vv) {
-        if (strlen($vv) > 20) {
-          $vstr[] = $vk . '=>' . substr($vv, 0, 20) . '...';
+        if (drupal_strlen($vv) > 20) {
+          $vstr[] = $vk . '=>' . drupal_substr($vv, 0, 20) . '...';
         }
         else {
           $vstr[] = $vk . '=>' . $vv;
@@ -689,8 +689,8 @@ function tripal_bulk_loader_flatten_array($values) {
       }
       $v = '{' . implode(',', $vstr) . '}';
     }
-    elseif (strlen($v) > 20) {
-      $v = substr($v, 0, 20) . '...';
+    elseif (drupal_strlen($v) > 20) {
+      $v = drupal_substr($v, 0, 20) . '...';
     }
     $flattened_values[] = $k . '=>' . $v;
   }

tripal_bulk_loader/tripal_bulk_loader.module

@@ -18,140 +18,140 @@ function tripal_bulk_loader_init() {
  */
 function tripal_bulk_loader_menu() {
   $items = array();
-   // Show all loaders
-   $items['tripal_bulk_loaders'] = array(
-     'title' => 'Tripal Bulk Loaders',
-     'description' => 'Tripal bulk loaders for loading tab-delimited file into chado database',
-     'page callback' => 'tripal_bulk_loader_list',
-     'access arguments' => array('access tripal_bulk_loader'),
-     'type' => MENU_NORMAL_ITEM,
-   );
-   // Bulk Loading Job Node
-   $items['node/%node/constants/%/edit'] = array(
-      'title' => 'Edit Constant Set',
-      'description' => 'Edit a group of constants associated with the current bulk loader',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_edit_constant_set_form', 1, 3),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_CALLBACK,
-      'file' => 'tripal_bulk_loader.constants.inc',
-   );
-   $items['node/%node/constants/%/delete'] = array(
-      'title' => 'Delete Constant Set',
-      'description' => 'Delete a group of constants associated with the current bulk loader',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_delete_constant_set_form', 1, 3),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_CALLBACK,
-      'file' => 'tripal_bulk_loader.constants.inc',
-   );
-
-   // Admin page to create the template
-   $items['admin/tripal/tripal_bulk_loader_template'] = array(
-      'title' => 'Bulk Loader Template',
-      'description' => 'Templates for loading tab-delimited data',
-      'page callback' => 'tripal_bulk_loader_admin_template',
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_NORMAL_ITEM,
-      'file' => 'tripal_bulk_loader.admin.inc',
+  // Show all loaders
+  $items['tripal_bulk_loaders'] = array(
+    'title' => 'Tripal Bulk Loaders',
+    'description' => 'Tripal bulk loaders for loading tab-delimited file into chado database',
+    'page callback' => 'tripal_bulk_loader_list',
+    'access arguments' => array('access tripal_bulk_loader'),
+    'type' => MENU_NORMAL_ITEM,
   );
-   $items['admin/tripal/tripal_bulk_loader_template/configure'] = array(
-      'title' => 'Configure',
-      'description' => 'Configuration of global options related to bulk loading jobs',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_configuration_form'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_NORMAL_ITEM,
-      'file' => 'tripal_bulk_loader.admin.inc',
+  // Bulk Loading Job Node
+  $items['node/%node/constants/%/edit'] = array(
+    'title' => 'Edit Constant Set',
+    'description' => 'Edit a group of constants associated with the current bulk loader',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_edit_constant_set_form', 1, 3),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_CALLBACK,
+    'file' => 'tripal_bulk_loader.constants.inc',
+  );
+  $items['node/%node/constants/%/delete'] = array(
+    'title' => 'Delete Constant Set',
+    'description' => 'Delete a group of constants associated with the current bulk loader',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_delete_constant_set_form', 1, 3),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_CALLBACK,
+    'file' => 'tripal_bulk_loader.constants.inc',
+  );
+
+  // Admin page to create the template
+  $items['admin/tripal/tripal_bulk_loader_template'] = array(
+    'title' => 'Bulk Loader Template',
+    'description' => 'Templates for loading tab-delimited data',
+    'page callback' => 'tripal_bulk_loader_admin_template',
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
+    'file' => 'tripal_bulk_loader.admin.inc',
+  );
+  $items['admin/tripal/tripal_bulk_loader_template/configure'] = array(
+    'title' => 'Configure',
+    'description' => 'Configuration of global options related to bulk loading jobs',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_configuration_form'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
+    'file' => 'tripal_bulk_loader.admin.inc',
   );
 
   // Create/Edit Template -------
   $items['admin/tripal/tripal_bulk_loader_template/create'] = array(
-      'title' => 'Create Template',
-      'description' => 'Create loader template for loading tab-delimited data',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_modify_template_base_form', 'create'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_NORMAL_ITEM,
+    'title' => 'Create Template',
+    'description' => 'Create loader template for loading tab-delimited data',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_modify_template_base_form', 'create'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
     'file' => 'tripal_bulk_loader.admin.inc',
   );
   $items['admin/tripal/tripal_bulk_loader_template/edit'] = array(
-      'title' => 'Edit Template',
-      'description' => 'Edit loader template for loading tab-delimited data',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_modify_template_base_form', 'edit'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_NORMAL_ITEM,
-      'file' => 'tripal_bulk_loader.admin.inc',
+    'title' => 'Edit Template',
+    'description' => 'Edit loader template for loading tab-delimited data',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_modify_template_base_form', 'edit'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
+    'file' => 'tripal_bulk_loader.admin.inc',
   );
   $items['admin/tripal/tripal_bulk_loader_template/edit_record'] = array(
-      'title' => 'Edit Template Record',
-      'description' => 'Edit a record in an existing tripal bulk loader template.',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_edit_template_record_form'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_CALLBACK,
+    'title' => 'Edit Template Record',
+    'description' => 'Edit a record in an existing tripal bulk loader template.',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_edit_template_record_form'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_CALLBACK,
     'file' => 'tripal_bulk_loader.admin.inc',
   );
   $items['admin/tripal/tripal_bulk_loader_template/add_field'] = array(
-      'title' => 'Add Template Field',
-      'description' => 'Add a template field to an existing tripal bulk loader template.',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_add_template_field_form'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_CALLBACK,
+    'title' => 'Add Template Field',
+    'description' => 'Add a template field to an existing tripal bulk loader template.',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_add_template_field_form'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_CALLBACK,
     'file' => 'tripal_bulk_loader.admin.inc',
   );
   $items['admin/tripal/tripal_bulk_loader_template/edit_field'] = array(
-      'title' => 'Edit Template Field',
-      'description' => 'Edit an existing field from a tripal bulk loader template.',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_edit_template_field_form'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_CALLBACK,
+    'title' => 'Edit Template Field',
+    'description' => 'Edit an existing field from a tripal bulk loader template.',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_edit_template_field_form'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_CALLBACK,
     'file' => 'tripal_bulk_loader.admin.inc',
   );
   // Delete Template -----
   $items['admin/tripal/tripal_bulk_loader_template/delete'] = array(
-      'title' => 'Delete Template',
-      'description' => 'Delete bulk loader template',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_delete_template_base_form'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_NORMAL_ITEM,
+    'title' => 'Delete Template',
+    'description' => 'Delete bulk loader template',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_delete_template_base_form'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
     'file' => 'tripal_bulk_loader.admin.inc',
   );
   // Import/Export ---------
   $items['admin/tripal/tripal_bulk_loader_template/import'] = array(
-      'title' => 'Import Template',
-      'description' => 'Import Loaders',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_import_export_template_form', 'import'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_NORMAL_ITEM,
-      'file' => 'tripal_bulk_loader.admin.inc',
+    'title' => 'Import Template',
+    'description' => 'Import Loaders',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_import_export_template_form', 'import'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
+    'file' => 'tripal_bulk_loader.admin.inc',
   );
   $items['admin/tripal/tripal_bulk_loader_template/export'] = array(
-      'title' => 'Export Template',
-      'description' => 'Export Loaders',
-      'page callback' => 'drupal_get_form',
-      'page arguments' => array('tripal_bulk_loader_import_export_template_form', 'export'),
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_NORMAL_ITEM,
-      'file' => 'tripal_bulk_loader.admin.inc',
+    'title' => 'Export Template',
+    'description' => 'Export Loaders',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_bulk_loader_import_export_template_form', 'export'),
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
+    'file' => 'tripal_bulk_loader.admin.inc',
   );
   // AHAH ---------
   $items['admin/tripal/tripal_bulk_loader_template/add_field_ahah'] = array(
-      'page callback' => 'tripal_bulk_loader_add_field_ahah',
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_CALLBACK,
-      'file' => 'tripal_bulk_loader.admin.inc',
+    'page callback' => 'tripal_bulk_loader_add_field_ahah',
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_CALLBACK,
+    'file' => 'tripal_bulk_loader.admin.inc',
   );
   $items['admin/tripal/tripal_bulk_loader_template/edit_field_ahah'] = array(
-      'page callback' => 'tripal_bulk_loader_edit_field_ahah',
-      'access arguments' => array('administer site configuration'),
-      'type' => MENU_CALLBACK,
-      'file' => 'tripal_bulk_loader.admin.inc',
+    'page callback' => 'tripal_bulk_loader_edit_field_ahah',
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_CALLBACK,
+    'file' => 'tripal_bulk_loader.admin.inc',
   );
 
   return $items;
@@ -191,8 +191,8 @@ function tripal_bulk_loader_theme() {
 function tripal_bulk_loader_access($op, $node, $account) {
   if ($op == 'create') {
     if (!user_access('create tripal_bulk_loader', $account)) {
-         return FALSE;
-      }
+      return FALSE;
+    }
   }
   if ($op == 'update') {
     if (!user_access('edit tripal_bulk_loader', $account)) {
@@ -426,7 +426,7 @@ function tripal_bulk_loader_insert($node) {
   drupal_write_record('node', $node, 'nid');
   drupal_write_record('node_revision', $node, 'nid');
 
-  drupal_set_message('After reviewing the details, please Submit this Job (by clicking the "Submit Job" button below). No data will be loaded until the submitted job is reached in the queue.');
+  drupal_set_message(t('After reviewing the details, please Submit this Job (by clicking the "Submit Job" button below). No data will be loaded until the submitted job is reached in the queue.'));
 
 }
 
@@ -504,3 +504,13 @@ function tripal_bulk_loader_job_describe_args($callback, $args) {
 
 }
 
+/**
+ * Implements hook_coder_ignore().
+ * Defines the path to the file (tripal_bulk_loader.coder_ignores.txt) where ignore rules for coder are stored
+ */
+function tripal_bulk_loader_coder_ignore() {
+  return array(
+    'path' => drupal_get_path('module', 'tripal_bulk_loader'),
+    'line prefix' => drupal_get_path('module', 'tripal_bulk_loader'),
+  );
+}

tripal_core/tripal_core.api.inc

@@ -218,18 +218,18 @@ function tripal_core_chado_insert($table, $values, $options) {
   $iplaceholders = array(); // contains $1/$2 placeholders for the prepare query
   $idatatypes = array(); //contains the data type of the fields (int, text, etc.)
   $i = 1;
-  foreach ($insert_values as $field => $value){
+  foreach ($insert_values as $field => $value) {
     $ifields[] = $field;
     $ivalues[] = $value;
-    $iplaceholders[] = '$'.$i;
+    $iplaceholders[] = '$' . $i;
     $i++;
-    if(strcmp($value,'__NULL__')==0){
+    if (strcmp($value, '__NULL__')==0) {
       $itypes[] = "NULL";
       $idatatypes[] = "NULL";
     }
-    elseif(strcasecmp($table_desc['fields'][$field]['type'],'serial')==0 or
-      strcasecmp($table_desc['fields'][$field]['type'],'int')==0 or
-      strcasecmp($table_desc['fields'][$field]['type'],'integer')==0){
+    elseif (strcasecmp($table_desc['fields'][$field]['type'], 'serial')==0 OR
+      strcasecmp($table_desc['fields'][$field]['type'], 'int')==0 OR
+      strcasecmp($table_desc['fields'][$field]['type'], 'integer')==0) {
       $itypes[] = "%d";
       $idatatypes[] = 'int';
     }
@@ -246,11 +246,12 @@ function tripal_core_chado_insert($table, $values, $options) {
       $status = chado_query($prepare_sql);
 
       if (!$status) {
-        watchdog('tripal_core',"tripal_core_chado_insert: not able to prepare '%name' statement for: %sql", array('%name' => $options['statement_name'], '%sql' => $sql), 'WATCHDOG ERROR');
+        watchdog('tripal_core', "tripal_core_chado_insert: not able to prepare '%name' statement for: %sql", array('%name' => $options['statement_name'], '%sql' => $sql), 'WATCHDOG ERROR');
         return FALSE;
-       }
-    } else {
-      $sql = "INSERT INTO {$table} (" . implode(", ",$ifields) . ") VALUES (". implode(", ",$itypes) .")";
+      }
+    }
+    else {
+      $sql = "INSERT INTO {$table} (" . implode(", ", $ifields) . ") VALUES (" . implode(", ", $itypes) . ")";
     }
   }
 
