function get_sql() { global $wpdb; if (empty($this->queries)) { return array('join' => '', 'where' => ''); } $context_table = MainWP_WP_Stream_DB::$table_context; $main_table = MainWP_WP_Stream_DB::$table; $meta_id_column = 'meta_id'; $join = array(); $where = array(); $queries = $this->queries; $meta_query = new WP_Meta_Query(); foreach ($queries as $i => $query) { foreach ($query as $key => $args) { $type = $meta_query->get_cast_for_type(isset($args['type']) ? $args['type'] : ''); $value = isset($args['value']) ? $args['value'] : null; // Allow 'context' => array('val1', 'val2') as well if (is_null($value)) { $args = array('value' => $args); $value = $args['value']; } if (isset($args['compare'])) { $compare = strtoupper($args['compare']); } else { $compare = is_array($value) ? 'IN' : '='; } $operators = array('=', '!=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN', 'REGEXP', 'NOT REGEXP', 'RLIKE'); if (!in_array($compare, $operators)) { $compare = '='; } if ('IN' === substr($compare, -2)) { if (!is_array($value)) { $value = preg_split('/[,\\s]+/', $value); } $compare_string = '(' . substr(str_repeat(',%s', count($value)), 1) . ')'; } elseif ('LIKE' === substr($compare, -4)) { $value = '%' . like_escape($value) . '%'; $compare_string = '%s'; } else { $compare_string = '%s'; } if (!empty($where[$i])) { $where[$i] .= ' AND '; } else { $where[$i] = ''; } $where[$i] = ' (' . $where[$i] . $wpdb->prepare("CAST({$context_table}.{$key} AS {$type}) {$compare} {$compare_string})", $value); } } $where = array_filter($where); if (empty($where)) { $where = ''; } else { $where = ' AND (' . implode("\n{$this->relation} ", $where) . ' )'; } $join = implode("\n", $join); return apply_filters_ref_array('get_context_sql', array(compact('join', 'where'), $this->queries)); }
function prepare_items() { global $frmdb, $wpdb, $per_page, $frm_settings, $frm_form, $frm_app_helper; $paged = $this->get_pagenum(); $default_orderby = 'name'; $default_order = 'ASC'; $orderby = isset($_REQUEST['orderby']) ? $_REQUEST['orderby'] : $default_orderby; $order = isset($_REQUEST['order']) ? $_REQUEST['order'] : $default_order; $page = $this->get_pagenum(); $default_count = empty($this->page_name) ? 20 : 10; $per_page = $this->get_items_per_page('formidable_page_formidable' . str_replace('-', '_', $this->page_name) . '_per_page', $default_count); $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : ($page - 1) * $per_page; $s = isset($_REQUEST['s']) ? $_REQUEST['s'] : ''; $fid = isset($_REQUEST['fid']) ? $_REQUEST['fid'] : ''; if ($s != '') { $s = stripslashes($s); preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); $search_terms = array_map('_search_terms_tidy', $matches[0]); } $s_query = " (status is NULL OR status = '' OR status = 'published') AND default_template=0 AND is_template = " . (int) $this->params['template']; if ($s != '') { foreach ((array) $search_terms as $term) { $term = esc_sql(like_escape($term)); if (!empty($s_query)) { $s_query .= " AND"; } $s_query .= " (name like '%{$term}%' OR description like '%{$term}%' OR created_at like '%{$term}%')"; unset($term); } } $this->items = $frm_form->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false); $total_items = $frm_app_helper->getRecordCount($s_query, $this->table_name); $this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page)); }
protected function __format_search() { $this->s_query = explode("-", $this->options['s_query']); $this->s_query = implode(" ", $this->s_query); $this->s_query = '%' . like_escape(esc_sql($this->s_query)) . '%'; // Thanks Manny Fleurmond }
