PluginProbe ʕ •ᴥ•ʔ
Code Manager / 1.0.32
Code Manager v1.0.32
1.0.47 trunk 1.0.0 1.0.1 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.2 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.3 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39 1.0.4 1.0.40 1.0.41 1.0.42 1.0.43 1.0.44 1.0.45 1.0.46 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9
code-manager / Code_Manager / Code_Manager_Model.php
code-manager / Code_Manager Last commit date
Code_Manager.php 2 years ago Code_Manager_Dashboard.php 2 years ago Code_Manager_Export.php 2 years ago Code_Manager_Form.php 2 years ago Code_Manager_Import.php 2 years ago Code_Manager_Import_File.php 2 years ago Code_Manager_List.php 2 years ago Code_Manager_List_View.php 2 years ago Code_Manager_Model.php 2 years ago Code_Manager_Preview.php 2 years ago Code_Manager_Settings.php 2 years ago Code_Manager_Tabs.php 2 years ago Message_Box.php 2 years ago WP_List_Table.php 2 years ago
Code_Manager_Model.php
677 lines
1 <?php
2
3 /**
4 * Code Manager database model
5 *
6 * @package Code_Manager
7 */
8 namespace Code_Manager;
9
10 /**
11 * Class Code_Manager_Model
12 *
13 * Interface between code manager front-end and code manager database table.
14 *
15 * @author Peter Schulz
16 * @since 1.0.0
17 */
18 class Code_Manager_Model
19 {
20 /**
21 * Base table name without prefix
22 */
23 const BASE_TABLE_NAME = 'code_manager' ;
24 /**
25 * Base table name with prefix
26 *
27 * @since 1.0.0
28 *
29 * @return string Real base table name
30 */
31 public static function get_base_table_name()
32 {
33 global $wpdb ;
34 return $wpdb->prefix . static::BASE_TABLE_NAME;
35 }
36
37 /**
38 * Check if base table exists
39 *
40 * @since 1.0.0
41 *
42 * @return bool TRUE = table found
43 */
44 public static function table_exists()
45 {
46 global $wpdb ;
47 $wpdb->query( $wpdb->prepare( '
48 select true
49 from `information_schema`.`tables`
50 where table_schema = %s
51 and table_name = %s
52 ', array( $wpdb->dbname, self::get_base_table_name() ) ) );
53 $wpdb->get_results();
54 return 1 === $wpdb->num_rows;
55 }
56
57 /**
58 * Get record from code manager table for given Code ID
59 *
60 * @since 1.0.0
61 *
62 * @param integer $code_id Code ID.
63 *
64 * @return array
65 */
66 public static function dml_query( $code_id )
67 {
68 global $wpdb ;
69 return $wpdb->get_results( $wpdb->prepare( 'select * from `' . self::get_base_table_name() . '` ' . 'where code_id = %d', array( $code_id ) ), 'ARRAY_A' );
70 }
71
72 /**
73 * Get record from code manager table for given code name
74 *
75 * @since 1.0.0
76 *
77 * @param integer $code_name Code name.
78 *
79 * @return array
80 */
81 public static function dml_query_by_name( $code_name )
82 {
83 global $wpdb ;
84 return $wpdb->get_results( $wpdb->prepare( 'select * from `' . self::get_base_table_name() . '` ' . 'where code_name = %s', array( $code_name ) ), 'ARRAY_A' );
85 }
86
87 /**
88 * Insert new row into code manager table
89 *
90 * @since 1.0.0
91 *
92 * @param string $code_name Code name.
93 * @param integer $code_type Code type.
94 * @param string $code Code.
95 * @param string $code_author Author.
96 * @param string $code_description Description.
97 * @param string $code_enabled Is code enabled?.
