function get_sql()
{
global $wpdb;
if (empty($this->queries)) {
return array('join' => '', 'where' => '');
}
$context_table = MainWP_WP_Stream_DB::$table_context;
$main_table = MainWP_WP_Stream_DB::$table;
$meta_id_column = 'meta_id';
$join = array();
$where = array();
$queries = $this->queries;
$meta_query = new WP_Meta_Query();
foreach ($queries as $i => $query) {
foreach ($query as $key => $args) {
$type = $meta_query->get_cast_for_type(isset($args['type']) ? $args['type'] : '');
$value = isset($args['value']) ? $args['value'] : null;
// Allow 'context' => array('val1', 'val2') as well
if (is_null($value)) {
$args = array('value' => $args);
$value = $args['value'];
}
if (isset($args['compare'])) {
$compare = strtoupper($args['compare']);
} else {
$compare = is_array($value) ? 'IN' : '=';
}
$operators = array('=', '!=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN', 'REGEXP', 'NOT REGEXP', 'RLIKE');
if (!in_array($compare, $operators)) {
$compare = '=';
}
if ('IN' === substr($compare, -2)) {
if (!is_array($value)) {
$value = preg_split('/[,\\s]+/', $value);
}
$compare_string = '(' . substr(str_repeat(',%s', count($value)), 1) . ')';
} elseif ('LIKE' === substr($compare, -4)) {
$value = '%' . like_escape($value) . '%';
$compare_string = '%s';
} else {
$compare_string = '%s';
}
if (!empty($where[$i])) {
$where[$i] .= ' AND ';
} else {
$where[$i] = '';
}
$where[$i] = ' (' . $where[$i] . $wpdb->prepare("CAST({$context_table}.{$key} AS {$type}) {$compare} {$compare_string})", $value);
}
}
$where = array_filter($where);
if (empty($where)) {
$where = '';
} else {
$where = ' AND (' . implode("\n{$this->relation} ", $where) . ' )';
}
$join = implode("\n", $join);
return apply_filters_ref_array('get_context_sql', array(compact('join', 'where'), $this->queries));
}
function prepare_items()
{
global $frmdb, $wpdb, $per_page, $frm_settings, $frm_form, $frm_app_helper;
$paged = $this->get_pagenum();
$default_orderby = 'name';
$default_order = 'ASC';
$orderby = isset($_REQUEST['orderby']) ? $_REQUEST['orderby'] : $default_orderby;
$order = isset($_REQUEST['order']) ? $_REQUEST['order'] : $default_order;
$page = $this->get_pagenum();
$default_count = empty($this->page_name) ? 20 : 10;
$per_page = $this->get_items_per_page('formidable_page_formidable' . str_replace('-', '_', $this->page_name) . '_per_page', $default_count);
$start = isset($_REQUEST['start']) ? $_REQUEST['start'] : ($page - 1) * $per_page;
$s = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
$fid = isset($_REQUEST['fid']) ? $_REQUEST['fid'] : '';
if ($s != '') {
$s = stripslashes($s);
preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
$search_terms = array_map('_search_terms_tidy', $matches[0]);
}
$s_query = " (status is NULL OR status = '' OR status = 'published') AND default_template=0 AND is_template = " . (int) $this->params['template'];
if ($s != '') {
foreach ((array) $search_terms as $term) {
$term = esc_sql(like_escape($term));
if (!empty($s_query)) {
$s_query .= " AND";
}
$s_query .= " (name like '%{$term}%' OR description like '%{$term}%' OR created_at like '%{$term}%')";
unset($term);
}
}
$this->items = $frm_form->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false);