function sf_acf_check_args_for_checkboxes($args) { if (!isset($args['meta_query'])) { return $args; } $acf_fields = array(); foreach ($args['meta_query'] as $key => $val) { $is_checkbox = sf_acf_is_checkbox(array('add_this' => false, 'meta_key' => $val['key'])); if ($is_checkbox['add_this']) { $acf_fields[] = $val; unset($args['meta_query'][$key]); } } $where_meta = array(); foreach ($acf_fields as $field) { if (!is_array($field['value'])) { $where_meta[$field['key']][] = 's:' . strlen($field['value']) . ':"' . $field['value'] . '";'; } else { foreach ($field['value'] as $fv) { $where_meta[$field['key']][] = 's:' . strlen($fv) . ':"' . esc_sql(like_escape($fv)) . '";'; } } } if (count($where_meta) > 0) { add_filter('posts_join_paged', 'sf_acf_checkbox_filter_join', 10, 2); add_filter('posts_where', 'sf_acf_checkbox_filter_where', 10, 2); add_filter('posts_groupby', 'sf_groupby'); $args['sf-acfcheckbox-meta'] = $where_meta; } return $args; }
/** * Check if the cookied hashkey has been merged with another contact. If it is, set visitor's cookie to new hashkey * * @echo Hashkey from a merged_hashkeys row, FALSE if hashkey does not exist in a merged_hashkeys row */ function leadout_check_merged_contact() { global $wpdb; global $wp_version; $stale_hash = $_POST['li_id']; $escaped_hash = ''; if ($wp_version >= 4) { $escaped_hash = $wpdb->esc_like($stale_hash); } else { $escaped_hash = like_escape($stale_hash); } // Check if hashkey is in a merged contact $q = $wpdb->prepare("SELECT hashkey, merged_hashkeys FROM {$wpdb->li_leads} WHERE merged_hashkeys LIKE '%%%s%%'", $escaped_hash); $row = $wpdb->get_row($q); if (isset($row->hashkey) && $stale_hash) { // One final update to set all the previous pageviews to the new hashkey $q = $wpdb->prepare("UPDATE {$wpdb->li_pageviews} SET lead_hashkey = %s WHERE lead_hashkey = %s", $row->hashkey, $stale_hash); $wpdb->query($q); // One final update to set all the previous submissions to the new hashkey $q = $wpdb->prepare("UPDATE {$wpdb->li_submissions} SET lead_hashkey = %s WHERE lead_hashkey = %s", $row->hashkey, $stale_hash); $wpdb->query($q); // Remove the passed hash from the merged hashkeys for the row $merged_hashkeys = array_unique(array_filter(explode(',', $row->merged_hashkeys))); // Delete the stale hash from the merged hashkeys array $merged_hashkeys = leadout_array_delete($merged_hashkeys, "'" . $stale_hash . "'"); $q = $wpdb->prepare("UPDATE {$wpdb->li_leads} SET merged_hashkeys = %s WHERE hashkey = %s", rtrim(implode(',', $merged_hashkeys), ','), $row->hashkey); $wpdb->query($q); echo json_encode($row->hashkey); die; } else { echo json_encode(FALSE); die; } }
function wp_ajax_ajax_tag_search() { global $wpdb; if (isset($_GET['tax'])) { $taxonomy = sanitize_key($_GET['tax']); $tax = get_taxonomy($taxonomy); if (!$tax) { wp_die(0); } if (!current_user_can($tax->cap->assign_terms)) { wp_die(-1); } } else { wp_die(0); } $s = wp_unslash($_GET['q']); $comma = _x(',', 'tag delimiter'); if (',' !== $comma) { $s = str_replace($comma, ',', $s); } if (false !== strpos($s, ',')) { $s = explode(',', $s); $s = $s[count($s) - 1]; } $s = trim($s); if (strlen($s) < 2) { wp_die(); } // require 2 chars for matching $results = $wpdb->get_col($wpdb->prepare("SELECT t.name FROM {$wpdb->term_taxonomy} AS tt INNER JOIN {$wpdb->terms} AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape($s) . '%')); echo join($results, "\n"); wp_die(); }
function search_terms($search_terms, $taxon = 'tag', $limit = 10) { global $wpdb, $bp; $search_terms = like_escape($wpdb->escape($search_terms)); $data = $wpdb->get_results($wpdb->prepare("\n SELECT `id`, `name` FROM {$bp->gtm->table_terms} WHERE `taxon` = %s AND `name` LIKE '%%{$search_terms}%%' LIMIT %d", $taxon, $limit)); return $data; }