@@ -265,7 +266,7 @@ function tripal_core_chado_insert($table, $values, $options) {
       $primary_key = array();
       if (!is_array($table_desc['primary key'])) {
         $table_desc['primary key'] = array();
-        watchdog('tripal_core',"tripal_core_chado_insert: %table not defined in tripal schema api", array('%table' => $table), 'WATCHDOG WARNING');
+        watchdog('tripal_core', "tripal_core_chado_insert: %table not defined in tripal schema api", array('%table' => $table), 'WATCHDOG WARNING');
       }
       foreach ($table_desc['primary key'] as $field) {
         $value = db_last_insert_id($table, $field);
@@ -274,7 +275,7 @@ function tripal_core_chado_insert($table, $values, $options) {
       return $values;
     }
     else {
-      watchdog('tripal_core',"tripal_core_chado_insert: not able to execute prepared statement '%name' with values: %values", array('%name' => $options['statement_name'], '%values' => print_r($values,1)), 'WATCHDOG ERROR');
+      watchdog('tripal_core', "tripal_core_chado_insert: not able to execute prepared statement '%name' with values: %values", array('%name' => $options['statement_name'], '%values' => print_r($values, TRUE)), 'WATCHDOG ERROR');
       return FALSE;
     }
   }
@@ -988,6 +989,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
     }
 
     //if criteria then remove from query
+    // @coder-ignore: only module designers can populate $criteria -not security risk
     $success = drupal_eval('<?php return ' . $criteria . '; ?>');
 //    watchdog('tripal_core',
 //      'Evaluating criteria (%criteria) for field %field in tripal_core_generate_chado_var for %table evaluated to %success',
@@ -1023,6 +1025,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
           break;
         }
         //if criteria then remove from query
+        // @coder-ignore: only module designers can populate $criteria -not security risk
         $success = drupal_eval('<?php return ' . $criteria . '; ?>');
 //        watchdog('tripal_core',
 //          'Evaluating criteria (%criteria) for field %field of $type in tripal_core_generate_chado_var for %table evaluated to %success',
@@ -1053,6 +1056,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
       if (db_table_exists('chado_' . $table)) {
         // that has a foreign key to this one ($table_desc['primary key'][0]
         // and to the node table (nid)
+        // @coder-ignore: acting on chado schema rather then drupal schema therefore, table prefixing does not apply
         $sql = "SELECT %s, nid FROM chado_%s WHERE %s=%d";
         $mapping = db_fetch_object(db_query(
           $sql,
@@ -1074,6 +1078,7 @@ function tripal_core_generate_chado_var($table, $values, $base_options = array()
         }
         $criteria = preg_replace('/&gt;field_value&lt; /', $object->{$field_name}, $criteria);
         //if criteria then remove from query
+        // @coder-ignore: only module designers can populate $criteria -not security risk
         $success = drupal_eval('<?php return ' . $criteria . '; ?>');
 //      watchdog('tripal_core',
 //        'Evaluating criteria (%criteria) for field %field in tripal_core_generate_chado_var for   %table evaluated to %success',
@@ -1445,7 +1450,7 @@ function chado_query($sql) {
 
   // Execute the query on the chado database/schema
   // Use the persistent chado connection if it already exists
-  $persistent_connection = variable_get('tripal_perisistent_chado',NULL);
+  $persistent_connection = variable_get('tripal_perisistent_chado', NULL);
   if ($persistent_connection) {
     $previously_active_db = $active_db;
     $active_db = $persistent_connection;
@@ -1901,17 +1906,19 @@ function tripal_db_persistent_chado() {
   global $db_url;
 
   // get connection if it already exists
-  $connection = variable_get('tripal_perisistent_chado',NULL);
+  $connection = variable_get('tripal_perisistent_chado', NULL);
 
   if ($connection) {
     return $connection;
 
   // Otherwise we need to set it
-  } else {
+  }
+  else {
     if (is_array($db_url) && isset($db_url['chado'])) {
       $connection = db_connect($db_url['chado']);
       variable_set('tripal_perisistent_chado', $connection);
-    } else {
+    }
+    else {
       $connection = db_connect($db_url);
       variable_set('tripal_perisistent_chado', $connection);
     }
@@ -1942,9 +1949,9 @@ function tripal_db_start_transaction() {
 function tripal_db_set_savepoint_transaction($savepoint, $release = FALSE) {
   // Postgresql requires a savepoint of the same name to be unset before re-use
   if ($release) {
-    chado_query("RELEASE SAVEPOINT %s",$savepoint);
+    chado_query("RELEASE SAVEPOINT %s", $savepoint);
   }
-  chado_query("SAVEPOINT %s",$savepoint);
+  chado_query("SAVEPOINT %s", $savepoint);
 }
 
 /**
@@ -1966,7 +1973,7 @@ function tripal_db_commit_transaction() {
 function tripal_db_rollback_transaction($savepoint = NULL) {
 
   if ($savepoint) {
-    chado_query("ROLLBACK TO SAVEPOINT %s",$savepoint);
+    chado_query("ROLLBACK TO SAVEPOINT %s", $savepoint);
   }
   else {
     chado_query("ROLLBACK");
@@ -2143,6 +2150,7 @@ function tripal_get_chado_custom_schema($table) {
 function tripal_core_chado_schema_exists() {
 
   // This is postgresql-specific code to check the existence of the chado schema
+  // @coder-ignore: acting on pg_catalog schema rather then drupal schema therefore, table prefixing does not apply
   $sql = "SELECT nspname FROM pg_catalog.pg_namespace WHERE nspname = 'chado'";
   if (db_fetch_object(db_query($sql))) {
     return TRUE;

tripal_core/tripal_core.coder_ignores.txt

@@ -2,20 +2,17 @@
 ; file:line:warning-type
 ; where warning-type is one of security, style, sql, i18n, comment, etc.
 
-; This select statement is acting upon the pg_catalog schema rather then the Drupal
-; schema and thus the curly brackets ({}) are not needed.
-tripal_core.schema.api.inc:54:sql
-tripal_core.schema.api.inc:59:sql
-tripal_core.api.inc:1953:sql
-
 ; This query selects from a non-drupal schema where the database prefixes are not
 ; applied and thus the curcly brackets ({}) are not needed
-tripal_core.api.inc:971:sql
+tripal_core.schema.api.inc:55:sql
+tripal_core.schema.api.inc:61:sql
+tripal_core.api.inc:1060:sql
+tripal_core.api.inc:2153:sql
 
 ; Only module designers can create the criteria evaluated by drupal_eval since it
-; is designed in a hook. Since module designers can already write php code to act on 
-; the database and the criteria is never subject to user input, this is not a security 
+; is designed in a hook. Since module designers can already write php code to act on
+; the database and the criteria is never subject to user input, this is not a security
 ; risk.
-tripal_core.api.inc:906:security
-tripal_core.api.inc:941:security
-tripal_core.api.inc:992:security
+tripal_core.api.inc:993:security
+tripal_core.api.inc:1029:security
+tripal_core.api.inc:1082:security

tripal_core/tripal_core.schema.api.inc

@@ -51,11 +51,13 @@
 function tripal_core_get_chado_tables($include_custom = NULL) {
   if (is_array($db_url) AND array_key_exists('chado', $db_url)) {
     $previous_db = tripal_db_set_active('chado');
+    // @coder-ignore: acting on pg_catalog schema rather then drupal schema therefore, table prefixing does not apply
     $sql = 'SELECT tablename FROM pg_tables';
     $resource = db_query($sql);
     tripal_db_set_active($previous_db);
   }
   else {
+    // @coder-ignore: acting on pg_catalog schema rather then drupal schema therefore, table prefixing does not apply
     $sql = "SELECT tablename FROM pg_tables WHERE schemaname='chado'";
     $resource = db_query($sql);
   }

tripal_cv/tripal_cv.coder_ignores.txt

@@ -4,8 +4,4 @@
 
 ; This query selects from a non-drupal schema where the database prefixes are not
 ; applied and thus the curcly brackets ({}) are not needed
-tripal_cv.module:1059:sql
-
-; Need to use POST since this is part of a JS callback
-tripal_cv.module:407:security
-tripal_cv.module:813:security
+tripal_cv.module:1062:sql

tripal_cv/tripal_cv.module

@@ -404,7 +404,7 @@ function tripal_cv_select_form() {
 function tripal_ajax_cv_edit() {
 
   // get the database id, build the form and then return the JSON object
-  $cvid = $_POST['cvid'];
+  $cvid = filter_xss($_POST['cvid']);
   $form = drupal_get_form('tripal_cv_edit_form', $cvid);
   drupal_json(array('status' => TRUE, 'data' => $form));
 
@@ -810,7 +810,7 @@ function tripal_cv_add_cvterm_callback() {
 
   // Retrieve the form from the cache
   $form_state = array('storage' => NULL);
-  $form_build_id = $_POST['form_build_id'];
+  $form_build_id = filter_xss($_POST['form_build_id']);
   $form = form_get_cache($form_build_id, $form_state);
 
   // Preparing to process the form
@@ -1056,6 +1056,7 @@ function tripal_cv_update_cvtermpath($cvid = NULL, $job_id = NULL) {
   print "\nUpdating cvtermpath for $cv->name...\n";
 
   // now fill the cvtermpath table
+  // @coder-ignore: using a function rather then tablename therefore table prefixing doesn't apply
   $sql = "SELECT * FROM fill_cvtermpath('%s')";
   db_query($sql, $cv->name);
   tripal_db_set_active($previous_db);

tripal_cv/tripal_cv.views.inc

@@ -41,7 +41,7 @@ function tripal_cv_views_data() {
     );
     foreach ($tables as $tablename) {
       if (!tripal_views_is_integrated($tablename, 10)) {
-        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename,TRUE);
+        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename, TRUE);
         tripal_views_integration_add_entry($table_integration_array);
       }
     }
@@ -56,7 +56,7 @@ function tripal_cv_views_data() {
     );
     foreach ($tables as $tablename) {
       if (!tripal_views_is_integrated($tablename, 10)) {
-        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename,FALSE);
+        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename, FALSE);
         tripal_views_integration_add_entry($table_integration_array);
       }
     }

tripal_db/tripal_db.api.inc

@@ -298,86 +298,85 @@ function tripal_db_chado_dbxref_schema() {
   return $description;
 }
 /**
-* Adds a new database to the Chado DB table and returns the DB object.
-*
-* @param $dbname
-*   The name of the database. This name is usually used as the prefix for
-*   CV term accessions
-* @param $description
-*   Optional. A description of the database.  By default no description is required.
-* @param $url
-*   Optional. The URL for the database
-* @param $urlprefix
-*   Optional. The URL that is to be used as a prefix when constructing a link to
-*   a database term
-* @param $update
-*   Optional. Set this to '1' to force an update of the database if it
-*   already exists. The default is to not update. If the database exists
-*   then nothing is added.
-*
-* @return
-*   An object populated with fields from the newly added database.
-*
-* @ingroup tripal_db_api
-*/
+ * Adds a new database to the Chado DB table and returns the DB object.
+ *
+ * @param $dbname
+ *   The name of the database. This name is usually used as the prefix for
+ *   CV term accessions
+ * @param $description
+ *   Optional. A description of the database.  By default no description is required.
+ * @param $url
+ *   Optional. The URL for the database
+ * @param $urlprefix
+ *   Optional. The URL that is to be used as a prefix when constructing a link to
+ *   a database term
+ * @param $update
+ *   Optional. Set this to '1' to force an update of the database if it
+ *   already exists. The default is to not update. If the database exists
+ *   then nothing is added.
+ *
+ * @return
+ *   An object populated with fields from the newly added database.
+ *
+ * @ingroup tripal_db_api
+ */
 function tripal_db_add_db($dbname, $description='', $url='', $urlprefix='', $update=0) {
 
+  $values = array(
+    'name' => $dbname,
+    'description' => $description,
+    'url' => $url,
+    'urlprefix' => $urlprefix
+  );
 
-   $values = array(
-      'name' => $dbname,
-      'description' => $description,
-      'url' => $url,
-      'urlprefix' => $urlprefix
-   );
-
-   $db_sql = "SELECT * FROM {db} WHERE name ='%s'";
-   $db = db_fetch_object(db_query($db_sql, $dbname));
-   if (!$db) {
-      if (!tripal_core_chado_insert('db', $values)) {
-         watchdog('tripal_db', "Cannot create db '$dbname'.", NULL, WATCHDOG_WARNING);
-         return 0;
-      }
-      $db = tripal_core_chado_select('db', array('*'), $values);
-   }
-   elseif ($update) {
-      $match = array('db_id' => $db->db_id);
-      if (!tripal_core_chado_update('db', $match, $values)) {
-         watchdog('tripal_db', "Cannot update db '$dbname'.", NULL, WATCHDOG_WARNING);
-         return 0;
-      }
-      $db = tripal_core_chado_select('db', array('*'), $values);
-   }
-   else {
-      return $db;
-   }
+  $db_sql = "SELECT * FROM {db} WHERE name ='%s'";
+  $db = db_fetch_object(db_query($db_sql, $dbname));
+  if (!$db) {
+    if (!tripal_core_chado_insert('db', $values)) {
+      watchdog('tripal_db', "Cannot create db '$dbname'.", NULL, WATCHDOG_WARNING);
+      return 0;
+    }
+    $db = tripal_core_chado_select('db', array('*'), $values);
+  }
+  elseif ($update) {
+    $match = array('db_id' => $db->db_id);
+    if (!tripal_core_chado_update('db', $match, $values)) {
+      watchdog('tripal_db', "Cannot update db '$dbname'.", NULL, WATCHDOG_WARNING);
+      return 0;
+    }
+    $db = tripal_core_chado_select('db', array('*'), $values);
+  }
+  else {
+    return $db;
+  }
 }
 /**
-*
-* @ingroup tripal_db_api
-*/
+ *
+ * @ingroup tripal_db_api
+ */
 function tripal_db_add_dbxref($db_id, $accession, $version='', $description='') {
 