$total_items = $frm_app_helper->getRecordCount($s_query, $this->table_name);
$this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page));
}
protected function __format_search()
{
$this->s_query = explode("-", $this->options['s_query']);
$this->s_query = implode(" ", $this->s_query);
$this->s_query = '%' . like_escape(esc_sql($this->s_query)) . '%';
// Thanks Manny Fleurmond
}
function sf_acf_check_args_for_checkboxes($args)
{
if (!isset($args['meta_query'])) {
return $args;
}
$acf_fields = array();
foreach ($args['meta_query'] as $key => $val) {
$is_checkbox = sf_acf_is_checkbox(array('add_this' => false, 'meta_key' => $val['key']));
if ($is_checkbox['add_this']) {
$acf_fields[] = $val;
unset($args['meta_query'][$key]);
}
}
$where_meta = array();
foreach ($acf_fields as $field) {
if (!is_array($field['value'])) {
$where_meta[$field['key']][] = 's:' . strlen($field['value']) . ':"' . $field['value'] . '";';
} else {
foreach ($field['value'] as $fv) {
$where_meta[$field['key']][] = 's:' . strlen($fv) . ':"' . esc_sql(like_escape($fv)) . '";';
}
}
}
if (count($where_meta) > 0) {
add_filter('posts_join_paged', 'sf_acf_checkbox_filter_join', 10, 2);
add_filter('posts_where', 'sf_acf_checkbox_filter_where', 10, 2);
add_filter('posts_groupby', 'sf_groupby');
$args['sf-acfcheckbox-meta'] = $where_meta;
}
return $args;
}
/**
* Check if the cookied hashkey has been merged with another contact. If it is, set visitor's cookie to new hashkey
*
* @echo Hashkey from a merged_hashkeys row, FALSE if hashkey does not exist in a merged_hashkeys row
*/
function leadout_check_merged_contact()
{
global $wpdb;
global $wp_version;
$stale_hash = $_POST['li_id'];
$escaped_hash = '';
if ($wp_version >= 4) {
$escaped_hash = $wpdb->esc_like($stale_hash);
} else {
$escaped_hash = like_escape($stale_hash);
}
// Check if hashkey is in a merged contact
$q = $wpdb->prepare("SELECT hashkey, merged_hashkeys FROM {$wpdb->li_leads} WHERE merged_hashkeys LIKE '%%%s%%'", $escaped_hash);
$row = $wpdb->get_row($q);
if (isset($row->hashkey) && $stale_hash) {
// One final update to set all the previous pageviews to the new hashkey
$q = $wpdb->prepare("UPDATE {$wpdb->li_pageviews} SET lead_hashkey = %s WHERE lead_hashkey = %s", $row->hashkey, $stale_hash);
$wpdb->query($q);
// One final update to set all the previous submissions to the new hashkey
$q = $wpdb->prepare("UPDATE {$wpdb->li_submissions} SET lead_hashkey = %s WHERE lead_hashkey = %s", $row->hashkey, $stale_hash);
$wpdb->query($q);
// Remove the passed hash from the merged hashkeys for the row
$merged_hashkeys = array_unique(array_filter(explode(',', $row->merged_hashkeys)));
// Delete the stale hash from the merged hashkeys array
$merged_hashkeys = leadout_array_delete($merged_hashkeys, "'" . $stale_hash . "'");
$q = $wpdb->prepare("UPDATE {$wpdb->li_leads} SET merged_hashkeys = %s WHERE hashkey = %s", rtrim(implode(',', $merged_hashkeys), ','), $row->hashkey);
$wpdb->query($q);
echo json_encode($row->hashkey);
die;
} else {
echo json_encode(FALSE);
die;
}
}
function wp_ajax_ajax_tag_search()
{
global $wpdb;
if (isset($_GET['tax'])) {
$taxonomy = sanitize_key($_GET['tax']);
$tax = get_taxonomy($taxonomy);
if (!$tax) {
wp_die(0);