function tag_search() { global $wpdb; $term = $_GET['term']; if ( false !== strpos( $term, ',' ) ) { $term = explode( ',', $term ); $term = $term[count( $term ) - 1]; } $term = trim( $term ); if ( strlen( $term ) < 2 ) die(); // require 2 chars for matching $tags = array(); $results = $wpdb->get_results( "SELECT name, count FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ( '%". like_escape( $wpdb->escape( $term ) ) . "%' ) ORDER BY count DESC" ); foreach ( $results as $result ) { $rterm = '/' . preg_quote( $term, '/' ) . '/i'; $label = preg_replace( $rterm, "<strong>$0</strong>", $result->name ) . " ($result->count)"; $tags[] = array( 'label' => $label, 'value' => $result->name, ); } echo json_encode( $tags ); }
function shandora_posts_where($where, &$wp_query) { global $wpdb; if ($post_title = $wp_query->get('post_title')) { $where .= ' AND ' . $wpdb->posts . '.post_title LIKE \'%' . esc_sql(like_escape($post_title)) . '%\''; } return $where; }
/** * @ticket 10041 * @expectedDeprecated like_escape */ function test_like_escape() { $inputs = array('howdy%', 'howdy_', 'howdy\\', 'howdy\\howdy%howdy_'); $expected = array("howdy\\%", 'howdy\\_', 'howdy\\', 'howdy\\howdy\\%howdy\\_'); foreach ($inputs as $key => $input) { $this->assertEquals($expected[$key], like_escape($input)); } }
function posts_where($where, &$wp_query) { global $wpdb; if ($title = $wp_query->get('like_title')) { $where .= " AND " . $wpdb->posts . ".post_title LIKE '%" . esc_sql(like_escape($title)) . "%'"; } return $where; }
function ym_logs_search_users() { ym_ajax_superuser_check(); $users = get_users('search=*' . like_escape(ym_get('q')) . '*'); foreach ($users as $user) { echo $user->user_login . "\n"; } die; }
public static function get_ips() { if (!defined('DOING_AJAX') || !current_user_can(MainWP_WP_Stream_Admin::SETTINGS_CAP)) { return; } check_ajax_referer('stream_get_ips', 'nonce'); global $wpdb; $results = $wpdb->get_col($wpdb->prepare("\n\t\t\t\t\tSELECT distinct(`ip`)\n\t\t\t\t\tFROM `{$wpdb->mainwp_reports}`\n\t\t\t\t\tWHERE `ip` LIKE %s\n\t\t\t\t\tORDER BY inet_aton(`ip`) ASC\n\t\t\t\t\tLIMIT %d;\n\t\t\t\t", like_escape($_POST['find']) . '%', $_POST['limit'])); wp_send_json_success($results); }
/** * Escape a string to use in SQL LIKE. * like_escape() is deprecated since WordPress 4.0 which introduces a $wpdb * method. This is for compatibility easiness with WP<4.x * * @since 2.1 * * @param string $string Data to escape * * @return string Escape string */ function wpmoly_esc_like($string) { global $wpdb; if (method_exists('wpdb', 'esc_like')) { $string = $wpdb->esc_like($string); } else { $string = like_escape($letter); } return $string; }
function post_lookup() { global $wpdb; $search = like_escape($_REQUEST['q']); $query = 'SELECT ID,post_title FROM ' . $wpdb->posts . ' WHERE post_title LIKE \'' . $search . '%\' AND post_status = \'publish\' ORDER BY post_title ASC'; die; }