-   // check to see if the dbxref exists if not, add it
-   $dbxsql = "
-      SELECT DBX.dbxref_id, DBX.db_id, DBX.description, DBX.version, DBX.accession,
-         DB.name as db_name
-      FROM {dbxref} DBX
-         INNER JOIN db DB on DB.db_id = DBX.db_id
-      WHERE DBX.db_id = %d and DBX.accession = '%s'
-   ";
-   $dbxref = db_fetch_object(db_query($dbxsql, $db_id, $accession));
-   if (!$dbxref) {
-      $sql = "
-         INSERT INTO {dbxref} (db_id, accession, version, description)
-         VALUES (%d,'%s','%s','%s')
-      ";
-      if (!db_query($sql, $db_id, $accession, $version, $description)) {
-         watchdog('tripal_cv', "Failed to insert the dbxref record $accession", NULL, WATCHDOG_WARNING);
-         return 0;
-      }
-      print "Added Dbxref accession: $accession\n";
-      $dbxref = db_fetch_object(db_query($dbxsql, $db_id, $accession));
-   }
-   return $dbxref;
+  // check to see if the dbxref exists if not, add it
+  $dbxsql = "
+    SELECT DBX.dbxref_id, DBX.db_id, DBX.description, DBX.version, DBX.accession,
+       DB.name as db_name
+    FROM {dbxref} DBX
+       INNER JOIN db DB on DB.db_id = DBX.db_id
+    WHERE DBX.db_id = %d and DBX.accession = '%s'
+  ";
+  $dbxref = db_fetch_object(db_query($dbxsql, $db_id, $accession));
+  if (!$dbxref) {
+    $sql = "
+       INSERT INTO {dbxref} (db_id, accession, version, description)
+       VALUES (%d,'%s','%s','%s')
+    ";
+    if (!db_query($sql, $db_id, $accession, $version, $description)) {
+      watchdog('tripal_cv', "Failed to insert the dbxref record $accession", NULL, WATCHDOG_WARNING);
+      return 0;
+    }
+    print "Added Dbxref accession: $accession\n";
+    $dbxref = db_fetch_object(db_query($dbxsql, $db_id, $accession));
+  }
+  return $dbxref;
 
 }

tripal_db/tripal_db.install

@@ -6,22 +6,22 @@
  */
 
 /**
-*  Implementation of hook_install();
-*
-* @ingroup tripal_db
-*/
+ * Implementation of hook_install().
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_install() {
 
-   // create the module's data directory
-   tripal_create_moddir('tripal_db');
+  // create the module's data directory
+  tripal_create_moddir('tripal_db');
 
 }
 
 /**
-* Implementation of hook_uninstall()
-*
-* @ingroup tripal_db
-*/
+ * Implementation of hook_uninstall().
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_uninstall() {
 
 }
@@ -33,15 +33,15 @@ function tripal_db_uninstall() {
  * @ingroup tripal_db
  */
 function tripal_db_requirements($phase) {
-   $requirements = array();
-   if ($phase == 'install') {
-      if (!function_exists('tripal_create_moddir')) {
-         $requirements ['tripal_db'] = array(
-            'title' => "tripal_db",
-            'value' => "Required modules must be installed first before Tripal DB module can be installed. Please try again.",
-            'severity' => REQUIREMENT_ERROR,
-         );
-      }
-   }
-   return $requirements;
+  $requirements = array();
+  if ($phase == 'install') {
+    if (!function_exists('tripal_create_moddir')) {
+      $requirements ['tripal_db'] = array(
+        'title' => "tripal_db",
+        'value' => "Required modules must be installed first before Tripal DB module can be installed. Please try again.",
+        'severity' => REQUIREMENT_ERROR,
+      );
+    }
+  }
+  return $requirements;
 }

tripal_db/tripal_db.module

@@ -8,69 +8,69 @@ require_once "tripal_db.api.inc";
  */
 
 /**
-*
-* @ingroup tripal_db
-*/
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_init() {
 
-   // add the tripal_db JS and CSS
-   drupal_add_css(drupal_get_path('theme', 'tripal') . '/css/tripal_db.css');
-   drupal_add_js(drupal_get_path('theme', 'tripal') . '/js/tripal_db.js');
+  // add the tripal_db JS and CSS
+  drupal_add_css(drupal_get_path('theme', 'tripal') . '/css/tripal_db.css');
+  drupal_add_js(drupal_get_path('theme', 'tripal') . '/js/tripal_db.js');
 }
 /**
-*
-* @ingroup tripal_db
-*/
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_menu() {
-   $items = array();
-
-   $items['admin/tripal/tripal_db'] = array(
-     'title' => 'Databases',
-     'description' => 'Basic Description of Tripal DB Module Functionality',
-     'page callback' => 'tripal_db_module_description_page',
-     'access arguments' => array('administer site configuration'),
-     'type' => MENU_NORMAL_ITEM,
-   );
-
-   $items['admin/tripal/tripal_db/edit_db'] = array(
-     'title' => 'Update/Delete Database References',
-     'description' => 'Manage Databases ',
-     'page callback' => 'tripal_db_admin_page',
-     'access arguments' => array('administer site configuration'),
-     'type' => MENU_NORMAL_ITEM,
-   );
-
-   $items['admin/tripal/tripal_db/add_db'] = array(
-     'title' => 'Add a Database',
-     'page callback' => 'drupal_get_form',
-     'page arguments' => array('tripal_db_form'),
-     'access arguments' => array('access administration pages'),
-     'type' => MENU_NORMAL_ITEM,
-   );
-   $items['admin/tripal/tripal_db/edit/js'] = array(
-     'title' => 'Edit Databases',
-     'page callback' => 'tripal_ajax_db_edit',
-     'access arguments' => array('access administration pages'),
-     'type' => MENU_CALLBACK,
-   );
-
-   return $items;
+  $items = array();
+
+  $items['admin/tripal/tripal_db'] = array(
+    'title' => 'Databases',
+    'description' => 'Basic Description of Tripal DB Module Functionality',
+    'page callback' => 'tripal_db_module_description_page',
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
+  );
+
+  $items['admin/tripal/tripal_db/edit_db'] = array(
+    'title' => 'Update/Delete Database References',
+    'description' => 'Manage Databases ',
+    'page callback' => 'tripal_db_admin_page',
+    'access arguments' => array('administer site configuration'),
+    'type' => MENU_NORMAL_ITEM,
+  );
+
+  $items['admin/tripal/tripal_db/add_db'] = array(
+    'title' => 'Add a Database',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('tripal_db_form'),
+    'access arguments' => array('access administration pages'),
+    'type' => MENU_NORMAL_ITEM,
+  );
+  $items['admin/tripal/tripal_db/edit/js'] = array(
+    'title' => 'Edit Databases',
+    'page callback' => 'tripal_ajax_db_edit',
+    'access arguments' => array('access administration pages'),
+    'type' => MENU_CALLBACK,
+  );
+
+  return $items;
 }
 
 /**
-*  Set the permission types that the chado module uses.  Essentially we
-*  want permissionis that protect creation, editing and deleting of chado
-*  data objects
-*
-* @ingroup tripal_db
-*/
+ *  Set the permission types that the chado module uses.  Essentially we
+ *  want permissionis that protect creation, editing and deleting of chado
+ *  data objects
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_perm() {
-   return array(
-      'access chado_db content',
-      'create chado_db content',
-      'delete chado_db content',
-      'edit chado_db content',
-   );
+  return array(
+    'access chado_db content',
+    'create chado_db content',
+    'delete chado_db content',
+    'edit chado_db content',
+  );
 }
 
 /**
@@ -137,22 +137,22 @@ function tripal_db_module_description_page() {
 }
 
 /**
-*
-*
-* @ingroup tripal_db
-*/
+ *
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_admin_page() {
-   $add_url = url("admin/tripal/tripal_db/add_db");
-   $output = "<a href=\"$add_url\">Add a new external database</a>";
-   $output .= drupal_get_form('tripal_db_select_form');
-   $output .= '<div id="db-edit-div">Please select a database above to view or edit</div>';
-   return $output;
+  $add_url = url("admin/tripal/tripal_db/add_db");
+  $output = "<a href=\"$add_url\">Add a new external database</a>";
+  $output .= drupal_get_form('tripal_db_select_form');
+  $output .= '<div id="db-edit-div">Please select a database above to view or edit</div>';
+  return $output;
 }
 /**
-*
-*
-* @ingroup tripal_db
-*/
+ *
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_select_form() {
 
   $previous_db = tripal_db_set_active('chado');  // use chado database
@@ -162,206 +162,205 @@ function tripal_db_select_form() {
   tripal_db_set_active($previous_db); // use drupal database
 
   $dbs = array();
-   $dbs[] = '';
+  $dbs[] = '';
   while ($db = db_fetch_object($results)) {
     $dbs[$db->db_id] = $db->name;
   }
 
   $form['dbid'] = array(
-      '#title' => t('External Database Name'),
-      '#type' => 'select',
-      '#options' => $dbs,
-      '#ahah' => array(
-         'path' => 'admin/tripal/tripal_db/edit/js',
-         'wrapper' => 'db-edit-div',
-         'effect' => 'fade',
-         'event' => 'change',
-         'method' => 'replace',
-      ),
+    '#title' => t('External Database Name'),
+    '#type' => 'select',
+    '#options' => $dbs,
+    '#ahah' => array(
+      'path' => 'admin/tripal/tripal_db/edit/js',
+      'wrapper' => 'db-edit-div',
+      'effect' => 'fade',
+      'event' => 'change',
+      'method' => 'replace',
+    ),
   );
 
-   return $form;
+  return $form;
 }
 /**
-*
-* @ingroup tripal_db
-*/
+ *
+ * @ingroup tripal_db
+ */
 function tripal_ajax_db_edit() {
-   // get the database id, build the form and then return the JSON object
-   $dbid = $_POST['dbid'];
-   $form = drupal_get_form('tripal_db_form', $dbid);
-   drupal_json(array('status' => TRUE, 'data' => $form));
+  // get the database id, build the form and then return the JSON object
+  $dbid = filter_xss($_POST['dbid']);
+  $form = drupal_get_form('tripal_db_form', $dbid);
+  drupal_json(array('status' => TRUE, 'data' => $form));
 }
 /**
-*
-* @ingroup tripal_db
-*/
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_form(&$form_state = NULL, $dbid = NULL) {
 
-   // get this requested database
-   if ($dbid) {
-      $sql = "SELECT * FROM {db} WHERE db_id = %d ";
-      $previous_db = tripal_db_set_active('chado');
-      $db = db_fetch_object(db_query($sql, $dbid));
-      tripal_db_set_active($previous_db);
+  // get this requested database
+  if ($dbid) {
+    $sql = "SELECT * FROM {db} WHERE db_id = %d ";
+    $previous_db = tripal_db_set_active('chado');
+    $db = db_fetch_object(db_query($sql, $dbid));
+    tripal_db_set_active($previous_db);
+
+
+    // set the default values.  If there is a value set in the
+    // form_state then let's use that, otherwise, we'll pull
+    // the values from the database
+    $default_db = $form_state['values']['name'];
+    $default_desc = $form_state['values']['description'];
+    $default_url = $form_state['values']['url'];
+    $default_urlprefix = $form_state['values']['urlprefix'];
+    if (!$default_db) {
+      $default_db = $db->name;
+    }
+    if (!$default_desc) {
+      $default_desc = $db->description;
+    }
+    if (!$default_url) {
+      $default_url = $db->url;
+    }
+    if (!$default_urlprefix) {
+      $default_urlprefix = $db->urlprefix;
+    }
+    $action = 'Update';
+  }
+  else {
+    $action = 'Add';
+  }
 
+  $form['dbid'] = array(
+    '#type' => 'hidden',
+    '#value' => $dbid
+  );
 
