Example #1
0
 private function _activateMail()
 {
     global $guiform, $wpdb;
     $mv_code = esc_sql(trim($_GET['mv-code']));
     $id = $_REQUEST[$guiform->getOption('permalink')->value['value']];
     $data = $wpdb->get_row($wpdb->prepare("SELECT name, value FROM {$wpdb->guiform_options} WHERE id = %d", $id));
     $row = unserialize($data->value);
     if ($row['key'] == $mv_code) {
         $row['key'] = '';
         $row['status'] = 1;
         $guiform->updateOption($data->name, $row, 'mail', $id);
         $blog_id = get_current_blog_id();
         $path = "admin.php?page=guiform-settings&tab=mail";
         $path = get_admin_url($blog_id, $path);
         $html = "<strong>Congratulations!</strong><br /><br />\n\t\t\t\t\t\t\tYou can now use " . $data->name . " for sending confirmation message with your form.<br /><br />\n\t\t\t\t\t\t\t<a href=\"{$path}\">Click here to continue.</a><br /><br />";
         echo GuiForm_Module_Ajax::emailTpl($html);
     } else {
         $blog_id = get_current_blog_id();
         $path = "admin.php?page=guiform-settings&tab=mail";
         $path = get_admin_url($blog_id, $path);
         $html = "<strong>Invalid Code!</strong><br /><br />\n\t\t\t\t\t\t\tYou entered invalid email verification code. Please check your email or send a new verification code request.<br /><br />\n\t\t\t\t\t\t\t<a href=\"{$path}\">Click here to continue.</a><br /><br />";
         echo GuiForm_Module_Ajax::emailTpl($html);
     }
     die;
 }
function pmpro_upgrade_1_8_6_9_ajax()
{
    global $wpdb;
    //keeping track of which order we're working on
    $last_order_id = get_option('pmpro_upgrade_1_8_6_9_last_order_id', 0);
    //get orders
    $orders = $wpdb->get_results("SELECT id, user_id, membership_id, subscription_transaction_id FROM {$wpdb->pmpro_membership_orders} WHERE id > {$last_order_id} AND gateway = 'stripe' AND subscription_transaction_id LIKE 'cus_%' ORDER BY id LIMIT 100");
    if (empty($orders)) {
        //done with this update
        pmpro_removeUpdate('pmpro_upgrade_1_8_6_9_ajax');
        delete_option('pmpro_upgrade_1_8_6_9_last_order_id');
    } else {
        $subids = array();
        //cache of subids found
        foreach ($orders as $order) {
            $last_order_id = $order->id;
            //keeping track of the last order we processed
            if (!empty($subids[$order->subscription_transaction_id])) {
                $wpdb->query("UPDATE {$wpdb->pmpro_membership_orders} SET subscription_transaction_id = '" . esc_sql($subids[$order->subscription_transaction_id]) . "' WHERE id = '" . $order->id . "' LIMIT 1");
            } elseif (isset($subids[$order->subscription_transaction_id])) {
                //no sub id found, so let it go
            } else {
                //need to look for a sub id in the database
                $subid = $wpdb->get_var("SELECT subscription_transaction_id FROM {$wpdb->pmpro_membership_orders} WHERE membership_id = '" . $order->membership_id . "' AND user_id = '" . $order->user_id . "' AND subscription_transaction_id LIKE 'sub_%' LIMIT 1");
                $subids[$order->subscription_transaction_id] = $subid;
                if (!empty($subid)) {
                    $wpdb->query("UPDATE {$wpdb->pmpro_membership_orders} SET subscription_transaction_id = '" . esc_sql($subid) . "' WHERE id = '" . $order->id . "' LIMIT 1");
                } else {
                    //no sub id found, so let it go
                }
            }
        }
        update_option('pmpro_upgrade_1_8_6_9_last_order_id', $last_order_id);
    }
}
Example #3
0
 /**
  * Delete meta keys
  *
  * @global type $wpdb
  * @param type $keys
  * @param type $post_id
  * @return type
  */
 static function delete_meta_key($keys, $post_id = null)
 {
     if (empty($keys) || !count($keys)) {
         return false;
     }
     global $wpdb;
     $extra = !empty($post_id) ? 'post_id = ' . esc_sql($post_id) . ' AND' : '';
     $sql = "DELETE FROM {$wpdb->postmeta} WHERE {$extra} meta_key IN (" . implode(', ', array_fill(0, count($keys), '%s')) . ")";
     // Call $wpdb->prepare passing the values of the array as separate arguments
     $query = call_user_func_array(array($wpdb, 'prepare'), array_merge(array($sql), $keys));
     $wpdb->query($query);
     // del all blog
     if (is_network_admin()) {
         // get list id blog all
         $list_prefix_musite = $wpdb->get_results("SELECT blog_id FROM {$wpdb->blogs}", ARRAY_A);
         if ($list_prefix_musite && count($list_prefix_musite) > 1) {
             foreach ($list_prefix_musite as $key => $value) {
                 if ($value['blog_id'] == 1) {
                     continue;
                 }
                 $prefix = $wpdb->prefix . $value['blog_id'] . '_';
                 $sql = "DELETE FROM {$prefix}postmeta WHERE {$extra} meta_key IN (" . implode(', ', array_fill(0, count($keys), '%s')) . ")";
                 // Call $wpdb->prepare passing the values of the array as separate arguments
