PluginProbe ʕ •ᴥ•ʔ
Code Manager / 1.0.38
Code Manager v1.0.38
1.0.47 trunk 1.0.0 1.0.1 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.2 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.3 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39 1.0.4 1.0.40 1.0.41 1.0.42 1.0.43 1.0.44 1.0.45 1.0.46 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9
code-manager / Code_Manager / Code_Manager_Model.php
code-manager / Code_Manager Last commit date
Code_Manager.php 1 year ago Code_Manager_Dashboard.php 1 year ago Code_Manager_Export.php 1 year ago Code_Manager_Form.php 1 year ago Code_Manager_Import.php 1 year ago Code_Manager_Import_File.php 1 year ago Code_Manager_List.php 1 year ago Code_Manager_List_View.php 1 year ago Code_Manager_Model.php 1 year ago Code_Manager_Preview.php 1 year ago Code_Manager_Settings.php 1 year ago Code_Manager_Tabs.php 1 year ago Message_Box.php 1 year ago WP_List_Table.php 1 year ago
Code_Manager_Model.php
598 lines
1 <?php
2
3 /**
4 * Code Manager database model
5 *
6 * @package Code_Manager
7 */
8 namespace Code_Manager;
9
10 /**
11 * Class Code_Manager_Model
12 *
13 * Interface between code manager front-end and code manager database table.
14 *
15 * @author Peter Schulz
16 * @since 1.0.0
17 */
18 class Code_Manager_Model {
19 /**
20 * Base table name without prefix
21 */
22 const BASE_TABLE_NAME = 'code_manager';
23
24 /**
25 * Base table name with prefix
26 *
27 * @since 1.0.0
28 *
29 * @return string Real base table name
30 */
31 public static function get_base_table_name() {
32 global $wpdb;
33 return $wpdb->prefix . static::BASE_TABLE_NAME;
34 }
35
36 /**
37 * Check if base table exists
38 *
39 * @since 1.0.0
40 *
41 * @return bool TRUE = table found
42 */
43 public static function table_exists() {
44 global $wpdb;
45 $wpdb->query( $wpdb->prepare( '
46 select true
47 from `information_schema`.`tables`
48 where table_schema = %s
49 and table_name = %s
50 ', array($wpdb->dbname, self::get_base_table_name()) ) );
51 $wpdb->get_results();
52 return 1 === $wpdb->num_rows;
53 }
54
55 /**
56 * Get record from code manager table for given Code ID
57 *
58 * @since 1.0.0
59 *
60 * @param integer $code_id Code ID.
61 *
62 * @return array
63 */
64 public static function dml_query( $code_id ) {
65 global $wpdb;
66 return $wpdb->get_results( $wpdb->prepare( 'select * from `' . self::get_base_table_name() . '` ' . 'where code_id = %d', array($code_id) ), 'ARRAY_A' );
67 }
68
69 /**
70 * Get record from code manager table for given code name
71 *
72 * @since 1.0.0
73 *
74 * @param integer $code_name Code name.
75 *
76 * @return array
77 */
78 public static function dml_query_by_name( $code_name ) {
79 global $wpdb;
80 return $wpdb->get_results( $wpdb->prepare( 'select * from `' . self::get_base_table_name() . '` ' . 'where code_name = %s', array($code_name) ), 'ARRAY_A' );
81 }
82
83 /**
84 * Insert new row into code manager table
85 *
86 * @since 1.0.0
87 *
88 * @param string $code_name Code name.
89 * @param integer $code_type Code type.
90 * @param string $code Code.
91 * @param string $code_author Author.
92 * @param string $code_description Description.
93 * @param string $code_enabled Is code enabled?.