}
if (!current_user_can($tax->cap->assign_terms)) {
wp_die(-1);
}
} else {
wp_die(0);
}
$s = wp_unslash($_GET['q']);
$comma = _x(',', 'tag delimiter');
if (',' !== $comma) {
$s = str_replace($comma, ',', $s);
}
if (false !== strpos($s, ',')) {
$s = explode(',', $s);
$s = $s[count($s) - 1];
}
$s = trim($s);
if (strlen($s) < 2) {
wp_die();
}
// require 2 chars for matching
$results = $wpdb->get_col($wpdb->prepare("SELECT t.name FROM {$wpdb->term_taxonomy} AS tt INNER JOIN {$wpdb->terms} AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape($s) . '%'));
echo join($results, "\n");
wp_die();
}
function search_terms($search_terms, $taxon = 'tag', $limit = 10)
{
global $wpdb, $bp;
$search_terms = like_escape($wpdb->escape($search_terms));
$data = $wpdb->get_results($wpdb->prepare("\n SELECT `id`, `name` FROM {$bp->gtm->table_terms} WHERE `taxon` = %s AND `name` LIKE '%%{$search_terms}%%' LIMIT %d", $taxon, $limit));
return $data;
}
function tag_search() {
global $wpdb;
$term = $_GET['term'];
if ( false !== strpos( $term, ',' ) ) {
$term = explode( ',', $term );
$term = $term[count( $term ) - 1];
}
$term = trim( $term );
if ( strlen( $term ) < 2 )
die(); // require 2 chars for matching
$tags = array();
$results = $wpdb->get_results( "SELECT name, count FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ( '%". like_escape( $wpdb->escape( $term ) ) . "%' ) ORDER BY count DESC" );
foreach ( $results as $result ) {
$rterm = '/' . preg_quote( $term, '/' ) . '/i';
$label = preg_replace( $rterm, "<strong>$0</strong>", $result->name ) . " ($result->count)";
$tags[] = array(
'label' => $label,
'value' => $result->name,
);
}
echo json_encode( $tags );
}
function shandora_posts_where($where, &$wp_query)
{
global $wpdb;
if ($post_title = $wp_query->get('post_title')) {
$where .= ' AND ' . $wpdb->posts . '.post_title LIKE \'%' . esc_sql(like_escape($post_title)) . '%\'';
}
return $where;
}
/**
* @ticket 10041
* @expectedDeprecated like_escape
*/
function test_like_escape()
{
$inputs = array('howdy%', 'howdy_', 'howdy\\', 'howdy\\howdy%howdy_');
$expected = array("howdy\\%", 'howdy\\_', 'howdy\\', 'howdy\\howdy\\%howdy\\_');
foreach ($inputs as $key => $input) {
$this->assertEquals($expected[$key], like_escape($input));
}
}
function posts_where($where, &$wp_query)
{
global $wpdb;
if ($title = $wp_query->get('like_title')) {
$where .= " AND " . $wpdb->posts . ".post_title LIKE '%" . esc_sql(like_escape($title)) . "%'";
}
return $where;
}
function ym_logs_search_users()
{
ym_ajax_superuser_check();
$users = get_users('search=*' . like_escape(ym_get('q')) . '*');
foreach ($users as $user) {
echo $user->user_login . "\n";
}
die;
}
public static function get_ips()
{
if (!defined('DOING_AJAX') || !current_user_can(MainWP_WP_Stream_Admin::SETTINGS_CAP)) {
return;
}
check_ajax_referer('stream_get_ips', 'nonce');
global $wpdb;
$results = $wpdb->get_col($wpdb->prepare("\n\t\t\t\t\tSELECT distinct(`ip`)\n\t\t\t\t\tFROM `{$wpdb->mainwp_reports}`\n\t\t\t\t\tWHERE `ip` LIKE %s\n\t\t\t\t\tORDER BY inet_aton(`ip`) ASC\n\t\t\t\t\tLIMIT %d;\n\t\t\t\t", like_escape($_POST['find']) . '%', $_POST['limit']));
wp_send_json_success($results);
}
/**
* Escape a string to use in SQL LIKE.