                 $query = call_user_func_array(array($wpdb, 'prepare'), array_merge(array($sql), $keys));
                 $wpdb->query($query);
             }
         }
     }
 }
 public function prepare_items()
 {
     global $wpdb;
     $per_page = 10;
     $this->_column_headers = array($this->get_columns(), $this->get_hidden_columns(), $this->get_sortable_columns());
     // Строим запрос
     // where ----
     $where = 'WHERE 1';
     if ($s = @$_GET['s']) {
         $like = '%' . $wpdb->esc_like($s) . '%';
         $where .= $wpdb->prepare(" AND ( question LIKE %s OR id IN (SELECT qid from {$wpdb->democracy_a} WHERE answer LIKE %s) ) ", $like, $like);
         //die( $where );
     }
     // пагинация
     $this->set_pagination_args(array('total_items' => $wpdb->get_var("SELECT count(*) FROM {$wpdb->democracy_q} {$where}"), 'per_page' => $per_page));
     $cur_page = (int) $this->get_pagenum();
     // после set_pagination_args()
     // orderby offset
     $OFFSET = 'LIMIT ' . (($cur_page - 1) * $per_page . ',' . $per_page);
     $order = @$_GET['order'] == 'asc' ? 'ASC' : 'DESC';
     $orderby = @$_GET['orderby'] ?: 'id';
     $ORDER_BY = sprintf("ORDER BY %s %s", esc_sql($orderby), $order);
     // выполняем запрос
     $sql = "SELECT * FROM {$wpdb->democracy_q} {$where} {$ORDER_BY} {$OFFSET}";
     $this->items = $wpdb->get_results($sql);
 }
function sf_acf_check_args_for_checkboxes($args)
{
    if (!isset($args['meta_query'])) {
        return $args;
    }
    $acf_fields = array();
    foreach ($args['meta_query'] as $key => $val) {
        $is_checkbox = sf_acf_is_checkbox(array('add_this' => false, 'meta_key' => $val['key']));
        if ($is_checkbox['add_this']) {
            $acf_fields[] = $val;
            unset($args['meta_query'][$key]);
        }
    }
    $where_meta = array();
    foreach ($acf_fields as $field) {
        if (!is_array($field['value'])) {
            $where_meta[$field['key']][] = 's:' . strlen($field['value']) . ':"' . $field['value'] . '";';
        } else {
            foreach ($field['value'] as $fv) {
                $where_meta[$field['key']][] = 's:' . strlen($fv) . ':"' . esc_sql(like_escape($fv)) . '";';
            }
        }
    }
    if (count($where_meta) > 0) {
        add_filter('posts_join_paged', 'sf_acf_checkbox_filter_join', 10, 2);
        add_filter('posts_where', 'sf_acf_checkbox_filter_where', 10, 2);
        add_filter('posts_groupby', 'sf_groupby');
        $args['sf-acfcheckbox-meta'] = $where_meta;
    }
    return $args;
}
 protected function __format_search()
 {
     $this->s_query = explode("-", $this->options['s_query']);
     $this->s_query = implode(" ", $this->s_query);
     $this->s_query = '%' . like_escape(esc_sql($this->s_query)) . '%';
     // Thanks Manny Fleurmond
 }
Example #7
0
 function get_links($args)
 {
     global $wpdb;
     $where = '';
     extract($args);
     if (!empty($filter_links)) {
         $where .= " AND (link_name LIKE '%" . esc_sql($filter_links) . "%' OR link_url LIKE '%" . esc_sql($filter_links) . "%')";
     }
     $linkcats = $this->getLinkCats();
     $sql_query = "{$wpdb->links} WHERE 1=1 " . $where;
     $links_total = $wpdb->get_results("SELECT count(*) as total_links FROM " . $sql_query);
     $total = $links_total[0]->total_links;
     $query_links = $wpdb->get_results("SELECT link_id, link_url, link_name, link_target, link_visible, link_rating, link_rel FROM " . $sql_query . " ORDER BY link_name ASC LIMIT 500");
     $links = array();
     foreach ($query_links as $link_info) {
         $link_cat = $linkcats[$link_info->link_id];
         $cats = array();
         if (!empty($link_cat)) {
             foreach ($link_cat as $catkey => $catval) {
                 $cats[] = $catval;
             }
         }
         $links[$link_info->link_id] = array("link_url" => $link_info->link_url, "link_name" => $link_info->link_name, "link_target" => $link_info->link_target, "link_visible" => $link_info->link_visible, "link_rating" => $link_info->link_rating, "link_rel" => $link_info->link_rel, "link_cats" => $cats);
     }
     return array('links' => $links, 'total' => $total);
 }
Example #8
0
 /**
  * Upload
  * Ajax callback function
  *
  * @return string Error or (XML-)response
  */
 static function handle_upload()
 {
     global $wpdb;
     $post_id = is_numeric($_REQUEST['post_id']) ? $_REQUEST['post_id'] : 0;
     $field_id = isset($_REQUEST['field_id']) ? $_REQUEST['field_id'] : '';
     check_ajax_referer("rwmb-upload-images_{$field_id}");
     // You can use WP's wp_handle_upload() function:
     $file = $_FILES['async-upload'];
     $file_attr = wp_handle_upload($file, array('test_form' => false));
     //Get next menu_order
     $meta = get_post_meta($post_id, $field_id, false);
     if (empty($meta)) {
         $next = 0;
     } else {
         $meta = esc_sql(implode(',', (array) $meta));