98 *
99 * @return int Code ID if insert was successful or -1 if insert failed
100 */
101 public static function dml_insert(
102 $code_name,
103 $code_type,
104 $code,
105 $code_author,
106 $code_description,
107 $code_enabled
108 )
109 {
110 global $wpdb ;
111 $rows = $wpdb->insert( self::get_base_table_name(), array(
112 'code_name' => $code_name,
113 'code_type' => $code_type,
114 'code_enabled' => $code_enabled,
115 'code' => $code,
116 'code_author' => $code_author,
117 'code_description' => $code_description,
118 ) );
119 return ( 1 === $rows ? $wpdb->insert_id : -1 );
120 }
121
122 /**
123 * Update row in code manager table
124 *
125 * @since 1.0.0
126 *
127 * @param integer $code_id Code ID.
128 * @param string $code_name Code name.
129 * @param string $code_type Code type.
130 * @param string $code Code.
131 * @param string $code_author Author.
132 * @param string $code_description Description.
133 * @param string $code_enabled Is code enabled?.
134 *
135 * @return integer Number of rows updated
136 */
137 public static function dml_update(
138 $code_id,
139 $code_name,
140 $code_type,
141 $code,
142 $code_author,
143 $code_description,
144 $code_enabled
145 )
146 {
147 $code_row = self::dml_query( $code_id );
148 $code_type_changed = false;
149
150 if ( is_array( $code_row ) && 1 === count( $code_row ) ) {
151
152 if ( !isset( $code_row[0]['code_type'] ) ) {
153 return 0;
154 } else {
155 if ( $code_type !== $code_row[0]['code_type'] ) {
156 $code_type_changed = true;
157 }
158 }
159
160 } else {
161 return 0;
162 }
163
164 $column_values = array(
165 'code_name' => $code_name,
166 'code_type' => $code_type,
167 'code_enabled' => $code_enabled,
168 'code' => $code,
169 'code_author' => $code_author,
170 'code_description' => $code_description,
171 );
172 if ( $code_type_changed ) {
173 $column_values['code_enabled'] = 0;
174 }
175 global $wpdb ;
176 return $wpdb->update( self::get_base_table_name(), $column_values, array(
177 'code_id' => $code_id,
178 ) );
179 }
180
181 /**
182 * Delete row from code manager table
183 *
184 * @since 1.0.0
185 *
186 * @param integer $code_id Code ID.
187 *
188 * @return integer Number of rows deleted
189 */
190 public static function dml_delete( $code_id )
191 {
192 global $wpdb ;
193 return $wpdb->query( $wpdb->prepare( 'delete from `' . self::get_base_table_name() . '` ' . 'where code_id = %d', array( $code_id ) ) );
194 }
195
196 /**
197 * Get shortcode for a given code id
198 *
199 * @since 1.0.0
200 *
201 * @param integer $code_id Code ID.
202 * @param string $action Action.
203 *
204 * @return string Code
205 */
206 public static function get_code_from_id( $code_id, $action = null )
207 {
208
209 if ( is_numeric( $code_id ) ) {
210 global $wpdb ;
211 $query = 'select * from `' . self::get_base_table_name() . '` where code_id = %d';
212 $code = $wpdb->get_results( $wpdb->prepare( $query, array( $code_id ) ), 'ARRAY_A' );
213 if ( 1 === $wpdb->num_rows ) {
214
215 if ( null === $action ) {
216 return $code[0]['code'];
217 } else {
218 return wp_json_encode( $code[0] );
219 }
220
221 }
222 }
223
224 return '';
225 }
226
227 /**
228 * Get shortcode for a given code name
229 *
230 * @since 1.0.0
231 *
232 * @param integer $code_id Code ID
233 *
234 * @return string Code
235 */
236 protected static function get_code_from_name( $code_name )
237 {
238
239 if ( '' !== $code_name ) {
240 global $wpdb ;
241 $query = 'select * from `' . self::get_base_table_name() . '` where code_name = %s';
242 $code = $wpdb->get_results( $wpdb->prepare( $query, array( $code_name ) ), 'ARRAY_A' );
243 if ( 1 === $wpdb->num_rows ) {
244 return $code[0]['code'];
245 }
246 }
247
248 return '';
249 }
250
251 /**
252 * Get codes for a given code type
253 *
254 * @since 1.0.0
255 *
256 * @param string $code_type Code type.
