IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
|
|
|
|
| 429 | 429 | // Fetch full comment objects from the primed cache. |
| 430 | 430 | $_comments = array(); |
| 431 | 431 | foreach ( $comment_ids as $comment_id ) { |
| 432 | | if ( $_comment = get_comment( $comment_id ) ) { |
| | 432 | $_comment = get_comment( $comment_id ); |
| | 433 | if ( ! empty( $_comment ) ) { |
| 433 | 434 | $_comments[] = $_comment; |
| 434 | 435 | } |
| 435 | 436 | } |
| … |
… |
|
| 524 | 525 | $include_unapproved = preg_split( '/[\s,]+/', $include_unapproved ); |
| 525 | 526 | } |
| 526 | 527 | |
| 527 | | $unapproved_ids = $unapproved_emails = array(); |
| 528 | 528 | foreach ( $include_unapproved as $unapproved_identifier ) { |
| 529 | 529 | // Numeric values are assumed to be user ids. |
| 530 | 530 | if ( is_numeric( $unapproved_identifier ) ) { |
| … |
… |
|
| 557 | 557 | preg_split( '/[,\s]/', $this->query_vars['orderby'] ); |
| 558 | 558 | |
| 559 | 559 | $orderby_array = array(); |
| 560 | | $found_orderby_comment_ID = false; |
| | 560 | $found_orderby_comment_id = false; |
| 561 | 561 | foreach ( $ordersby as $_key => $_value ) { |
| 562 | 562 | if ( ! $_value ) { |
| 563 | 563 | continue; |
| … |
… |
|
| 571 | 571 | $_order = $_value; |
| 572 | 572 | } |
| 573 | 573 | |
| 574 | | if ( ! $found_orderby_comment_ID && in_array( $_orderby, array( 'comment_ID', 'comment__in' ) ) ) { |
| 575 | | $found_orderby_comment_ID = true; |
| | 574 | if ( ! $found_orderby_comment_id && in_array( $_orderby, array( 'comment_ID', 'comment__in' ) ) ) { |
| | 575 | $found_orderby_comment_id = true; |
| 576 | 576 | } |
| 577 | 577 | |
| 578 | 578 | $parsed = $this->parse_orderby( $_orderby ); |
| … |
… |
|
| 595 | 595 | } |
| 596 | 596 | |
| 597 | 597 | // To ensure determinate sorting, always include a comment_ID clause. |
| 598 | | if ( ! $found_orderby_comment_ID ) { |
| 599 | | $comment_ID_order = ''; |
| | 598 | if ( ! $found_orderby_comment_id ) { |
| | 599 | $comment_id_order = ''; |
| 600 | 600 | |
| 601 | 601 | // Inherit order from comment_date or comment_date_gmt, if available. |
| 602 | 602 | foreach ( $orderby_array as $orderby_clause ) { |
| 603 | 603 | if ( preg_match( '/comment_date(?:_gmt)*\ (ASC|DESC)/', $orderby_clause, $match ) ) { |
| 604 | | $comment_ID_order = $match[1]; |
| | 604 | $comment_id_order = $match[1]; |
| 605 | 605 | break; |
| 606 | 606 | } |
| 607 | 607 | } |
| 608 | 608 | |
| 609 | 609 | // If no date-related order is available, use the date from the first available clause. |
| 610 | | if ( ! $comment_ID_order ) { |
| | 610 | if ( ! $comment_id_order ) { |
| 611 | 611 | foreach ( $orderby_array as $orderby_clause ) { |
| 612 | 612 | if ( false !== strpos( 'ASC', $orderby_clause ) ) { |
| 613 | | $comment_ID_order = 'ASC'; |
| | 613 | $comment_id_order = 'ASC'; |
| 614 | 614 | } else { |
| 615 | | $comment_ID_order = 'DESC'; |
| | 615 | $comment_id_order = 'DESC'; |
| 616 | 616 | } |
| 617 | 617 | |
| 618 | 618 | break; |
| … |
… |
|
| 620 | 620 | } |
| 621 | 621 | |
| 622 | 622 | // Default to DESC. |
| 623 | | if ( ! $comment_ID_order ) { |
| 624 | | $comment_ID_order = 'DESC'; |
| | 623 | if ( ! $comment_id_order ) { |
| | 624 | $comment_id_order = 'DESC'; |
| 625 | 625 | } |
| 626 | 626 | |
| 627 | | $orderby_array[] = "$wpdb->comments.comment_ID $comment_ID_order"; |
| | 627 | $orderby_array[] = "$wpdb->comments.comment_ID $comment_id_order"; |
| 628 | 628 | } |
| 629 | 629 | |
| 630 | 630 | $orderby = implode( ', ', $orderby_array ); |
| … |
… |
|
| 657 | 657 | |
| 658 | 658 | // Parse comment IDs for an IN clause. |
| 659 | 659 | if ( ! empty( $this->query_vars['comment__in'] ) ) { |