-      // set the default values.  If there is a value set in the
-      // form_state then let's use that, otherwise, we'll pull
-      // the values from the database
-      $default_db = $form_state['values']['name'];
-      $default_desc = $form_state['values']['description'];
-      $default_url = $form_state['values']['url'];
-      $default_urlprefix = $form_state['values']['urlprefix'];
-      if (!$default_db) {
-         $default_db = $db->name;
-      }
-      if (!$default_desc) {
-         $default_desc = $db->description;
-      }
-      if (!$default_url) {
-         $default_url = $db->url;
-      }
-      if (!$default_urlprefix) {
-         $default_urlprefix = $db->urlprefix;
-      }
-      $action = 'Update';
-   }
-   else {
-      $action = 'Add';
-   }
-
-   $form['dbid'] = array(
-      '#type' => 'hidden',
-      '#value' => $dbid
-   );
-
-   $form['name']= array(
-      '#type'          => 'textfield',
-      '#title'         => t("Database Name"),
-      '#description'   => t('Please enter the name for this external database.'),
-      '#required'      => TRUE,
-      '#default_value' => $default_db,
-      '#weight'        => 1
-   );
-
-   $form['description']= array(
-      '#type'          => 'textarea',
-      '#title'         => t('Description'),
-      '#description'   => t('Please enter a description for this database'),
-      '#default_value' => $default_desc,
-      '#weight'        => 2
-   );
-   $form['url']= array(
-      '#type'          => 'textfield',
-      '#title'         => t('URL'),
-      '#description'   => t('Please enter the web address for this database.'),
-      '#default_value' => $default_url,
-      '#weight'        => 3
-   );
-   $form['urlprefix']= array(
-      '#type'          => 'textfield',
-      '#title'         => t('URL prefix'),
-      '#description'   => t('Tripal can provide links to external databases when accession numbers or unique identifiers are known.  Typically, a database will provide a unique web address for each accession and the accession usually is the last component of the page address.  Please enter the web address, minus the accession number for this database.  When an accession number is present, Tripal will combine this web address with the accession and provide a link to the external site.'),
-      '#default_value' => $default_urlprefix,
-      '#weight'        => 4
-   );
-
-
-   if (strcmp($action, 'Update')==0) {
-      $form['update'] = array(
-        '#type'         => 'submit',
-        '#value'        => t('Update'),
-        '#weight'       => 5,
-        '#executes_submit_callback' => TRUE,
-      );
-      $form['delete'] = array(
-        '#type'         => 'submit',
-        '#value'        => t('Delete'),
-        '#weight'       => 6,
-        '#executes_submit_callback' => TRUE,
-      );
-   }
-   else {
-      $form['add'] = array(
-        '#type'         => 'submit',
-        '#value'        => t('Add'),
-        '#weight'       => 5,
-        '#executes_submit_callback' => TRUE,
-      );
-   }
-   $form['#redirect'] = 'admin/tripal/tripal_db';
-
-
-   return $form;
+  $form['name']= array(
+    '#type'          => 'textfield',
+    '#title'         => t("Database Name"),
+    '#description'   => t('Please enter the name for this external database.'),
+    '#required'      => TRUE,
+    '#default_value' => $default_db,
+    '#weight'        => 1
+  );
+
+  $form['description']= array(
+    '#type'          => 'textarea',
+    '#title'         => t('Description'),
+    '#description'   => t('Please enter a description for this database'),
+    '#default_value' => $default_desc,
+    '#weight'        => 2
+  );
+  $form['url']= array(
+    '#type'          => 'textfield',
+    '#title'         => t('URL'),
+    '#description'   => t('Please enter the web address for this database.'),
+    '#default_value' => $default_url,
+    '#weight'        => 3
+  );
+  $form['urlprefix']= array(
+    '#type'          => 'textfield',
+    '#title'         => t('URL prefix'),
+    '#description'   => t('Tripal can provide links to external databases when accession numbers or unique identifiers are known.  Typically, a database will provide a unique web address for each accession and the accession usually is the last component of the page address.  Please enter the web address, minus the accession number for this database.  When an accession number is present, Tripal will combine this web address with the accession and provide a link to the external site.'),
+    '#default_value' => $default_urlprefix,
+    '#weight'        => 4
+  );
+
+
+  if (strcmp($action, 'Update')==0) {
+    $form['update'] = array(
+      '#type'         => 'submit',
+      '#value'        => t('Update'),
+      '#weight'       => 5,
+      '#executes_submit_callback' => TRUE,
+    );
+    $form['delete'] = array(
+      '#type'         => 'submit',
+      '#value'        => t('Delete'),
+      '#weight'       => 6,
+      '#executes_submit_callback' => TRUE,
+    );
+  }
+  else {
+    $form['add'] = array(
+      '#type'         => 'submit',
+      '#value'        => t('Add'),
+      '#weight'       => 5,
+      '#executes_submit_callback' => TRUE,
+    );
+  }
+  $form['#redirect'] = 'admin/tripal/tripal_db';
+
+
+  return $form;
 }
 /**
-*
-* @ingroup tripal_db
-*/
+ *
+ * @ingroup tripal_db
+ */
 function tripal_db_form_submit($form, &$form_state) {
 
-   $name =  $form_state['values']['name'];
-   $desc =  $form_state['values']['description'];
-   $url  =  $form_state['values']['url'];
-   $urlp =  $form_state['values']['urlprefix'];
-   $dbid =  $form_state['values']['dbid'];
-   $op   =  $form_state['values']['op'];
-
-   if ($dbid) {
-      if (strcmp($op, 'Update')==0) {
-         $sql = "
-            UPDATE {db} SET
-              name = '%s',
-              description = '%s',
-              url = '%s',
-              urlprefix = '%s'
-            WHERE db_id = %d
-         ";
-         $previous_db = tripal_db_set_active('chado');
-         $db = db_query($sql, $name, $desc, $url, $urlp, $dbid);
-         tripal_db_set_active($previous_db);
-         if ($db) {
-           drupal_set_message("External database updated");
-         }
-         else {
-           drupal_set_message("Failed to update external database.");
-         }
+  $name =  $form_state['values']['name'];
+  $desc =  $form_state['values']['description'];
+  $url  =  $form_state['values']['url'];
+  $urlp =  $form_state['values']['urlprefix'];
+  $dbid =  $form_state['values']['dbid'];
+  $op   =  $form_state['values']['op'];
+
+  if ($dbid) {
+    if (strcmp($op, 'Update')==0) {
+      $sql = "
+        UPDATE {db} SET
+          name = '%s',
+          description = '%s',
+          url = '%s',
+          urlprefix = '%s'
+        WHERE db_id = %d
+      ";
+      $previous_db = tripal_db_set_active('chado');
+      $db = db_query($sql, $name, $desc, $url, $urlp, $dbid);
+      tripal_db_set_active($previous_db);
+      if ($db) {
+        drupal_set_message(t("External database updated"));
       }
-      if (strcmp($op, 'Delete')==0) {
-         $sql = "
-            DELETE FROM {db}
-            WHERE db_id = %d
-         ";
-         $previous_db = tripal_db_set_active('chado');
-         $db = db_query($sql, $dbid);
-         tripal_db_set_active($previous_db);
-         if ($db) {
-           drupal_set_message("External database deleted");
-         }
-         else {
-           drupal_set_message("Failed to delete external database.");
-         }
+      else {
+        drupal_set_message(t("Failed to update external database."));
       }
-   }
-   else {
+    }
+    if (strcmp($op, 'Delete')==0) {
       $sql = "
-         INSERT INTO {db}
-          (name,description,url,urlprefix)
-         VALUES
-          ('%s','%s','%s','%s')
-      ";
+        DELETE FROM {db}
+        WHERE db_id = %d
+        ";
       $previous_db = tripal_db_set_active('chado');
-      $db = db_query($sql, $name, $desc, $url, $urlp);
+      $db = db_query($sql, $dbid);
       tripal_db_set_active($previous_db);
       if ($db) {
-        drupal_set_message("External database added");
+        drupal_set_message(t("External database deleted"));
       }
       else {
-        drupal_set_message("Failed to add external database.");
+        drupal_set_message(t("Failed to delete external database."));
       }
-   }
+    }
+  }
+  else {
+    $sql = "
+          INSERT INTO {db}
+          (name,description,url,urlprefix)
+          VALUES
+          ('%s','%s','%s','%s')
+          ";
+    $previous_db = tripal_db_set_active('chado');
+    $db = db_query($sql, $name, $desc, $url, $urlp);
+    tripal_db_set_active($previous_db);
+    if ($db) {
+      drupal_set_message(t("External database added"));
+    }
+    else {
+      drupal_set_message(t("Failed to add external database."));
+    }
+  }
 
-   return '';
+  return '';
 }
-

tripal_db/tripal_db.views.inc

@@ -38,7 +38,7 @@ function tripal_db_views_data()  {
     );
     foreach ($tables as $tablename) {
       if (!tripal_views_is_integrated($tablename, 10)) {
-        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename,TRUE);
+        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename, TRUE);
         tripal_views_integration_add_entry($table_integration_array);
       }
     }
@@ -49,7 +49,7 @@ function tripal_db_views_data()  {
     );
     foreach ($tables as $tablename) {
       if (!tripal_views_is_integrated($tablename, 10)) {
-        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename,FALSE);
+        $table_integration_array = tripal_views_get_integration_array_for_chado_table($tablename, FALSE);
         tripal_views_integration_add_entry($table_integration_array);
       }
     }

tripal_feature/fasta_loader.php

@@ -651,9 +651,11 @@ function tripal_feature_fasta_loader_handle_feature($name, $uname, $db_id, $acce
 
   // add in the analysis link
   if ($analysis_id) {
+    // @coder-ignore: non-drupal table thus table prefixing doesn't apply
     $analysis_link_sql = 'SELECT * FROM analysisfeature WHERE analysis_id=%d AND feature_id=%d';
     $analysis_link = db_fetch_object(db_query($analysis_link_sql, $analysis_id, $feature->feature_id));
     if (!$analysis_link) {
+      // @coder-ignore: non-drupal table thus table prefixing doesn't apply
       $sql = "INSERT INTO analysisfeature (analysis_id, feature_id) VALUES (%d, %d)";
       $result = db_query($sql, $analysis_id, $feature->feature_id);
       if (!$result) {
@@ -666,9 +668,11 @@ function tripal_feature_fasta_loader_handle_feature($name, $uname, $db_id, $acce
    // now add the database cross reference
   if ($db_id) {
     // check to see if this accession reference exists, if not add it
+    // @coder-ignore: non-drupal table thus table prefixing doesn't apply
     $dbxrefsql = "SELECT * FROM dbxref WHERE db_id = %d and accession = '%s'";
     $dbxref = db_fetch_object(db_query($dbxrefsql, $db_id, $accession));
     if (!$dbxref) {
+      // @coder-ignore: non-drupal table thus table prefixing doesn't apply
       $sql = "INSERT INTO dbxref (db_id,accession) VALUES (%d, '%s')";
       $result = db_query($sql, $db_id, $accession);
       if (!$result) {

tripal_feature/gff_loader.php

@@ -158,6 +158,8 @@ function tripal_feature_gff3_load_form_validate($form, &$form_state) {
     form_set_error('gff_file', t("Cannot find the file on the system. Check that the file exists or that the web server has permissions to read the file."));
   }
 
+  // @coder-ignore: there are no functions being called here
+  // @todo: break each line of this conditional into separate variables to make more readable
   if (($add_only AND ($update OR $refresh OR $remove)) OR
     ($update AND ($add_only OR $refresh OR $remove)) OR
     ($refresh AND ($update OR $add_only OR $remove)) OR
@@ -237,6 +239,7 @@ function tripal_feature_load_gff3($gff_file, $organism_id, $analysis_id, $add_on
 
   // get the controlled vocaubulary that we'll be using.  The
   // default is the 'sequence' ontology
+  // @coder-ignore: non-drupal schema thus table prefixing does not apply
   $sql = "SELECT * FROM cv WHERE name = '%s'";
   $cv = db_fetch_object(db_query($sql, 'sequence'));
   if (!$cv) {
@@ -245,6 +248,7 @@ function tripal_feature_load_gff3($gff_file, $organism_id, $analysis_id, $add_on
   }
 
   // get the organism for which this GFF3 file belongs
+  // @coder-ignore: non-drupal schema thus table prefixing does not apply
   $sql = "SELECT * FROM organism WHERE organism_id = %d";
   $organism = db_fetch_object(db_query($sql, $organism_id));
 
@@ -908,6 +912,7 @@ function tripal_feature_load_gff3_alias($feature, $aliases) {
 
     // check to see if we have a NULL publication in the pub table.  If not,
     // then add one.
+    // @coder-ignore: non-drupal schema thus table prefixing does not apply
     $pubsql = "SELECT * FROM {pub} WHERE uniquename = 'null'";
     $pub = db_fetch_object(db_query($pubsql));
     if (!$pub) {

tripal_feature/syncFeatures.php

@@ -344,6 +344,7 @@ function tripal_feature_sync_feature($feature_id) {
   // if we have a chado feature, we want to check to see if we have a node
   $cfsql = "SELECT * FROM {chado_feature} ".
           "WHERE feature_id = %d";
+  // @coder-ignore: don't need to use db_rewrite_sql() since need all nodes regardless of access control
   $nsql =  "SELECT * FROM {node} ".
           "WHERE nid = %d";
   $chado_feature = db_fetch_object(db_query($cfsql, $feature->feature_id));

tripal_feature/tripal_feature.admin.inc

@@ -837,7 +837,7 @@ function tripal_feature_aggregator_form_submit($form, &$form_state) {
  */
 function tripal_feature_aggregator_ajax_edit() {
   // get the database id, build the form and then return the JSON object
-  $type_id = $_POST['type_id'];
+  $type_id = filter_xss($_POST['type_id']);
   $form = drupal_get_form('tripal_feature_aggregator_form', $type_id);
   drupal_json(array('status' => TRUE, 'data' => $form));
 }

tripal_feature/tripal_feature.coder_ignores.txt

@@ -0,0 +1,21 @@
+; The file should be formatted this way :
+; file:line:warning-type
+; where warning-type is one of security, style, sql, i18n, comment, etc.
+
+; This query selects from a non-drupal schema where the database prefixes are not
+; applied and thus the curcly brackets ({}) are not needed
+fasta_loader.php:655:sql
+fasta_loader.php:659:sql
+fasta_loader.php:672:sql
+fasta_loader.php:676:sql
+gff_loader.php:243:sql
+gff_loader.php:252:sql
+gff_loader.php:919:sql
+
+; This is a multi-line conditional that needs to be re-written to be more readable
+gff_loader.php:164:style
+gff_loader.php:165:style
+gff_loader.php:166:style
+
+; Don't need to use db_rewrite_sql() since need all nodes regardless of access control
+syncFeatures.php:425:sql

tripal_feature/tripal_feature.module

@@ -2441,3 +2441,13 @@ function tripal_feature_job_describe_args($callback, $args) {
   return $new_args;
 }
 
+/**
+ * Implements hook_coder_ignore().
+ * Defines the path to the file (tripal_core.coder_ignores.txt) where ignore rules for coder are stored
+ */
+function tripal_feature_coder_ignore() {
+  return array(
+    'path' => drupal_get_path('module', 'tripal_feature'),
+    'line prefix' => drupal_get_path('module', 'tripal_feature'),
+  );
+}

tripal_pub/tripal_pub.module

@@ -1052,7 +1052,7 @@ function tripal_pub_ajax_form_handler($delta=0 ) {
 
     $form_state = array('storage' => NULL, 'submitted' => FALSE);
 
-    $form_build_id = $_POST['form_build_id'];
+    $form_build_id = filter_xss($_POST['form_build_id']);
 