94 *
95 * @return int Code ID if insert was successful or -1 if insert failed
96 */
97 public static function dml_insert(
98 $code_name,
99 $code_type,
100 $code,
101 $code_author,
102 $code_description,
103 $code_enabled
104 ) {
105 global $wpdb;
106 $rows = $wpdb->insert( self::get_base_table_name(), array(
107 'code_name' => $code_name,
108 'code_type' => $code_type,
109 'code_enabled' => $code_enabled,
110 'code' => $code,
111 'code_author' => $code_author,
112 'code_description' => $code_description,
113 ) );
114 return ( 1 === $rows ? $wpdb->insert_id : -1 );
115 }
116
117 /**
118 * Update row in code manager table
119 *
120 * @since 1.0.0
121 *
122 * @param integer $code_id Code ID.
123 * @param string $code_name Code name.
124 * @param string $code_type Code type.
125 * @param string $code Code.
126 * @param string $code_author Author.
127 * @param string $code_description Description.
128 * @param string $code_enabled Is code enabled?.
129 *
130 * @return integer Number of rows updated
131 */
132 public static function dml_update(
133 $code_id,
134 $code_name,
135 $code_type,
136 $code,
137 $code_author,
138 $code_description,
139 $code_enabled
140 ) {
141 $code_row = self::dml_query( $code_id );
142 $code_type_changed = false;
143 if ( is_array( $code_row ) && 1 === count( $code_row ) ) {
144 if ( !isset( $code_row[0]['code_type'] ) ) {
145 return 0;
146 } else {
147 if ( $code_type !== $code_row[0]['code_type'] ) {
148 $code_type_changed = true;
149 }
150 }
151 } else {
152 return 0;
153 }
154 $column_values = array(
155 'code_name' => $code_name,
156 'code_type' => $code_type,
157 'code_enabled' => $code_enabled,
158 'code' => $code,
159 'code_author' => $code_author,
160 'code_description' => $code_description,
161 );
162 if ( $code_type_changed ) {
163 $column_values['code_enabled'] = 0;
164 }
165 global $wpdb;
166 return $wpdb->update( self::get_base_table_name(), $column_values, array(
167 'code_id' => $code_id,
168 ) );
169 }
170
171 /**
172 * Delete row from code manager table
173 *
174 * @since 1.0.0
175 *
176 * @param integer $code_id Code ID.
177 *
178 * @return integer Number of rows deleted
179 */
180 public static function dml_delete( $code_id ) {
181 global $wpdb;
182 return $wpdb->query( $wpdb->prepare( 'delete from `' . self::get_base_table_name() . '` ' . 'where code_id = %d', array($code_id) ) );
183 }
184
185 /**
186 * Get shortcode for a given code id
187 *
188 * @since 1.0.0
189 *
190 * @param integer $code_id Code ID.
191 * @param string $action Action.
192 *
193 * @return string Code
194 */
195 public static function get_code_from_id( $code_id, $action = null ) {
196 if ( is_numeric( $code_id ) ) {
197 global $wpdb;
198 $query = 'select * from `' . self::get_base_table_name() . '` where code_id = %d';
199 $code = $wpdb->get_results( $wpdb->prepare( $query, array($code_id) ), 'ARRAY_A' );
200 if ( 1 === $wpdb->num_rows ) {
201 if ( null === $action ) {
202 return $code[0]['code'];
203 } else {
204 return wp_json_encode( $code[0] );
205 }
206 }
207 }
208 return '';
209 }
210
211 /**
212 * Get shortcode for a given code name
213 *
214 * @since 1.0.0
215 *
216 * @param integer $code_id Code ID
217 *
218 * @return string Code
219 */
220 protected static function get_code_from_name( $code_name ) {
221 if ( '' !== $code_name ) {
222 global $wpdb;
223 $query = 'select * from `' . self::get_base_table_name() . '` where code_name = %s';
224 $code = $wpdb->get_results( $wpdb->prepare( $query, array($code_name) ), 'ARRAY_A' );
225 if ( 1 === $wpdb->num_rows ) {
226 return $code[0]['code'];
227 }
228 }
229 return '';
230 }
231
232 /**
233 * Get codes for a given code type
234 *
235 * @since 1.0.0
236 *
237 * @param string $code_type Code type.