         $max = $wpdb->get_var("\n\t\t\t\t\tSELECT MAX(menu_order) FROM {$wpdb->posts}\n\t\t\t\t\tWHERE post_type = 'attachment'\n\t\t\t\t\tAND ID in ({$meta})\n\t\t\t\t");
         $next = is_numeric($max) ? (int) $max + 1 : 0;
     }
     $attachment = array('guid' => $file_attr['url'], 'post_mime_type' => $file_attr['type'], 'post_title' => preg_replace('/\\.[^.]+$/', '', basename($file['name'])), 'post_content' => '', 'post_status' => 'inherit', 'menu_order' => $next);
     // Adds file as attachment to WordPress
     $id = wp_insert_attachment($attachment, $file_attr['file'], $post_id);
     if (!is_wp_error($id)) {
         wp_update_attachment_metadata($id, wp_generate_attachment_metadata($id, $file_attr['file']));
         // Save file ID in meta field
         add_post_meta($post_id, $field_id, $id, false);
         wp_send_json_success(self::img_html($id));
     }
     exit;
 }
function do_acps_install()
{
    //Setup default options
    acps_default_options();
    //Try to create new page for results
    acps_create_page(esc_sql(_x('advanced-search', 'page_slug', 'acps')), 'acps_options', __('Advanced Search', 'acps'), '[acps_results]');
}
function query_modify($obj)
{
    global $args;
    global $db_prefix;
    $obj['where'] = " AND ( ( " . $db_prefix . "postmeta.meta_key LIKE 'content_areas_%_body_content' AND " . $db_prefix . "posts.post_type = 'page' AND CAST(" . $db_prefix . "postmeta.meta_value AS CHAR) LIKE '%" . esc_sql($args['s']) . "%' ) AND ( mt1.meta_key = '_wp_page_template' AND CAST(mt1.meta_value AS CHAR) = 'general-interior.php' ) ) OR (((" . $db_prefix . "posts.post_title LIKE '%" . esc_sql($args['s']) . "%') OR (" . $db_prefix . "posts.post_content LIKE '%" . esc_sql($args['s']) . "%')) AND " . $db_prefix . "posts.post_type IN ('post', 'team', 'projects')) AND ((" . $db_prefix . "posts.post_status = 'publish')) ";
    return $obj;
}
 function prepare_items()
 {
     global $wpdb;
     $this->process_bulk_action();
     $query = "SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE  id !=1 ";
     if (isset($_POST['s'])) {
         $query .= " AND alias LIKE '%" . strip_tags($_POST['s']) . "%' ";
     }
     $orderby = !empty($_GET["orderby"]) ? esc_sql($_GET["orderby"]) : 'id';
     $order = !empty($_GET["order"]) ? esc_sql($_GET["order"]) : 'DESC';
     $sortable_columns = $this->get_sortable_columns();
     $orderby = SwpmUtils::sanitize_value_by_array($orderby, $sortable_columns);
     $order = SwpmUtils::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
     if (!empty($orderby) && !empty($order)) {
         $query .= ' ORDER BY ' . $orderby . ' ' . $order;
     }
     $totalitems = $wpdb->query($query);
     //return the total number of affected rows
     $perpage = 20;
     $paged = !empty($_GET["paged"]) ? esc_sql($_GET["paged"]) : '';
     if (empty($paged) || !is_numeric($paged) || $paged <= 0) {
         $paged = 1;
     }
     $totalpages = ceil($totalitems / $perpage);
     if (!empty($paged) && !empty($perpage)) {
         $offset = ($paged - 1) * $perpage;
         $query .= ' LIMIT ' . (int) $offset . ',' . (int) $perpage;
     }
     $this->set_pagination_args(array("total_items" => $totalitems, "total_pages" => $totalpages, "per_page" => $perpage));
     $columns = $this->get_columns();
     $hidden = array();
     $sortable = $this->get_sortable_columns();
     $this->_column_headers = array($columns, $hidden, $sortable);
     $this->items = $wpdb->get_results($query, ARRAY_A);
 }
 /**
  * Searches the database for a plugin
  * 
  * @param 	string 	$id 	The slug of the plugin
  *
  * @return 	object 			The results from the database
  **/
 public static function find($id)
 {
     $id = esc_sql($id);
     $self = new static();
     $query = $self->builder->where('id', '=', $id);
     return $query->first();
 }
 function prepare_items()
 {
     $all_categories = array();
     $all_cat_ids = get_categories(array('hide_empty' => '0'));
     $totalitems = count($all_cat_ids);
     $perpage = 100;
     $paged = !empty($_GET["paged"]) ? esc_sql($_GET["paged"]) : '';
     if (empty($paged) || !is_numeric($paged) || $paged <= 0) {
         $paged = 1;
     }
     $totalpages = ceil($totalitems / $perpage);
     $offset = 0;
     if (!empty($paged) && !empty($perpage)) {
         $offset = ($paged - 1) * $perpage;
     }
     for ($i = $offset; $i < (int) $offset + (int) $perpage && !empty($all_cat_ids[$i]); $i++) {
         $all_categories[] = $all_cat_ids[$i];
     }
     $this->set_pagination_args(array("total_items" => $totalitems, "total_pages" => $totalpages, "per_page" => $perpage));
     $columns = $this->get_columns();
     $hidden = array();
     $sortable = $this->get_sortable_columns();
     $this->_column_headers = array($columns, $hidden, $sortable);
     $this->items = $all_categories;
 }
 public function appendConditionSomethingIn($heystack, $needles, $glue = 'AND', $not_in = false)
 {
     force_array($needles);