257 *
258 * @return array List of code
259 */
260 public static function get_codes( $code_type )
261 {
262 global $wpdb ;
263 $query = 'select * from `' . self::get_base_table_name() . '` ' . "where code_type = '{$code_type}'";
264 // No prepare needed.
265 return $wpdb->get_results( $query, 'ARRAY_A' );
266 }
267
268 /**
269 * Get active codes (status = enabled) for a given code type
270 *
271 * @since 1.0.0
272 *
273 * @param string $code_type Code type.
274 *
275 * @return array List of code
276 */
277 public static function get_active_codes( $code_type )
278 {
279 global $wpdb ;
280 $query = 'select * from `' . self::get_base_table_name() . '` ' . "where code_type = '{$code_type}' and code_enabled > 0";
281 // No prepare needed.
282 return $wpdb->get_results( $query, 'ARRAY_A' );
283 }
284
285 /**
286 * Return only PHP, HTML and JS shortcodes
287 *
288 * @return mixed
289 */
290 public static function get_active_shortcodes()
291 {
292 global $wpdb ;
293 $query = 'select * from `' . self::get_base_table_name() . '` ' . "where code_type like '%shortcode%' and code_type not like '%css%' and code_enabled > 0";
294 // No prepare needed.
295 return $wpdb->get_results( $query, 'ARRAY_A' );
296 }
297
298 /**
299 * Update code from ajax request (insert when new: code_id = -1)
300 *
301 * @since 1.0.0
302 */
303 public static function update_code()
304 {
305 self::header_no_cache();
306
307 if ( isset( $_REQUEST['wpnonce'] ) || isset( $_REQUEST['code_id'] ) || isset( $_REQUEST['code_name'] ) || isset( $_REQUEST['code_type'] ) || isset( $_REQUEST['code'] ) ) {
308 // All arguments available, start update process.
309 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
310 // input var okay.
311 // Check if actions is allowed.
312 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
313 // input var okay.
314
315 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
316 echo 'ERR-Token expired, please refresh page' ;
317 wp_die();
318 }
319
320 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) );
321 // input var okay.
322 $code_type = sanitize_text_field( wp_unslash( $_REQUEST['code_type'] ) );
323 // input var okay.
324 $code = wp_unslash( $_REQUEST['code'] );
325 // input var okay.
326 global $wpdb ;
327 $wpdb->suppress_errors( true );
328
329 if ( '-1' === $code_id ) {
330 // Insert new code.
331 $rows_inserted = $wpdb->insert( self::get_base_table_name(), array(
332 'code_name' => $code_name,
333 'code_type' => $code_type,
334 'code' => $code,
335 ) );
336 echo ( 1 === $rows_inserted ? 'INS-' . esc_attr( $wpdb->insert_id ) : 'ERR-' . esc_html( $wpdb->last_error ) ) ;
337 } else {
338 // Update existing code.
339 $code_row = self::dml_query( $code_id );
340 $code_type_changed = false;
341
342 if ( is_array( $code_row ) && 1 === count( $code_row ) ) {
343
344 if ( !isset( $code_row[0]['code_type'] ) ) {
345 echo 'UPD-0' ;
346 wp_die();
347 } else {
348 if ( $code_type !== $code_row[0]['code_type'] ) {
349 $code_type_changed = true;
350 }
351 }
352
353 } else {
354 echo 'UPD-0' ;
355 wp_die();
356 }
357
358 $set_columns = 'set code_name = %s, code_type = %s, code = %s ';
359 if ( $code_type_changed ) {
360 $set_columns .= ', code_enabled = 0 ';
361 }
362 $update = 'update ' . self::get_base_table_name() . ' ' . $set_columns . 'where code_id = %d';
363 $rows_updated = $wpdb->query( $wpdb->prepare( $update, array(
364 $code_name,
365 $code_type,
366 $code,
367 $code_id
368 ) ) );
369 echo ( '' === $wpdb->last_error ? 'UPD-' . esc_attr( $rows_updated ) : 'ERR-' . esc_html( $wpdb->last_error ) ) ;
370 }
371
372 } else {
373 echo 'ERR-Wrong arguments' ;
374 }
375
376 wp_die();
377 }
378
379 /**
380 * Activate code preview from ajax request for a given code_id
381 *
382 * @since 1.0.0
383 */
384 public static function activate_code_preview()
385 {
386 self::header_no_cache();
387
388 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
389 // Check if action is allowed.
