PluginProbe ʕ •ᴥ•ʔ
Code Manager / 1.0.20
Code Manager v1.0.20
1.0.47 trunk 1.0.0 1.0.1 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.2 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.3 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39 1.0.4 1.0.40 1.0.41 1.0.42 1.0.43 1.0.44 1.0.45 1.0.46 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9
code-manager / Code_Manager / Code_Manager_Model.php
code-manager / Code_Manager Last commit date
Code_Manager.php 3 years ago Code_Manager_Dashboard.php 3 years ago Code_Manager_Export.php 3 years ago Code_Manager_Form.php 3 years ago Code_Manager_Import.php 3 years ago Code_Manager_Import_File.php 3 years ago Code_Manager_List.php 3 years ago Code_Manager_List_View.php 3 years ago Code_Manager_Model.php 3 years ago Code_Manager_Preview.php 3 years ago Code_Manager_Settings.php 3 years ago Code_Manager_Tabs.php 3 years ago Message_Box.php 3 years ago WP_List_Table.php 3 years ago
Code_Manager_Model.php
714 lines
1 <?php
2 /**
3 * Code Manager database model
4 *
5 * @package Code_Manager
6 */
7
8 namespace Code_Manager {
9
10 /**
11 * Class Code_Manager_Model
12 *
13 * Interface between code manager front-end and code manager database table.
14 *
15 * @author Peter Schulz
16 * @since 1.0.0
17 */
18 class Code_Manager_Model {
19
20 /**
21 * Base table name without prefix
22 */
23 const BASE_TABLE_NAME = 'code_manager';
24
25 /**
26 * Base table name with prefix
27 *
28 * @since 1.0.0
29 *
30 * @return string Real base table name
31 */
32 public static function get_base_table_name() {
33 global $wpdb;
34 return $wpdb->prefix . static::BASE_TABLE_NAME;
35 }
36
37 /**
38 * Check if base table exists
39 *
40 * @since 1.0.0
41 *
42 * @return bool TRUE = table found
43 */
44 public static function table_exists() {
45 global $wpdb;
46
47 $wpdb->query(
48 $wpdb->prepare(
49 '
50 select true
51 from `information_schema`.`tables`
52 where table_schema = %s
53 and table_name = %s
54 ',
55 array(
56 $wpdb->dbname,
57 self::get_base_table_name(),
58 )
59 )
60 );
61 $wpdb->get_results();
62
63 return 1 === $wpdb->num_rows;
64 }
65
66 /**
67 * Get record from code manager table for given Code ID
68 *
69 * @since 1.0.0
70 *
71 * @param integer $code_id Code ID.
72 *
73 * @return array
74 */
75 public static function dml_query( $code_id ) {
76 global $wpdb;
77 return $wpdb->get_results(
78 $wpdb->prepare(
79 'select * from `' . self::get_base_table_name() . '` ' .
80 'where code_id = %d',
81 array(
82 $code_id,
83 )
84 ),
85 'ARRAY_A'
86 );
87 }
88
89 /**
90 * Get record from code manager table for given code name
91 *
92 * @since 1.0.0
93 *
94 * @param integer $code_name Code name.
95 *
96 * @return array
97 */
98 public static function dml_query_by_name( $code_name ) {
99 global $wpdb;
100 return $wpdb->get_results(
101 $wpdb->prepare(
102 'select * from `' . self::get_base_table_name() . '` ' .
103 'where code_name = %s',
104 array(
105 $code_name,
106 )
107 ),
108 'ARRAY_A'
109 );
110 }
111
112 /**
113 * Insert new row into code manager table
114 *
115 * @since 1.0.0
116 *
117 * @param string $code_name Code name.
118 * @param integer $code_type Code type.
119 * @param string $code Code.
120 * @param string $code_author Author.
121 * @param string $code_description Description.
122 * @param string $code_enabled Is code enabled?.
