Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Use placeholders and comments

Browse Source 
[MAILPOET-6150]
This commit is contained in:
Jan Lysý
2024-08-21 19:02:58 +02:00
committed by Ján Mikláš
parent 952bc28fda
commit b1248cca0d
5 changed files with 48 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
mailpoet/lib/AdminPages/Pages/DynamicSegments.php
View File

@@ -227,15 +227,14 @@ class DynamicSegments {
} }
global $wpdb; global $wpdb;
$query = " $results = $wpdb->get_results($wpdb->prepare("
SELECT DISTINCT pm.meta_key, pm.meta_value SELECT DISTINCT pm.meta_key, pm.meta_value
FROM {$wpdb->postmeta} pm FROM %i pm
INNER JOIN {$wpdb->posts} p ON pm.post_id = p.ID INNER JOIN %i p ON pm.post_id = p.ID
WHERE pm.meta_key LIKE 'attribute_%' WHERE pm.meta_key LIKE %s
AND p.post_type = 'product_variation' AND p.post_type = 'product_variation'
GROUP BY pm.meta_key, pm.meta_value"; GROUP BY pm.meta_key, pm.meta_value
", $wpdb->postmeta, $wpdb->posts, 'attribute_%'), ARRAY_A);
$results = $wpdb->get_results($query, ARRAY_A);
foreach ($results as $result) { foreach ($results as $result) {
$attribute = substr($result['meta_key'], 10); $attribute = substr($result['meta_key'], 10);

58
mailpoet/lib/Config/Populator.php
View File

@@ -566,16 +566,22 @@ class Populator {
private function rowExists(string $tableName, array $columns): bool { private function rowExists(string $tableName, array $columns): bool {
global $wpdb; global $wpdb;
$conditions = array_map(function($key, $value) { $placeholders = [];
return esc_sql($key) . "='" . esc_sql($value) . "'"; $values = [$tableName]; // Start with the table name as the first value for %i
}, array_keys($columns), $columns);
$table = esc_sql($tableName); foreach ($columns as $key => $value) {
// $conditions is escaped $placeholders[] = "%i = %s"; // Use %i for the column name and %s for the value
// phpcs:ignore WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter $values[] = $key;
return $wpdb->get_var( $values[] = $value;
"SELECT COUNT(*) FROM $table WHERE " . implode(' AND ', $conditions) }
) > 0;
$whereClause = implode(' AND ', $placeholders);
return $wpdb->get_var($wpdb->prepare(
"SELECT COUNT(*) FROM %i WHERE $whereClause", // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- All values are prepared with placeholders
...$values
)) > 0;
} }
private function insertRow($table, $row) { private function insertRow($table, $row) {
@@ -603,35 +609,33 @@ class Populator {
$conditions = ['1=1']; $conditions = ['1=1'];
$values = []; $values = [];
foreach ($where as $field => $value) { foreach ($where as $field => $value) {
$conditions[] = "`t1`.`" . esc_sql($field) . "` = `t2`.`" . esc_sql($field) . "`"; $conditions[] = "`t1`.%i = `t2`.%i";
$conditions[] = "`t1`.`" . esc_sql($field) . "` = %s"; $conditions[] = "`t1`.%i = %s";
$values[] = $field;
$values[] = $field;
$values[] = $field;
$values[] = $value; $values[] = $value;
} }
$conditions = implode(' AND ', $conditions);
$table = esc_sql($table);
// SQLite doesn't support JOIN in DELETE queries, we need to use a subquery. // SQLite doesn't support JOIN in DELETE queries, we need to use a subquery.
if (Connection::isSQLite()) { if (Connection::isSQLite()) {
$sql = "
DELETE FROM %i WHERE id IN (
SELECT t1.id
FROM %i t1
JOIN %i t2 ON t1.id < t2.id AND " . implode(' AND ', $conditions) . "
)";
return $wpdb->query( return $wpdb->query(
$wpdb->prepare( $wpdb->prepare(
"DELETE FROM $table WHERE id IN ( $sql, // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- All values are prepared with placeholders in a variable
SELECT t1.id array_merge([$table, $table, $table], $values)
FROM $table t1
JOIN $table t2 ON t1.id < t2.id AND $conditions
)",
$values
) )
); );
} }
return $wpdb->query( $sql = "DELETE t1 FROM %i t1, %i t2 WHERE t1.id < t2.id AND " . implode(' AND ', $conditions);
$wpdb->prepare( // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- All values are prepared with placeholders in a variable
"DELETE t1 FROM $table t1, $table t2 WHERE t1.id < t2.id AND $conditions", return $wpdb->query($wpdb->prepare($sql, array_merge([$table, $table], $values)));
$values
)
);
} }
private function createSourceForSubscribers() { private function createSourceForSubscribers() {

