PluginProbe ʕ •ᴥ•ʔ
WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel / trunk
WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel vtrunk
trunk 0.9.0 0.9.1 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.2.0 1.2.1 1.2.10 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.2.8 1.2.9 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.10 1.4.11 1.4.12 1.4.13 1.4.14 1.4.15 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0
wp-all-export / src / App / Controller / GoogleCategoriesController.php
wp-all-export / src / App / Controller Last commit date
CategoriesController.php 8 years ago ExportController.php 3 weeks ago GoogleCategoriesController.php 3 weeks ago SchedulingConnectionController.php 8 years ago SchedulingLicenseController.php 3 weeks ago
GoogleCategoriesController.php
136 lines
1 <?php
2
3 namespace Wpae\App\Controller;
4
5 use Wpae\Controller\BaseController;
6 use Wpae\Http\JsonResponse;
7 use Wpae\Http\Request;
8
9 class GoogleCategoriesController extends BaseController
10 {
11 public function getAction(Request $request)
12 {
13 global $wpdb;
14
15 $tablePrefix = $this->getTablePrefix();
16
17 $response = array();
18
19 $search = $request->get('search', '');
20 $parent = $request->get('parent');
21
22 $searchString = '';
23
24 if(!is_null($parent)) {
25 $searchString .= $wpdb->prepare(" AND `parent_id` = %d ", $parent);
26 }
27
28 if($search) {
29 $searchString = $wpdb->prepare(" AND `name` LIKE %s LIMIT 50", '%'.$wpdb->esc_like($search).'%');
30 }
31
32 $querystr = "SELECT * FROM `{$tablePrefix}google_cats` WHERE 1=1 $searchString";
33 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- $tablePrefix from $wpdb->prefix; $searchString fragments are pre-built with $wpdb->prepare() above
34 $pageposts = $wpdb->get_results($querystr, ARRAY_A);
35
36 // If it's a search find the parents of the categories
37 if($search) {
38 $parents = [];
39
40 foreach($pageposts as $category) {
41
42 if(!$category['parent_id']) {
43 $parents = array_merge($parents, [$category]);
44 }
45
46 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- $tablePrefix from $wpdb->prefix; parent_id bound via prepare()
47 $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$tablePrefix}google_cats` WHERE `id` = %d", (int) $category['parent_id']), ARRAY_A);
48
49 foreach ($results as &$result) {
50 $result['children'] = [$this->processCategory($category, $search)];
51 }
52
53 $parents = array_merge($parents, $results);
54 }
55
56 $pageposts = $parents;
57 }
58
59 foreach($pageposts as $category) {
60 $catItem = $this->processCategory($category, $search);
61 $response[] = $catItem;
62 }
63
64 if(!$parent) {
65 $response = array('name' => 'Root', 'children' => $response);
66 }
67
68 return new JsonResponse($response);
69 }
70
71 /**
72 * @param $categoryId
73 * @return mixed
74 * @internal param $category
75 * @internal param $wpdb
76 */
77 private function categoryHasChildren($categoryId)
78 {
79 global $wpdb;
80
81 $tablePrefix = $this->getTablePrefix();
82
83 $categoryId = intval($categoryId);
84
85 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- $tablePrefix from $wpdb->prefix; placeholder used for $categoryId; plugin-owned google_cats table read for category tree building
86 $childrenQuerystr = "SELECT COUNT(*) as hasChildren FROM `{$tablePrefix}google_cats` WHERE `parent_id` = %d";
87 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- prepared via wpdb->prepare on next line
88 $childrenQuerystr = $wpdb->prepare($childrenQuerystr, $categoryId); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $tablePrefix-bearing $childrenQuerystr is the SQL template for prepare() itself; rule misfires on prepare's first arg
89 // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- query already passed through $wpdb->prepare() above
90 $hasChildren = $wpdb->get_results($childrenQuerystr, ARRAY_A);
91 $hasChildren = $hasChildren[0]['hasChildren'];
92 return $hasChildren;
93 }
94
95 /**
96 * @param $category
97 * @param $search
98 * @return array
99 */
100 private function processCategory($category, $search)
101 {
102 //TODO: Optimize this and prepare statements
103 $hasChildren = $this->categoryHasChildren($category['id']);
104 if ($search) {
105 $categoryName = preg_replace("/".preg_quote($search)."/i", "<b>\$0</b>", $category['name']);
106 } else {
107 $categoryName = $category['name'];
108 }
109
110 $catItem = array(
111 'name' => $categoryName,
112 'hasChildren' => $hasChildren,
113 'parentName' => $category['parentName'],
114 'id' => $category['id'],
115 'opened' => false,
116 'visible' => true
117 );
118
119 if (isset($category['children'])) {
120 $catItem['children'] = $category['children'];
121 $catItem['opened'] = true;
122 return $catItem;
123 }
124 return $catItem;
125 }
126
127 /**
128 * @return string
129 */
130 private function getTablePrefix()
131 {
132 $plugin = \PMXE_Plugin::getInstance();
133 $tablePrefix = $plugin->getTablePrefix();
134 return $tablePrefix;
135 }
136 }