function prepare_items() { global $frmdb, $wpdb, $per_page, $frm_settings; $paged = $this->get_pagenum(); $default_orderby = 'name'; $default_order = 'ASC'; if ($this->plural == 'entries') { $default_orderby = 'id'; $default_order = 'DESC'; } $orderby = isset($_REQUEST['orderby']) ? $_REQUEST['orderby'] : $default_orderby; $order = isset($_REQUEST['order']) ? $_REQUEST['order'] : $default_order; $page = $this->get_pagenum(); $per_page = $this->get_items_per_page('formidable_page_formidable_' . str_replace('-', '_', $this->page_name) . '_per_page'); $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : ($page - 1) * $per_page; $s = isset($_REQUEST['s']) ? $_REQUEST['s'] : ''; $fid = isset($_REQUEST['fid']) ? $_REQUEST['fid'] : ''; if ($s != '') { $s = stripslashes($s); preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); $search_terms = array_map('_search_terms_tidy', $matches[0]); } $s_query = ''; if ($this->plural == 'entries') { global $frm_entry, $frmpro_entries_controller; $form_id = $this->params['form']; $s_query = 'it.form_id=' . (int) $form_id; if ($s != '') { $s_query = $frmpro_entries_controller->get_search_str($s_query, $s, $form_id, $fid); } $this->items = $frm_entry->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false); $total_items = $frm_entry->getRecordCount($s_query); } else { if ($this->plural == 'displays') { global $frmpro_display, $frm_app_helper; if (isset($_REQUEST['form']) and is_numeric($_REQUEST['form'])) { $s_query .= "form_id=" . (int) $_REQUEST['form']; } if ($s != '') { foreach ((array) $search_terms as $term) { $term = esc_sql(like_escape($term)); if (!empty($s_query)) { $s_query .= " AND"; } $s_query .= " (name like '%{$term}%' OR description like '%{$term}%' OR created_at like '%{$term}%' OR content like '%{$term}%' OR dyncontent like '%{$term}%')"; unset($term); } } $this->items = $frmpro_display->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false); $total_items = $frm_app_helper->getRecordCount($s_query, $this->table_name); } } $this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page)); }
/** * Returns the SQL escaped like value for auto suggest queries. * * @since 1.2.3 * @return string */ public static function get_like() { global $wpdb; $like = stripslashes(urldecode($_REQUEST['fl_as_query'])); if (method_exists($wpdb, 'esc_like')) { $like = esc_sql($wpdb->esc_like($like)); } else { $like = like_escape(esc_sql($like)); } return $like; }
public static function json_search_customer_name($query) { global $wpdb; $term = wc_clean(stripslashes($_GET['term'])); if (method_exists($wpdb, 'esc_like')) { $term = $wpdb->esc_like($term); } else { $term = like_escape($term); } $query->query_from .= " INNER JOIN {$wpdb->usermeta} AS user_name ON {$wpdb->users}.ID = user_name.user_id AND ( user_name.meta_key = 'first_name' OR user_name.meta_key = 'last_name' ) "; $query->query_where .= $wpdb->prepare(" OR user_name.meta_value LIKE %s ", '%' . $term . '%'); }
function advanced_search_query($where) { if (is_search() && '1' === wpsf_get_setting(wpsf_get_option_group('../settings/settings-general.php'), 'search', 'enabled')) { global $wpdb; $query = get_search_query(); $query = like_escape($query); // include postmeta in search $where .= " OR {$wpdb->posts}.ID IN (SELECT {$wpdb->postmeta}.post_id FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->postmeta}.meta_key = 'pl-settings' AND {$wpdb->postmeta}.meta_value LIKE '%{$query}%' AND {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id)"; // include taxonomy in search $where .= " OR {$wpdb->posts}.ID IN (SELECT {$wpdb->posts}.ID FROM {$wpdb->posts},{$wpdb->term_relationships},{$wpdb->terms} WHERE {$wpdb->posts}.ID = {$wpdb->term_relationships}.object_id AND {$wpdb->term_relationships}.term_taxonomy_id = {$wpdb->terms}.term_id AND {$wpdb->terms}.name LIKE '%{$query}%')"; } return $where; }