390 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
391 // input var okay.
392
393 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
394 echo 'ERR-Token expired, please refresh page' ;
395 wp_die();
396 }
397
398 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
399 // input var okay.
400 Code_Manager_Preview::add_user_preview_code_id( $code_id );
401 echo 'OK' ;
402 } else {
403 echo 'ERR-Wrong arguments' ;
404 }
405
406 wp_die();
407 }
408
409 /**
410 * Deactivate code preview from ajax request for a given code_id
411 *
412 * @since 1.0.0
413 */
414 public static function deactivate_code_preview()
415 {
416 self::header_no_cache();
417
418 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
419 // Check if action is allowed.
420 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
421 // input var okay.
422
423 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
424 echo 'ERR-Token expired, please refresh page' ;
425 wp_die();
426 }
427
428 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
429 // input var okay.
430 Code_Manager_Preview::remove_user_preview_code_id( $code_id );
431 echo 'OK' ;
432 } else {
433 echo 'ERR-Wrong arguments' ;
434 }
435
436 wp_die();
437 }
438
439 /**
440 * Reset all previewed code IDs
441 *
442 * @since 1.0.0
443 */
444 public static function reset_preview()
445 {
446 self::header_no_cache();
447
448 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) ) {
449 // Check if action is allowed.
450 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
451 // input var okay.
452
453 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
454 echo 'ERR-Token expired, please refresh page' ;
455 wp_die();
456 }
457
458 global $wpdb ;
459 $wpdb->query( "delete from {$wpdb->prefix}usermeta where meta_key = 'code_manager_preview_code_ids'" );
460 echo 'OK' ;
461 } else {
462 echo 'ERR-Wrong arguments' ;
463 }
464
465 wp_die();
466 }
467
468 /**
469 * Activate code from ajax request for a given code_id
470 *
471 * @since 1.0.0
472 */
473 public static function activate_code()
474 {
475 self::header_no_cache();
476
477 if ( isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) && isset( $_REQUEST['code_item_value'] ) ) {
478 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
479 // input var okay.
480 // Check if action is allowed.
481 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
482 // input var okay.
483
484 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
485 echo 'ERR-Token expired, please refresh page' ;
486 wp_die();
487 }
488
489 $code_item_value = sanitize_text_field( wp_unslash( $_REQUEST['code_item_value'] ) );
490 // input var okay.
491 $update_values = array(
492 'code_enabled' => $code_item_value,
493 );
494 global $wpdb ;
495 $wpdb->suppress_errors( true );
496 $rows_update = $wpdb->update( self::get_base_table_name(), $update_values, array(
497 'code_id' => $code_id,
498 ) );
499 echo ( '' === $wpdb->last_error ? 'UPD-' . esc_attr( $rows_update ) : 'ERR-' . esc_html( $wpdb->last_error ) ) ;
500 } else {
501 echo 'ERR-Wrong arguments' ;
502 }
503
504 }
505
506 /**
507 * Get a list with all available codes from ajax request
508 *
509 * @since 1.0.0
510 */
511 public static function get_code_list()
512 {
513 self::header_no_cache();
514 // Check if action is allowed.
515 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
516 // input var okay.
