Refactoring

2025-09-06 11:10:43 +08:00 · 2020-05-08 00:51:43 +07:00 · 2020-05-08 00:51:43 +07:00 · a081e84a7c
commit a081e84a7c
parent 785f1a0f76
10 changed files with 41 additions and 63 deletions
--- a/class/class-mainwp-backup.php
+++ b/class/class-mainwp-backup.php
@ -629,10 +629,10 @@ class MainWP_Backup {
 			$fh = fopen( $currentfile . '.tmp', 'w' );
 			fwrite( $fh, "\n\n" . 'DROP TABLE IF EXISTS ' . $table . ';' );
-			$table_create = $wpdb->get_row( 'SHOW CREATE TABLE ' . $table, ARRAY_N );
+			$table_create = $wpdb->get_row( 'SHOW CREATE TABLE ' . $table, ARRAY_N ); // phpcs:ignore -- safe query.
 			fwrite( $fh, "\n" . $table_create[1] . ";\n\n" );
-			$rows = MainWP_Child_DB::to_query( 'SELECT * FROM ' . $table, $wpdb->dbh );
+			$rows = MainWP_Child_DB::to_query( 'SELECT * FROM ' . $table, $wpdb->dbh ); // phpcs:ignore -- safe query.
 			if ( $rows ) {
 				$i            = 0;
--- a/class/class-mainwp-child-back-up-buddy.php
+++ b/class/class-mainwp-child-back-up-buddy.php
@ -1045,7 +1045,7 @@ class MainWP_Child_Back_Up_Buddy {
 			if ( true === $display_size ) {
 				// Fix up row count and average row length for InnoDB engine which returns inaccurate (and changing) values for these.
 				if ( 'InnoDB' === $result['Engine'] ) {
-					$rowCount = $wpdb->get_var( "SELECT COUNT(1) as rowCount FROM `{$rs[ 'Name' ]}`", ARRAY_A );
+					$rowCount = $wpdb->get_var( "SELECT COUNT(1) as rowCount FROM `{$result[ 'Name' ]}`", ARRAY_A ); // phpcs:ignore -- safe query.
 					if ( false !== $rowCount ) {
 						$result['Rows'] = $rowCount;
 						if ( 0 < $result['Rows'] ) {
--- a/class/class-mainwp-child-back-wp-up.php
+++ b/class/class-mainwp-child-back-wp-up.php
@ -1194,7 +1194,7 @@ class MainWP_Child_Back_WP_Up {
 		$settings = $_POST['settings'];
 		if ( ! empty( $settings['dbhost'] ) && ! empty( $settings['dbuser'] ) ) {
-			$mysqli = new mysqli( $settings['dbhost'], $settings['dbuser'], ( isset( $settings['dbpassword'] ) ? $settings['dbpassword'] : '' ) );
+			$mysqli = new mysqli( $settings['dbhost'], $settings['dbuser'], ( isset( $settings['dbpassword'] ) ? $settings['dbpassword'] : '' ) ); // phpcs:ignore -- third party code.
 			if ( $mysqli->connect_error ) {
 				$return['message'] = $mysqli->connect_error;
@ -1203,7 +1203,7 @@ class MainWP_Child_Back_WP_Up {
 					$res = $mysqli->query( 'SHOW FULL TABLES FROM `' . $mysqli->real_escape_string( $settings['dbname'] ) . '`' );
 					if ( $res ) {
 						$tables_temp = array();
-						while ( $table = $res->fetch_array( MYSQLI_NUM ) ) {
+						while ( $table = $res->fetch_array( MYSQLI_NUM ) ) { // phpcs:ignore -- third party code.
 							$tables_temp[] = $table[0];
 						}
@ -1229,7 +1229,7 @@ class MainWP_Child_Back_WP_Up {
 		} else {
 			$tables_temp = array();
-			$tables = $wpdb->get_results( 'SHOW FULL TABLES FROM `' . DB_NAME . '`', ARRAY_N );
+			$tables = $wpdb->get_results( 'SHOW FULL TABLES FROM `' . DB_NAME . '`', ARRAY_N ); // phpcs:ignore -- safe query.
