WordPress.org

Plugin Directory

Changeset 603429


Ignore:
Timestamp:
09/25/12 02:42:28 (19 months ago)
Author:
evansolomon
Message:

Validate URL's before we use them to run a query

  • Make sure we're in a post
  • Make sure we find URL's
  • Use the correct number of replacement token for the URL's we find
  • Abstract the SQL generation
File:
1 edited

Legend:

Unmodified
Added
Removed
  • intralinks/trunk/intralinks.php

    r571648 r603429  
    3333        global $post; 
    3434 
     35        if ( ! $post ) 
     36            return $content; 
     37 
    3538        if ( ! apply_filters( 'wpcom_intralinks_show_intralinks', true, $content ) ) 
    3639            return $content; 
     
    4750        // Get URL's to query 
    4851        $urls = $this->get_urls( $post ); 
     52        if ( ! $urls ) 
     53            return ''; 
    4954 
    5055        // Query for this post's URL's 
     
    96101        $post_shortlink = preg_replace( '/^https?:\/\//', '', wp_get_shortlink( $post->ID ) ); 
    97102 
    98         $urls = array( 'permalink' => $post_permalink, 'shortlink' => $post_shortlink ); 
     103        $urls = array(); 
     104        if ( $post_permalink ) 
     105            $urls['permalink'] = $post_permalink; 
     106 
     107        if ( $post_shortlink ) 
     108            $urls['shortlink'] = $post_shortlink; 
    99109 
    100110        return apply_filters( 'wpcom_intralinks_get_urls', $urls, $post ); 
     
    112122 
    113123            $query = $wpdb->prepare( 
    114                 "SELECT * FROM {$wpdb->posts} WHERE post_content LIKE %s OR post_content LIKE %s ORDER BY post_date ASC", 
     124                $this->get_query_sql( $urls ), 
    115125                "%{$urls['permalink']}%", 
    116126                "%{$urls['shortlink']}%" 
     
    124134 
    125135        return $results; 
     136    } 
     137 
     138    private function get_query_sql( $urls ) { 
     139        global $wpdb; 
     140 
     141        $select = "SELECT * "; 
     142        $from   = "FROM {$wpdb->posts}"; 
     143        $where  = "WHERE post_status = 'publish' AND"; 
     144 
     145        if ( 1 == count( $urls ) ) 
     146            $where .= " post_content LIKE %s"; 
     147        else 
     148            $where .= " ( post_content LIKE %s OR post_content LIKE %s )"; 
     149 
     150        $orderby = "ORDER BY post_date ASC"; 
     151 
     152        return "{$select} {$from} {$where} {$orderby}"; 
    126153    } 
    127154 
Note: See TracChangeset for help on using the changeset viewer.