     $n_needles = count($needles);
     if ($n_needles === 1) {
         $symbol = $not_in ? '!=' : '=';
         $this->appendCondition(sprintf("{$heystack} {$symbol} '%s'", esc_sql($needles[0])), $glue);
         return $this;
     }
     $values = '';
     for ($i = 0; $i < $n_needles; $i++) {
         if ($i != 0) {
             $values .= ', ';
         }
         $values .= single_quotes(esc_sql($needles[$i]));
     }
     if ($values !== '') {
         if ($not_in) {
             $this->appendCondition("{$heystack} NOT IN ({$values})", $glue);
         } else {
             $this->appendCondition("{$heystack} IN ({$values})", $glue);
         }
     }
     return $this;
 }
Example #15
0
 /**
  * Create pages that the plugin relies on, storing page id's in variables.
  *
  * @access public
  * @return void
  */
 function wcmp_product_vendor_plugin_create_pages()
 {
     global $WCMp;
     // Dc_demo_plugins test page
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_dashboard', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_dashboard_page_id', __('Vendor Dashboard', $WCMp->text_domain), '[vendor_dashboard]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_shop_settings', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_shop_settings_page_id', __('Shop Settings', $WCMp->text_domain), '[shop_settings]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_orders', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_orders_page_id', __('Vendor Orders', $WCMp->text_domain), '[vendor_orders]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_order_detail', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_order_detail_page_id', __('Vendor Order Details', $WCMp->text_domain), '[vendor_order_detail]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_withdrawal_request', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_transaction_widthdrawal_page_id', __('Withdrawal Request Status', $WCMp->text_domain), '[transaction_thankyou]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_transaction_details', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_transaction_details_page_id', __('Transaction Details', $WCMp->text_domain), '[transaction_details]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_policies', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_policies_page_id', __('Vendor Policies', $WCMp->text_domain), '[vendor_policies]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_billing', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_billing_page_id', __('Vendor Billing', $WCMp->text_domain), '[vendor_billing]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_shipping', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_shipping_page_id', __('Vendor Shipping', $WCMp->text_domain), '[vendor_shipping_settings]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_report', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_report_page_id', __('Vendor Reports', $WCMp->text_domain), '[vendor_report]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_widthdrawals', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_widthdrawals_page_id', __('Vendor Widthdrawals', $WCMp->text_domain), '[vendor_widthdrawals]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_university', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_university_page_id', __('Vendor University', $WCMp->text_domain), '[vendor_university]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_messages', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_messages_page_id', __('Vendor Messages', $WCMp->text_domain), '[vendor_messages]');
     $array_pages = array();
     $array_pages['vendor_dashboard'] = get_option('wcmp_product_vendor_vendor_dashboard_page_id');
     $array_pages['shop_settings'] = get_option('wcmp_product_vendor_shop_settings_page_id');
     $array_pages['view_order'] = get_option('wcmp_product_vendor_vendor_orders_page_id');
     $array_pages['vendor_order_detail'] = get_option('wcmp_product_vendor_vendor_order_detail_page_id');
     $array_pages['vendor_transaction_thankyou'] = get_option('wcmp_product_vendor_transaction_widthdrawal_page_id');
     $array_pages['vendor_transaction_detail'] = get_option('wcmp_product_vendor_transaction_details_page_id');
     $array_pages['vendor_policies'] = get_option('wcmp_product_vendor_policies_page_id');
     $array_pages['vendor_billing'] = get_option('wcmp_product_vendor_billing_page_id');
     $array_pages['vendor_shipping'] = get_option('wcmp_product_vendor_shipping_page_id');
     $array_pages['vendor_report'] = get_option('wcmp_product_vendor_report_page_id');
     $array_pages['vendor_widthdrawals'] = get_option('wcmp_product_vendor_widthdrawals_page_id');
     $array_pages['vendor_university'] = get_option('wcmp_product_vendor_university_page_id');
     $array_pages['vendor_messages'] = get_option('wcmp_product_vendor_messages_page_id');
     update_option('wcmp_pages_settings_name', $array_pages);