* like_escape() is deprecated since WordPress 4.0 which introduces a $wpdb
* method. This is for compatibility easiness with WP<4.x
*
* @since 2.1
*
* @param string $string Data to escape
*
* @return string Escape string
*/
function wpmoly_esc_like($string)
{
global $wpdb;
if (method_exists('wpdb', 'esc_like')) {
$string = $wpdb->esc_like($string);
} else {
$string = like_escape($letter);
}
return $string;
}
function post_lookup()
{
global $wpdb;
$search = like_escape($_REQUEST['q']);
$query = 'SELECT ID,post_title FROM ' . $wpdb->posts . '
WHERE post_title LIKE \'' . $search . '%\'
AND post_status = \'publish\'
ORDER BY post_title ASC';
die;
}
function prepare_items()
{
global $frmdb, $wpdb, $per_page, $frm_settings;
$paged = $this->get_pagenum();
$default_orderby = 'name';
$default_order = 'ASC';
if ($this->plural == 'entries') {
$default_orderby = 'id';
$default_order = 'DESC';
}
$orderby = isset($_REQUEST['orderby']) ? $_REQUEST['orderby'] : $default_orderby;
$order = isset($_REQUEST['order']) ? $_REQUEST['order'] : $default_order;
$page = $this->get_pagenum();
$per_page = $this->get_items_per_page('formidable_page_formidable_' . str_replace('-', '_', $this->page_name) . '_per_page');
$start = isset($_REQUEST['start']) ? $_REQUEST['start'] : ($page - 1) * $per_page;
$s = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
$fid = isset($_REQUEST['fid']) ? $_REQUEST['fid'] : '';
if ($s != '') {
$s = stripslashes($s);
preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
$search_terms = array_map('_search_terms_tidy', $matches[0]);
}
$s_query = '';
if ($this->plural == 'entries') {
global $frm_entry, $frmpro_entries_controller;
$form_id = $this->params['form'];
$s_query = 'it.form_id=' . (int) $form_id;
if ($s != '') {
$s_query = $frmpro_entries_controller->get_search_str($s_query, $s, $form_id, $fid);
}
$this->items = $frm_entry->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false);
$total_items = $frm_entry->getRecordCount($s_query);
} else {
if ($this->plural == 'displays') {
global $frmpro_display, $frm_app_helper;
if (isset($_REQUEST['form']) and is_numeric($_REQUEST['form'])) {
$s_query .= "form_id=" . (int) $_REQUEST['form'];
}
if ($s != '') {
foreach ((array) $search_terms as $term) {
$term = esc_sql(like_escape($term));
if (!empty($s_query)) {
$s_query .= " AND";
}
$s_query .= " (name like '%{$term}%' OR description like '%{$term}%' OR created_at like '%{$term}%' OR content like '%{$term}%' OR dyncontent like '%{$term}%')";
unset($term);
}
}
$this->items = $frmpro_display->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false);
$total_items = $frm_app_helper->getRecordCount($s_query, $this->table_name);
}
}
$this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page));
}
/**
* Returns the SQL escaped like value for auto suggest queries.
*
* @since 1.2.3
* @return string
*/
public static function get_like()
{
global $wpdb;
$like = stripslashes(urldecode($_REQUEST['fl_as_query']));
if (method_exists($wpdb, 'esc_like')) {
$like = esc_sql($wpdb->esc_like($like));
} else {
$like = like_escape(esc_sql($like));
}
return $like;
}
public static function json_search_customer_name($query)
{
global $wpdb;
$term = wc_clean(stripslashes($_GET['term']));
if (method_exists($wpdb, 'esc_like')) {
$term = $wpdb->esc_like($term);
} else {
$term = like_escape($term);
}
$query->query_from .= " INNER JOIN {$wpdb->usermeta} AS user_name ON {$wpdb->users}.ID = user_name.user_id AND ( user_name.meta_key = 'first_name' OR user_name.meta_key = 'last_name' ) ";
$query->query_where .= $wpdb->prepare(" OR user_name.meta_value LIKE %s ", '%' . $term . '%');
}
function advanced_search_query($where)
{
if (is_search() && '1' === wpsf_get_setting(wpsf_get_option_group('../settings/settings-general.php'), 'search', 'enabled')) {
global $wpdb;
$query = get_search_query();
$query = like_escape($query);
// include postmeta in search
$where .= " OR {$wpdb->posts}.ID IN (SELECT {$wpdb->postmeta}.post_id FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->postmeta}.meta_key = 'pl-settings' AND {$wpdb->postmeta}.meta_value LIKE '%{$query}%' AND {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id)";
// include taxonomy in search
$where .= " OR {$wpdb->posts}.ID IN (SELECT {$wpdb->posts}.ID FROM {$wpdb->posts},{$wpdb->term_relationships},{$wpdb->terms} WHERE {$wpdb->posts}.ID = {$wpdb->term_relationships}.object_id AND {$wpdb->term_relationships}.term_taxonomy_id = {$wpdb->terms}.term_id AND {$wpdb->terms}.name LIKE '%{$query}%')";
}
return $where;
}
/**
* Filter the query based on selected values
*/
function filter_posts($params)
{
global $wpdb;
$facet = $params['facet'];
$selected_values = $params['selected_values'];
$selected_values = is_array($selected_values) ? $selected_values[0] : $selected_values;
// like_escape was deprecated in 4.0
$selected_values = method_exists($wpdb, 'esc_like') ? $wpdb->esc_like($selected_values) : like_escape($selected_values);
if (empty($selected_values)) {
return 'continue';
}
$sql = "\n SELECT DISTINCT post_id FROM {$wpdb->prefix}facetwp_index\n WHERE facet_name = '{$facet['name']}' AND facet_display_value LIKE '%{$selected_values}%'";
return $wpdb->get_col($sql);
}
function se_lookup()
{
global $wpdb;
$search = like_escape($_REQUEST['q']);
$query = 'SELECT ID,post_title FROM ' . $wpdb->posts . '
WHERE post_title LIKE \'' . $search . '%\'
AND post_status = \'publish\'
ORDER BY post_title ASC';
foreach ($wpdb->get_results($query) as $row) {
$post_title = $row->post_title;
$id = $row->ID;
echo get_permalink($id) . "\n";
}
die;
}
/**
* Suggest user AJAX.