     // Get the form from the cache.
     $form = form_get_cache($form_build_id, $form_state);

tripal_search/tripal_search.coder_ignores.txt

@@ -0,0 +1,8 @@
+; The file should be formatted this way :
+; file:line:warning-type
+; where warning-type is one of security, style, sql, i18n, comment, etc.
+
+; Can't use db placeholders in this case since the variable contains the SQL describing
+; a join and this would be sanitized if that was added through a placeholder
+tripal_search.module:126:sql
+tripal_search.module:136:sql

tripal_search/tripal_search.module

@@ -122,6 +122,7 @@ function tripal_do_search($keywords, $type, $join1 = '', $where1 = '1 = 1', $arg
   }
 
   // Calculate maximum keyword relevance, to normalize it.
+  // @coder-ignore: can't use placeholders since variable defines a join
   $select = "SELECT SUM(i.score * t.count) AS score FROM {search_index} i " . $join . " WHERE $conditions GROUP BY i.type, i.sid HAVING COUNT(*) >= %d ORDER BY score DESC";
   $arguments = array_merge($arguments1, array($query[4]));
   $normalize = db_result(db_query_range($select, $arguments, 0, 1));
@@ -131,6 +132,7 @@ function tripal_do_search($keywords, $type, $join1 = '', $where1 = '1 = 1', $arg
   $columns2 = str_replace('i.relevance', '('. (1.0 / $normalize) .' * SUM(i.score * t.count))', $columns2);
 
   // Build query to retrieve results.
+  // @coder-ignore: can't use placeholders since variable defines a join
   $select = "SELECT i.type, i.sid, $columns2 FROM {search_index} i " . $join . " " . $join2 . " WHERE $conditions GROUP BY i.type, i.sid HAVING COUNT(*) >= %d";
   $count_select =  "SELECT COUNT(*) FROM ($select) n1";
   $arguments = array_merge($arguments2, $arguments1, array($query[4]));
@@ -144,3 +146,14 @@ function tripal_do_search($keywords, $type, $join1 = '', $where1 = '1 = 1', $arg
   }
   return $results;
 }
+
+/**
+ * Implements hook_coder_ignore().
+ * Defines the path to the file (tripal_search.coder_ignores.txt) where ignore rules for coder are stored
+ */
+function tripal_search_coder_ignore() {
+  return array(
+    'path' => drupal_get_path('module', 'tripal_search'),
+    'line prefix' => drupal_get_path('module', 'tripal_search'),
+  );
+}

tripal_stock/tripal_stock.views.inc

@@ -163,7 +163,7 @@ function tripal_stock_views_pre_render  (&$view) {
   if (preg_match('/stock/', $view->base_table)) {
 
     //-----Node IDs---------------------------------------------
-    // @see file: tripal_core.views.inc function: tripal_core_add_node_ids_to_view (&$view);
+    // @see tripal_core.views.inc, tripal_core_add_node_ids_to_view()
 
     // retrieve the stock_id for each record in the views current page
     $stock_ids = array();

tripal_views/tripal_views.coder_ignores.txt

@@ -2,25 +2,18 @@
 ; file:line:warning-type
 ; where warning-type is one of security, style, sql, i18n, comment, etc.
 
-; All <?php should be closed with a ?> in theme template files
-tripal_views_integration_fields_form.tpl.php:48:style
-tripal_views_data_export_download_form.tpl.php:8:style
-
-; All variables are set through the code and thus don't need to be filtered
-tripal_views_integration.inc:809:security
+; All variables are filtered
+tripal_views_integration.inc:814:security
 
 ; SQL queries the chado database which does not use the drupal prefixing functionality
 ; therefore, curly brackets ({}) are not appropriate.
-views/handlers/views_handler_filter_chado_select_cvterm_name.inc:53:sql
-views/handlers/views_handler_filter_chado_select_cvterm_name.inc:61:sql
-views/handlers/views_handler_field_dbxref_accession_link.inc:31:sql
-views/handlers/views_handler_filter_stockprop_id.inc:78:sql
-views/handlers/views_handler_filter_stockprop_id.inc:104:sql
-views/handlers/views_handler_filter_stock_relationship_id.inc:23:sql
-views/handlers/views_handler_filter_stock_relationship_id.inc:72:sql
-views/handlers/views_handler_filter_stock_relationship_id.inc:79:sql
-views/handlers/views_handler_filter_stock_relationship_id.inc:160:sql
-views/handlers/views_handler_argument_stockprop_id.inc:21:sql
+views/handlers/views_handler_filter_chado_select_cvterm_name.inc:62:sql
+views/handlers/views_handler_field_dbxref_accession_link.inc:32:sql
+views/handlers/views_handler_filter_stockprop_id.inc:105:sql
+views/handlers/views_handler_filter_stock_relationship_id.inc:24:sql
+views/handlers/views_handler_filter_stock_relationship_id.inc:74:sql
+views/handlers/views_handler_filter_stock_relationship_id.inc:82:sql
+views/handlers/views_handler_argument_stockprop_id.inc:22:sql
 
 ; SQL queries the pg_tables table to check if a table exists in chado; drupal
 ; prefixing is not appropriate

tripal_views/tripal_views_integration.inc

@@ -368,9 +368,9 @@ function tripal_views_integration_form(&$form_state, $setup_id = NULL) {
   // we need a div block where the table fields will get put when the
   // AHAH callback is made
   $form['view_setup_table'] = array(
-     '#type' => 'item',
-       '#prefix' => '<div id="table-rows-div">',
-       '#suffix' => '</div>',
+    '#type' => 'item',
+    '#prefix' => '<div id="table-rows-div">',
+    '#suffix' => '</div>',
   );
 
 
@@ -381,10 +381,10 @@ function tripal_views_integration_form(&$form_state, $setup_id = NULL) {
     $mview_id = $form_state['storage']['mview_id'];
     $table_name = $form_state['storage']['table_name'];
     $form['view_setup_table'] = array(
-     '#type' => 'fieldset',
-     '#title' => 'Join Selection',
-     '#prefix' => '<div id="fieldset-table-rows-wrapper">',
-     '#suffix' => '</div>',
+      '#type' => 'fieldset',
+      '#title' => 'Join Selection',
+      '#prefix' => '<div id="fieldset-table-rows-wrapper">',
+      '#suffix' => '</div>',
     );
 
     // get the columns in this materialized view.  They are separated by commas
@@ -486,8 +486,8 @@ function tripal_views_integration_form(&$form_state, $setup_id = NULL) {
       $form['view_setup_table']["$table_id-$i"]["fields_name_$table_id-$i"] = array(
         '#type' => 'markup',
         '#prefix' => "<div class=\"column-one\">",
-        '#value' => "<span class=\"column-name\">$column_name</span>".
-                    "<br /><span class=\"column-type\">$column_type</span>",
+        '#value' => "<span class=\"column-name\">" . filter_xss($column_name) . "</span>".
+                    "<br /><span class=\"column-type\">" . filter_xss($column_type) . "</span>",
         '#suffix' => "</div>",
       );
       $data['field_types'][$column_name] = $column_type;

tripal_views/views/chado_linking.TMP.inc

@@ -1,6 +1,7 @@
 <?php
 
 /**
+ * @file
  * This is a temporary function holding all the old-style views integration
  * needed to link the base tables to their node. This will remain to keep things working
  * until it has been best determined how to do this via the new tripal_views integration
@@ -13,9 +14,9 @@ function tripal_views_TEMPORARY_chado_linking_data($data) {
   // if the chado database is not local to the drupal database
   // then we need to set the database name.  This should always
   // be 'chado'.
-  if(is_array($db_url) and array_key_exists('chado',$db_url)){
-     // return empty data array b/c if chado is external then no join to the nodetable can be made
-     return $data;
+  if (is_array($db_url) and array_key_exists('chado', $db_url)) {
+    // return empty data array b/c if chado is external then no join to the nodetable can be made
+    return $data;
   }
 
   // FEATURE ====================================

tripal_views/views/handlers/views_handler_argument_stockprop_id.inc

@@ -18,6 +18,7 @@ class views_handler_argument_stockprop_id extends views_handler_argument_string
 
     //get options & display as options
     $previous_db = tripal_db_set_active('chado');
+    // @coder-ignore: non-drupal schema therefore table prefixing does not apply
     $result = db_query("SELECT cvt.cvterm_id as type_id, cvt.name FROM cvterm cvt WHERE cvt.cvterm_id IN (SELECT type_id FROM stockprop)");
     tripal_db_set_active($previous_db);
     $types = array();

tripal_views/views/handlers/views_handler_field_chado_rel_by_type.inc

@@ -84,6 +84,7 @@ class views_handler_field_chado_rel_by_type extends views_handler_field_prerende
       );
 
       $options = array();
+      // @coder-ignore: non-drupal schema therefore table prefixing does not apply
       $sql = 'SELECT rel.type_id, cvt.name FROM %s_relationship rel LEFT JOIN cvterm cvt ON cvt.cvterm_id=rel.type_id GROUP BY rel.type_id,cvt.name';
       $previous_db = tripal_db_set_active('chado');
       $resource = db_query($sql, $this->table);
@@ -124,6 +125,7 @@ class views_handler_field_chado_rel_by_type extends views_handler_field_prerende
       }
 
       // Add relationships to the view results
+      // @coder-ignore: non-drupal schema therefore table prefixing does not apply
       $sql = "SELECT rel.*, cvterm.name as type_name, "
         ."subject.name as subject_name, object.name as object_name "
         ."FROM " . $this->table . "_relationship rel "

tripal_views/views/handlers/views_handler_field_chado_relationship_by_type.inc.orig

@@ -1,173 +0,0 @@
-<?php
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_field_chado_relationship_by_type.inc
-=======
-/**
- * @file
- * @todo Add file header description
- */
->>>>>>> 6.x-0.4-dev:tripal_natural_diversity/views/handlers/views_handler_field_chado_relationship_by_type.inc
-
-/**
- * @file
- * Field handler for terms.
- */
-class views_handler_field_chado_relationship_by_type extends views_handler_field_prerender_list {
-  function init(&$view, $options) {
-    parent::init($view, $options);
-
-    // Boolean to determine whether
-    //    TRUE =>  value (property type)      -more than one property type displayed
-    //    FALSE => or just value is rendered  -only 1 porperty type is displayed
-    $this->display_type = TRUE;
-
-  }
-
-  function option_definition() {
-    $options = parent::option_definition();
-    $options['stockrel_type_ids'] = array('default' => array());
-    $options['stockrel_display_options'] = array('default' => array('subject', 'type', 'object'));
-    return $options;
-  }
-
-  /**
-   * Provide "link to term" option.
-   */
-  function options_form(&$form, &$form_state) {
-    parent::options_form($form, $form_state);
-
-    $form['stockrel_display_parts'] = array(
-      '#type' => 'checkboxes',
-      '#title' => t('Display Relationship Parts'),
-      '#description' => t('Check each part of the relationship you want displayed where the part '
-        .'of a relationship are: \<Subject\> \<Relationship Type\> \<Object\>. '
-        .'For example, with the relationship Sarah is the maternal parent of Fred '
-        .'if you checked only Object then "Fred" would be displayed.'),
-      '#options' => array(
-        'subject' => 'Subject',
-        'type' => 'Relationship Type',
-        'object' => 'Object',
-      ),
-      '#default_value' => array($this->options['stockrel_display_parts']['subject'], $this->options['stockrel_display_parts']['type'], $this->options['stockrel_display_parts']['object']),
-    );
-
-    $form['stockrel_display_rels'] = array(
-      '#type' => 'radios',
-      '#title' => t('Display Relationships Where'),
-      '#description' => t('Only relationships where the selected criteria is met will be shown. '
-        .'The parts of a relationship are: \<Subject\> \<Relationship Type\> \<Object\>. '
-        .'For example, with the relationships Sarah is the maternal parent of Fred and '
-        .'Fred is the paternal_parent of Max where Fred is the current stock, '
-        .'if you selected "Current Stock is the Object" only Sarah is the maternal parent of Fred'
-        .' would be displayed.'),
-      '#options' => array(
-        'subject' => 'Current Stock is the Subject',
-        'object' => 'Current Stock is the Object',
-        'all' => 'Current Stock is the Subject and/or Object',
-      ),
-      '#default_value' => $this->options['stockrel_display_rels'],
-    );
-
-    $options = tripal_cv_get_cvterm_options( variable_get('chado_stock_relationship_cv', 'null') );
-    $form['stockrel_type_ids'] = array(
-      '#type' => 'checkboxes',
-      '#title' => t('Relationship Types'),
-      '#options' => $options,
-      '#default_value' => $this->options['stockrel_type_ids'],
-    );
-  }
-
-  /**
-   * Add this term to the query
-   */
-  function query() {
-    $this->add_additional_fields();
-  }
-
-  function pre_render($values) {
-    $this->aliases['relationships'] = 'relationships';
-    $this->aliases['stock_id'] = 'stock_id';
-    $this->field_alias = $this->aliases['stock_id'];
-
-    //for each stock in this view page
-    foreach ($values as $result) {
-      if (!empty($result->{$this->aliases['relationships']})) {
-
-        // all relationships including the current stock
-        $relationships = $result->{$this->aliases['relationships']};
-        foreach ($relationships as $relationship) {
-          // perform filtering------
-          //type
-          if (!empty($this->options['stockrel_type_ids'])) {
-            $relationships2keep = array_filter($this->options['stockrel_type_ids']);
-            if (!in_array($relationship->type_id, $relationships2keep)) {
-              continue;
-            }
-          }
-
-          //"Display Relationships Where" criteria
-          if (preg_match('/subject/', $this->options['stockrel_display_rels'])) {
-            if ($relationship->stock_id != $relationship->subject_id) {
-              continue;
-            }
-          }
-          elseif (preg_match('/object/', $this->options['stockrel_display_rels'])) {
-            if ($relationship->stock_id != $relationship->object_id) {
-              continue;
-            }
-          }
-
-          // Add relationship to the list of items to be rendered
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['stock_id'] = $relationship->stock_id;
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['stock_relationship_id'] = $relationship->stock_relationship_id;
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['subject_id'] = $relationship->subject_id;
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['subject_name'] = $relationship->subject_name;
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['object_id'] = $relationship->object_id;
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['object_name'] = $relationship->object_name;
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['type_id'] = $relationship->type_id;
-          $this->items[$relationship->stock_id][$relationship->stock_relationship_id]['type_name'] = $relationship->type_name;
-        }
-      }
-    }
-  }
-
-  function render_item($count, $item) {
-    $text = array();
-
-    // Render Parts
-    if ($this->options['stockrel_display_parts']['subject']) {
-      $text[] = $item['subject_name'];
-    }
-    if ($this->options['stockrel_display_parts']['type']) {
-      $text[] = $item['type_name'];
-    }
-    if ($this->options['stockrel_display_parts']['object']) {
-      $text[] = $item['object_name'];
-    }
-
-    return implode(' ', $text);
-  }
-
-  function document_self_tokens(&$tokens) {
-    $tokens['[' . $this->options['id'] . '-stock_id' . ']'] = t('The Stock ID.');
-    $tokens['[' . $this->options['id'] . '-stock_relationship_id' . ']'] = t('Relationship ID');
-    $tokens['[' . $this->options['id'] . '-subject_id' . ']'] = t('Subject ID');
-    $tokens['[' . $this->options['id'] . '-subject_name' . ']'] = t('Subject Name');
-    $tokens['[' . $this->options['id'] . '-object_id' . ']'] = t('Object ID');
-    $tokens['[' . $this->options['id'] . '-object_name' . ']'] = t('Object Name');
-    $tokens['[' . $this->options['id'] . '-type_id' . ']'] = t('Type ID');
-    $tokens['[' . $this->options['id'] . '-type_name' . ']'] = t('Type Name');
-  }
-
-  function add_self_tokens(&$tokens, $item) {
-    $tokens['[' . $this->options['id'] . '-stock_id' . ']'] = $item['stock_id'];
-    $tokens['[' . $this->options['id'] . '-stock_relationship_id' . ']'] = $item['stock_relationship_id'];
-    $tokens['[' . $this->options['id'] . '-subject_id' . ']'] = $item['subject_id'];
-    $tokens['[' . $this->options['id'] . '-subject_name' . ']'] = $item['subject_name'];
-    $tokens['[' . $this->options['id'] . '-object_id' . ']'] = $item['object_id'];
-    $tokens['[' . $this->options['id'] . '-object_name' . ']'] = $item['object_name'];
-    $tokens['[' . $this->options['id'] . '-type_id' . ']'] = $item['type_id'];
-    $tokens['[' . $this->options['id'] . '-type_name' . ']'] = $item['type_name'];
-
-  }
-}
-

