Skip to content

Commit b8abfcd

Browse files
timohuboistimohubois
committed
fix(intuitive-custom-post-order.php): prepare sql queries
1 parent bbbcb57 commit b8abfcd

File tree

2 files changed

+119
-97
lines changed

2 files changed

+119
-97
lines changed

intuitive-custom-post-order.php

Lines changed: 112 additions & 92 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@
2626
/**
2727
* Uninstall hook
2828
*/
29-
3029
register_uninstall_hook( __FILE__, 'hicpo_uninstall' );
3130
function hicpo_uninstall() {
3231
global $wpdb;
@@ -48,24 +47,22 @@ function hicpo_uninstall() {
4847
// drop term_order COLUMN to $wpdb->terms TABLE
4948
function hicpo_uninstall_db_terms() {
5049
global $wpdb;
51-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
52-
$result = $wpdb->query( "DESCRIBE $wpdb->terms `term_order`" );
50+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- its ok.
51+
$result = $wpdb->query( "DESCRIBE $wpdb->terms `term_order`" );
5352
if ( $result ) {
54-
$query = "ALTER TABLE $wpdb->terms DROP `term_order`";
55-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
56-
$result = $wpdb->query( $query );
53+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- its ok.
54+
$result = $wpdb->query( "ALTER TABLE $wpdb->terms DROP `term_order`" );
5755
}
5856
}
5957

6058
// drop menu_order COLUMN to $wpdb->blogs TABLE
6159
function hicpo_uninstall_db_blogs() {
6260
global $wpdb;
63-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
61+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- its ok.
6462
$result = $wpdb->query( "DESCRIBE $wpdb->blogs `menu_order`" );
6563
if ( $result ) {
66-
$query = "ALTER TABLE $wpdb->blogs DROP `menu_order`";
67-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
68-
$result = $wpdb->query( $query );
64+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- its ok.
65+
$result = $wpdb->query( "ALTER TABLE $wpdb->blogs DROP `menu_order`" );
6966
}
7067
}
7168

@@ -177,7 +174,7 @@ public function hicpo_load_plugin_textdomain() {
177174
load_plugin_textdomain(
178175
'intuitive-custom-post-order',
179176
false,
180-
basename( dirname( __FILE__ ) ) . '/languages/'
177+
basename( __DIR__ ) . '/languages/'
181178
);
182179
}
183180

@@ -293,29 +290,32 @@ public function hicpo_refresh() {
293290

294291
if ( ! empty( $objects ) ) {
295292
foreach ( $objects as $object ) {
296-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
297-
$result = $wpdb->get_results(
293+
$query = $wpdb->prepare(
298294
"
299295
SELECT count(*) as cnt, max(menu_order) as max, min(menu_order) as min
300296
FROM $wpdb->posts
301-
WHERE post_type = '" . $object . "' AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
302-
"
297+
WHERE post_type = %s AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
298+
",
299+
$object
303300
);
304-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
301+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
302+
$result = $wpdb->get_results( $query );
305303
if ( 0 == $result[0]->cnt || $result[0]->cnt == $result[0]->max ) {
306304
continue;
307305
}
308306

309-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
310-
$results = $wpdb->get_results(
307+
$query = $wpdb->prepare(
311308
"
312309
SELECT ID
313310
FROM $wpdb->posts
314-
WHERE post_type = '" . $object . "' AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
311+
WHERE post_type = %s AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
315312
ORDER BY menu_order ASC
316-
"
313+
",
314+
$object
317315
);
318-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
316+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
317+
$results = $wpdb->get_results( $query );
318+
319319
foreach ( $results as $key => $result ) {
320320
$wpdb->update( $wpdb->posts, [ 'menu_order' => $key + 1 ], [ 'ID' => $result->ID ] );
321321
}
@@ -324,31 +324,34 @@ public function hicpo_refresh() {
324324