 			foreach ( $tables as $table ) {
 				$tables_temp[] = $table[0];
 			}
--- a/class/class-mainwp-child-ithemes-security.php
+++ b/class/class-mainwp-child-ithemes-security.php
@ -1001,8 +1001,7 @@ class MainWP_Child_IThemes_Security {
 		}
-		$results = $wpdb->get_results( 'SELECT * FROM `' . $wpdb->base_prefix . 'itsec_lockouts`' . $where . $type_statement . $active . ';', ARRAY_A );
+		$results = $wpdb->get_results( 'SELECT * FROM `' . $wpdb->base_prefix . 'itsec_lockouts`' . $where . $type_statement . $active . ';', ARRAY_A ); // phpcs:ignore -- safe query.		$output  = array();
 		$output  = array();
 		if ( is_array( $results ) && count( $results ) > 0 ) {
 			switch ( $type ) {
 				case 'host':
--- a/class/class-mainwp-child-pagespeed.php
+++ b/class/class-mainwp-child-pagespeed.php
@ -342,7 +342,7 @@ class MainWP_Child_Pagespeed {
 			$allpagedata = $wpdb->get_results(
 				$wpdb->prepare(
-					"SELECT ID, URL, $score_column FROM $gpi_page_stats WHERE ( $data_typestocheck[0] )",
+					"SELECT ID, URL, $score_column FROM $gpi_page_stats WHERE ( $data_typestocheck[0] )", // phpcs:ignore -- safe query.
 					$data_typestocheck[1]
 				),
 				ARRAY_A
@ -357,8 +357,8 @@ class MainWP_Child_Pagespeed {
 		if ( ! empty( $reports_typestocheck ) ) {
 			$allpagereports = $wpdb->get_results(
-				$wpdb->prepare(
+				$wpdb->prepare( 
-					"SELECT     r.rule_key, r.rule_name FROM $gpi_page_stats d INNER JOIN $gpi_page_reports r ON r.page_id = d.ID AND r.strategy = '$strategy' WHERE ( $reports_typestocheck[0] )",
+					"SELECT     r.rule_key, r.rule_name FROM $gpi_page_stats d INNER JOIN $gpi_page_reports r ON r.page_id = d.ID AND r.strategy = '$strategy' WHERE ( $reports_typestocheck[0] )", // phpcs:ignore -- safe query.
 					$reports_typestocheck[1]
 				),
 				ARRAY_A
@ -393,13 +393,7 @@ class MainWP_Child_Pagespeed {
 		if ( ! is_null( $reports_typestocheck ) ) {
 			$gpi_page_stats = $wpdb->prefix . 'gpi_page_stats';
-			$data           = $wpdb->get_results(
+			$data           = $wpdb->get_results( $wpdb->prepare( "SELECT $_select FROM $gpi_page_stats WHERE ( $reports_typestocheck[0] ) AND $nullcheck", $reports_typestocheck[1] ), ARRAY_A ); // phpcs:ignore -- safe query.
 				$wpdb->prepare(
 					"SELECT $_select FROM $gpi_page_stats WHERE ( $reports_typestocheck[0] ) AND $nullcheck",
 					$reports_typestocheck[1]
 				),
 				ARRAY_A
 			);
 		}
 		return array(
@ -470,15 +464,7 @@ class MainWP_Child_Pagespeed {
 		if ( $gpi_options['check_custom_urls'] ) {
 			global $wpdb;
-
+			$custom_url_types = $wpdb->get_col( "SELECT DISTINCT type FROM " . $wpdb->prefix . "gpi_custom_urls " );
 			$gpi_custom_urls  = $wpdb->prefix . 'gpi_custom_urls';
 			$custom_url_types = $wpdb->get_col(
 				"
 				SELECT DISTINCT type
 				FROM $gpi_custom_urls
 				"
 			);
 			if ( ! empty( $custom_url_types ) ) {
 				foreach ( $custom_url_types as $custom_url_type ) {
 					$typestocheck[] = 'type = %s';
@ -510,7 +496,7 @@ class MainWP_Child_Pagespeed {
 		$gpi_page_stats     = $wpdb->prefix . 'gpi_page_stats';
 		$gpi_page_reports   = $wpdb->prefix . 'gpi_page_reports';
 		$gpi_page_blacklist = $wpdb->prefix . 'gpi_page_blacklist';
-
+		// phpcs:disable -- safe queries.
 		if ( 'purge_reports' === $what ) {
 			$wpdb->query( "TRUNCATE TABLE $gpi_page_stats" );
 			$wpdb->query( "TRUNCATE TABLE $gpi_page_reports" );
--- a/class/class-mainwp-child-timecapsule.php
+++ b/class/class-mainwp-child-timecapsule.php
@ -483,7 +483,7 @@ class MainWP_Child_Timecapsule {
 			$query .= ' ORDER BY ' . $orderby . ' ' . $order;
 		}
-		$totalitems = $wpdb->query( $query );
+		$totalitems = $wpdb->query( $query ); // phpcs:ignore -- safe query.