tripal_views/views/handlers/views_handler_field_dbxref_accession_link.inc

@@ -28,6 +28,7 @@ class views_handler_field_dbxref_accession_link extends views_handler_field {
 
     if (!empty($db_id) AND !empty($accession)) {
       $previous_db = tripal_db_set_active('chado');
+      // @coder-ignore: non-drupal schema therefore table prefixing does not apply
       $result = db_fetch_object(db_query('SELECT urlprefix FROM db WHERE db_id=%d', $db_id));
       tripal_db_set_active($previous_db);
       $urlprefix = $result->urlprefix;

tripal_views/views/handlers/views_handler_filter_chado_select_cvterm_name.inc

@@ -58,6 +58,7 @@ class views_handler_filter_chado_select_cvterm_name extends views_handler_filter
 
     }
     else {
+      // @coder-ignore: non-drupal schema therefore table prefixing does not apply
       $sql = "SELECT cvterm_id, name FROM cvterm WHERE cvterm_id IN (SELECT distinct(type_id) FROM %s)";
       $previous_db = tripal_db_set_active('chado');
       $resource = db_query($sql, $this->view->base_table);

tripal_views/views/handlers/views_handler_filter_stock_dbxref_id.inc.orig

@@ -1,258 +0,0 @@
-<?php
-
-/**
- * @file
- * Allows stocks to be filtered by associated database reference accession
- *
- * @ingroup tripal_stock
- * @ingroup views_filter_handlers
- */
-class views_handler_filter_stock_dbxref_id extends views_handler_filter {
-
-  function init(&$view, $options) {
-    parent::init($view, $options);
-    $this->db = $this->options['db'];
-  }
-
-  function options_form(&$form, &$form_state) {
-    if ($this->can_expose()) {
-      $this->show_expose_button($form, $form_state);
-    }
-
-    $form['op_val_start'] = array('#value' => '<div class="clear-block">');
-
-    $this->types_form($form, $form_state);
-
-    $this->show_operator_form($form, $form_state);
-    $form['operator']['#prefix'] = '<div class="views-right-70">';
-    $this->show_value_form($form, $form_state);
-    $form['op_val_end'] = array('#value' => '</div>');
-
-    if ($this->can_expose()) {
-      $this->show_expose_form($form, $form_state);
-    }
-
-  }
-
-  function query() {
-    $this-> db = array_filter($this->db);
-
-    if (preg_match('/IS NOT NULL/', $this->options['operator'])) {
-      $new_where_sql = "stock.stock_id IN "
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_dbxref_id.inc
-      ."(SELECT stock_dbxref.stock_id FROM stock_dbxref, dbxref WHERE stock_dbxref.dbxref_id=dbxref.dbxref_id AND dbxref.db_id IN (" . implode(', ', $this->db) . "))";
-=======
-      . "(SELECT stock_dbxref.stock_id FROM stock_dbxref, dbxref WHERE stock_dbxref.dbxref_id=dbxref.dbxref_id AND dbxref.db_id IN (" . implode(', ', $this->db) . "))";
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_dbxref_id.inc
-      $this->query->add_where($this->options['group'], $new_where_sql);
-    }
-    elseif (preg_match('/IS NULL/', $this->options['operator'])) {
-      $new_where_sql = "stock.stock_id NOT IN "
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_dbxref_id.inc
-      ."(SELECT stock_dbxref.stock_id FROM stock_dbxref, dbxref WHERE stock_dbxref.dbxref_id=dbxref.dbxref_id AND dbxref.db_id IN (" . implode(', ', $this->db) . "))";
-=======
-      . "(SELECT stock_dbxref.stock_id FROM stock_dbxref, dbxref WHERE stock_dbxref.dbxref_id=dbxref.dbxref_id AND dbxref.db_id IN (" . implode(', ', $this->db) . "))";
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_dbxref_id.inc
-      $this->query->add_where($this->options['group'], $new_where_sql);
-    }
-    else {
-      if (!empty($this->value)) {
-        $new_where_sql = "stock.stock_id IN "
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_dbxref_id.inc
-          ."(SELECT stock_dbxref.stock_id FROM stock_dbxref, dbxref WHERE stock_dbxref.dbxref_id=dbxref.dbxref_id "
-          ."AND dbxref.db_id IN (" . implode(', ', $this->db) . ") AND dbxref.accession" . $this->operator . "'" . $this->value . "')";
-=======
-          . "(SELECT stock_dbxref.stock_id FROM stock_dbxref, dbxref WHERE stock_dbxref.dbxref_id=dbxref.dbxref_id "
-          . "AND dbxref.db_id IN (" . implode(', ', $this->db) . ") AND dbxref.accession" . $this->operator . "'" . $this->value . "')";
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_dbxref_id.inc
-        $this->query->add_where($this->options['group'], $new_where_sql);
-      }
-    }
-  }
-
-  /////////// Form Parts/////////////////////////
-  function types_form(&$form, &$form_state) {
-
-    $db_options = tripal_db_get_db_options();
-    ksort($db_options);
-    $form['db'] = array(
-      '#type' => 'checkboxes',
-      '#title' => t('Databases'),
-      '#options' => $db_options,
-      '#default_value' => $this->db,
-      '#prefix' => '<div class="views-left-30">',
-      '#suffix' => '</div>',
-    );
-
-  }
-
-  function value_form(&$form, &$form_state) {
-    parent::value_form($form, $form_state);
-
-    $form['value'] = array(
-      '#type' => 'textfield',
-      '#title' => t('Accession'),
-      '#default_value' => $this->value,
-    );
-  }
-
-  function operator_options() {
-    return array(
-      '=' => t('Is equal to'),
-      '!=' => t('Is not equal to'),
-      '~' => t('Contains'),
-      '!~' => t('Does not contain'),
-      'IS NOT NULL' => t('Is Present (Not Empty)'),
-      'IS NULL' => t('Is Absent (Empty)'),
-    );
-  }
-
- /**
-  * Render our chunk of the exposed filter form when selecting
-  */
-  function exposed_form(&$form, &$form_state) {
-    if (empty($this->options['exposed'])) {
-      return;
-    }
-
-    if (!empty($this->options['expose']['use_type']) && !empty($this->options['expose']['type'])) {
-      $type = $this->options['expose']['type'];
-      $form[$type] = array(
-        '#type' => 'select',
-        '#title' => t('Database References'),
-        '#options' => $this->type_options(),
-        '#default_value' => $this->type,
-      );
-
-      if (isset($form[$type]['#title'])) {
-        unset($form[$type]['#title']);
-      }
-    }
-
-    if (!empty($this->options['expose']['use_operator']) && !empty($this->options['expose']['operator'])) {
-      $operator = $this->options['expose']['operator'];
-      $this->operator_form($form, $form_state);
-      $form[$operator] = $form['operator'];
-
-      if (isset($form[$operator]['#title'])) {
-        unset($form[$operator]['#title']);
-      }
-
-      $this->exposed_translate($form[$operator], 'operator');
-
-      unset($form['operator']);
-    }
-
-    if (!empty($this->options['expose']['identifier'])) {
-      $value = $this->options['expose']['identifier'];
-      $this->value_form($form, $form_state);
-      $form[$value] = $form['value'];
-
-      if (isset($form[$value]['#title']) && !empty($form[$value]['#type']) && $form[$value]['#type'] != 'checkbox') {
-        unset($form[$value]['#title']);
-      }
-
-      $this->exposed_translate($form[$value], 'value');
-
-      if (!empty($form['#type']) && ($form['#type'] == 'checkboxes' || ($form['#type'] == 'select' && !empty($form['#multiple'])))) {
-        unset($form[$value]['#default_value']);
-      }
-
-      if (!empty($form['#type']) && $form['#type'] == 'select' && empty($form['#multiple'])) {
-        $form[$value]['#default_value'] = 'All';
-      }
-
-      if ($value != 'value') {
-        unset($form['value']);
-      }
-    }
-  }
-
-  function expose_form_left(&$form, &$form_state) {
-    $form['expose']['label'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['label'],
-      '#title' => t('Label'),
-      '#size' => 40,
-    );
-
-    $form['expose']['identifier'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['identifier'],
-      '#title' => t('Filter identifier'),
-      '#size' => 40,
-      '#description' => t('This will appear in the URL after the ? to identify this filter. Cannot be blank.'),
-    );
-
-  }
-
-  function expose_form_right(&$form, &$form_state) {
-    if (!empty($form['type']['#type'])) {
-      $form['expose']['use_type'] = array(
-        '#type' => 'checkbox',
-        '#title' => t('Unlock Database Reference'),
-        '#description' => t('When checked, the Database Reference will be exposed to the user'),
-        '#default_value' => !empty($this->options['expose']['use_type']),
-      );
-      $form['expose']['type'] = array(
-        '#type' => 'textfield',
-        '#default_value' => $this->options['expose']['type'],
-        '#title' => t('Database Reference identifier'),
-        '#size' => 40,
-        '#description' => t('This will appear in the URL after the ? to identify this Database Reference.'),
-        '#process' => array('views_process_dependency'),
-        '#dependency' => array(
-          'edit-options-expose-use-type' => array(1)
-        ),
-      );
-    }
-    else {
-      $form['expose']['type'] = array(
-        '#type' => 'value',
-        '#value' => '',
-      );
-    }
-
-    $form['expose']['identifier'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['identifier'],
-      '#title' => t('Filter identifier'),
-      '#size' => 40,
-      '#description' => t('This will appear in the URL after the ? to identify this filter. Cannot be blank.'),
-    );
-
-    if (!empty($form['operator']['#type'])) {
-      $form['expose']['use_operator'] = array(
-        '#type' => 'checkbox',
-        '#title' => t('Unlock operator'),
-        '#description' => t('When checked, the operator will be exposed to the user'),
-        '#default_value' => !empty($this->options['expose']['use_operator']),
-      );
-      $form['expose']['operator'] = array(
-        '#type' => 'textfield',
-        '#default_value' => $this->options['expose']['operator'],
-        '#title' => t('Operator identifier'),
-        '#size' => 40,
-        '#description' => t('This will appear in the URL after the ? to identify this operator.'),
-        '#process' => array('views_process_dependency'),
-        '#dependency' => array(
-          'edit-options-expose-use-operator' => array(1)
-        ),
-      );
-    }
-    else {
-      $form['expose']['operator'] = array(
-        '#type' => 'value',
-        '#value' => '',
-      );
-    }
-
-    $form['expose']['optional'] = array(
-      '#type' => 'checkbox',
-      '#title' => t('Optional'),
-      '#description' => t('This exposed filter is optional and will have added options to allow it not to be set.'),
-      '#default_value' => $this->options['expose']['optional'],
-    );
-  }
-}
-

tripal_views/views/handlers/views_handler_filter_stock_relationship_id.inc

@@ -19,6 +19,7 @@ class views_handler_filter_stock_relationship_id extends views_handler_filter {
 