238 *
239 * @return array List of code
240 */
241 public static function get_codes( $code_type ) {
242 global $wpdb;
243 $query = 'select * from `' . self::get_base_table_name() . '` ' . "where code_type = '{$code_type}'";
244 // No prepare needed.
245 return $wpdb->get_results( $query, 'ARRAY_A' );
246 }
247
248 /**
249 * Get active codes (status = enabled) for a given code type
250 *
251 * @since 1.0.0
252 *
253 * @param string $code_type Code type.
254 *
255 * @return array List of code
256 */
257 public static function get_active_codes( $code_type ) {
258 global $wpdb;
259 $query = 'select * from `' . self::get_base_table_name() . '` ' . "where code_type = '{$code_type}' and code_enabled > 0";
260 // No prepare needed.
261 return $wpdb->get_results( $query, 'ARRAY_A' );
262 }
263
264 /**
265 * Return only PHP, HTML and JS shortcodes
266 *
267 * @return mixed
268 */
269 public static function get_active_shortcodes() {
270 global $wpdb;
271 $query = 'select * from `' . self::get_base_table_name() . '` ' . "where code_type like '%shortcode%' and code_type not like '%css%' and code_enabled > 0";
272 // No prepare needed.
273 return $wpdb->get_results( $query, 'ARRAY_A' );
274 }
275
276 /**
277 * Update code from ajax request (insert when new: code_id = -1)
278 *
279 * @since 1.0.0
280 */
281 public static function update_code() {
282 self::header_no_cache();
283 if ( isset( $_REQUEST['wpnonce'] ) || isset( $_REQUEST['code_id'] ) || isset( $_REQUEST['code_name'] ) || isset( $_REQUEST['code_type'] ) || isset( $_REQUEST['code'] ) ) {
284 // All arguments available, start update process.
285 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
286 // input var okay.
287 // Check if actions is allowed.
288 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
289 // input var okay.
290 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
291 echo 'ERR-Token expired, please refresh page';
292 wp_die();
293 }
294 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) );
295 // input var okay.
296 $code_type = sanitize_text_field( wp_unslash( $_REQUEST['code_type'] ) );
297 // input var okay.
298 $code = wp_unslash( $_REQUEST['code'] );
299 // input var okay.
300 global $wpdb;
301 $wpdb->suppress_errors( true );
302 if ( '-1' === $code_id ) {
303 // Insert new code.
304 $rows_inserted = $wpdb->insert( self::get_base_table_name(), array(
305 'code_name' => $code_name,
306 'code_type' => $code_type,
307 'code' => $code,
308 ) );
309 echo ( 1 === $rows_inserted ? 'INS-' . esc_attr( $wpdb->insert_id ) : 'ERR-' . esc_html( $wpdb->last_error ) );
310 } else {
311 // Update existing code.
312 $code_row = self::dml_query( $code_id );
313 $code_type_changed = false;
314 if ( is_array( $code_row ) && 1 === count( $code_row ) ) {
315 if ( !isset( $code_row[0]['code_type'] ) ) {
316 echo 'UPD-0';
317 wp_die();
318 } else {
319 if ( $code_type !== $code_row[0]['code_type'] ) {
320 $code_type_changed = true;
321 }
322 }
323 } else {
324 echo 'UPD-0';
325 wp_die();
326 }
327 $set_columns = 'set code_name = %s, code_type = %s, code = %s ';
328 if ( $code_type_changed ) {
329 $set_columns .= ', code_enabled = 0 ';
330 }
331 $update = 'update ' . self::get_base_table_name() . ' ' . $set_columns . 'where code_id = %d';
332 $rows_updated = $wpdb->query( $wpdb->prepare( $update, array(
333 $code_name,
334 $code_type,
335 $code,
336 $code_id
337 ) ) );
338 echo ( '' === $wpdb->last_error ? 'UPD-' . esc_attr( $rows_updated ) : 'ERR-' . esc_html( $wpdb->last_error ) );
339 }
340 } else {
341 echo 'ERR-Wrong arguments';
342 }
343 wp_die();
344 }
345
346 /**
347 * Activate code preview from ajax request for a given code_id
348 *
349 * @since 1.0.0
350 */
351 public static function activate_code_preview() {
352 self::header_no_cache();
353 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
354 // Check if action is allowed.