*/
function wpcf_access_wpcf_access_suggest_user_ajax()
{
global $wpdb;
$users = array();
$q = $wpdb->escape(trim($_POST['q']));
$q = like_escape($q);
$found = $wpdb->get_results("SELECT ID, display_name, user_login FROM {$wpdb->users} WHERE user_nicename LIKE '%%{$q}%%' OR user_login LIKE '%%{$q}%%' OR display_name LIKE '%%{$q}%%' OR user_email LIKE '%%{$q}%%' LIMIT 10");
if (!empty($found)) {
foreach ($found as $user) {
$users[$user->ID] = $user->display_name . ' (' . $user->user_login . ')';
}
}
echo json_encode($users);
die;
}
function show_theme_calendar()
{
global $wpdb;
$order = " ORDER BY title ASC";
$sort["default_style"] = "manage-column column-autor sortable desc";
$sort["sortid_by"] = "title";
$sort["custom_style"] = "manage-column column-title sorted asc";
$sort["1_or_2"] = "2";
if (isset($_POST['page_number'])) {
if (isset($_POST['order_by']) && esc_html($_POST['order_by']) != '') {
$sort["sortid_by"] = esc_sql(esc_html(stripslashes($_POST['order_by'])));
}
if (isset($_POST['asc_or_desc']) && esc_html($_POST['asc_or_desc']) == 1) {
$sort["custom_style"] = "manage-column column-title sorted asc";
$sort["1_or_2"] = "2";
$order = "ORDER BY " . $sort["sortid_by"] . " ASC";
} else {
$sort["custom_style"] = "manage-column column-title sorted desc";
$sort["1_or_2"] = "1";
$order = "ORDER BY " . $sort["sortid_by"] . " DESC";
}
if (isset($_POST['page_number']) && esc_html($_POST['page_number'])) {
$limit = (esc_sql(esc_html(stripslashes($_POST['page_number']))) - 1) * 20;
} else {
$limit = 0;
}
} else {
$limit = 0;
}
if (isset($_POST['search_events_by_title'])) {
$search_tag = esc_sql(esc_html(stripslashes($_POST['search_events_by_title'])));
} else {
$search_tag = "";
}
if ($search_tag) {
$where = ' WHERE title LIKE "%%' . like_escape($search_tag) . '%%"';
} else {
$where = '';
}
// get the total number of records
$query = "SELECT COUNT(*) FROM " . $wpdb->prefix . "spidercalendar_theme" . str_replace('%%', '%', $where);
$total = $wpdb->get_var($query);
$pageNav['total'] = $total;
$pageNav['limit'] = $limit / 20 + 1;
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spidercalendar_theme" . $where . " " . $order . " " . " LIMIT %d,20", $limit);
$rows = $wpdb->get_results($query);
html_show_theme_calendar($rows, $pageNav, $sort);
}
function gdlr_search_page_builder_meta($where)
{
if (is_search() && empty($_GET['post_type']) && !is_admin()) {
global $wpdb;
$query = get_search_query();
$query = like_escape($query);
$where .= " OR {$wpdb->posts}.ID IN (";
$where .= "SELECT {$wpdb->postmeta}.post_id ";
$where .= "FROM {$wpdb->posts}, {$wpdb->postmeta} ";
$where .= "WHERE {$wpdb->posts}.post_type = 'page' ";
$where .= "AND {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id ";
$where .= "AND {$wpdb->postmeta}.meta_key IN('above-sidebar', 'content-with-sidebar', 'below-sidebar') ";
$where .= "AND {$wpdb->postmeta}.meta_value LIKE '%{$query}%' )";
}
return $where;
}
public function suggestPostsByTitle($text, $post_type = null, $limit = 20)