       // determine if just checking presence
       if (preg_match('/NULL/', $this->operator)) {
+          // @coder-ignore: non-drupal schema therefore table prefixing does not apply
           $where = 'stock.stock_id IN ('
             .'SELECT ' . $this->options['variable_position'] . ' FROM stock_relationship '
             .'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' AND type_id = ' . $this->options['type']
@@ -68,6 +69,7 @@ class views_handler_filter_stock_relationship_id extends views_handler_filter {
 
         //generate where
         if (sizeof($fixed_stock_ids) == 1) {
+          // @coder-ignore: non-drupal schema therefore table prefixing does not apply
           $where = 'stock.stock_id IN ('
             .'SELECT ' . $this->options['variable_position'] . ' FROM stock_relationship '
             .'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' ' . $fixed_stock_ids[0] . ' AND type_id = ' . $this->options['type']
@@ -75,6 +77,7 @@ class views_handler_filter_stock_relationship_id extends views_handler_filter {
           $this->query->add_where($this->options['group'], $where);
         }
         elseif (sizeof($fixed_stock_ids) > 1) {
+          // @coder-ignore: non-drupal schema therefore table prefixing does not apply
           $where = 'stock.stock_id IN ('
             .'SELECT ' . $this->options['variable_position'] . ' FROM stock_relationship '
             .'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' (' . implode(', ', $fixed_stock_ids) . ') AND type_id = ' . $this->options['type']

tripal_views/views/handlers/views_handler_filter_stock_relationship_id.inc.orig

@@ -1,355 +0,0 @@
-<?php
-/**
- * @file
- * @todo Add file header description
- */
-
-/**
- * @file
- * Filter stocks via stock_relationships
- */
-class views_handler_filter_stock_relationship_id extends views_handler_filter {
-
-  function query() {
-    if ($this->value) {
-
-      // get variable position
-      if ($this->options['fixed_position'] == 'subject_id') {
-        $this->options['variable_position'] = 'object_id';
-      }
-      else {
-        $this->options['variable_position'] = 'subject_id';
-      }
-
-      // determine if just checking presence
-      if (preg_match('/NULL/', $this->operator)) {
-          $where = 'stock.stock_id IN ('
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_relationship_id.inc
-            .'SELECT ' . $this->options['variable_position'] . ' FROM stock_relationship '
-            .'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' AND type_id = ' . $this->options['type']
-          .')';
-=======
-            . 'SELECT ' . $this->options['variable_position'] . ' FROM {stock_relationship} '
-            . 'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' AND type_id = ' . $this->options['type']
-          . ')';
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_relationship_id.inc
-          $this->query->add_where($this->options['group'], $where);
-      }
-      else {
-
-        // determine whether regex was requested
-        if ($this->operator == '~') {
-          $search_options = array('regex_columns' => array('name', 'uniquename'));
-          $this->operator = '=';
-        }
-        elseif ($this->operator == '!~') {
-          $search_options = array('regex_columns' => array('name', 'uniquename'));
-          $this->operator = '!=';
-        }
-        else {
-          $search_options = array();
-        }
-
-        // get fixed stock id(s)
-        $fixed_stock = tripal_core_chado_select('stock', array('stock_id'), array('uniquename' => $this->value), $search_options);
-        $fixed_stock_ids = array();
-        if ($fixed_stock[0]->stock_id) {
-          $fixed_stock_ids[] = $fixed_stock[0]->stock_id;
-        }
-        else {
-          $fixed_stock = tripal_core_chado_select('stock', array('stock_id'), array('name' => $this->value), $search_options);
-          if (sizeof($fixed_stock) > 1) {
-            foreach ($fixed_stock as $s) {
-              $fixed_stock_ids[] = $s->stock_id;
-            }
-          }
-          elseif (sizeof($fixed_stock) == 1) {
-            $fixed_stock_ids[] = $fixed_stock[0]->stock_id;
-          }
-        }
-
-        // determine operator
-        if ($this->operator == '=' && sizeof($fixed_stock_ids) > 1) {
-          $this->operator = 'IN';
-        }
-        elseif ($this->operator == '!=' && sizeof($fixed_stock_ids) > 1) {
-          $this->operator = 'NOT IN';
-        }
-
-        //generate where
-        if (sizeof($fixed_stock_ids) == 1) {
-          $where = 'stock.stock_id IN ('
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_relationship_id.inc
-            .'SELECT ' . $this->options['variable_position'] . ' FROM stock_relationship '
-            .'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' ' . $fixed_stock_ids[0] . ' AND type_id = ' . $this->options['type']
-          .')';
-=======
-            . 'SELECT ' . $this->options['variable_position'] . ' FROM {stock_relationship} '
-            . 'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' ' . $fixed_stock_ids[0] . ' AND type_id = ' . $this->options['type']
-          . ')';
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_relationship_id.inc
-          $this->query->add_where($this->options['group'], $where);
-        }
-        elseif (sizeof($fixed_stock_ids) > 1) {
-          $where = 'stock.stock_id IN ('
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_relationship_id.inc
-            .'SELECT ' . $this->options['variable_position'] . ' FROM stock_relationship '
-            .'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' (' . implode(', ', $fixed_stock_ids) . ') AND type_id = ' . $this->options['type']
-          .')';
-          $this->query->add_where($this->options['group'], $where);
-        }
-        else {
-          drupal_set_message(t('No stock with the name or uniquename %value was found -No filtering done.', array('%value' => $this->value)), 'error');
-=======
-            . 'SELECT ' . $this->options['variable_position'] . ' FROM {stock_relationship} '
-            . 'WHERE ' . $this->options['fixed_position'] . ' ' . $this->operator . ' (' . implode(', ', $fixed_stock_ids) . ') AND type_id = ' . $this->options['type']
-          . ')';
-          $this->query->add_where($this->options['group'], $where);
-        }
-        else {
-          drupal_set_message(t('No stock with the name or uniquename %value was found -No filtering done.',  array('%value' => $this->value ), 'error'));
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_relationship_id.inc
-        }
-      } //end of not just checking presence
-    }
-  }
-
-  function options_form(&$form, &$form_state) {
-
-    if ($this->can_expose()) {
-      $this->show_expose_button($form, $form_state);
-    }
-
-    $instructions = 'This filter allows you to enter a stock, the position of that stock in the '
-      .'relationship and relationship type and only stocks with a relationship of the type described '
-      .'will be shown. For example, if you want all stocks where Fred is_paternal_parent_of, then '
-      .'you would enter Fred as the value, select is_paternal_parent_of as the Relationship Type '
-      .'and subject as the Fixed Position.';
-    $form['instructions'] = array(
-      '#type' => 'item',
-      '#value' => t($instructions)
-    );
-
-    $form['op_val_start'] = array('#value' => '<div class="clear-block">');
-
-    // left side
-
-    $this->types_form($form, $form_state);
-    $form['type']['#prefix'] = '<div class="views-left-50">';
-    $form['type']['#suffix'] = '</div>';
-
-    $this->show_operator_form($form, $form_state);
-    $form['operator']['#prefix'] = '<div class="views-right-50">';
-    $form['operator']['#suffix'] = '</div>';
-
-    $this->show_value_form($form, $form_state);
-    $form['value']['#prefix'] = '<div class="views-right-50">';
-    $form['value']['#suffix'] = '</div>';
-
-    // right side
-
-
-    $this->fixed_position_form($form, $form_state);
-    $form['fixed_position']['#prefix'] = '<div class="views-right-50">';
-    $form['fixed_position']['#suffix'] = '</div>';
-
-
-    if ($this->can_expose()) {
-      $this->show_expose_form($form, $form_state);
-    }
-
-    $form['op_val_start'] = array('#value' => '</div>');
-
-  }
-
-  function value_form(&$form, &$form_state) {
-    parent::value_form($form, $form_state);
-
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_relationship_id.inc
-    if (!$this->options['label']) {
-      $label = 'Stock Name';
-    }
-    else {
-      $label = $this->options['label'];
-=======
-    if ($this->options['label']) {
-      $label = $this->options['label'];
-    }
-    else {
-      $label = 'Stock Name';
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_relationship_id.inc
-    }
-    $form['value'] = array(
-      '#type' => 'textfield',
-      '#title' => t('%label', array('%label' => $label)),
-      '#default_value' => $this->value,
-      '#size' => 40,
-    );
-
-  }
-
-  function type_options() {
-
-    $previous_db = tripal_db_set_active('chado');
-    $result = db_query("SELECT cvt.cvterm_id as type_id, cvt.name FROM {cvterm} cvt WHERE cvt.cvterm_id IN (SELECT type_id FROM {stock_relationship})");
-    tripal_db_set_active($previous_db);
-
-    $types = array();
-    while ($r = db_fetch_object($result)) {
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stock_relationship_id.inc
-      $types[$r->type_id] = $r->name;
-    }
-=======
-    $types[$r->type_id] = $r->name; }
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stock_relationship_id.inc
-
-    return $types;
-  }
-
-  function types_form(&$form, &$form_state) {
-
-    $form['type'] = array(
-      '#type' => count($options) < 10 ? 'radios' : 'select',
-      '#title' => t('Relationship Types'),
-      '#options' => $this->type_options(),
-      '#default_value' => $this->options['type'],
-    );
-
-  }
-
-  function fixed_position_form(&$form, &$form_state) {
-
-    $form['fixed_position'] = array(
-      '#type' => 'radios',
-      '#title' => 'Position of Stock to Filter on',
-      '#description' => t('Where a relationship consists of a subject type object, this field indicates '
-        .'what position in the relationship remains fixed (is the stock entered as the value).'),
-      '#options' => array(
-        'subject_id' => 'Subject',
-        'object_id' => 'Object'
-      ),
-      '#default_value' => ($this->options['fixed_position']) ? $this->options['fixed_position'] : 'subject_id',
-    );
-
-  }
-
-  function operator_options() {
-    return array(
-      '=' => t('Is equal to'),
-      '!=' => t('Is not equal to'),
-      '~' => t('Contains'),
-      '!~' => t('Does not contain'),
-      'IS NOT NULL' => t('Is Present (Not Empty)'),
-      'IS NULL' => t('Is Absent (Empty)'),
-    );
-  }
-
- /**
-  * Render our chunk of the exposed filter form when selecting
-  */
-  function exposed_form(&$form, &$form_state) {
-    if (empty($this->options['exposed'])) {
-      return;
-    }
-
-    if (!empty($this->options['expose']['use_operator']) && !empty($this->options['expose']['operator'])) {
-      $operator = $this->options['expose']['operator'];
-      $this->operator_form($form, $form_state);
-      $form[$operator] = $form['operator'];
-
-      if (isset($form[$operator]['#title'])) {
-        unset($form[$operator]['#title']);
-      }
-
-      $this->exposed_translate($form[$operator], 'operator');
-
-      unset($form['operator']);
-    }
-
-    if (!empty($this->options['expose']['identifier'])) {
-      $value = $this->options['expose']['identifier'];
-      $this->value_form($form, $form_state);
-      $form[$value] = $form['value'];
-
-      if (isset($form[$value]['#title']) && !empty($form[$value]['#type']) && $form[$value]['#type'] != 'checkbox') {
-        unset($form[$value]['#title']);
-      }
-
-      $this->exposed_translate($form[$value], 'value');
-
-      if (!empty($form['#type']) && ($form['#type'] == 'checkboxes' || ($form['#type'] == 'select' && !empty($form['#multiple'])))) {
-        unset($form[$value]['#default_value']);
-      }
-
-      if (!empty($form['#type']) && $form['#type'] == 'select' && empty($form['#multiple'])) {
-        $form[$value]['#default_value'] = 'All';
-      }
-
-      if ($value != 'value') {
-        unset($form['value']);
-      }
-    }
-  }
-
-  function expose_form_left(&$form, &$form_state) {
-    $form['expose']['label'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['label'],
-      '#title' => t('Label'),
-      '#size' => 40,
-    );
-
-    $form['expose']['identifier'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['identifier'],
-      '#title' => t('Filter identifier'),
-      '#size' => 40,
-      '#description' => t('This will appear in the URL after the ? to identify this filter. Cannot be blank.'),
-    );
-
-  }
-
-  function expose_form_right(&$form, &$form_state) {
-
-    $form['expose']['identifier'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['identifier'],
-      '#title' => t('Filter identifier'),
-      '#size' => 40,
-      '#description' => t('This will appear in the URL after the ? to identify this filter. Cannot be blank.'),
-    );
-
-    if (!empty($form['operator']['#type'])) {
-      $form['expose']['use_operator'] = array(
-        '#type' => 'checkbox',
-        '#title' => t('Unlock operator'),
-        '#description' => t('When checked, the operator will be exposed to the user'),
-        '#default_value' => !empty($this->options['expose']['use_operator']),
-      );
-      $form['expose']['operator'] = array(
-        '#type' => 'textfield',
-        '#default_value' => $this->options['expose']['operator'],
-        '#title' => t('Operator identifier'),
-        '#size' => 40,
-        '#description' => t('This will appear in the URL after the ? to identify this operator.'),
-        '#process' => array('views_process_dependency'),
-        '#dependency' => array(
-          'edit-options-expose-use-operator' => array(1)
-        ),
-      );
-    }
-    else {
-      $form['expose']['operator'] = array(
-        '#type' => 'value',
-        '#value' => '',
-      );
-    }
-
-    $form['expose']['optional'] = array(
-      '#type' => 'checkbox',
-      '#title' => t('Optional'),
-      '#description' => t('This exposed filter is optional and will have added options to allow it not to be set.'),
-      '#default_value' => $this->options['expose']['optional'],
-    );
-  }
-}

tripal_views/views/handlers/views_handler_filter_stockprop_id.inc

@@ -101,6 +101,7 @@ class views_handler_filter_stockprop_id extends views_handler_filter {
 