325325
if ( ! empty( $tags ) ) {
326326
foreach ( $tags as $taxonomy ) {
327-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
328-
$result = $wpdb->get_results(
327+
$query = $wpdb->prepare(
329328
"
330329
SELECT count(*) as cnt, max(term_order) as max, min(term_order) as min
331330
FROM $wpdb->terms AS terms
332331
INNER JOIN $wpdb->term_taxonomy AS term_taxonomy ON ( terms.term_id = term_taxonomy.term_id )
333-
WHERE term_taxonomy.taxonomy = '" . $taxonomy . "'
334-
"
332+
WHERE term_taxonomy.taxonomy = %s
333+
",
334+
$taxonomy
335335
);
336-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
336+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
337+
$result = $wpdb->get_results( $query );
338+
337339
if ( 0 == $result[0]->cnt || $result[0]->cnt == $result[0]->max ) {
338340
continue;
339341
}
340342

341-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
342-
$results = $wpdb->get_results(
343+
$query = $wpdb->prepare(
343344
"
344345
SELECT terms.term_id
345346
FROM $wpdb->terms AS terms
346347
INNER JOIN $wpdb->term_taxonomy AS term_taxonomy ON ( terms.term_id = term_taxonomy.term_id )
347-
WHERE term_taxonomy.taxonomy = '" . $taxonomy . "'
348+
WHERE term_taxonomy.taxonomy = %s
348349
ORDER BY term_order ASC
349-
"
350+
",
351+
$taxonomy
350352
);
351-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
353+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
354+
$results = $wpdb->get_results( $query );
352355
foreach ( $results as $key => $result ) {
353356
$wpdb->update( $wpdb->terms, [ 'term_order' => $key + 1 ], [ 'term_id' => $result->term_id ] );
354357
}
@@ -452,18 +455,28 @@ public function hicpo_update_menu_order() {
452455

453456
// same number check
454457
$post_type = get_post_type( $id );
455-
$sql = "SELECT COUNT(menu_order) AS mo_count, post_type, menu_order FROM $wpdb->posts
456-
WHERE post_type = '{$post_type}' AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
457-
AND menu_order > 0 GROUP BY post_type, menu_order HAVING (mo_count) > 1";
458-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
459-
$results = $wpdb->get_results( $sql );
458+
$query = $wpdb->prepare(
459+
"
460+
SELECT COUNT(menu_order) AS mo_count, post_type, menu_order FROM $wpdb->posts
461+
WHERE post_type = %s AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
462+
AND menu_order > 0 GROUP BY post_type, menu_order HAVING (mo_count) > 1
463+
",
464+
$post_type
465+
);
466+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
467+
$results = $wpdb->get_results( $query );
460468
if ( count( $results ) > 0 ) {
461469
// menu_order refresh
462-
$sql = "SELECT ID, menu_order FROM $wpdb->posts
463-
WHERE post_type = '{$post_type}' AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
464-
AND menu_order > 0 ORDER BY menu_order";
465-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
466-
$results = $wpdb->get_results( $sql );
470+
$query = $wpdb->prepare(
471+
"
472+
SELECT ID, menu_order FROM $wpdb->posts
473+
WHERE post_type = %s AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
474+
AND menu_order > 0 ORDER BY menu_order
475+
",
476+
$post_type
477+
);
478+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
479+
$results = $wpdb->get_results( $query );
467480
foreach ( $results as $key => $result ) {
468481
$view_posi = array_search( $result->ID, $id_arr, true );
469482
if ( false === $view_posi ) {
@@ -533,21 +546,33 @@ public function hicpo_update_menu_order_tags() {
533546
// same number check
534547
$term = get_term( $id );
535548
$taxonomy = $term->taxonomy;
536-
$sql = "SELECT COUNT(term_order) AS to_count, term_order
549+
$query = $wpdb->prepare(
550+
"
551+
SELECT COUNT(term_order) AS to_count, term_order
537552
FROM $wpdb->terms AS terms
538553
INNER JOIN $wpdb->term_taxonomy AS term_taxonomy ON ( terms.term_id = term_taxonomy.term_id )
539-
WHERE term_taxonomy.taxonomy = '" . $taxonomy . "'GROUP BY taxonomy, term_order HAVING (to_count) > 1";
540-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
541-
$results = $wpdb->get_results( $sql );
554+
WHERE term_taxonomy.taxonomy = %s GROUP BY taxonomy, term_order HAVING (to_count) > 1
555+
",
556+
$taxonomy
557+
);
558+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
559+
$results = $wpdb->get_results( $query );
560+
542561
if ( count( $results ) > 0 ) {
543562
// term_order refresh
544-
$sql = "SELECT terms.term_id, term_order
545-
FROM $wpdb->terms AS terms
546-
INNER JOIN $wpdb->term_taxonomy AS term_taxonomy ON ( terms.term_id = term_taxonomy.term_id )
547-
WHERE term_taxonomy.taxonomy = '" . $taxonomy . "'
548-
ORDER BY term_order ASC";
549-
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
550-
$results = $wpdb->get_results( $sql );
563+
$query = $wpdb->prepare(
564+
"
565+
SELECT terms.term_id, term_order
566+
FROM $wpdb->terms AS terms
567+
INNER JOIN $wpdb->term_taxonomy AS term_taxonomy ON ( terms.term_id = term_taxonomy.term_id )
568+
WHERE term_taxonomy.taxonomy = %s
569+
ORDER BY term_order ASC
570+
",
571+
$taxonomy
572+
);
573+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
574+
$results = $wpdb->get_results( $query );
575+
551576
foreach ( $results as $key => $result ) {
552577
$view_posi = array_search( $result->term_id, $id_arr, true );
553578
if ( false === $view_posi ) {
@@ -636,41 +661,44 @@ public function hicpo_update_options() {
636661

