PluginProbe ʕ •ᴥ•ʔ
Code Manager / 1.0.12
Code Manager v1.0.12
1.0.47 trunk 1.0.0 1.0.1 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.2 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.3 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39 1.0.4 1.0.40 1.0.41 1.0.42 1.0.43 1.0.44 1.0.45 1.0.46 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9
code-manager / Code_Manager / Code_Manager_Model.php
code-manager / Code_Manager Last commit date
Code_Manager.php 4 years ago Code_Manager_Dashboard.php 4 years ago Code_Manager_Export.php 4 years ago Code_Manager_Form.php 4 years ago Code_Manager_Import.php 4 years ago Code_Manager_Import_File.php 4 years ago Code_Manager_List.php 4 years ago Code_Manager_List_View.php 4 years ago Code_Manager_Model.php 4 years ago Code_Manager_Preview.php 4 years ago Code_Manager_Settings.php 4 years ago Code_Manager_Tabs.php 4 years ago Message_Box.php 4 years ago WP_List_Table.php 4 years ago
Code_Manager_Model.php
687 lines
1 <?php
2
3 namespace Code_Manager {
4
5 /**
6 * Class Code_Manager_Model
7 *
8 * Interface between code manager front-end and code manager database table.
9 *
10 * @author Peter Schulz
11 * @since 1.0.0
12 */
13 class Code_Manager_Model {
14
15 /**
16 * Base table name without prefix
17 */
18 const BASE_TABLE_NAME = 'code_manager';
19
20 /**
21 * Base table name with prefix
22 *
23 * @since 1.0.0
24 *
25 * @return string Real base table name
26 */
27 public static function get_base_table_name() {
28 global $wpdb;
29 return $wpdb->prefix . static::BASE_TABLE_NAME;
30 }
31
32 /**
33 * Check if base table exists
34 *
35 * @since 1.0.0
36 *
37 * @return bool TRUE = table found
38 */
39 public static function table_exists() {
40 global $wpdb;
41
42 $wpdb->query(
43 $wpdb->prepare( '
44 select true
45 from `information_schema`.`tables`
46 where table_schema = %s
47 and table_name = %s
48 ',
49 [
50 $wpdb->dbname,
51 self::get_base_table_name(),
52 ]
53 )
54 );
55 $wpdb->get_results();
56
57 return 1 === $wpdb->num_rows;
58 }
59
60 /**
61 * Get record from code manager table for given Code ID
62 *
63 * @since 1.0.0
64 *
65 * @param integer $code_id Code ID
66 *
67 * @return array
68 */
69 public static function dml_query( $code_id ) {
70 global $wpdb;
71 return $wpdb->get_results(
72 $wpdb->prepare(
73 'select * from `' . self::get_base_table_name() . '` ' .
74 'where code_id = %d',
75 [
76 $code_id
77 ]
78 ),
79 'ARRAY_A'
80 );
81 }
82
83 /**
84 * Get record from code manager table for given code name
85 *
86 * @since 1.0.0
87 *
88 * @param integer $code_name Code name
89 *
90 * @return array
91 */
92 public static function dml_query_by_name( $code_name ) {
93 global $wpdb;
94 return $wpdb->get_results(
95 $wpdb->prepare(
96 'select * from `' . self::get_base_table_name() . '` ' .