/** * Filter the query based on selected values */ function filter_posts($params) { global $wpdb; $facet = $params['facet']; $selected_values = $params['selected_values']; $selected_values = is_array($selected_values) ? $selected_values[0] : $selected_values; // like_escape was deprecated in 4.0 $selected_values = method_exists($wpdb, 'esc_like') ? $wpdb->esc_like($selected_values) : like_escape($selected_values); if (empty($selected_values)) { return 'continue'; } $sql = "\n SELECT DISTINCT post_id FROM {$wpdb->prefix}facetwp_index\n WHERE facet_name = '{$facet['name']}' AND facet_display_value LIKE '%{$selected_values}%'"; return $wpdb->get_col($sql); }
function se_lookup() { global $wpdb; $search = like_escape($_REQUEST['q']); $query = 'SELECT ID,post_title FROM ' . $wpdb->posts . ' WHERE post_title LIKE \'' . $search . '%\' AND post_status = \'publish\' ORDER BY post_title ASC'; foreach ($wpdb->get_results($query) as $row) { $post_title = $row->post_title; $id = $row->ID; echo get_permalink($id) . "\n"; } die; }
/** * Suggest user AJAX. */ function wpcf_access_wpcf_access_suggest_user_ajax() { global $wpdb; $users = array(); $q = $wpdb->escape(trim($_POST['q'])); $q = like_escape($q); $found = $wpdb->get_results("SELECT ID, display_name, user_login FROM {$wpdb->users} WHERE user_nicename LIKE '%%{$q}%%' OR user_login LIKE '%%{$q}%%' OR display_name LIKE '%%{$q}%%' OR user_email LIKE '%%{$q}%%' LIMIT 10"); if (!empty($found)) { foreach ($found as $user) { $users[$user->ID] = $user->display_name . ' (' . $user->user_login . ')'; } } echo json_encode($users); die; }
function show_theme_calendar() { global $wpdb; $order = " ORDER BY title ASC"; $sort["default_style"] = "manage-column column-autor sortable desc"; $sort["sortid_by"] = "title"; $sort["custom_style"] = "manage-column column-title sorted asc"; $sort["1_or_2"] = "2"; if (isset($_POST['page_number'])) { if (isset($_POST['order_by']) && esc_html($_POST['order_by']) != '') { $sort["sortid_by"] = esc_sql(esc_html(stripslashes($_POST['order_by']))); } if (isset($_POST['asc_or_desc']) && esc_html($_POST['asc_or_desc']) == 1) { $sort["custom_style"] = "manage-column column-title sorted asc"; $sort["1_or_2"] = "2"; $order = "ORDER BY " . $sort["sortid_by"] . " ASC"; } else { $sort["custom_style"] = "manage-column column-title sorted desc"; $sort["1_or_2"] = "1"; $order = "ORDER BY " . $sort["sortid_by"] . " DESC"; } if (isset($_POST['page_number']) && esc_html($_POST['page_number'])) { $limit = (esc_sql(esc_html(stripslashes($_POST['page_number']))) - 1) * 20; } else { $limit = 0; } } else { $limit = 0; } if (isset($_POST['search_events_by_title'])) { $search_tag = esc_sql(esc_html(stripslashes($_POST['search_events_by_title']))); } else { $search_tag = ""; } if ($search_tag) { $where = ' WHERE title LIKE "%%' . like_escape($search_tag) . '%%"'; } else { $where = ''; } // get the total number of records $query = "SELECT COUNT(*) FROM " . $wpdb->prefix . "spidercalendar_theme" . str_replace('%%', '%', $where); $total = $wpdb->get_var($query); $pageNav['total'] = $total; $pageNav['limit'] = $limit / 20 + 1; $query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spidercalendar_theme" . $where . " " . $order . " " . " LIMIT %d,20", $limit); $rows = $wpdb->get_results($query); html_show_theme_calendar($rows, $pageNav, $sort); }
function gdlr_search_page_builder_meta($where) { if (is_search() && empty($_GET['post_type']) && !is_admin()) { global $wpdb; $query = get_search_query(); $query = like_escape($query); $where .= " OR {$wpdb->posts}.ID IN ("; $where .= "SELECT {$wpdb->postmeta}.post_id "; $where .= "FROM {$wpdb->posts}, {$wpdb->postmeta} "; $where .= "WHERE {$wpdb->posts}.post_type = 'page' "; $where .= "AND {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id "; $where .= "AND {$wpdb->postmeta}.meta_key IN('above-sidebar', 'content-with-sidebar', 'below-sidebar') "; $where .= "AND {$wpdb->postmeta}.meta_value LIKE '%{$query}%' )"; } return $where; }