 }
 /**
  * Prepare items to be displayed and setup pagination data
  */
 public function prepare_items()
 {
     $wpdb = Follow_Up_Emails::instance()->wpdb;
     $columns = $this->get_columns();
     $hidden = array();
     $sortable = array();
     $this->_column_headers = array($columns, $hidden, $sortable);
     $per_page = 20;
     $page = empty($_GET['paged']) ? 1 : absint($_GET['paged']);
     $start = $per_page * $page - $per_page;
     $sql = "SELECT SQL_CALC_FOUND_ROWS *\n                FROM {$wpdb->prefix}followup_email_orders eo, {$wpdb->posts} p\n                WHERE 1=1\n                AND eo.is_sent = 0\n                AND p.ID = eo.email_id";
     if (!empty($_GET['_customer_user'])) {
         // filter by user id/user email
         $user = new WP_User($_GET['_customer_user']);
         $user_email = $user->billing_email;
         if (empty($user_email)) {
             $user_email = $user->user_email;
         }
         $sql .= " AND (\n                user_id = " . esc_sql(absint($user->ID)) . " OR\n                user_email = '" . esc_sql(sanitize_email($user_email)) . "'\n            )";
     }
     $sql .= " ORDER BY send_on DESC LIMIT {$start},{$per_page}";
     $this->items = $wpdb->get_results($sql, ARRAY_A);
     $total_items = $wpdb->get_var("SELECT FOUND_ROWS()");
     $this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page));
 }
 function prepare_items()
 {
     global $frmdb, $wpdb, $per_page, $frm_settings, $frm_form, $frm_app_helper;
     $paged = $this->get_pagenum();
     $default_orderby = 'name';
     $default_order = 'ASC';
     $orderby = isset($_REQUEST['orderby']) ? $_REQUEST['orderby'] : $default_orderby;
     $order = isset($_REQUEST['order']) ? $_REQUEST['order'] : $default_order;
     $page = $this->get_pagenum();
     $default_count = empty($this->page_name) ? 20 : 10;
     $per_page = $this->get_items_per_page('formidable_page_formidable' . str_replace('-', '_', $this->page_name) . '_per_page', $default_count);
     $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : ($page - 1) * $per_page;
     $s = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
     $fid = isset($_REQUEST['fid']) ? $_REQUEST['fid'] : '';
     if ($s != '') {
         $s = stripslashes($s);
         preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
         $search_terms = array_map('_search_terms_tidy', $matches[0]);
     }
     $s_query = " (status is NULL OR status = '' OR status = 'published') AND default_template=0 AND is_template = " . (int) $this->params['template'];
     if ($s != '') {
         foreach ((array) $search_terms as $term) {
             $term = esc_sql(like_escape($term));
             if (!empty($s_query)) {
                 $s_query .= " AND";
             }
             $s_query .= " (name like '%{$term}%' OR description like '%{$term}%' OR created_at like '%{$term}%')";
             unset($term);
         }
     }
     $this->items = $frm_form->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false);
     $total_items = $frm_app_helper->getRecordCount($s_query, $this->table_name);
     $this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page));
 }
Example #18
0
 /**
  * Product ID by slug.
  *
  * @since 160727 WC product utils.
  *
  * @param string $slug     Product slug.
  * @param bool   $no_cache Bypass cache check?
  *
  * @return int Product ID.
  */
 public function idBySlug(string $slug, bool $no_cache = false) : int
 {
     static $product_ids;
     if (!($slug = (string) $slug)) {
         return 0;
         // Not possible.
     } elseif (isset($product_ids[$slug])) {
         return $product_ids[$slug];
     } elseif ((string) (int) $slug === $slug) {
         return $product_ids[$slug] = (int) $slug;
     }
     $WpDb = $this->s::wpDb();
     // DB instance.
     $sql = '
         SELECT `ID` FROM `' . esc_sql($WpDb->posts) . '`
             WHERE
                 `post_type` IN(\'product\', \'product_variation\')
                 AND `post_name` = %s
         LIMIT 1';
     $sql = $WpDb->prepare($sql, $slug);
     // Prepare.
     if ($product_id = (int) $WpDb->get_var($sql)) {
         return $product_ids[$slug] = $product_id;
     }
     return $product_ids[$slug] = 0;
     // Not possible.
 }
 /**
  * Backs up a single database table using the WordPress database class.
  * @access public
  * @param  string $table The database table to backup.
  * @return boolean
  */
 public function backup_table_wpdb($table)
 {
     $table = esc_sql($table);
     // Initialize the results, ultimately stored in the backup file.
     $results = '';
     // An empty array to store the queries for the table in later.
     $queries = array();
     // Grab the SQL needed to create the table.
     $show_create = $this->wpdb->get_row("SHOW CREATE TABLE `{$table}`");
     $want = 'Create Table';
     if ($show_create) {
         // Store the table schema in the backup file.