123 *
124 * @return int Code ID if insert was successful or -1 if insert failed
125 */
126 public static function dml_insert( $code_name, $code_type, $code, $code_author, $code_description, $code_enabled ) {
127 global $wpdb;
128 $rows = $wpdb->insert(
129 self::get_base_table_name(),
130 array(
131 'code_name' => $code_name,
132 'code_type' => $code_type,
133 'code_enabled' => $code_enabled,
134 'code' => $code,
135 'code_author' => $code_author,
136 'code_description' => $code_description,
137 )
138 );
139 return 1 === $rows ? $wpdb->insert_id : -1;
140 }
141
142 /**
143 * Update row in code manager table
144 *
145 * @since 1.0.0
146 *
147 * @param integer $code_id Code ID.
148 * @param string $code_name Code name.
149 * @param string $code_type Code type.
150 * @param string $code Code.
151 * @param string $code_author Author.
152 * @param string $code_description Description.
153 * @param string $code_enabled Is code enabled?.
154 *
155 * @return integer Number of rows updated
156 */
157 public static function dml_update( $code_id, $code_name, $code_type, $code, $code_author, $code_description, $code_enabled ) {
158 $code_row = self::dml_query( $code_id );
159 $code_type_changed = false;
160
161 if ( is_array( $code_row ) && 1 === count( $code_row ) ) {
162 if ( ! isset( $code_row[0]['code_type'] ) ) {
163 return 0;
164 } else {
165 if ( $code_type !== $code_row[0]['code_type'] ) {
166 $code_type_changed = true;
167 }
168 }
169 } else {
170 return 0;
171 }
172
173 $column_values = array(
174 'code_name' => $code_name,
175 'code_type' => $code_type,
176 'code_enabled' => $code_enabled,
177 'code' => $code,
178 'code_author' => $code_author,
179 'code_description' => $code_description,
180 );
181 if ( $code_type_changed ) {
182 $column_values['code_enabled'] = 0;
183 }
184
185 global $wpdb;
186 return $wpdb->update(
187 self::get_base_table_name(),
188 $column_values,
189 array(
190 'code_id' => $code_id,
191 )
192 );
193 }
194
195 /**
196 * Delete row from code manager table
197 *
198 * @since 1.0.0
199 *
200 * @param integer $code_id Code ID.
201 *
202 * @return integer Number of rows deleted
203 */
204 public static function dml_delete( $code_id ) {
205 global $wpdb;
206 return $wpdb->query(
207 $wpdb->prepare(
208 'delete from `' . self::get_base_table_name() . '` ' .
209 'where code_id = %d',
210 array(
211 $code_id,
212 )
213 )
214 );
215 }
216
217 /**
218 * Get shortcode for a given code id
219 *
220 * @since 1.0.0
221 *
222 * @param integer $code_id Code ID.
223 * @param string $action Action.
224 *
225 * @return string Code
226 */
227 public static function get_code_from_id( $code_id, $action = null ) {
228 if ( is_numeric( $code_id ) ) {
229 global $wpdb;
230 $query = 'select * from `' . self::get_base_table_name() . '` where code_id = %d';
231 $code =
232 $wpdb->get_results(
233 $wpdb->prepare(
234 $query,
235 array(
236 $code_id,
237 )
238 ),
239 'ARRAY_A'
240 );
241
242 if ( 1 === $wpdb->num_rows ) {
243 if ( null === $action ) {
244 return $code[0]['code'];
245 } else {
246 return wp_json_encode( $code[0] );
247 }
248 }
249 }
250
251 return '';
252 }
253
254 /**
255 * Get shortcode for a given code name
256 *
257 * @since 1.0.0
258 *
259 * @param integer $code_id Code ID
260 *
261 * @return string Code
262 */
263 protected static function get_code_from_name( $code_name ) {
264 if ( '' !== $code_name ) {
265 global $wpdb;
266 $query = 'select * from `' . self::get_base_table_name() . '` where code_name = %s';
267 $code =
268 $wpdb->get_results(
269 $wpdb->prepare(
270 $query,
271 array(
272 $code_name,
273 )
274 ),
275 'ARRAY_A'
276 );
277
278 if ( 1 === $wpdb->num_rows ) {
279 return $code[0]['code'];
280 }
281 }
282
283 return '';
284 }
285
286 /**
287 * Get codes for a given code type
288 *
289 * @since 1.0.0
290 *
291 * @param string $code_type Code type.
