function dropdown_pages($object_id = '', $stored_parent_id = '') { require_once SCOPER_ABSPATH . '/hardway/hardway-parent-legacy_rs.php'; return ScoperHardwayParentLegacy::dropdown_pages($object_id, $stored_parent_id); }
function _flt_last_resort_query($query) { // no recursion if (scoper_querying_db() || $GLOBALS['cap_interceptor']->in_process) { return $query; } global $wpdb, $pagenow, $scoper; $posts = $wpdb->posts; // Search on query portions to make this as forward-compatible as possible. // Important to include " FROM table WHERE " as a strpos requirement because scoped queries (which should not be further altered here) will insert a JOIN clause // strpos search for "ELECT " rather than "SELECT" so we don't have to distinguish 0 from false // wp_count_posts() : // SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s $matches = array(); if (strpos($query, "ELECT post_status, COUNT( * ) AS num_posts ") && preg_match("/FROM\\s*{$posts}\\s*WHERE post_type\\s*=\\s*'([^ ]+)'/", $query, $matches)) { $_post_type = !empty($matches[1]) ? $matches[1] : cr_find_post_type(); if ($_post_type) { global $current_user; foreach (get_post_stati(array('private' => true)) as $_status) { $query = str_replace("AND (post_status != '{$_status}' OR ( post_author = '{$current_user->ID}' AND post_status = '{$_status}' ))", '', $query); } $query = str_replace("post_status", "{$posts}.post_status", $query); $query = apply_filters('objects_request_rs', $query, 'post', $_post_type, array('objrole_revisions_clause' => true)); // as of WP 3.0.1, additional queries triggered by objects_request filter breaks all subsequent filters which would have operated on this query if (defined('RVY_VERSION')) { if (class_exists('RevisionaryAdminHardway_Ltd')) { $query = RevisionaryAdminHardway_Ltd::flt_last_resort_query($query); } $query = RevisionaryAdminHardway::flt_include_pending_revisions($query); } } return $query; } // parent_dropdown() : // SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order if ('admin.php' == $pagenow) { if (strpos($query, "ELECT ID, post_parent, post_title") && strpos($query, "FROM {$posts} WHERE post_parent =") && function_exists('parent_dropdown')) { $page_temp = ''; $object_id = $scoper->data_sources->detect('id', 'post'); if ($object_id) { $page_temp = get_post($object_id); } if (empty($page_temp) || !isset($page_temp->post_parent) || $page_temp->post_parent) { require_once SCOPER_ABSPATH . '/hardway/hardway-parent-legacy_rs.php'; $output = ScoperHardwayParentLegacy::dropdown_pages(); echo $output; } $query = "SELECT ID, post_parent FROM {$posts} WHERE 1=2"; return $query; } } // Media Library - unattached // // WP_MediaListTable::get_views() : // SELECT COUNT( * ) FROM $wpdb->posts WHERE post_type = 'attachment' AND post_status != 'trash' AND post_parent < 1 if (strpos($query, "post_type = 'attachment'") && strpos($query, "post_parent < 1") && strpos($query, '* FROM')) { if ($where_pos = strpos($query, 'WHERE ')) { // optionally hide other users' unattached uploads, but not from blog-wide Editors if (!scoper_get_option('admin_others_unattached_files') && !$scoper->user_can_edit_blogwide('post', '', array('require_others_cap' => true, 'status' => 'publish'))) { global $current_user; $author_clause = "AND {$wpdb->posts}.post_author = '{$current_user->ID}'"; $query = str_replace("post_type = 'attachment'", "post_type = 'attachment' {$author_clause}", $query); return $query; } } } // wp_count_attachments() : //SELECT post_mime_type, COUNT( * ) AS num_posts FROM wp_trunk_posts WHERE post_type = 'attachment' GROUP BY post_mime_type if (strpos($query, "post_type = 'attachment'") && 0 === strpos($query, "SELECT ")) { if ($where_pos = strpos($query, 'WHERE ')) { if (!defined('SCOPER_ALL_UPLOADS_EDITABLE')) { // note: this constant actually just prevents Media Library filtering, falling back to WP Roles for attachment editability and leaving uneditable uploads viewable in Library static $att_sanity_count = 0; if ($att_sanity_count > 5) { // TODO: why does this apply filtering to 300+ queries on at least one MS installation? return $query; } $att_sanity_count++; $admin_others_attached = scoper_get_option('admin_others_attached_files'); $admin_others_unattached = scoper_get_option('admin_others_unattached_files'); if (!$admin_others_attached || !$admin_others_unattached) { $can_edit_others_blogwide = $scoper->user_can_edit_blogwide('post', '', array('require_others_cap' => true, 'status' => 'publish')); } global $wpdb, $current_user; // optionally hide other users' unattached uploads, but not from blog-wide Editors if ($admin_others_unattached || $can_edit_others_blogwide) { $author_clause = ''; } else { $author_clause = "AND {$wpdb->posts}.post_author = '{$current_user->ID}'"; } if (!defined('SCOPER_BLOCK_UNATTACHED_UPLOADS') || !SCOPER_BLOCK_UNATTACHED_UPLOADS) { $unattached_clause = "( {$wpdb->posts}.post_parent = 0 {$author_clause} ) OR"; } else { $unattached_clause = ''; } $attached_clause = $admin_others_attached || $can_edit_others_blogwide ? '' : "AND {$wpdb->posts}.post_author = '{$current_user->ID}'"; $parent_query = "SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} WHERE 1=1"; $parent_query = apply_filters('objects_request_rs', $parent_query, 'post'); $where_insert = "( {$unattached_clause} ( {$wpdb->posts}.post_parent IN ({$parent_query}) {$attached_clause} ) ) AND "; $query = substr($query, 0, $where_pos + strlen('WHERE ')) . $where_insert . substr($query, $where_pos + strlen('WHERE ')); } return $query; } } // admin-ajax.php 'find_posts' : // SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50 if (strpos($query, "ELECT ID, post_title, post_status, post_date FROM")) { if (!empty($_POST['post_type'])) { $query = apply_filters('objects_request_rs', $query, 'post', $_POST['post_type']); } } return $query; }