         $results .= "DROP TABLE IF EXISTS `{$table}`;" . PHP_EOL;
         $results .= $show_create->{$want} . ';' . PHP_EOL;
         // Grab the content of the database table.
         foreach ($this->wpdb->get_results("SELECT * FROM `{$table}`") as $row) {
             $vals = array();
             foreach (get_object_vars($row) as $i => $v) {
                 $vals[] = sprintf("'%s'", esc_sql($v));
             }
             $queries[] = sprintf("(%s)", implode(',', $vals));
         }
         if (0 !== count($queries)) {
             // Implode the queries and generate the rest of the SQL file.
             $results .= "LOCK TABLES `{$table}` WRITE;" . PHP_EOL;
             $results .= "INSERT INTO `{$table}` VALUES " . implode(', ', $queries) . ';' . PHP_EOL;
             $results .= 'UNLOCK TABLES;' . PHP_EOL;
         }
     }
     // Store the contents of the SQL file.
     file_put_contents($this->backup_dir . "revisr_{$table}.sql", $results);
     $this->add_table($table);
     // Verify the backup was successful and return a boolean.
     return $this->verify_backup($table);
 }
/**
 * WPSC get state by id function, gets either state code or state name depending on param
 *
 * @since 3.7
 * $param int $id the id for the region
 * @param string $return_value either 'name' or 'code' depending on what you want returned
 */
function wpsc_get_state_by_id($id, $return_value)
{
    global $wpdb;
    $sql = $wpdb->prepare("SELECT " . esc_sql($return_value) . " FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE `id`= %d", $id);
    $value = $wpdb->get_var($sql);
    return $value;
}
 public function run()
 {
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'sp_ajax_sc_gpp')) {
         echo '-1';
         return;
     }
     $identifier = esc_sql($_POST['identifier']);
     $ptl_manager = new SP_Connection_Manager();
     if (isset($_POST['by_slug']) && 'true' == $_POST['by_slug']) {
         $ptl = $ptl_manager->get_link_by_slug($identifier);
     } else {
         $ptl = $ptl_manager->get_link($identifier);
     }
     // Get children
     $parent_posts = get_posts(array('post_type' => $ptl->get_child(), 'posts_per_page' => -1, 'orderby' => 'title', 'order' => 'ASC'));
     $json_posts = array();
     if (count($parent_posts) > 0) {
         foreach ($parent_posts as $parent_post) {
             $json_posts[$parent_post->ID] = $parent_post->post_title;
         }
     }
     // Send the JSON
     wp_send_json($json_posts);
     exit;
     // Better safe than sorry lol
 }
Example #22
0
 function update($new_instance, $old_instance)
 {
     $instance = $old_instance;
     $instance['product_id'] = esc_sql($new_instance['product_id']);
     $instance['title'] = sanitize_text_field($new_instance['title']);
     return $instance;
 }
function a3_portfolio_set_global_page()
{
    global $wpdb, $portfolio_page_name, $portfolio_page_id;
    $portfolio_page_id = get_option('portfolio_page_id');
    $page_data = null;
    if ($portfolio_page_id != false) {
        $page_data = $wpdb->get_row($wpdb->prepare("SELECT ID, post_name FROM `" . $wpdb->posts . "` WHERE `post_content` LIKE '%[portfoliopage]%' AND `ID` = %d AND `post_type` = 'page' AND `post_status` = 'publish' LIMIT 1", $portfolio_page_id));
    }
    if ($page_data == null) {
        $page_data = $wpdb->get_row("SELECT ID, post_name FROM `" . $wpdb->posts . "` WHERE `post_content` LIKE '%[portfoliopage]%' AND `post_type` = 'page' AND `post_status` = 'publish' ORDER BY ID DESC LIMIT 1");
        if ($page_data) {
            update_option('portfolio_page_id', $page_data->ID);
        }
    }
    if ($page_data == null) {
        $portfolio_page_id_created = a3_portfolio_create_page(esc_sql('portfolios'), '', __('Portfolios', 'a3_portfolios'), '[portfoliopage]');
        update_option('portfolio_page_id', $portfolio_page_id_created);
        $page_data = $wpdb->get_row($wpdb->prepare("SELECT ID, post_name FROM `" . $wpdb->posts . "` WHERE `ID` = %d LIMIT 1", $portfolio_page_id_created));
    }
    $portfolio_page_id = $page_data->ID;
    $portfolio_page_name = $page_data->post_name;