97 'where code_name = %s',
98 [
99 $code_name
100 ]
101 ),
102 'ARRAY_A'
103 );
104 }
105
106 /**
107 * Insert new row into code manager table
108 *
109 * @since 1.0.0
110 *
111 * @param string $code_name Code name
112 * @param integer $code_type Code type
113 * @param string $code Code
114 * @param string $code_author Author
115 * @param string $code_description Description
116 *
117 * @return int Code ID if insert was successful or -1 if insert failed
118 */
119 public static function dml_insert( $code_name, $code_type, $code, $code_author, $code_description, $code_enabled ) {
120 global $wpdb;
121 $rows = $wpdb->insert(
122 self::get_base_table_name(),
123 [
124 'code_name' => $code_name,
125 'code_type' => $code_type,
126 'code_enabled' => $code_enabled,
127 'code' => $code,
128 'code_author' => $code_author,
129 'code_description' => $code_description,
130 ]
131 );
132 return 1 === $rows ? $wpdb->insert_id : -1;
133 }
134
135 /**
136 * Update row in code manager table
137 *
138 * @since 1.0.0
139 *
140 * @param integer $code_id Code ID
141 * @param string $code_name Code name
142 * @param string $code_type Code type
143 * @param string $code Code
144 * @param string $code_author Author
145 * @param string $code_description Description
146 *
147 * @return integer Number of rows updated
148 */
149 public static function dml_update( $code_id, $code_name, $code_type, $code, $code_author, $code_description, $code_enabled ) {
150 $code_row = self::dml_query( $code_id );
151 $code_type_changed = false;
152
153 if ( is_array( $code_row ) && 1 === sizeof( $code_row ) ) {
154 if ( ! isset( $code_row[0]['code_type'] ) ) {
155 return 0;
156 } else {
157 if ( $code_type !== $code_row[0]['code_type'] ) {
158 $code_type_changed = true;
159 }
160 }
161 } else {
162 return 0;
163 }
164
165 $column_values = [
166 'code_name' => $code_name,
167 'code_type' => $code_type,
168 'code_enabled' => $code_enabled,
169 'code' => $code,
170 'code_author' => $code_author,
171 'code_description' => $code_description,
172 ];
173 if ( $code_type_changed ) {
174 $column_values['code_enabled'] = 0;
175 }
176
177 global $wpdb;
178 return $wpdb->update(
179 self::get_base_table_name(),
180 $column_values,
181 [
182 'code_id' => $code_id
183 ]
184 );
185 }
186
187 /**
188 * Delete row from code manager table
189 *
190 * @since 1.0.0
191 *
192 * @param integer $code_id Code ID
193 *
194 * @return integer Number of rows deleted
195 */
196 public static function dml_delete( $code_id ) {
197 global $wpdb;
198 return $wpdb->query(
199 $wpdb->prepare(
200 'delete from `' . self::get_base_table_name() . '` ' .
201 'where code_id = %d',
202 [
203 $code_id
204 ]
205 )
206 );
207 }
208
209 /**
210 * Get shortcode for a given code id
211 *
212 * @since 1.0.0
213 *
214 * @param integer $code_id Code ID
215 *
216 * @return string Code
217 */
218 public static function get_code_from_id( $code_id, $action = null ) {
219 if ( is_numeric( $code_id ) ) {
220 global $wpdb;
221 $query = 'select * from `' . self::get_base_table_name() . "` where code_id = %d";
222 $code =
223 $wpdb->get_results(
224 $wpdb->prepare(
225 $query,
226 [
227 $code_id
228 ]
229 ),
230 'ARRAY_A'
231 );
232
233 if ( 1 === $wpdb->num_rows ) {
234 if ( null === $action ) {
235 return $code[0]['code'];
236 } else {
237 return json_encode( $code[0] );
238 }
239 }
240 }
241
242 return '';
243 }
244
245 /**
246 * Get shortcode for a given code name
247 *
248 * @since 1.0.0
249 *
250 * @param integer $code_id Code ID
251 *
252 * @return string Code
253 */
254 protected static function get_code_from_name( $code_name ) {
255 if ( '' !== $code_name ) {
256 global $wpdb;
257 $query = 'select * from `' . self::get_base_table_name() . "` where code_name = %s";
258 $code =
259 $wpdb->get_results(
260 $wpdb->prepare(
261 $query,
262 [
263 $code_name
264 ]
265 ),
266 'ARRAY_A'
267 );
268
269 if ( 1 === $wpdb->num_rows ) {
270 return $code[0]['code'];
271 }
272 }
273
274 return '';
275 }
276
277 /**
278 * Get codes for a given code type
279 *
280 * @since 1.0.0
281 *
282 * @param string $code_type Code type
283 *
284 * @return array List of code
285 */
286 public static function get_codes( $code_type ) {
287 global $wpdb;
288 $query = 'select * from `' . self::get_base_table_name() . '` ' .