16
mailpoet/lib/Segments/WooCommerce.php
View File

@@ -223,14 +223,16 @@ class WooCommerce {
return; return;
} }
global $wpdb; global $wpdb;
$subscribersTableName = esc_sql($this->subscribersRepository->getTableName());
$mailpoetEmailColumn = $wpdb->get_row( $mailpoetEmailColumn = $wpdb->get_row($wpdb->prepare(
"SHOW FULL COLUMNS FROM " . $subscribersTableName . " WHERE Field = 'email'" "SHOW FULL COLUMNS FROM %i WHERE Field = 'email'",
); $this->subscribersRepository->getTableName()
));
$this->mailpoetEmailCollation = $mailpoetEmailColumn->Collation; // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps $this->mailpoetEmailCollation = $mailpoetEmailColumn->Collation; // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
$wpPostmetaValueColumn = $wpdb->get_row( $wpPostmetaValueColumn = $wpdb->get_row($wpdb->prepare(
"SHOW FULL COLUMNS FROM " . $wpdb->postmeta . " WHERE Field = 'meta_value'" "SHOW FULL COLUMNS FROM %i WHERE Field = 'meta_value'",
); $wpdb->postmeta
));
$this->wpPostmetaValueCollation = $wpPostmetaValueColumn->Collation; // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps $this->wpPostmetaValueCollation = $wpPostmetaValueColumn->Collation; // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
} }

15
mailpoet/tasks/phpstan/phpstan-7-baseline.neon
View File

@@ -136,21 +136,6 @@ parameters:
count: 1 count: 1
path: ../../lib/Config/Populator.php path: ../../lib/Config/Populator.php
-
message: "#^Binary operation \"\\.\" between non-falsy-string and array\\|string results in an error\\.$#"
count: 2
path: ../../lib/Config/Populator.php
-
message: "#^Binary operation \"\\.\" between '`t1`\\.`' and array\\|string results in an error\\.$#"
count: 2
path: ../../lib/Config/Populator.php
-
message: "#^Part \\$table \\(array\\|string\\) of encapsed string cannot be cast to string\\.$#"
count: 5
path: ../../lib/Config/Populator.php
- -
message: "#^Parameter \\#2 \\$args of method MailPoet\\\\WP\\\\Functions\\:\\:wpRemotePost\\(\\) expects array, mixed given\\.$#" message: "#^Parameter \\#2 \\$args of method MailPoet\\\\WP\\\\Functions\\:\\:wpRemotePost\\(\\) expects array, mixed given\\.$#"
count: 1 count: 1

15
mailpoet/tasks/phpstan/phpstan-8-baseline.neon
View File

@@ -136,21 +136,6 @@ parameters:
count: 1 count: 1
path: ../../lib/Config/Populator.php path: ../../lib/Config/Populator.php
-
message: "#^Binary operation \"\\.\" between non-falsy-string and array\\|string results in an error\\.$#"
count: 2
path: ../../lib/Config/Populator.php
-
message: "#^Binary operation \"\\.\" between '`t1`\\.`' and array\\|string results in an error\\.$#"
count: 2
path: ../../lib/Config/Populator.php
-
message: "#^Part \\$table \\(array\\|string\\) of encapsed string cannot be cast to string\\.$#"
count: 5
path: ../../lib/Config/Populator.php
- -
message: "#^Parameter \\#2 \\$args of method MailPoet\\\\WP\\\\Functions\\:\\:wpRemotePost\\(\\) expects array, mixed given\\.$#" message: "#^Parameter \\#2 \\$args of method MailPoet\\\\WP\\\\Functions\\:\\:wpRemotePost\\(\\) expects array, mixed given\\.$#"
count: 1 count: 1