    // For WPML
    if (class_exists('SitePress')) {
        global $sitepress;
        $translation_page_data = null;
        $translation_page_data = $wpdb->get_row($wpdb->prepare("SELECT element_id FROM " . $wpdb->prefix . "icl_translations WHERE trid = %d AND element_type='post_page' AND language_code = %s LIMIT 1", $portfolio_page_id, $sitepress->get_current_language()));
        if ($translation_page_data != null) {
            $portfolio_page_id = $translation_page_data->element_id;
            $portfolio_page_wpml = get_post($portfolio_page_id);
            $portfolio_page_name = $portfolio_page_wpml->post_name;
        }
    }
}
 public function job_run(BackWPup_Job $job_object)
 {
     global $wpdb;
     $job_object->substeps_todo = 1;
     $job_object->log(sprintf(__('%d. Trying to generate a file with installed widget names&#160;&hellip;', 'backwpup'), $job_object->steps_data[$job_object->step_working]['STEP_TRY']));
     //build filename
     if (empty($job_object->temp['widgetlistfile'])) {
         $job_object->temp['widgetlistfile'] = $job_object->generate_filename($job_object->job['widgetlistfile'], 'sql') . $job_object->job['widgetlistfilecompression'];
     }
     $handle = fopen($job_object->temp['widgetlistfile'], 'w');
     if ($handle) {
         $query = "SELECT * FROM {$wpdb->options} WHERE option_name LIKE 'widget_%'";
         $rows = $wpdb->get_results($query);
         $header = '';
         foreach ($rows as $row) {
             $header .= "INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES" . "('" . esc_sql($row->option_name) . "', '" . esc_sql($row->option_value) . "', '" . esc_sql($row->autoload) . "')" . "ON DUPLICATE KEY UPDATE option_value = '" . esc_sql($row->option_value) . "';\n";
         }
         $query = "SELECT * FROM {$wpdb->options} WHERE option_name = 'sidebars_widgets'";
         $rows = $wpdb->get_results($query);
         foreach ($rows as $row) {
             $header .= "INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES" . "('" . esc_sql($row->option_name) . "', '" . esc_sql($row->option_value) . "', '" . esc_sql($row->autoload) . "')" . "ON DUPLICATE KEY UPDATE option_value = '" . esc_sql($row->option_value) . "';\n";
         }
         fwrite($handle, $header);
         fclose($handle);
     } else {
         $job_object->log(__('Can not open target file for writing.', 'backwpup'), E_USER_ERROR);
         return FALSE;
     }
     if ($job_object->temp['widgetlistfile']) {
         $job_object->additional_files_to_backup[] = $job_object->temp['widgetlistfile'];
         $job_object->log(sprintf(__('Added widget list file "%1$s" with %2$s to backup file list.', 'backwpup'), $job_object->temp['widgetlistfile'], size_format($job_object->temp['widgetlistfile']), 2));
     }
     $job_object->substeps_done = 1;
     return TRUE;
 }
/**
 * When the post is saved, saves our custom data.
 *
 * @param int $post_id The ID of the post being saved.
 */
function perpageath_save_postdata($post_id)
{
    /*
     * We need to verify this came from the our screen and with proper authorization,
     * because save_post can be triggered at other times.
     */
    // Check if our nonce is set.
    if (!isset($_POST['athcontent'])) {
        return $post_id;
    }
    $nonce = $_POST['athcontent'];
    // Verify that the nonce is valid.
    if (!wp_verify_nonce($nonce, 'athcallback')) {
        return $post_id;
    }
    // If this is an autosave, our form has not been submitted, so we don't want to do anything.
    if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
        return $post_id;
    }
    // Check the user's permissions.
    if ('page' == $_POST['post_type']) {
        if (!current_user_can('edit_page', $post_id)) {
            return $post_id;
        }
    } else {
        if (!current_user_can('edit_post', $post_id)) {
            return $post_id;
        }
    }
    /* OK, its safe for us to save the data now. */
    // Sanitize user input.
    $mydata = esc_sql(str_replace(array("\r\n", "\r", "\n"), '%BREAK%', $_POST['per-page-ath']));
    // Update the meta field in the database.