292 *
293 * @return array List of code
294 */
295 public static function get_codes( $code_type ) {
296 global $wpdb;
297 $query =
298 'select * from `' . self::get_base_table_name() . '` ' .
299 "where code_type = '{$code_type}'"; // No prepare needed.
300 return $wpdb->get_results( $query, 'ARRAY_A' );
301 }
302
303 /**
304 * Get active codes (status = enabled) for a given code type
305 *
306 * @since 1.0.0
307 *
308 * @param string $code_type Code type.
309 *
310 * @return array List of code
311 */
312 public static function get_active_codes( $code_type ) {
313 global $wpdb;
314 $query =
315 'select * from `' . self::get_base_table_name() . '` ' .
316 "where code_type = '{$code_type}' and code_enabled > 0"; // No prepare needed.
317 return $wpdb->get_results( $query, 'ARRAY_A' );
318 }
319
320 /**
321 * Return only PHP, HTML and JS shortcodes
322 *
323 * @return mixed
324 */
325 public static function get_active_shortcodes() {
326 global $wpdb;
327 $query =
328 'select * from `' . self::get_base_table_name() . '` ' .
329 "where code_type like '%shortcode%' and code_type not like '%css%' and code_enabled > 0"; // No prepare needed.
330 return $wpdb->get_results( $query, 'ARRAY_A' );
331 }
332
333 /**
334 * Update code from ajax request (insert when new: code_id = -1)
335 *
336 * @since 1.0.0
337 */
338 public static function update_code() {
339 self::header_no_cache();
340
341 if (
342 isset( $_REQUEST['wpnonce'] ) ||
343 isset( $_REQUEST['code_id'] ) ||
344 isset( $_REQUEST['code_name'] ) ||
345 isset( $_REQUEST['code_type'] ) ||
346 isset( $_REQUEST['code'] )
347 ) {
348 // All arguments available, start update process.
349 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
350
351 // Check if actions is allowed.
352 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
353 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
354 echo 'ERR-Token expired, please refresh page';
355 wp_die();
356 }
357
358 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
359 $code_type = sanitize_text_field( wp_unslash( $_REQUEST['code_type'] ) ); // input var okay.
360 $code = wp_unslash( $_REQUEST['code'] ); // input var okay.
361
362 global $wpdb;
363 $wpdb->suppress_errors( true );
364
365 if ( '-1' === $code_id ) {
366 // Insert new code.
367 $rows_inserted = $wpdb->insert(
368 self::get_base_table_name(),
369 array(
370 'code_name' => $code_name,
371 'code_type' => $code_type,
372 'code' => $code,
373 )
374 );
375
376 echo 1 === $rows_inserted ? 'INS-' . esc_attr( $wpdb->insert_id ) : 'ERR-' . esc_html( $wpdb->last_error );
377 } else {
378 // Update existing code.
379 $code_row = self::dml_query( $code_id );
380 $code_type_changed = false;
381
382 if ( is_array( $code_row ) && 1 === count( $code_row ) ) {
383 if ( ! isset( $code_row[0]['code_type'] ) ) {
384 echo 'UPD-0';
385 wp_die();
386 } else {
387 if ( $code_type !== $code_row[0]['code_type'] ) {
388 $code_type_changed = true;
389 }
390 }
391 } else {
392 echo 'UPD-0';
393 wp_die();
394 }
395
396 $set_columns = 'set code_name = %s, code_type = %s, code = %s ';
397 if ( $code_type_changed ) {
398 $set_columns .= ', code_enabled = 0 ';
399 }
400
401 $update =
402 'update ' . self::get_base_table_name() . ' ' .
403 $set_columns .