       // Get options
       $previous_db = tripal_db_set_active('chado');
+      // @coder-ignore: non-drupal schema therefore table prefixing does not apply
       $resource = db_query("SELECT value FROM stockprop WHERE type_id=" . $this->type . " ORDER BY value");
       tripal_db_set_active($previous_db);
       while ($r = db_fetch_object($resource)) {

tripal_views/views/handlers/views_handler_filter_stockprop_id.inc.orig

@@ -1,340 +0,0 @@
-<?php
-
-/**
- * @file
- * Allows stocks to be filtered by proeprty values
- *
- * @ingroup tripal_stock
- * @ingroup views_filter_handlers
- */
-class views_handler_filter_stockprop_id extends views_handler_filter {
-
-  function init(&$view, $options) {
-    parent::init($view, $options);
-    $this->type = $this->options['type'];
-  }
-
-  function options_form(&$form, &$form_state) {
-    if ($this->can_expose()) {
-      $this->show_expose_button($form, $form_state);
-    }
-
-    $form['op_val_start'] = array('#value' => '<div class="clear-block">');
-
-    $this->types_form($form, $form_state);
-
-    $this->show_operator_form($form, $form_state);
-    $form['operator']['#prefix'] = '<div class="views-right-70">';
-    $this->show_value_form($form, $form_state);
-    $form['op_val_end'] = array('#value' => '</div>');
-
-    if ($this->can_expose()) {
-      $this->show_expose_form($form, $form_state);
-    }
-
-  }
-
-  function options_validate(&$form, &$form_state) {
-    parent::options_validate($form, $form_state);
-
-    if (preg_match('/NULL/', $form_state['values']['options']['operator'])) {
-      $value = $form_state['values']['options']['value'];
-      if (!empty($value)) {
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stockprop_id.inc
-        drupal_set_message(t('The Value (%value) will be IGNORED when the Operator is set to "Is Present" or Is Absent".', array('%value' => $value)), 'warning');
-=======
-        drupal_set_message(t('The Value %value will be IGNORED when the Operator is set to "Is Present" or Is Absent". ', array('%value' => $value), 'warning'));
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stockprop_id.inc
-      }
-    }
-    else {
-      $value = $form_state['values']['options']['value'];
-      if (empty($value)) {
-        form_error($form['value'], t('Value required. The value will be used in conjunction with the operator. For example, if the '
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stockprop_id.inc
-           .'operator="Is equal to" and the value="2010" then only properties with a value of 2010 and the type specified will be displayed.'));
-=======
-           . 'operator="Is equal to" and the value="2010" then only properties with a value of 2010 and the type specified will be displayed.'));
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stockprop_id.inc
-      }
-    }
-
-    if (empty($form_state['values']['options']['type'])) {
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stockprop_id.inc
-      drupal_set_message(t('No Property Type was choosen. As such, any property type whose value %op %value will be displayed.',
-        array('%op' => $form_state['values']['options']['operator'], '%value' => $form_state['values']['options']['value'])), 'warning');
-=======
-      drupal_set_message('No Property Type was choosen. As such, any property type whose value '
-                 . $form_state['values']['options']['operator'] . ' ' . $form_state['values']['options']['value'] . ' will be displayed', 'warning');
-    }
-  }
-
-  function query() {
-    if (preg_match('/IS NOT NULL/', $this->options['operator'])) {
-      $new_where_sql = "stock.stock_id IN (SELECT stockprop.stock_id FROM stockprop WHERE stockprop.type_id=" . $this->type . ")";
-      $this->query->add_where($this->options['group'], $new_where_sql);
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stockprop_id.inc
-    }
-    elseif (preg_match('/IS NULL/', $this->options['operator'])) {
-      $new_where_sql = "stock.stock_id NOT IN (SELECT stockprop.stock_id FROM stockprop WHERE stockprop.type_id=" . $this->type . ")";
-      $this->query->add_where($this->options['group'], $new_where_sql);
-    }
-    elseif ($this->value) {
-      $new_where_sql = "stock.stock_id IN (SELECT stockprop.stock_id FROM stockprop WHERE stockprop.type_id=" . $this->type . " AND stockprop.value" . $this->operator . "'" . $this->value . "')";
-      $this->query->add_where($this->options['group'], $new_where_sql);
-    }
-
-  }
-
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stockprop_id.inc
-  function query() {
-    if (preg_match('/IS NOT NULL/', $this->options['operator'])) {
-      $new_where_sql = "stock.stock_id IN (SELECT stockprop.stock_id FROM stockprop WHERE stockprop.type_id=" . $this->type . ")";
-      $this->query->add_where($this->options['group'], $new_where_sql);
-    }
-    elseif (preg_match('/IS NULL/', $this->options['operator'])) {
-      $new_where_sql = "stock.stock_id NOT IN (SELECT stockprop.stock_id FROM stockprop WHERE stockprop.type_id=" . $this->type . ")";
-      $this->query->add_where($this->options['group'], $new_where_sql);
-    }
-    elseif ($this->value) {
-      $new_where_sql = "stock.stock_id IN (SELECT stockprop.stock_id FROM stockprop WHERE stockprop.type_id=" . $this->type . " AND stockprop.value" . $this->operator . "'" . $this->value . "')";
-      $this->query->add_where($this->options['group'], $new_where_sql);
-    }
-
-  }
-
-=======
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stockprop_id.inc
-  function types_form(&$form, &$form_state) {
-    $previous_db = tripal_db_set_active('chado');
-    $result = db_query("SELECT cvt.cvterm_id as type_id, cvt.name FROM {cvterm} cvt WHERE cvt.cvterm_id IN (SELECT type_id FROM {stockprop})");
-    tripal_db_set_active($previous_db);
-
-    $types = array();
-    while ($r = db_fetch_object($result)) {
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stockprop_id.inc
-      $types[$r->type_id] = $r->name;
-    }
-=======
-    $types[$r->type_id] = $r->name; }
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stockprop_id.inc
-
-    $form['type'] = array(
-      '#type' => count($options) < 10 ? 'radios' : 'select',
-      '#title' => t('Property Types'),
-      '#options' => $types,
-      '#default_value' => $this->type,
-      '#prefix' => '<div class="views-left-30">',
-      '#suffix' => '</div>',
-    );
-
-  }
-
-  function value_form(&$form, &$form_state) {
-    parent::value_form($form, $form_state);
-
-    if ($this->options['expose']['display_type'] == 'select') {
-
-      // Get options
-      $previous_db = tripal_db_set_active('chado');
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stockprop_id.inc
-      $resource = db_query("SELECT value FROM stockprop WHERE type_id=" . $this->type . " ORDER BY value");
-      tripal_db_set_active($previous_db);
-=======
-      $resource = db_query("SELECT value FROM {stockprop} WHERE type_id=" . $this->type . " ORDER BY value");
-     tripal_db_set_active($previous_db);
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stockprop_id.inc
-      while ($r = db_fetch_object($resource)) {
-        $options[$r->value] = $r->value;
-      }
-      $form['value'] = array(
-        '#type' => 'select',
-<<<<<<< HEAD:tripal_views/views/handlers/views_handler_filter_stockprop_id.inc
-        '#title' => t('%label', array('%label' => $this->options['label'])),
-=======
-        '#title' => t('%label', array('%title' => $this->options['label'])),
->>>>>>> 6.x-0.4-dev:tripal_stock/views/handlers/views_handler_filter_stockprop_id.inc
-        '#options' => $options,
-        '#default_value' => $this->value,
-      );
-    }
-    else {
-      $form['value'] = array(
-        '#type' => 'textfield',
-        '#title' => t('Value'),
-        '#default_value' => $this->value,
-      );
-    }
-  }
-
-  function operator_options() {
-    return array(
-      '=' => t('Is equal to'),
-      '!=' => t('Is not equal to'),
-      '~' => t('Contains'),
-      '!~' => t('Does not contain'),
-      'IS NOT NULL' => t('Is Present (Not Empty)'),
-      'IS NULL' => t('Is Absent (Empty)'),
-    );
-  }
-
- /**
-  * Render our chunk of the exposed filter form when selecting
-  */
-  function exposed_form(&$form, &$form_state) {
-    if (empty($this->options['exposed'])) {
-      return;
-    }
-
-    if (!empty($this->options['expose']['use_type']) && !empty($this->options['expose']['type'])) {
-      $type = $this->options['expose']['type'];
-      $form[$type] = array(
-        '#type' => 'select',
-        '#title' => t('Property Types'),
-        '#options' => $this->type_options(),
-        '#default_value' => $this->type,
-      );
-
-      if (isset($form[$type]['#title'])) {
-        unset($form[$type]['#title']);
-      }
-    }
-
-    if (!empty($this->options['expose']['use_operator']) && !empty($this->options['expose']['operator'])) {
-      $operator = $this->options['expose']['operator'];
-      $this->operator_form($form, $form_state);
-      $form[$operator] = $form['operator'];
-
-      if (isset($form[$operator]['#title'])) {
-        unset($form[$operator]['#title']);
-      }
-
-      $this->exposed_translate($form[$operator], 'operator');
-
-      unset($form['operator']);
-    }
-
-    if (!empty($this->options['expose']['identifier'])) {
-      $value = $this->options['expose']['identifier'];
-      $this->value_form($form, $form_state);
-      $form[$value] = $form['value'];
-
-      if (isset($form[$value]['#title']) && !empty($form[$value]['#type']) && $form[$value]['#type'] != 'checkbox') {
-        unset($form[$value]['#title']);
-      }
-
-      $this->exposed_translate($form[$value], 'value');
-
-      if (!empty($form['#type']) && ($form['#type'] == 'checkboxes' || ($form['#type'] == 'select' && !empty($form['#multiple'])))) {
-        unset($form[$value]['#default_value']);
-      }
-
-      if (!empty($form['#type']) && $form['#type'] == 'select' && empty($form['#multiple'])) {
-        $form[$value]['#default_value'] = 'All';
-      }
-
-      if ($value != 'value') {
-        unset($form['value']);
-      }
-    }
-  }
-
-  function expose_form_left(&$form, &$form_state) {
-    $form['expose']['label'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['label'],
-      '#title' => t('Label'),
-      '#size' => 40,
-    );
-
-    $form['expose']['identifier'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['identifier'],
-      '#title' => t('Filter identifier'),
-      '#size' => 40,
-      '#description' => t('This will appear in the URL after the ? to identify this filter. Cannot be blank.'),
-    );
-
-    $form['expose']['display_type'] = array(
-      '#type' => 'radios',
-      '#default_value' => $this->options['expose']['display_type'],
-      '#title' => t('Display Type'),
-      '#description' => t('This will change the form item type of the exposed value form. ie: it can be used to let the user select the property value from a select box rather than a textfield.'),
-      '#options' => array(
-        'textfield' => 'Text Field',
-        'select' => 'Drop Down',
-      ),
-    );
-  }
-
-  function expose_form_right(&$form, &$form_state) {
-    if (!empty($form['type']['#type'])) {
-      $form['expose']['use_type'] = array(
-        '#type' => 'checkbox',
-        '#title' => t('Unlock Property Type'),
-        '#description' => t('When checked, the property type will be exposed to the user'),
-        '#default_value' => !empty($this->options['expose']['use_type']),
-      );
-      $form['expose']['type'] = array(
-        '#type' => 'textfield',
-        '#default_value' => $this->options['expose']['type'],
-        '#title' => t('Property Type identifier'),
-        '#size' => 40,
-        '#description' => t('This will appear in the URL after the ? to identify this property type.'),
-        '#process' => array('views_process_dependency'),
-        '#dependency' => array(
-          'edit-options-expose-use-type' => array(1)
-        ),
-      );
-    }
-    else {
-      $form['expose']['type'] = array(
-        '#type' => 'value',
-        '#value' => '',
-      );
-    }
-
-    $form['expose']['identifier'] = array(
-      '#type' => 'textfield',
-      '#default_value' => $this->options['expose']['identifier'],
-      '#title' => t('Filter identifier'),
-      '#size' => 40,
-      '#description' => t('This will appear in the URL after the ? to identify this filter. Cannot be blank.'),
-    );
-
-    if (!empty($form['operator']['#type'])) {
-      $form['expose']['use_operator'] = array(
-        '#type' => 'checkbox',
-        '#title' => t('Unlock operator'),
-        '#description' => t('When checked, the operator will be exposed to the user'),
-        '#default_value' => !empty($this->options['expose']['use_operator']),
-      );
-      $form['expose']['operator'] = array(
-        '#type' => 'textfield',
-        '#default_value' => $this->options['expose']['operator'],
-        '#title' => t('Operator identifier'),
-        '#size' => 40,
-        '#description' => t('This will appear in the URL after the ? to identify this operator.'),
-        '#process' => array('views_process_dependency'),
-        '#dependency' => array(
-          'edit-options-expose-use-operator' => array(1)
-        ),
-      );
-    }
-    else {
-      $form['expose']['operator'] = array(
-        '#type' => 'value',
-        '#value' => '',
-      );
-    }
-
-    $form['expose']['optional'] = array(
-      '#type' => 'checkbox',
-      '#title' => t('Optional'),
-      '#description' => t('This exposed filter is optional and will have added options to allow it not to be set.'),
-      '#default_value' => $this->options['expose']['optional'],
-    );
-  }
-
-
-}