    update_post_meta($post_id, 'per-page-ath-content', $mydata);
}
 public function __construct($file_name)
 {
     global $wpdb;
     $this->strings = array();
     $this->error_str = '';
     $this->lines = file($file_name);
     $fuzzy = 0;
     $name = false;
     $context = '';
     for ($k = 0; $k < count($this->lines); $k++) {
         $date_time_flag = false;
         if (0 === strpos($this->lines[$k], '#, fuzzy')) {
             $fuzzy = 1;
             $k++;
         }
         if (0 === strpos($this->lines[$k], '# wpml-name: ')) {
             $name = preg_replace("/^# wpml-name: /i", '', trim($this->lines[$k]));
             $k++;
         }
         if (preg_match('#msgctxt "(.*)"#im', trim($this->lines[$k]), $matches)) {
             //we look for the line that poedit needs for unique identification of the string
             $context = $matches[1];
             //if ( preg_match( '/wpmldatei18/', $this->lines[ $k ] ) ) { //if it contains the date_time setting we add the flag to escape the control structures in the date time placeholder string
             //	$date_time_flag = true;
             //}
             $k++;
         }
         $int = preg_match('#msgid "(.*)"#im', trim($this->lines[$k]), $matches);
         if ($int) {
             list($string, $k) = $this->get_string($matches[1], $k);
             $int = preg_match('#msgstr "(.*)"#im', trim($this->lines[$k + 1]), $matches);
             if ($int) {
                 list($translation, $k) = $this->get_string($matches[1], $k + 1);
             } else {
                 $translation = "";
             }
             if ($name === false) {
                 $name = md5($string);
             }
             if ($string) {
                 $string_exists = $wpdb->get_var($wpdb->prepare("\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSELECT id FROM {$wpdb->prefix}icl_strings \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE context=%s AND name=%s AND gettext_context=%s", esc_sql($_POST['icl_st_i_context_new'] ? $_POST['icl_st_i_context_new'] : $_POST['icl_st_i_context']), $name, $context));
                 if ($date_time_flag) {
                     $string = str_replace("\\\\", "\\", $string);
                     $translation = str_replace("\\\\", "\\", $translation);
                     $name = str_replace("\\\\", "\\", $name);
                 }
                 $this->strings[] = array('string' => $string, 'translation' => $translation, 'name' => $name, 'fuzzy' => $fuzzy, 'exists' => $string_exists, 'context' => $context);
             }
             $k++;
             $name = false;
             $context = '';
         }
         if ($k < count($this->lines) && !trim($this->lines[$k])) {
             $fuzzy = 0;
         }
     }
     if (empty($this->strings)) {
         $this->error_str = __('No string found', 'wpml-string-translation');
     }
 }
Example #27
0
 static function array_to_sql($values)
 {
     foreach ($values as &$val) {
         $val = "'" . esc_sql(trim($val)) . "'";
     }
     return implode(',', $values);
 }
Example #28
0
function ts_essentials_escape($str = '', $type = '', $context = '')
{
    if (trim($str)) {
        if ($type == 'strip') {
            if ($context == 'widget_before_after') {
                return strip_tags($str, '<div><ul><li>');
            } elseif ($context == 'widget_title_before_after') {
                return strip_tags($str, '<div><ul><li><h3><h4><h5><h6><strong><em><i><b><span>');
            } elseif (substr($context, 0, 1) == '<') {
                return strip_tags($str, $context);
            } else {
                return strip_tags($str);
            }
        } elseif ($type == 'bal' || $type == 'balance') {
            return balanceTags($str);
        } elseif ($type == 'attr') {
            return esc_attr($str);
        } elseif ($type == 'html') {
            return esc_html($str);
        } elseif ($type == 'url') {
            return esc_url($str);
        } elseif ($type == 'js') {
            return esc_js($str);
        } elseif ($type == 'textarea') {
            return esc_textarea($str);
        } elseif ($type == 'sql') {
            return esc_sql($str);
        } elseif ($type == 'post') {
            return wp_kses_post($str);
        }
    }
    return $str;
}
 public static function getUser($jwt)
 {
     global $wpdb;
     if ($jwt instanceof WP_User) {
         return $jwt;
     }
     $user_property = esc_sql(JWT_AUTH_Options::get('user_property'));
     $jwt_attribute = JWT_AUTH_Options::get('jwt_attribute');
     if (trim($user_property) == '' || trim($jwt_attribute) == '') {
         return;
     }
     $id = $jwt->{$jwt_attribute};
     $sql = 'SELECT u.*
             FROM ' . $wpdb->users . '
             WHERE ' . $user_property . ' = %s';
     $userRow = $wpdb->get_row($wpdb->prepare($sql, $id));
     if (is_null($userRow)) {
         return null;
     } elseif ($userRow instanceof WP_Error) {
         self::insertAuth0Error('findAuth0User', $userRow);
         return null;
     }
     $user = new WP_User();
     $user->init($userRow);
     return $user;
 }
 public function prepare_items()
 {
     global $wpdb;
     $per_page = 20;
     $this->_column_headers = array($this->get_columns(), $this->get_hidden_columns(), $this->get_sortable_columns());
     // Строим запрос
     // where ----
     $where = 'WHERE 1';
     if ($this->poll_id) {
         $where .= ' AND qid = ' . $this->poll_id;
     }
     if ($userid = (int) @$_GET['userid']) {
         $where .= ' AND userid = ' . $userid;
     }
     if ($ip = (int) @$_GET['ip']) {
         $where .= ' AND ip = ' . (int) $ip;
     }
     // пагинация
     $this->set_pagination_args(array('total_items' => $wpdb->get_var("SELECT count(*) FROM {$wpdb->democracy_log} {$where}"), 'per_page' => $per_page));
     $cur_page = (int) $this->get_pagenum();
     // после set_pagination_args()
     // orderby offset
     $OFFSET = 'LIMIT ' . (($cur_page - 1) * $per_page . ',' . $per_page);
     $order = @strtolower($_GET['order']) == 'asc' ? 'ASC' : 'DESC';
     $orderby = @$_GET['orderby'] ?: 'date';
     $ORDER_BY = '';
     if ($orderby) {
         $ORDER_BY = sprintf("ORDER BY %s %s", esc_sql($orderby), $order);
     }
     // выполняем запрос
     $sql = "SELECT * FROM {$wpdb->democracy_log} {$where} {$ORDER_BY} {$OFFSET}";
     $this->items = $wpdb->get_results($sql);
 }