404 'where code_id = %d';
405
406 $rows_updated = $wpdb->query(
407 $wpdb->prepare(
408 $update,
409 array(
410 $code_name,
411 $code_type,
412 $code,
413 $code_id,
414 )
415 )
416 );
417
418 echo '' === $wpdb->last_error ? 'UPD-' . esc_attr( $rows_updated ) : 'ERR-' . esc_html( $wpdb->last_error );
419 }
420 } else {
421 echo 'ERR-Wrong arguments';
422 }
423
424 wp_die();
425 }
426
427 /**
428 * Activate code preview from ajax request for a given code_id
429 *
430 * @since 1.0.0
431 */
432 public static function activate_code_preview() {
433 self::header_no_cache();
434
435 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
436 // Check if action is allowed.
437 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
438 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
439 echo 'ERR-Token expired, please refresh page';
440 wp_die();
441 }
442
443 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
444
445 Code_Manager_Preview::add_user_preview_code_id( $code_id );
446
447 echo 'OK';
448 } else {
449 echo 'ERR-Wrong arguments';
450 }
451
452 wp_die();
453 }
454
455 /**
456 * Deactivate code preview from ajax request for a given code_id
457 *
458 * @since 1.0.0
459 */
460 public static function deactivate_code_preview() {
461 self::header_no_cache();
462
463 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
464 // Check if action is allowed.
465 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
466 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
467 echo 'ERR-Token expired, please refresh page';
468 wp_die();
469 }
470
471 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
472
473 Code_Manager_Preview::remove_user_preview_code_id( $code_id );
474
475 echo 'OK';
476 } else {
477 echo 'ERR-Wrong arguments';
478 }
479
480 wp_die();
481 }
482
483 /**
484 * Reset all previewed code IDs
485 *
486 * @since 1.0.0
487 */
488 public static function reset_preview() {
489 self::header_no_cache();
490
491 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) ) {
492 // Check if action is allowed.
493 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
494 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
495 echo 'ERR-Token expired, please refresh page';
496 wp_die();
497 }
498
499 global $wpdb;
500 $wpdb->query( "delete from {$wpdb->prefix}usermeta where meta_key = 'code_manager_preview_code_ids'" );
501
502 echo 'OK';
503 } else {
504 echo 'ERR-Wrong arguments';
505 }
506
507 wp_die();
508 }
509
510 /**
511 * Activate code from ajax request for a given code_id
512 *
513 * @since 1.0.0
514 */
515 public static function activate_code() {
516 self::header_no_cache();
517
518 if (
519 isset( $_REQUEST['wpnonce'] ) &&
520 isset( $_REQUEST['code_id'] ) &&
521 isset( $_REQUEST['code_item_value'] )
522 ) {
523 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
524
525 // Check if action is allowed.
526 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
527 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
528 echo 'ERR-Token expired, please refresh page';
529 wp_die();
530 }
531
532 $code_item_value = sanitize_text_field( wp_unslash( $_REQUEST['code_item_value'] ) ); // input var okay.
533 $update_values = array(
534 'code_enabled' => $code_item_value,
535 );
536
537 global $wpdb;
538 $wpdb->suppress_errors( true );
539 $rows_update = $wpdb->update(
540 self::get_base_table_name(),
541 $update_values,
542 array(
543 'code_id' => $code_id,
544 )
545 );
546
547 echo '' === $wpdb->last_error ? 'UPD-' . esc_attr( $rows_update ) : 'ERR-' . esc_html( $wpdb->last_error );
548 } else {
549 echo 'ERR-Wrong arguments';
550 }
551 }
552
553 /**
554 * Get a list with all available codes from ajax request
555 *
556 * @since 1.0.0
557 */
558 public static function get_code_list() {
559 self::header_no_cache();
560
561 // Check if action is allowed.
562 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
563 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
564 echo 'ERR-Token expired, please refresh page';
565 wp_die();
566 }
567
568 $code_manager_tabs_class = CODE_MANAGER_TAB_CLASS;
569 $code_manager_tabs = new $code_manager_tabs_class();
570 $code_type_groups = $code_manager_tabs->get_code_types();
571 $code_types = array( '' );
572 foreach ( $code_type_groups as $code_type_group ) {
573 foreach ( $code_type_group as $key => $value ) {
574 $code_types[] = $key;
575 }
576 }
577
578 global $wpdb;
579 $query = 'select code_id, code_name, code_type, code_enabled from ' . self::get_base_table_name() . ' ' .