public function suggestPostsByTitle($text, $post_type = null, $limit = 20) { $post_status = "('publish','private')"; $not_in_post_types = "('view','view-template','attachment','revision','" . CRED_FORMS_CUSTOM_POST_NAME . "')"; $text = esc_sql(like_escape($text)); $sql = "SELECT ID, post_title FROM {$this->wpdb->posts} WHERE post_title LIKE '%{$text}%' AND post_status IN {$post_status} AND post_type NOT IN {$not_in_post_types}"; if ($post_type !== null) { $sql .= $this->wpdb->prepare(' AND post_type="%s"', $post_type); } $limit = intval($limit); if ($limit > 0) { $sql .= " LIMIT 0, {$limit}"; } $results = $this->wpdb->get_results($sql); return $results; }
function tag_search() { global $wpdb; $term = $_GET['q']; if (false !== strpos($term, ',')) { $term = explode(',', $term); $term = $term[count($term) - 1]; } $term = trim($term); if (strlen($term) < 2) { die; } // require 2 chars for matching $results = $wpdb->get_col("SELECT t.name FROM {$wpdb->term_taxonomy} AS tt INNER JOIN {$wpdb->terms} AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ('%" . like_escape($wpdb->escape($term)) . "%')"); echo join($results, "\n"); }
function advancedSearchWidget_searchquery($search) { if (!isset($_GET['posttype'])) { return $search; } if (is_search()) { if (isset($_GET['widget'])) { extract(advancedSearchWidget_getvars($_GET['widget'])); } global $wpdb, $wp_query; if (empty($search)) { return $search; } // skip processing - no search term in query $q = $wp_query->query_vars; $n = !empty($q['exact']) ? '' : '%'; $search = "{$wpdb->posts}.post_type = '" . esc_attr($_GET['posttype']) . "' AND "; $searchand = ''; foreach ((array) $q['search_terms'] as $term) { $term = esc_sql(like_escape($term)); //push search "OR's" $list = array(); if (isset($searchtitle) && $searchtitle == 1) { array_push($list, "({$wpdb->posts}.post_title LIKE '{$n}{$term}{$n}')"); } if (isset($searchcontent) && $searchcontent == 1) { array_push($list, "({$wpdb->posts}.post_content LIKE '{$n}{$term}{$n}')"); } if (isset($searchtags) && $searchtags == 1) { array_push($list, "(t.name like '{$n}{$term}{$n}' AND post_status = 'publish' and tt.taxonomy in ('post_tag', 'category'))"); } $search .= "{$searchand}"; $search .= "( "; $search .= implode(" OR ", $list); $search .= ")"; $searchand = ' AND '; } if (!empty($search)) { $search = " AND ({$search}) "; if (!is_user_logged_in()) { $search .= " AND ({$wpdb->posts}.post_password = '') "; } } } return $search; }
function search_comments_where($where) { global $wp_query, $wpdb; $q = $wp_query->query_vars; if (empty($q['s'])) { return $where; } $n = empty($q['exact']) ? '%' : ''; $search = array("comment_post_ID = {$wpdb->posts}.ID AND comment_approved = '1'"); foreach ((array) $q['search_terms'] as $term) { $term = esc_sql(like_escape($term)); $search[] = "( comment_content LIKE '{$n}{$term}{$n}' )"; } $search = " OR ( " . implode(" AND ", $search) . " )"; $where = preg_replace("/\\bor\\b/i", "{$search} OR", $where, 1); return $where; }