637662
if ( ! empty( $objects ) ) {
638663
foreach ( $objects as $object ) {
639-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
640-
$result = $wpdb->get_results(
664+
$query = $wpdb->prepare(
641665
"
642666
SELECT count(*) as cnt, max(menu_order) as max, min(menu_order) as min
643667
FROM $wpdb->posts
644-
WHERE post_type = '" . $object . "' AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
645-
"
668+
WHERE post_type = %s AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
669+
",
670+
$object
646671
);
647-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
672+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
673+
$result = $wpdb->get_results( $query );
648674
if ( 0 == $result[0]->cnt || $result[0]->cnt == $result[0]->max ) {
649675
continue;
650676
}
651677

652678
if ( 'page' == $object ) {
653-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
654-
$results = $wpdb->get_results(
679+
$query = $wpdb->prepare(
655680
"
656681
SELECT ID
657682
FROM $wpdb->posts
658-
WHERE post_type = '" . $object . "' AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
683+
WHERE post_type = %s AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
659684
ORDER BY menu_order, post_title ASC
660-
"
685+
",
686+
$object
661687
);
662-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
688+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
689+
$results = $wpdb->get_results( $query );
663690
} else {
664-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
665-
$results = $wpdb->get_results(
691+
$query = $wpdb->prepare(
666692
"
667693
SELECT ID
668694
FROM $wpdb->posts
669-
WHERE post_type = '" . $object . "' AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
695+
WHERE post_type = %s AND post_status IN ('publish', 'pending', 'draft', 'private', 'future')
670696
ORDER BY post_date DESC
671-
"
697+
",
698+
$object
672699
);
673-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
700+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
701+
$results = $wpdb->get_results( $query );
674702
}
675703
foreach ( $results as $key => $result ) {
676704
$wpdb->update( $wpdb->posts, [ 'menu_order' => $key + 1 ], [ 'ID' => $result->ID ] );
@@ -680,31 +708,33 @@ public function hicpo_update_options() {
680708