355 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
356 // input var okay.
357 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
358 echo 'ERR-Token expired, please refresh page';
359 wp_die();
360 }
361 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
362 // input var okay.
363 Code_Manager_Preview::add_user_preview_code_id( $code_id );
364 echo 'OK';
365 } else {
366 echo 'ERR-Wrong arguments';
367 }
368 wp_die();
369 }
370
371 /**
372 * Deactivate code preview from ajax request for a given code_id
373 *
374 * @since 1.0.0
375 */
376 public static function deactivate_code_preview() {
377 self::header_no_cache();
378 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
379 // Check if action is allowed.
380 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
381 // input var okay.
382 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
383 echo 'ERR-Token expired, please refresh page';
384 wp_die();
385 }
386 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
387 // input var okay.
388 Code_Manager_Preview::remove_user_preview_code_id( $code_id );
389 echo 'OK';
390 } else {
391 echo 'ERR-Wrong arguments';
392 }
393 wp_die();
394 }
395
396 /**
397 * Reset all previewed code IDs
398 *
399 * @since 1.0.0
400 */
401 public static function reset_preview() {
402 self::header_no_cache();
403 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) ) {
404 // Check if action is allowed.
405 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
406 // input var okay.
407 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
408 echo 'ERR-Token expired, please refresh page';
409 wp_die();
410 }
411 global $wpdb;
412 $wpdb->query( "delete from {$wpdb->prefix}usermeta where meta_key = 'code_manager_preview_code_ids'" );
413 echo 'OK';
414 } else {
415 echo 'ERR-Wrong arguments';
416 }
417 wp_die();
418 }
419
420 /**
421 * Activate code from ajax request for a given code_id
422 *
423 * @since 1.0.0
424 */
425 public static function activate_code() {
426 self::header_no_cache();
427 if ( isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) && isset( $_REQUEST['code_item_value'] ) ) {
428 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
429 // input var okay.
430 // Check if action is allowed.
431 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
432 // input var okay.
433 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
434 echo 'ERR-Token expired, please refresh page';
435 wp_die();
436 }
437 $code_item_value = sanitize_text_field( wp_unslash( $_REQUEST['code_item_value'] ) );
438 // input var okay.
439 $update_values = array(
440 'code_enabled' => $code_item_value,
441 );
442 global $wpdb;
443 $wpdb->suppress_errors( true );
444 $rows_update = $wpdb->update( self::get_base_table_name(), $update_values, array(
445 'code_id' => $code_id,
446 ) );
447 echo ( '' === $wpdb->last_error ? 'UPD-' . esc_attr( $rows_update ) : 'ERR-' . esc_html( $wpdb->last_error ) );
448 } else {
449 echo 'ERR-Wrong arguments';
450 }
451 }
452
453 /**
454 * Get a list with all available codes from ajax request
455 *
456 * @since 1.0.0
457 */
458 public static function get_code_list() {
459 self::header_no_cache();
460 // Check if action is allowed.
461 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
462 // input var okay.