/** * Modifies the search query. * * Affects searches performed in the list of Users. * * @package s2Member\Users_List * @since 3.5 * * @attaches-to ``add_action("pre_user_query");`` * * @param WP_User_Query $query Expects a `WP_User_Query` object, by reference. */ public static function users_list_query(&$query = FALSE) { global $wpdb; /** @var $wpdb wpdb */ foreach (array_keys(get_defined_vars()) as $__v) { $__refs[$__v] =& ${$__v}; } do_action("ws_plugin__s2member_before_users_list_search", get_defined_vars()); unset($__refs, $__v); if (is_admin() && !empty($GLOBALS['pagenow']) && $GLOBALS['pagenow'] === 'users.php') { if (isset($query->query_vars) && !is_network_admin()) { // NOT in Network admin panels. if (is_array($qv = $query->query_vars) && ($s = trim($qv["search"], "* \t\n\r\v")) && ($s = "%" . esc_sql(like_escape($s)) . "%")) { $query->query_fields = "SQL_CALC_FOUND_ROWS DISTINCT(`" . $wpdb->users . "`.`ID`)"; $query->query_from = " FROM `" . $wpdb->users . "`, `" . $wpdb->usermeta . "`"; // Include meta table also. $query->query_where = " WHERE `" . $wpdb->users . "`.`ID` = `" . $wpdb->usermeta . "`.`user_id`"; // Join w/ meta table. $query->query_where .= " AND (" . apply_filters("ws_plugin__s2member_before_users_list_search_where_or_before", "", get_defined_vars()); $query->query_where .= " (`" . $wpdb->users . "`.`user_login` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`user_nicename` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`display_name` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`user_email` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`user_url` LIKE '" . $s . "')"; $query->query_where .= " OR ((`" . $wpdb->usermeta . "`.`meta_key` = 'first_name' OR `" . $wpdb->usermeta . "`.`meta_key` = 'last_name') AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')"; $query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_subscr_id' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')"; $query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_custom' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')"; $query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_custom_fields' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')"; if (apply_filters("ws_plugin__s2member_users_list_search_admin_notes", false, get_defined_vars())) { // Off by default; this can get very slow on large sites. $query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_notes' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')"; } $query->query_where .= apply_filters("ws_plugin__s2member_before_users_list_search_where_or_after", "", get_defined_vars()) . ")"; // Leaving room for additional searches here. if (is_multisite()) { // On a Multisite Network we need to make sure we're searching only users w/ capabilities on this blog. $query->query_where .= " AND `" . $wpdb->users . "`.`ID` IN(SELECT DISTINCT(`user_id`) FROM `" . $wpdb->usermeta . "` WHERE `meta_key` = '" . $wpdb->prefix . "capabilities')"; } $query->query_from = apply_filters("ws_plugin__s2member_before_users_list_search_from", $query->query_from, get_defined_vars()); $query->query_where = apply_filters("ws_plugin__s2member_before_users_list_search_where", $query->query_where, get_defined_vars()); } } } foreach (array_keys(get_defined_vars()) as $__v) { $__refs[$__v] =& ${$__v}; } do_action("ws_plugin__s2member_after_users_list_search", get_defined_vars()); unset($__refs, $__v); }
/** * Filter input and return sanitized SQL LIKE output * * @param mixed $input The string, array, or object to sanitize * * @return array|mixed|object|string|void * * @since 2.3.9 * * @see like_escape */ function pods_sanitize_like($input) { $output = array(); if (is_object($input)) { $input = get_object_vars($input); foreach ($input as $key => $val) { $output[$key] = pods_sanitize_like($val); } $output = (object) $output; } elseif (is_array($input)) { foreach ($input as $key => $val) { $output[$key] = pods_sanitize_like($val); } } else { $output = like_escape(pods_sanitize($input)); } return $output; }