681709
if ( ! empty( $tags ) ) {
682710
foreach ( $tags as $taxonomy ) {
683-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
684-
$result = $wpdb->get_results(
711+
$query = $wpdb->prepare(
685712
"
686713
SELECT count(*) as cnt, max(term_order) as max, min(term_order) as min
687714
FROM $wpdb->terms AS terms
688715
INNER JOIN $wpdb->term_taxonomy AS term_taxonomy ON ( terms.term_id = term_taxonomy.term_id )
689-
WHERE term_taxonomy.taxonomy = '" . $taxonomy . "'
690-
"
716+
WHERE term_taxonomy.taxonomy = %s
717+
",
718+
$taxonomy
691719
);
692-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
720+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
721+
$result = $wpdb->get_results( $query );
693722
if ( 0 == $result[0]->cnt || $result[0]->cnt == $result[0]->max ) {
694723
continue;
695724
}
696725

697-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
698-
$results = $wpdb->get_results(
726+
$query = $wpdb->prepare(
699727
"
700728
SELECT terms.term_id
701729
FROM $wpdb->terms AS terms
702730
INNER JOIN $wpdb->term_taxonomy AS term_taxonomy ON ( terms.term_id = term_taxonomy.term_id )
703-
WHERE term_taxonomy.taxonomy = '" . $taxonomy . "'
731+
WHERE term_taxonomy.taxonomy = %s
704732
ORDER BY name ASC
705-
"
733+
",
734+
$taxonomy
706735
);
707-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
736+
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $query is prepared.
737+
$results = $wpdb->get_results( $query );
708738
foreach ( $results as $key => $result ) {
709739
$wpdb->update( $wpdb->terms, [ 'term_order' => $key + 1 ], [ 'term_id' => $result->term_id ] );
710740
}
@@ -728,14 +758,12 @@ public function hicpo_update_network_options() {
728758
update_option( 'hicpo_network_sites', $hicpo_network_sites );
729759

730760
// Initial
731-
// phpcs:disable WordPress.DB.PreparedSQL.NotPrepared -- it is ok.
732761
$result = $wpdb->get_results(
733762
"
734763
SELECT count(*) as cnt, max(menu_order) as max, min(menu_order) as min
735764
FROM $wpdb->blogs
736-
"
765+
"
737766
);
738-
// phpcs:enable WordPress.DB.PreparedSQL.NotPrepared
739767
if ( 0 != $result[0]->cnt && $result[0]->cnt != $result[0]->max ) {
740768
$results = $wpdb->get_results(
741769
"
@@ -850,10 +878,8 @@ public function hicpo_pre_get_posts( $wp_query ) {
850878
}
851879
}
852880
// post
853-
} else {
854-
if ( in_array( 'post', $objects ) ) {
881+
} elseif ( in_array( 'post', $objects ) ) {
855882
$active = true;
856-
}
857883
}
858884

859885
if ( ! $active ) {
@@ -942,10 +968,8 @@ public function hicpo_sites_clauses( $pieces = [] ) {
942968
if ( ! $hicpo_network_sites ) {
943969
return $pieces;
944970
}
945-
} else {
946-
if ( ! get_option( 'hicpo_network_sites' ) ) {
971+
} elseif ( ! get_option( 'hicpo_network_sites' ) ) {
947972
return $pieces;
948-
}
949973
}
950974

951975
global $wp_version;
@@ -967,10 +991,8 @@ public function hicpo_get_blogs_of_user( $blogs ) {
967991
if ( ! $hicpo_network_sites ) {
968992
return $blogs;
969993
}
970-
} else {
971-
if ( ! get_option( 'hicpo_network_sites' ) ) {
994+
} elseif ( ! get_option( 'hicpo_network_sites' ) ) {
972995
return $blogs;
973-
}
974996
}
975997
global $wpdb, $wp_version;
976998

@@ -1035,10 +1057,8 @@ public function hicpo_refresh_front_network() {
10351057
if ( ! $hicpo_network_sites ) {
10361058
return;
10371059
}
1038-
} else {
1039-
if ( ! get_option( 'hicpo_network_sites' ) ) {
1060+
} elseif ( ! get_option( 'hicpo_network_sites' ) ) {
10401061
return;
1041-
}
10421062
}
10431063
add_filter( 'query', [ $this, 'hicpo_refresh_front_network_2' ] );
10441064
}

0 commit comments

Comments
 (0)