463 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
464 echo 'ERR-Token expired, please refresh page';
465 wp_die();
466 }
467 $code_manager_tab = null;
468 if ( null === $code_manager_tab ) {
469 $code_manager_tab = new Code_Manager_Tabs();
470 }
471 $code_type_groups = $code_manager_tab->get_code_types();
472 $code_types = array('');
473 foreach ( $code_type_groups as $code_type_group ) {
474 foreach ( $code_type_group as $key => $value ) {
475 $code_types[] = $key;
476 }
477 }
478 global $wpdb;
479 $query = 'select code_id, code_name, code_type, code_enabled from ' . self::get_base_table_name() . ' ' . "where code_type in ('" . implode( "','", $code_types ) . "') " . 'order by code_name';
480 $rows = $wpdb->get_results( $query, 'ARRAY_A' );
481 $i = 0;
482 $count = count( $rows );
483 while ( $i < $count ) {
484 $rows[$i]['preview_enabled'] = Code_Manager_Preview::is_code_id_preview_enabled( $rows[$i]['code_id'] );
485 $i++;
486 }
487 echo wp_json_encode( $rows );
488 wp_die();
489 }
490
491 /**
492 * Get code from ajax request
493 *
494 * @return void
495 */
496 public static function get_code() {
497 if ( isset( $_POST['wpda_action'] ) && 'all' === $_POST['wpda_action'] ) {
498 self::header_no_cache( 'application/json' );
499 } else {
500 self::header_no_cache();
501 }
502 if ( isset( $_REQUEST['code_id'] ) ) {
503 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
504 // input var okay.
505 // Check if action is allowed.
506 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
507 // input var okay.
508 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
509 echo 'ERR-Token expired, please refresh page';
510 wp_die();
511 }
512 echo self::get_code_from_id( $code_id, ( isset( $_POST['wpda_action'] ) ? sanitize_text_field( wp_unslash( $_POST['wpda_action'] ) ) : null ) );
513 } else {
514 echo 'ERR-Wrong arguments';
515 }
516 wp_die();
517 }
518
519 /**
520 * Check if code is enabled through ajax
521 *
522 * @return void
523 */
524 public static function is_code_preview_enabled() {
525 self::header_no_cache();
526 if ( isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
527 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) );
528 // input var okay.
529 // Check if action is allowed.
530 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
531 // input var okay.
532 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
533 echo 'ERR-Token expired, please refresh page';
534 wp_die();
535 }
536 echo ( Code_Manager_Preview::is_code_id_preview_enabled( $code_id ) ? 'true' : 'false' );
537 } else {
538 echo 'ERR-Wrong arguments';
539 }
540 wp_die();
541 }
542
543 /**
544 * Check if code name exists from ajax request
545 *
546 * @since 1.0.0
547 */
548 public static function code_name_exists() {
549 self::header_no_cache();
550 if ( isset( $_REQUEST['code_name'] ) ) {
551 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) );
552 // input var okay.
553 // Check if action is allowed.
554 $wp_nonce = ( isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : '' );
555 // input var okay.
556 if ( !wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
557 echo 'ERR-Token expired, please refresh page';
558 wp_die();
559 }
560 if ( '' === self::get_code_from_name( $code_name ) ) {
561 echo 'OK';
562 } else {
563 echo 'ERR-Exists';
564 }
565 } else {
566 echo 'ERR-Wrong arguments';
567 }
568 wp_die();
569 }
570
571 /**
572 * Sends header to browser (allows content type changes)
573 *
574 * @param string $content_type Content type.
575 * @since 1.0.0
576 */
577 protected static function header_no_cache( $content_type = 'text/plain' ) {
578 if ( ob_get_length() ) {
579 // Clear buffer to prevent errors (not 100% proof).
580 ob_clean();
581 }
582 if ( isset( $_REQUEST['code_manager_content_type'] ) ) {
583 // Check if action is allowed.
584 $wp_nonce = ( isset( $_REQUEST['wpnonce_content_type'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce_content_type'] ) ) : '' );
585 // input var okay.
586 if ( wp_verify_nonce( $wp_nonce, 'code_manager_content_type' ) ) {
587 $content_type = sanitize_text_field( wp_unslash( $_REQUEST['code_manager_content_type'] ) );
588 // input var okay.
589 }
590 }
591 header( 'Cache-Control: no-store, no-cache, must-revalidate, max-age=0' );
592 header( 'Cache-Control: post-check=0, pre-check=0', false );
593 header( 'Pragma: no-cache' );
594 header( "Content-Type: {$content_type}; charset=utf-8" );
595 }
596
597 }
598