 		$perpage    = 20;
 		$paged      = ! empty( $_POST['paged'] ) ? $_POST['paged'] : '';
 		if ( empty( $paged ) || ! is_numeric( $paged ) || $paged <= 0 ) {
@ -496,7 +496,7 @@ class MainWP_Child_Timecapsule {
 		}
 		return array(
-			'items'      => $wpdb->get_results( $query ),
+			'items'      => $wpdb->get_results( $query ), // phpcs:ignore -- safe query.
 			'totalitems' => $totalitems,
 			'perpage'    => $perpage,
 		);
@ -523,8 +523,7 @@ class MainWP_Child_Timecapsule {
 		$current_limit = WPTC_Factory::get( 'config' )->get_option( 'activity_log_lazy_load_limit' );
 		$to_limit      = $from_limit + $current_limit;
-		$sql         = $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id='%s' AND show_user = 1 ORDER BY id DESC LIMIT %d, %d", $action_id, $from_limit, $current_limit );
+		$sub_records = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id='%s' AND show_user = 1 ORDER BY id DESC LIMIT %d, %d", $action_id, $from_limit, $current_limit ) );
 		$sub_records = $wpdb->get_results( $sql );
 		$row_count = count( $sub_records );
@ -560,9 +559,8 @@ class MainWP_Child_Timecapsule {
 				$more_logs = false;
 				$load_more = false;
-				if ( '' != $rec->action_id ) {
+				if ( '' != $rec->action_id ) {					
-					$sql         = $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id='%s' AND show_user = 1 ORDER BY id DESC LIMIT 0, %d", $rec->action_id, $limit );
+					$sub_records = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id='%s' AND show_user = 1 ORDER BY id DESC LIMIT 0, %d", $rec->action_id, $limit ) );
 					$sub_records = $wpdb->get_results( $sql );
 					$row_count   = count( $sub_records );
 					if ( $row_count == $limit ) {
 						$load_more = true;
--- a/class/class-mainwp-child-woocommerce-status.php
+++ b/class/class-mainwp-child-woocommerce-status.php
@ -72,7 +72,7 @@ class MainWP_Child_WooCommerce_Status {
 		// Get sales.
 		$sales = $wpdb->get_var(
-			$wpdb->prepare(
+			$wpdb->prepare( // phpcs:ignore -- safe query.
 				"SELECT SUM( postmeta.meta_value ) FROM {$wpdb->posts} as posts
 				LEFT JOIN {$wpdb->term_relationships} AS rel ON posts.ID=rel.object_ID
 				LEFT JOIN {$wpdb->term_taxonomy} AS tax USING( term_taxonomy_id )
@ -85,14 +85,14 @@ class MainWP_Child_WooCommerce_Status {
 				AND postmeta.meta_key = '_order_total'
 				AND posts.post_date >= %s
 				AND posts.post_date <= %s",
-				date( 'Y-m-01', $start_date ),
+				date( 'Y-m-01' ),
-				date( 'Y-m-d H:i:s', $end_date )
+				date( 'Y-m-d H:i:s' )
 			)
 		);
 		// Get top seller.
 		$top_seller = $wpdb->get_row(
-			$wpdb->prepare(
+			$wpdb->prepare( // phpcs:ignore -- safe query.
 				"SELECT SUM( order_item_meta.meta_value ) as qty, order_item_meta_2.meta_value as product_id
 				FROM {$wpdb->posts} as posts
 				LEFT JOIN {$wpdb->term_relationships} AS rel ON posts.ID=rel.object_ID
@ -131,11 +131,11 @@ class MainWP_Child_WooCommerce_Status {
 		$query_from = "FROM {$wpdb->posts} as posts INNER JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id INNER JOIN {$wpdb->postmeta} AS postmeta2 ON posts.ID = postmeta2.post_id WHERE 1=1 AND posts.post_type IN ('product', 'product_variation') AND posts.post_status = 'publish' AND ( postmeta.meta_key = '_stock' AND CAST(postmeta.meta_value AS SIGNED) <= '{$stock}' AND CAST(postmeta.meta_value AS SIGNED) > '{$nostock}' AND postmeta.meta_value != '' ) AND ( ( postmeta2.meta_key = '_manage_stock' AND postmeta2.meta_value = 'yes' ) OR ( posts.post_type = 'product_variation' ) )";
-		$lowinstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) );
+		$lowinstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) ); //phpcs:ignore -- safe query.