289 "where code_type = '{$code_type}'"; // No prepare needed
290 return $wpdb->get_results( $query, 'ARRAY_A' );
291 }
292
293 /**
294 * Get active codes (status = enabled) for a given code type
295 *
296 * @since 1.0.0
297 *
298 * @param string $code_type Code type
299 *
300 * @return array List of code
301 */
302 public static function get_active_codes( $code_type ) {
303 global $wpdb;
304 $query = 'select * from `' . self::get_base_table_name() . '` ' .
305 "where code_type = '{$code_type}' and code_enabled > 0"; // No prepare needed
306 return $wpdb->get_results( $query, 'ARRAY_A' );
307 }
308
309 /**
310 * Return only PHP, HTML and JS shortcodes
311 *
312 * @return mixed
313 */
314 public static function get_active_shortcodes() {
315 global $wpdb;
316 $query = 'select * from `' . self::get_base_table_name() . '` ' .
317 "where code_type like '%shortcode%' and code_type not like '%css%' and code_enabled > 0"; // No prepare needed
318 return $wpdb->get_results( $query, 'ARRAY_A' );
319 }
320
321 /**
322 * Update code from ajax request (insert when new: code_id = -1)
323 *
324 * @since 1.0.0
325 */
326 public static function update_code() {
327 self::header_no_cache();
328
329 if (
330 isset( $_REQUEST['wpnonce'] ) ||
331 isset( $_REQUEST['code_id'] ) ||
332 isset( $_REQUEST['code_name'] ) ||
333 isset( $_REQUEST['code_type'] ) ||
334 isset( $_REQUEST['code'] )
335 ) {
336 // All arguments available, start update process
337 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
338
339 // Check if actions is allowed
340 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
341 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
342 echo 'ERR-Token expired, please refresh page';
343 wp_die();
344 }
345
346 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
347 $code_type = sanitize_text_field( wp_unslash( $_REQUEST['code_type'] ) ); // input var okay.
348 $code = wp_unslash( $_REQUEST['code'] ); // input var okay.
349
350 global $wpdb;
351 $wpdb->suppress_errors( true );
352
353 if ( '-1' == $code_id ) {
354 // Insert new code
355 $rows_inserted = $wpdb->insert(
356 self::get_base_table_name(),
357 [
358 'code_name' => $code_name,
359 'code_type' => $code_type,
360 'code' => $code
361 ]
362 );
363
364 echo 1 === $rows_inserted ? 'INS-' . $wpdb->insert_id : 'ERR-' . $wpdb->last_error;
365 } else {
366 // Update existing code
367 $code_row = self::dml_query( $code_id );
368 $code_type_changed = false;
369
370 if ( is_array( $code_row ) && 1 === sizeof( $code_row ) ) {
371 if ( ! isset( $code_row[0]['code_type'] ) ) {
372 echo 'UPD-0';
373 wp_die();
374 } else {
375 if ( $code_type !== $code_row[0]['code_type'] ) {
376 $code_type_changed = true;
377 }
378 }
379 } else {
380 echo 'UPD-0';
381 wp_die();
382 }
383
384 $set_columns = 'set code_name = %s, code_type = %s, code = %s ';
385 if ( $code_type_changed ) {
386 $set_columns .= ', code_enabled = 0 ';
387 }
388
389 $rows_updated = $wpdb->query(
390 $wpdb->prepare(
391 'update ' . self::get_base_table_name() . ' ' .
392 $set_columns .
