CategoriesController.php
8 years ago
ExportController.php
3 weeks ago
GoogleCategoriesController.php
3 weeks ago
SchedulingConnectionController.php
8 years ago
SchedulingLicenseController.php
3 weeks ago
GoogleCategoriesController.php
136 lines
| 1 | <?php |
| 2 | |
| 3 | namespace Wpae\App\Controller; |
| 4 | |
| 5 | use Wpae\Controller\BaseController; |
| 6 | use Wpae\Http\JsonResponse; |
| 7 | use Wpae\Http\Request; |
| 8 | |
| 9 | class GoogleCategoriesController extends BaseController |
| 10 | { |
| 11 | public function getAction(Request $request) |
| 12 | { |
| 13 | global $wpdb; |
| 14 | |
| 15 | $tablePrefix = $this->getTablePrefix(); |
| 16 | |
| 17 | $response = array(); |
| 18 | |
| 19 | $search = $request->get('search', ''); |
| 20 | $parent = $request->get('parent'); |
| 21 | |
| 22 | $searchString = ''; |
| 23 | |
| 24 | if(!is_null($parent)) { |
| 25 | $searchString .= $wpdb->prepare(" AND `parent_id` = %d ", $parent); |
| 26 | } |
| 27 | |
| 28 | if($search) { |
| 29 | $searchString = $wpdb->prepare(" AND `name` LIKE %s LIMIT 50", '%'.$wpdb->esc_like($search).'%'); |
| 30 | } |
| 31 | |
| 32 | $querystr = "SELECT * FROM `{$tablePrefix}google_cats` WHERE 1=1 $searchString"; |
| 33 | // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- $tablePrefix from $wpdb->prefix; $searchString fragments are pre-built with $wpdb->prepare() above |
| 34 | $pageposts = $wpdb->get_results($querystr, ARRAY_A); |
| 35 | |
| 36 | // If it's a search find the parents of the categories |
| 37 | if($search) { |
| 38 | $parents = []; |
| 39 | |
| 40 | foreach($pageposts as $category) { |
| 41 | |
| 42 | if(!$category['parent_id']) { |
| 43 | $parents = array_merge($parents, [$category]); |
| 44 | } |
| 45 | |
| 46 | // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- $tablePrefix from $wpdb->prefix; parent_id bound via prepare() |
| 47 | $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$tablePrefix}google_cats` WHERE `id` = %d", (int) $category['parent_id']), ARRAY_A); |
| 48 | |
| 49 | foreach ($results as &$result) { |
| 50 | $result['children'] = [$this->processCategory($category, $search)]; |
| 51 | } |
| 52 | |
| 53 | $parents = array_merge($parents, $results); |
| 54 | } |
| 55 | |
| 56 | $pageposts = $parents; |
| 57 | } |
| 58 | |
| 59 | foreach($pageposts as $category) { |
| 60 | $catItem = $this->processCategory($category, $search); |
| 61 | $response[] = $catItem; |
| 62 | } |
| 63 | |
| 64 | if(!$parent) { |
| 65 | $response = array('name' => 'Root', 'children' => $response); |
| 66 | } |
| 67 | |
| 68 | return new JsonResponse($response); |
| 69 | } |
| 70 | |
| 71 | /** |
| 72 | * @param $categoryId |
| 73 | * @return mixed |
| 74 | * @internal param $category |
| 75 | * @internal param $wpdb |
| 76 | */ |
| 77 | private function categoryHasChildren($categoryId) |
| 78 | { |
| 79 | global $wpdb; |
| 80 | |
| 81 | $tablePrefix = $this->getTablePrefix(); |
| 82 | |
| 83 | $categoryId = intval($categoryId); |
| 84 | |
| 85 | // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching -- $tablePrefix from $wpdb->prefix; placeholder used for $categoryId; plugin-owned google_cats table read for category tree building |
| 86 | $childrenQuerystr = "SELECT COUNT(*) as hasChildren FROM `{$tablePrefix}google_cats` WHERE `parent_id` = %d"; |
| 87 | // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- prepared via wpdb->prepare on next line |
| 88 | $childrenQuerystr = $wpdb->prepare($childrenQuerystr, $categoryId); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- $tablePrefix-bearing $childrenQuerystr is the SQL template for prepare() itself; rule misfires on prepare's first arg |
| 89 | // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- query already passed through $wpdb->prepare() above |
| 90 | $hasChildren = $wpdb->get_results($childrenQuerystr, ARRAY_A); |
| 91 | $hasChildren = $hasChildren[0]['hasChildren']; |
| 92 | return $hasChildren; |
| 93 | } |
| 94 | |
| 95 | /** |
| 96 | * @param $category |
| 97 | * @param $search |
| 98 | * @return array |
| 99 | */ |
| 100 | private function processCategory($category, $search) |
| 101 | { |
| 102 | //TODO: Optimize this and prepare statements |
| 103 | $hasChildren = $this->categoryHasChildren($category['id']); |
| 104 | if ($search) { |
| 105 | $categoryName = preg_replace("/".preg_quote($search)."/i", "<b>\$0</b>", $category['name']); |
| 106 | } else { |
| 107 | $categoryName = $category['name']; |
| 108 | } |
| 109 | |
| 110 | $catItem = array( |
| 111 | 'name' => $categoryName, |
| 112 | 'hasChildren' => $hasChildren, |
| 113 | 'parentName' => $category['parentName'], |
| 114 | 'id' => $category['id'], |
| 115 | 'opened' => false, |
| 116 | 'visible' => true |
| 117 | ); |
| 118 | |
| 119 | if (isset($category['children'])) { |
| 120 | $catItem['children'] = $category['children']; |
| 121 | $catItem['opened'] = true; |
| 122 | return $catItem; |
| 123 | } |
| 124 | return $catItem; |
| 125 | } |
| 126 | |
| 127 | /** |
| 128 | * @return string |
| 129 | */ |
| 130 | private function getTablePrefix() |
| 131 | { |
| 132 | $plugin = \PMXE_Plugin::getInstance(); |
| 133 | $tablePrefix = $plugin->getTablePrefix(); |
| 134 | return $tablePrefix; |
| 135 | } |
| 136 | } |