Changeset 3077596 for mp-timetable/trunk/classes/models/class-events.php
- Timestamp:
- 04/26/2024 12:34:29 PM (12 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
mp-timetable/trunk/classes/models/class-events.php
r2817733 r3077596 101 101 */ 102 102 public function get_event_data( $params, $order_by = 'event_start', $publish = true ) { 103 104 $available_columns_for_search = array( 'id', 'column_id', 'event_id' ); 105 106 if ( ! in_array( $params["field"], $available_columns_for_search ) ) { 107 return array(); 108 } 109 110 // order_by always set to 'event_start', but add all suitable columns to the available list to prevent possible issues 111 $available_columns_for_order = array( 'id', 'column_id', 'event_id', 'event_start', 'event_end', 'user_id' ); 112 113 if ( ! in_array( $order_by, $available_columns_for_order ) ) { 114 $order_by = 'event_start'; 115 } 116 103 117 $publish_query_part = $publish ? " AND `post_status` = 'publish'" : ''; 104 118 $table_posts = $this->wpdb->prefix . 'posts'; 105 119 106 120 $event_data = $this->wpdb->get_results( 107 "SELECT t.*" 108 . " FROM $this->table_name t INNER JOIN" 109 . " (" 110 . " SELECT * FROM {$table_posts}" 111 . " WHERE `post_type` = 'mp-column' AND `post_status` = 'publish'" 112 . " ) p ON t.`column_id` = p.`ID`" 113 . " INNER JOIN (" 114 . " SELECT * FROM {$table_posts}" 115 . " WHERE `post_type` = '{$this->post_type}'{$publish_query_part}" 116 . " ) e ON t.`event_id` = e.`ID`" 117 . " WHERE t.`{$params["field"]}` = {$params['id']} " 118 . " ORDER BY p.`menu_order`, t.`{$order_by}`" 121 $this->wpdb->prepare( 122 "SELECT t.*" 123 . " FROM $this->table_name t INNER JOIN" 124 . " (" 125 . " SELECT * FROM {$table_posts}" 126 . " WHERE `post_type` = 'mp-column' AND `post_status` = 'publish'" 127 . " ) p ON t.`column_id` = p.`ID`" 128 . " INNER JOIN (" 129 . " SELECT * FROM {$table_posts}" 130 . " WHERE `post_type` = '{$this->post_type}'{$publish_query_part}" 131 . " ) e ON t.`event_id` = e.`ID`" 132 . " WHERE t.`{$params["field"]}` = %d " 133 . " ORDER BY p.`menu_order`, t.`{$order_by}`", 134 $params['id'] 135 ) 119 136 ); 120 137 … … 510 527 $events = array(); 511 528 $sql_request = "SELECT * FROM " . $this->table_name; 512 529 530 $available_columns = array( 'column_id', 'event_id' ); 531 513 532 if ( ( ! empty( $params[ 'all' ] ) && $params[ 'all' ] ) || empty( $params[ 'list' ] ) ) { 514 533 515 } elseif ( ! is_array( $params[ 'column' ] ) ) { 534 } elseif ( ! is_array( $params[ 'column' ] ) && in_array( $params[ 'column' ], $available_columns ) ) { 535 536 $values_in = ''; 537 538 if ( isset( $params[ 'list' ] ) && is_array( $params[ 'list' ] ) ) { 539 $values_in = $params[ 'list' ]; 540 } else { 541 $values_in = explode( ',', $params[ 'list' ] ); 542 } 543 544 foreach ( $values_in as $index => $value ) { 545 $values_in[ $index ] = $this->wpdb->prepare( '%d', $value ); 546 } 547 548 $values_in = implode( ',', $values_in ); 516 549 517 if ( isset( $params[ 'list' ] ) && is_array( $params[ 'list' ] ) ) { 518 $params[ 'list' ] = implode( ',', $params[ 'list' ] ); 519 } 520 521 $sql_request .= " WHERE " . $params[ 'column' ] . " IN (" . $params[ 'list' ] . ")"; 522 550 $sql_request .= " WHERE `" . $params[ 'column' ] . "` IN (" . $values_in . ")"; 551 523 552 } elseif ( is_array( $params[ 'column' ] ) && is_array( $params[ 'list' ] ) ) { 524 553 … … 528 557 529 558 foreach ( $params[ 'column' ] as $key => $column ) { 559 560 if ( ! in_array( $params[ 'column' ], $available_columns ) ) { 561 continue; 562 } 563 564 $values_in = ''; 565 530 566 if ( isset( $params[ 'list' ][ $column ] ) && is_array( $params[ 'list' ][ $column ] ) ) { 531 $params[ 'list' ][ $column ] = implode( ',', $params[ 'list' ][ $column ] ); 532 } 533 $sql_request .= $column . " IN (" . $params[ 'list' ][ $column ] . ")"; 567 $values_in = $params[ 'list' ][ $column ]; 568 } else { 569 $values_in = explode( ',', $params[ 'list' ][ $column ]) ; 570 } 571 572 foreach ( $values_in as $index => $value ) { 573 $values_in[ $index ] = $this->wpdb->prepare( '%d', $value ); 574 } 575 576 $values_in = implode( ',', $values_in ); 577 578 $sql_request .= "`" . $params[ 'column' ] . "` IN (" . $values_in . ")"; 534 579 $sql_request .= ( $last_key != $key ) ? ' AND ' : ''; 535 580 } … … 538 583 539 584 $sql_request .= ' ORDER BY `event_start`'; 540 585 541 586 $events_data = $this->wpdb->get_results( $sql_request ); 542 587 … … 893 938 * duplicate timeslots in custom BD 894 939 */ 895 $timeslots = $wpdb->get_results( "SELECT * FROM {$this->table_name} WHERE event_id = " . $post_id, OBJECT ); 940 $timeslots = $this->wpdb->get_results( 941 $this->wpdb->prepare("SELECT * FROM {$this->table_name} WHERE event_id = %d", $post_id ), 942 OBJECT ); 896 943 897 944 if ( !empty($timeslots) ) {
Note: See TracChangeset
for help on using the changeset viewer.