{
$post_status = "('publish','private')";
$not_in_post_types = "('view','view-template','attachment','revision','" . CRED_FORMS_CUSTOM_POST_NAME . "')";
$text = esc_sql(like_escape($text));
$sql = "SELECT ID, post_title FROM {$this->wpdb->posts} WHERE post_title LIKE '%{$text}%' AND post_status IN {$post_status} AND post_type NOT IN {$not_in_post_types}";
if ($post_type !== null) {
$sql .= $this->wpdb->prepare(' AND post_type="%s"', $post_type);
}
$limit = intval($limit);
if ($limit > 0) {
$sql .= " LIMIT 0, {$limit}";
}
$results = $this->wpdb->get_results($sql);
return $results;
}
function tag_search()
{
global $wpdb;
$term = $_GET['q'];
if (false !== strpos($term, ',')) {
$term = explode(',', $term);
$term = $term[count($term) - 1];
}
$term = trim($term);
if (strlen($term) < 2) {
die;
}
// require 2 chars for matching
$results = $wpdb->get_col("SELECT t.name FROM {$wpdb->term_taxonomy} AS tt INNER JOIN {$wpdb->terms} AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ('%" . like_escape($wpdb->escape($term)) . "%')");
echo join($results, "\n");
}
function advancedSearchWidget_searchquery($search)
{
if (!isset($_GET['posttype'])) {
return $search;
}
if (is_search()) {
if (isset($_GET['widget'])) {
extract(advancedSearchWidget_getvars($_GET['widget']));
}
global $wpdb, $wp_query;
if (empty($search)) {
return $search;
}
// skip processing - no search term in query
$q = $wp_query->query_vars;
$n = !empty($q['exact']) ? '' : '%';
$search = "{$wpdb->posts}.post_type = '" . esc_attr($_GET['posttype']) . "' AND ";
$searchand = '';
foreach ((array) $q['search_terms'] as $term) {
$term = esc_sql(like_escape($term));
//push search "OR's"
$list = array();
if (isset($searchtitle) && $searchtitle == 1) {
array_push($list, "({$wpdb->posts}.post_title LIKE '{$n}{$term}{$n}')");
}
if (isset($searchcontent) && $searchcontent == 1) {
array_push($list, "({$wpdb->posts}.post_content LIKE '{$n}{$term}{$n}')");
}
if (isset($searchtags) && $searchtags == 1) {
array_push($list, "(t.name like '{$n}{$term}{$n}' AND post_status = 'publish' and tt.taxonomy in ('post_tag', 'category'))");
}
$search .= "{$searchand}";
$search .= "( ";
$search .= implode(" OR ", $list);
$search .= ")";
$searchand = ' AND ';
}
if (!empty($search)) {
$search = " AND ({$search}) ";
if (!is_user_logged_in()) {
$search .= " AND ({$wpdb->posts}.post_password = '') ";
}
}
}
return $search;
}
function search_comments_where($where)
{
global $wp_query, $wpdb;
$q = $wp_query->query_vars;
if (empty($q['s'])) {
return $where;
}
$n = empty($q['exact']) ? '%' : '';
$search = array("comment_post_ID = {$wpdb->posts}.ID AND comment_approved = '1'");
foreach ((array) $q['search_terms'] as $term) {
$term = esc_sql(like_escape($term));
$search[] = "( comment_content LIKE '{$n}{$term}{$n}' )";
}
$search = " OR ( " . implode(" AND ", $search) . " )";
$where = preg_replace("/\\bor\\b/i", "{$search} OR", $where, 1);
return $where;
}
/**
* Modifies the search query.