393 'where code_id = %d',
394 [
395 $code_name,
396 $code_type,
397 $code,
398 $code_id
399 ]
400 )
401 );
402
403 echo '' === $wpdb->last_error ? "UPD-{$rows_updated}" : 'ERR-' . $wpdb->last_error;
404 }
405 } else {
406 echo 'ERR-Wrong arguments';
407 }
408
409 wp_die();
410 }
411
412 /**
413 * Activate code preview from ajax request for a given code_id
414 *
415 * @since 1.0.0
416 */
417 public static function activate_code_preview() {
418 self::header_no_cache();
419
420 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
421 // Check if action is allowed
422 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
423 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
424 echo 'ERR-Token expired, please refresh page';
425 wp_die();
426 }
427
428 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
429
430 Code_Manager_Preview::add_user_preview_code_id( $code_id );
431
432 echo 'OK';
433 } else {
434 echo 'ERR-Wrong arguments';
435 }
436
437 wp_die();
438 }
439
440 /**
441 * Deactivate code preview from ajax request for a given code_id
442 *
443 * @since 1.0.0
444 */
445 public static function deactivate_code_preview() {
446 self::header_no_cache();
447
448 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
449 // Check if action is allowed
450 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
451 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
452 echo 'ERR-Token expired, please refresh page';
453 wp_die();
454 }
455
456 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
457
458 Code_Manager_Preview::remove_user_preview_code_id( $code_id );
459
460 echo 'OK';
461 } else {
462 echo 'ERR-Wrong arguments';
463 }
464
465 wp_die();
466 }
467
468 /**
469 * Reset all previewed code IDs
470 *
471 * @since 1.0.0
472 */
473 public static function reset_preview() {
474 self::header_no_cache();
475
476 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) ) {
477 // Check if action is allowed
478 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
479 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
480 echo 'ERR-Token expired, please refresh page';
481 wp_die();
482 }
483
484 global $wpdb;
485 $wpdb->query( "delete from {$wpdb->prefix}usermeta where meta_key = 'code_manager_preview_code_ids'" );
486
487 echo 'OK';
488 } else {
489 echo 'ERR-Wrong arguments';
490 }
491
492 wp_die();
493 }
494
495 /**
496 * Activate code from ajax request for a given code_id
497 *
498 * @since 1.0.0
499 */
500 public static function activate_code() {
501 self::header_no_cache();
502
503 if (
504 isset( $_REQUEST['wpnonce'] ) &&
505 isset( $_REQUEST['code_id'] ) &&
506 isset( $_REQUEST['code_item_value'] )
507 ) {
508 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
509
510 // Check if action is allowed
511 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
512 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
513 echo 'ERR-Token expired, please refresh page';
514 wp_die();
515 }
516
517 $code_item_value = sanitize_text_field( wp_unslash( $_REQUEST['code_item_value'] ) ); // input var okay.
518 $update_values = [
519 'code_enabled' => $code_item_value
520 ];
521
522 global $wpdb;
523 $wpdb->suppress_errors( true );
524 $rows_update = $wpdb->update(
525 self::get_base_table_name(),
526 $update_values,
527 [
528 'code_id' => $code_id
529 ]
530 );
531
532 echo '' === $wpdb->last_error ? "UPD-{$rows_update}" : 'ERR-' . $wpdb->last_error;
533 } else {
534 echo 'ERR-Wrong arguments';
535 }
536 }
537
538 /**
539 * Get a list with all available codes from ajax request
540 *
541 * @since 1.0.0
542 */
543 public static function get_code_list() {
544 self::header_no_cache();
545
546 // Check if action is allowed
547 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
548 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
549 echo 'ERR-Token expired, please refresh page';
550 wp_die();
551 }
552
553 $code_manager_tabs_class = CODE_MANAGER_TAB_CLASS;
554 $code_manager_tabs = new $code_manager_tabs_class();
555 $code_type_groups = $code_manager_tabs->get_code_types();
556 $code_types = [''];
557 foreach ( $code_type_groups as $code_type_group ) {
558 foreach ( $code_type_group as $key => $value ) {
559 $code_types[] = $key;
560 }
561 }
562
563 global $wpdb;
564 $query = 'select code_id, code_name, code_type, code_enabled from ' . self::get_base_table_name() . ' ' .