517
518 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
519 echo 'ERR-Token expired, please refresh page' ;
520 wp_die();
521 }
522
523 $code_manager_tab = null;
524 if ( null === $code_manager_tab ) {
525 $code_manager_tab = new Code_Manager_Tabs();
526 }
527 $code_type_groups = $code_manager_tab->get_code_types();
528 $code_types = array( '' );
529 foreach ( $code_type_groups as $code_type_group ) {
530 foreach ( $code_type_group as $key => $value ) {
531 $code_types[] = $key;
532 }
533 }
534 global $wpdb ;
535 $query = 'select code_id, code_name, code_type, code_enabled from ' . self::get_base_table_name() . ' ' . "where code_type in ('" . implode( "','", $code_types ) . "') " . 'order by code_name';
536 $rows = $wpdb->get_results( $query, 'ARRAY_A' );
537 $i = 0;
538 $count = count( $rows );
539 while ( $i < $count ) {
540 $rows[$i]['preview_enabled'] = Code_Manager_Preview::is_code_id_preview_enabled( $rows[$i]['code_id'] );
541 $i++;
542 }
543 echo wp_json_encode( $rows ) ;
544 wp_die();
545 }
546
547 /**
548 * Get code from ajax request
549 *
550 * @return void
551 */
552 public static function get_code()
553 {
554
555 if ( isset( $_POST['wpda_action'] ) && 'all' === $_POST['wpda_action'] ) {
556 self::header_no_cache( 'application/json' );
557 } else {
558 self::header_no_cache();
559 }
560
561
562 if ( isset( $_REQUEST['code_id'] ) ) {
563 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
564 // input var okay.
565 // Check if action is allowed.
566 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
567 // input var okay.
568
569 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
570 echo 'ERR-Token expired, please refresh page' ;
571 wp_die();
572 }
573
574 echo self::get_code_from_id( $code_id, ( isset( $_POST['wpda_action'] ) ? sanitize_text_field( wp_unslash( $_POST['wpda_action'] ) ) : null ) ) ;
575 } else {
576 echo 'ERR-Wrong arguments' ;
577 }
578
579 wp_die();
580 }
581
582 /**
583 * Check if code is enabled through ajax
584 *
585 * @return void
586 */
587 public static function is_code_preview_enabled()
588 {
589 self::header_no_cache();
590
591 if ( isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
592 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
593 // input var okay.
594 // Check if action is allowed.
595 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
596 // input var okay.
597
598 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
599 echo 'ERR-Token expired, please refresh page' ;
600 wp_die();
601 }
602
603 echo ( Code_Manager_Preview::is_code_id_preview_enabled( $code_id ) ? 'true' : 'false' ) ;
604 } else {
605 echo 'ERR-Wrong arguments' ;
606 }
607
608 wp_die();
609 }
610
611 /**
612 * Check if code name exists from ajax request
613 *
614 * @since 1.0.0
615 */
616 public static function code_name_exists()
617 {
618 self::header_no_cache();
619
620 if ( isset( $_REQUEST['code_name'] ) ) {
621 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) );
622 // input var okay.
623 // Check if action is allowed.
624 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
625 // input var okay.
626
627 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
628 echo 'ERR-Token expired, please refresh page' ;
629 wp_die();
630 }
631
632
633 if ( '' === self::get_code_from_name( $code_name ) ) {
634 echo 'OK' ;
635 } else {
636 echo 'ERR-Exists' ;
637 }
638
639 } else {
640 echo 'ERR-Wrong arguments' ;
641 }
642
643 wp_die();
644 }
645
646 /**
647 * Sends header to browser (allows content type changes)
648 *
649 * @param string $content_type Content type.
650 * @since 1.0.0
651 */
652 protected static function header_no_cache( $content_type = 'text/plain' )
653 {
654 if ( ob_get_length() ) {
655 // Clear buffer to prevent errors (not 100% proof).
656 ob_clean();
657 }
658
659 if ( isset( $_REQUEST['code_manager_content_type'] ) ) {
660 // Check if action is allowed.
661 $wp_nonce = ( isset( $_REQUEST['wpnonce_content_type'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce_content_type'] ) ) : '' );
662 // input var okay.
663
664 if ( wp_verify_nonce( $wp_nonce, 'code_manager_content_type' ) ) {
665 $content_type = sanitize_text_field( wp_unslash( $_REQUEST['code_manager_content_type'] ) );
666 // input var okay.
667 }
668
669 }
670
671 header( 'Cache-Control: no-store, no-cache, must-revalidate, max-age=0' );
672 header( 'Cache-Control: post-check=0, pre-check=0', false );
673 header( 'Pragma: no-cache' );
674 header( "Content-Type: {$content_type}; charset=utf-8" );
675 }
676
677 }