*
* Affects searches performed in the list of Users.
*
* @package s2Member\Users_List
* @since 3.5
*
* @attaches-to ``add_action("pre_user_query");``
*
* @param WP_User_Query $query Expects a `WP_User_Query` object, by reference.
*/
public static function users_list_query(&$query = FALSE)
{
global $wpdb;
/** @var $wpdb wpdb */
foreach (array_keys(get_defined_vars()) as $__v) {
$__refs[$__v] =& ${$__v};
}
do_action("ws_plugin__s2member_before_users_list_search", get_defined_vars());
unset($__refs, $__v);
if (is_admin() && !empty($GLOBALS['pagenow']) && $GLOBALS['pagenow'] === 'users.php') {
if (isset($query->query_vars) && !is_network_admin()) {
// NOT in Network admin panels.
if (is_array($qv = $query->query_vars) && ($s = trim($qv["search"], "* \t\n\r\v")) && ($s = "%" . esc_sql(like_escape($s)) . "%")) {
$query->query_fields = "SQL_CALC_FOUND_ROWS DISTINCT(`" . $wpdb->users . "`.`ID`)";
$query->query_from = " FROM `" . $wpdb->users . "`, `" . $wpdb->usermeta . "`";
// Include meta table also.
$query->query_where = " WHERE `" . $wpdb->users . "`.`ID` = `" . $wpdb->usermeta . "`.`user_id`";
// Join w/ meta table.
$query->query_where .= " AND (" . apply_filters("ws_plugin__s2member_before_users_list_search_where_or_before", "", get_defined_vars());
$query->query_where .= " (`" . $wpdb->users . "`.`user_login` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`user_nicename` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`display_name` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`user_email` LIKE '" . $s . "' OR `" . $wpdb->users . "`.`user_url` LIKE '" . $s . "')";
$query->query_where .= " OR ((`" . $wpdb->usermeta . "`.`meta_key` = 'first_name' OR `" . $wpdb->usermeta . "`.`meta_key` = 'last_name') AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')";
$query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_subscr_id' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')";
$query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_custom' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')";
$query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_custom_fields' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')";
if (apply_filters("ws_plugin__s2member_users_list_search_admin_notes", false, get_defined_vars())) {
// Off by default; this can get very slow on large sites.
$query->query_where .= " OR (`" . $wpdb->usermeta . "`.`meta_key` = '" . $wpdb->base_prefix . "s2member_notes' AND `" . $wpdb->usermeta . "`.`meta_value` LIKE '" . $s . "')";
}
$query->query_where .= apply_filters("ws_plugin__s2member_before_users_list_search_where_or_after", "", get_defined_vars()) . ")";
// Leaving room for additional searches here.
if (is_multisite()) {
// On a Multisite Network we need to make sure we're searching only users w/ capabilities on this blog.
$query->query_where .= " AND `" . $wpdb->users . "`.`ID` IN(SELECT DISTINCT(`user_id`) FROM `" . $wpdb->usermeta . "` WHERE `meta_key` = '" . $wpdb->prefix . "capabilities')";
}
$query->query_from = apply_filters("ws_plugin__s2member_before_users_list_search_from", $query->query_from, get_defined_vars());
$query->query_where = apply_filters("ws_plugin__s2member_before_users_list_search_where", $query->query_where, get_defined_vars());
}
}
}
foreach (array_keys(get_defined_vars()) as $__v) {
$__refs[$__v] =& ${$__v};
}
do_action("ws_plugin__s2member_after_users_list_search", get_defined_vars());
unset($__refs, $__v);
}
/**
* Filter input and return sanitized SQL LIKE output
*
* @param mixed $input The string, array, or object to sanitize
*
* @return array|mixed|object|string|void
*
* @since 2.3.9
*
* @see like_escape
*/
function pods_sanitize_like($input)
{
$output = array();
if (is_object($input)) {
$input = get_object_vars($input);
foreach ($input as $key => $val) {
$output[$key] = pods_sanitize_like($val);
}
$output = (object) $output;
} elseif (is_array($input)) {
foreach ($input as $key => $val) {
$output[$key] = pods_sanitize_like($val);
}
} else {
$output = like_escape(pods_sanitize($input));
}
return $output;
}