 		$query_from = "FROM {$wpdb->posts} as posts INNER JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id INNER JOIN {$wpdb->postmeta} AS postmeta2 ON posts.ID = postmeta2.post_id WHERE 1=1 AND posts.post_type IN ('product', 'product_variation') AND posts.post_status = 'publish' AND ( postmeta.meta_key = '_stock' AND CAST(postmeta.meta_value AS SIGNED) <= '{$nostock}' AND postmeta.meta_value != '' ) AND ( ( postmeta2.meta_key = '_manage_stock' AND postmeta2.meta_value = 'yes' ) OR ( posts.post_type = 'product_variation' ) )";
-		$outofstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) );
+		$outofstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) );  //phpcs:ignore -- safe query.
 		$data                = array(
 			'sales'          => $sales,
@ -292,7 +292,7 @@ class MainWP_Child_WooCommerce_Status {
 		$query['where'] .= 'AND posts.post_date >=  STR_TO_DATE(' . $wpdb->prepare( '%s', $start_date ) . ", '%Y-%m-%d %H:%i:%s' ) ";
 		$query['where'] .= 'AND posts.post_date <=  STR_TO_DATE(' . $wpdb->prepare( '%s', $end_date ) . ", '%Y-%m-%d %H:%i:%s' ) ";
-		$sales = $wpdb->get_var( implode( ' ', apply_filters( 'woocommerce_dashboard_status_widget_sales_query', $query ) ) );
+		$sales = $wpdb->get_var( implode( ' ', apply_filters( 'woocommerce_dashboard_status_widget_sales_query', $query ) ) ); // phpcs:ignore -- safe query.
 		// Get top seller.
 		$query            = array();
@ -310,7 +310,7 @@ class MainWP_Child_WooCommerce_Status {
 		$query['orderby'] = 'ORDER BY qty DESC';
 		$query['limits']  = 'LIMIT 1';
-		$top_seller = $wpdb->get_row( implode( ' ', $query ) );
+		$top_seller = $wpdb->get_row( implode( ' ', $query ) ); // phpcs:ignore -- safe query.
 		if ( ! empty( $top_seller ) ) {
 			$top_seller->name = get_the_title( $top_seller->product_id );
@ -332,11 +332,11 @@ class MainWP_Child_WooCommerce_Status {
 		$query_from = "FROM {$wpdb->posts} as posts INNER JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id INNER JOIN {$wpdb->postmeta} AS postmeta2 ON posts.ID = postmeta2.post_id WHERE 1=1 AND posts.post_type IN ('product', 'product_variation') AND posts.post_status = 'publish' AND ( postmeta.meta_key = '_stock' AND CAST(postmeta.meta_value AS SIGNED) <= '{$stock}' AND CAST(postmeta.meta_value AS SIGNED) > '{$nostock}' AND postmeta.meta_value != '' ) AND ( ( postmeta2.meta_key = '_manage_stock' AND postmeta2.meta_value = 'yes' ) OR ( posts.post_type = 'product_variation' ) )";
-		$lowinstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) );
+		$lowinstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) ); //phpcs:ignore -- safe query.
 		$query_from = "FROM {$wpdb->posts} as posts INNER JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id INNER JOIN {$wpdb->postmeta} AS postmeta2 ON posts.ID = postmeta2.post_id WHERE 1=1 AND posts.post_type IN ('product', 'product_variation') AND posts.post_status = 'publish' AND ( postmeta.meta_key = '_stock' AND CAST(postmeta.meta_value AS SIGNED) <= '{$nostock}' AND postmeta.meta_value != '' ) AND ( ( postmeta2.meta_key = '_manage_stock' AND postmeta2.meta_value = 'yes' ) OR ( posts.post_type = 'product_variation' ) ) ";
-		$outofstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) );
+		$outofstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) ); //phpcs:ignore -- safe query.
 		$data                          = array(
 			'sales'          => $sales,
--- a/class/class-mainwp-child.php
+++ b/class/class-mainwp-child.php
@ -218,7 +218,7 @@ class MainWP_Child {
 			$query  = substr( $query, 0, strlen( $query ) - 2 );
 			$query .= ")"; // phpcs:ignore
-			$alloptions_db = $wpdb->get_results( $query );
+			$alloptions_db = $wpdb->get_results( $query ); // phpcs:ignore -- safe query
 			$wpdb->suppress_errors( $suppress );
 			if ( ! is_array( $alloptions ) ) {
 				$alloptions = array();
--- a/class/class-mainwp-clone-install.php
+++ b/class/class-mainwp-clone-install.php
@ -187,11 +187,11 @@ class MainWP_Clone_Install {
 		/** @var $wpdb wpdb */
 		global $wpdb;
-		$var = $wpdb->get_var( $wpdb->prepare( 'SELECT option_value FROM ' . $this->config['prefix'] . 'options WHERE option_name = %s', $name ) );
+		$var = $wpdb->get_var( $wpdb->prepare( 'SELECT option_value FROM ' . $this->config['prefix'] . 'options WHERE option_name = %s', $name ) ); // phpcs:ignore -- safe query.