580 "where code_type in ('" . implode( "','", $code_types ) . "') " .
581 'order by code_name';
582 $rows = $wpdb->get_results( $query, 'ARRAY_A' );
583 $i = 0;
584 $count = count( $rows );
585 while ( $i < $count ) {
586 $rows[ $i ]['preview_enabled'] = Code_Manager_Preview::is_code_id_preview_enabled( $rows[ $i ]['code_id'] );
587 $i++;
588 }
589 echo wp_json_encode( $rows );
590
591 wp_die();
592 }
593
594 /**
595 * Get code from ajax request
596 *
597 * @return void
598 */
599 public static function get_code() {
600 if ( isset( $_POST['wpda_action'] ) && 'all' === $_POST['wpda_action'] ) {
601 self::header_no_cache( 'application/json' );
602 } else {
603 self::header_no_cache();
604 }
605
606 if ( isset( $_REQUEST['code_id'] ) ) {
607 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
608
609 // Check if action is allowed.
610 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
611 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
612 echo 'ERR-Token expired, please refresh page';
613 wp_die();
614 }
615
616 echo self::get_code_from_id( $code_id, isset( $_POST['wpda_action'] ) ? sanitize_text_field( wp_unslash( $_POST['wpda_action'] ) ) : null );
617 } else {
618 echo 'ERR-Wrong arguments';
619 }
620
621 wp_die();
622 }
623
624 /**
625 * Check if code is enabled through ajax
626 *
627 * @return void
628 */
629 public static function is_code_preview_enabled() {
630 self::header_no_cache();
631
632 if (
633 isset( $_REQUEST['wpnonce'] ) &&
634 isset( $_REQUEST['code_id'] )
635 ) {
636 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
637
638 // Check if action is allowed.
639 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
640 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
641 echo 'ERR-Token expired, please refresh page';
642 wp_die();
643 }
644
645 echo Code_Manager_Preview::is_code_id_preview_enabled( $code_id ) ? 'true' : 'false';
646 } else {
647 echo 'ERR-Wrong arguments';
648 }
649
650 wp_die();
651 }
652
653 /**
654 * Check if code name exists from ajax request
655 *
656 * @since 1.0.0
657 */
658 public static function code_name_exists() {
659 self::header_no_cache();
660
661 if ( isset( $_REQUEST['code_name'] ) ) {
662 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
663
664 // Check if action is allowed.
665 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
666 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
667 echo 'ERR-Token expired, please refresh page';
668 wp_die();
669 }
670
671 if ( '' === self::get_code_from_name( $code_name ) ) {
672 echo 'OK';
673 } else {
674 echo 'ERR-Exists';
675 }
676 } else {
677 echo 'ERR-Wrong arguments';
678 }
679
680 wp_die();
681 }
682
683 /**
684 * Sends header to browser (allows content type changes)
685 *
686 * @param string $content_type Content type.
687 * @since 1.0.0
688 */
689 protected static function header_no_cache( $content_type = 'text/plain' ) {
690 if ( ob_get_length() ) {
691 // Clear buffer to prevent errors (not 100% proof).
692 ob_clean();
693 }
694
695 if ( isset( $_REQUEST['code_manager_content_type'] ) ) {
696 // Check if action is allowed.
697 $wp_nonce = isset( $_REQUEST['wpnonce_content_type'] ) ?
698 sanitize_text_field( wp_unslash( $_REQUEST['wpnonce_content_type'] ) ) : ''; // input var okay.
699 if ( wp_verify_nonce( $wp_nonce, 'code_manager_content_type' ) ) {
700 $content_type =
701 sanitize_text_field( wp_unslash( $_REQUEST['code_manager_content_type'] ) ); // input var okay.
702 }
703 }
704
705 header( 'Cache-Control: no-store, no-cache, must-revalidate, max-age=0' );
706 header( 'Cache-Control: post-check=0, pre-check=0', false );
707 header( 'Pragma: no-cache' );
708 header( "Content-Type: {$content_type}; charset=utf-8" );
709 }
710
711 }
712
713 }
714