565 "where code_type in ('" . implode( "','", $code_types ) . "') " .
566 'order by code_name';
567 $rows = $wpdb->get_results( $query, 'ARRAY_A' );
568
569 $i = 0;
570 while ( $i < sizeof( $rows ) ) {
571 $rows[$i]['preview_enabled'] = Code_Manager_Preview::is_code_id_preview_enabled( $rows[$i]['code_id'] );
572 $i++;
573 }
574 echo json_encode( $rows );
575
576 wp_die();
577 }
578
579 public static function get_code() {
580 if ( isset( $_POST['wpda_action'] ) ** 'all' === $_POST['wpda_action'] ) {
581 self::header_no_cache( 'application/json' );
582 } else {
583 self::header_no_cache();
584 }
585
586 if ( isset( $_REQUEST['code_id'] ) ) {
587 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
588
589 // Check if action is allowed
590 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
591 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
592 echo 'ERR-Token expired, please refresh page';
593 wp_die();
594 }
595
596 echo self::get_code_from_id( $code_id, isset( $_POST['wpda_action'] ) ? $_POST['wpda_action'] : null );
597 } else {
598 echo 'ERR-Wrong arguments';
599 }
600
601 wp_die();
602 }
603
604 public static function is_code_preview_enabled() {
605 self::header_no_cache();
606
607 if (
608 isset( $_REQUEST['wpnonce'] ) &&
609 isset( $_REQUEST['code_id'] )
610 ) {
611 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
612
613 // Check if action is allowed
614 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
615 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
616 echo 'ERR-Token expired, please refresh page';
617 wp_die();
618 }
619
620 echo Code_Manager_Preview::is_code_id_preview_enabled( $code_id ) ? "true" : "false";
621 } else {
622 echo 'ERR-Wrong arguments';
623 }
624
625 wp_die();
626 }
627
628 /**
629 * Check if code name exists from ajax request
630 *
631 * @since 1.0.0
632 */
633 public static function code_name_exists() {
634 self::header_no_cache();
635
636 if ( isset( $_REQUEST['code_name'] ) ) {
637 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
638
639 // Check if action is allowed
640 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
641 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
642 echo 'ERR-Token expired, please refresh page';
643 wp_die();
644 }
645
646 if ( '' === self::get_code_from_name( $code_name ) ) {
647 echo 'OK';
648 } else {
649 echo 'ERR-Exists';
650 }
651 } else {
652 echo 'ERR-Wrong arguments';
653 }
654
655 wp_die();
656 }
657
658 /**
659 * Sends header to browser (allows content type changes)
660 *
661 * @since 1.0.0
662 */
663 protected static function header_no_cache( $content_type = 'text/plain' ) {
664 if ( ob_get_length() ) {
665 // Clear buffer to prevent errors (not 100% proof)
666 ob_clean();
667 }
668
669 if ( isset( $_REQUEST['code_manager_content_type'] ) ) {
670 // Check if action is allowed
671 $wp_nonce = isset( $_REQUEST['wpnonce_content_type'] ) ?
672 sanitize_text_field( wp_unslash( $_REQUEST['wpnonce_content_type'] ) ) : ''; // input var okay.
673 if ( wp_verify_nonce( $wp_nonce, 'code_manager_content_type' ) ) {
674 $content_type =
675 sanitize_text_field( wp_unslash( $_REQUEST['code_manager_content_type'] ) ); // input var okay.
676 }
677 }
678
679 header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
680 header("Cache-Control: post-check=0, pre-check=0", false);
681 header("Pragma: no-cache");
682 header("Content-Type: {$content_type}; charset=utf-8");
683 }
684
685 }
686
687 }