 		if ( null === $var ) {
-			$wpdb->query( $wpdb->prepare( 'INSERT INTO ' . $this->config['prefix'] . 'options (`option_name`, `option_value`) VALUES (%s, "' . MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ) . '")', $name ) );
+			$wpdb->query( $wpdb->prepare( 'INSERT INTO ' . $this->config['prefix'] . 'options (`option_name`, `option_value`) VALUES (%s, %s)', $name, MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ) ) );
 		} else {
-			$wpdb->query( $wpdb->prepare( 'UPDATE ' . $this->config['prefix'] . 'options SET option_value = "' . MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ) . '" WHERE option_name = %s', $name ) );
+			$wpdb->query( $wpdb->prepare( 'UPDATE ' . $this->config['prefix'] . 'options SET option_value = %s WHERE option_name = %s', MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ), $name ) );
 		}
 	}
@ -230,14 +230,14 @@ class MainWP_Clone_Install {
 					$splitLine       = explode( ";\n", $readline );
 					$splitLineLength = count( $splitLine );
 					for ( $i = 0; $i < $splitLineLength - 1; $i ++ ) {
-						$wpdb->query( $splitLine[ $i ] );
+						$wpdb->query( $splitLine[ $i ] ); // phpcs:ignore -- safe query. 
 					}
 					$readline = $splitLine[ count( $splitLine ) - 1 ];
 				}
 				if ( trim( $readline ) != '' ) {
-					$wpdb->query( $readline );
+					$wpdb->query( $readline ); // phpcs:ignore -- safe query.
 				}
 				if ( ! feof( $handle ) ) {
@ -248,7 +248,7 @@ class MainWP_Clone_Install {
 		}
 		$tables    = array();
-		$tables_db = $wpdb->get_results( 'SHOW TABLES FROM `' . DB_NAME . '`', ARRAY_N );
+		$tables_db = $wpdb->get_results( 'SHOW TABLES FROM `' . DB_NAME . '`', ARRAY_N ); // phpcs:ignore -- safe query.
 		foreach ( $tables_db as $curr_table ) {
 			// fix for more table prefix in one database.
@ -257,8 +257,8 @@ class MainWP_Clone_Install {
 			}
 		}
 		// Replace importance data first so if other replace failed, the website still work.
-		$wpdb->query( $wpdb->prepare( 'UPDATE ' . $table_prefix . 'options SET option_value = %s WHERE option_name = "siteurl"', $site_url ) );
+		$wpdb->query( $wpdb->prepare( 'UPDATE ' . $table_prefix . 'options SET option_value = %s WHERE option_name = "siteurl"', $site_url ) ); //phpcs:ignore -- safe query.
-		$wpdb->query( $wpdb->prepare( 'UPDATE ' . $table_prefix . 'options SET option_value = %s WHERE option_name = "home"', $home ) );
+		$wpdb->query( $wpdb->prepare( 'UPDATE ' . $table_prefix . 'options SET option_value = %s WHERE option_name = "home"', $home ) ); //phpcs:ignore -- safe query.
 		$this->icit_srdb_replacer( $wpdb->dbh, $this->config['home'], $home, $tables );
 		$this->icit_srdb_replacer( $wpdb->dbh, $this->config['siteurl'], $site_url, $tables );
--- a/class/class-mainwp-helper.php
+++ b/class/class-mainwp-helper.php
@ -315,16 +315,11 @@ class MainWP_Helper {
 	}
 	public static function get_maybe_existed_attached_id( $filename, $full_guid = true ) {
-		global $wpdb;
+		global $wpdb;		
 		if ( $full_guid ) {
-			$sql = $wpdb->prepare(
+			return $wpdb->get_results( $wpdb->prepare( "SELECT ID,guid FROM $wpdb->posts WHERE post_type = 'attachment' AND guid = %s", $filename ) );
-				"SELECT ID,guid FROM $wpdb->posts WHERE post_type = 'attachment' AND guid = %s",
+		} 				
-				$filename
+		return $wpdb->get_results( $wpdb->prepare( "SELECT ID,guid FROM $wpdb->posts WHERE post_type = 'attachment' AND guid LIKE '%/%s'", $filename ) );
 			);
 		} else {
 			$sql = "SELECT ID,guid FROM $wpdb->posts WHERE post_type = 'attachment' AND guid LIKE '%/" . $filename . "'";
 		}
 		return $wpdb->get_results( $sql );
 	}
 	public static function upload_file( $file_url, $path, $file_name ) {