| | 660 | // @todo Use wpdb->prepare on this statement. |
| 660 | 661 | $this->sql_clauses['where']['comment__in'] = "$wpdb->comments.comment_ID IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['comment__in'] ) ) . ' )'; |
| 661 | 662 | } |
| 662 | 663 | |
| 663 | 664 | // Parse comment IDs for a NOT IN clause. |
| 664 | 665 | if ( ! empty( $this->query_vars['comment__not_in'] ) ) { |
| | 666 | // @todo Use wpdb->prepare on this statement. |
| 665 | 667 | $this->sql_clauses['where']['comment__not_in'] = "$wpdb->comments.comment_ID NOT IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['comment__not_in'] ) ) . ' )'; |
| 666 | 668 | } |
| 667 | 669 | |
| 668 | 670 | // Parse comment parent IDs for an IN clause. |
| 669 | 671 | if ( ! empty( $this->query_vars['parent__in'] ) ) { |
| | 672 | // @todo Use wpdb->prepare on this statement. |
| 670 | 673 | $this->sql_clauses['where']['parent__in'] = 'comment_parent IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['parent__in'] ) ) . ' )'; |
| 671 | 674 | } |
| 672 | 675 | |
| 673 | 676 | // Parse comment parent IDs for a NOT IN clause. |
| 674 | 677 | if ( ! empty( $this->query_vars['parent__not_in'] ) ) { |
| | 678 | // @todo Use wpdb->prepare on this statement. |
| 675 | 679 | $this->sql_clauses['where']['parent__not_in'] = 'comment_parent NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['parent__not_in'] ) ) . ' )'; |
| 676 | 680 | } |
| 677 | 681 | |
| 678 | 682 | // Parse comment post IDs for an IN clause. |
| 679 | 683 | if ( ! empty( $this->query_vars['post__in'] ) ) { |
| | 684 | // @todo Use wpdb->prepare on this statement. |
| 680 | 685 | $this->sql_clauses['where']['post__in'] = 'comment_post_ID IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post__in'] ) ) . ' )'; |
| 681 | 686 | } |
| 682 | 687 | |
| 683 | 688 | // Parse comment post IDs for a NOT IN clause. |
| 684 | 689 | if ( ! empty( $this->query_vars['post__not_in'] ) ) { |
| | 690 | // @todo Use wpdb->prepare on this statement. |
| 685 | 691 | $this->sql_clauses['where']['post__not_in'] = 'comment_post_ID NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post__not_in'] ) ) . ' )'; |
| 686 | 692 | } |
| 687 | 693 | |
| … |
… |
|
| 732 | 738 | |
| 733 | 739 | if ( ! empty( $comment_types[ $operator ] ) ) { |
| 734 | 740 | $types_sql = implode( ', ', $comment_types[ $operator ] ); |
| | 741 | // @todo Use wpdb->prepare on this statement. |
| 735 | 742 | $this->sql_clauses['where'][ 'comment_type__' . strtolower( str_replace( ' ', '_', $operator ) ) ] = "comment_type $operator ($types_sql)"; |
| 736 | 743 | } |
| 737 | 744 | } |
| … |
… |
|
| 771 | 778 | $join_posts_table = true; |
| 772 | 779 | foreach ( $post_fields as $field_name => $field_value ) { |
| 773 | 780 | // $field_value may be an array. |
| 774 | | $esses = array_fill( 0, count( (array) $field_value ), '%s' ); |
| 775 | | $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $field_value ); |
| | 781 | $esses = implode( ', ', array_fill( 0, count( (array) $field_value ), '%s' ) ); |
| | 782 | $field_name_where = sprintf( " {$wpdb->posts}.{$field_name} IN ( %s )", $esses ); |
| | 783 | |
| | 784 | $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( |
| | 785 | $field_name_where, // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared |
| | 786 | $field_value |
| | 787 | ); |
| 776 | 788 | } |
| 777 | 789 | } |
| 778 | 790 | |
| … |
… |
|
| 792 | 804 | |
| 793 | 805 | $join_posts_table = true; |
| 794 | 806 | |
| 795 | | $esses = array_fill( 0, count( $q_values ), '%s' ); |
| 796 | | $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $q_values ); |
| | 807 | $esses = implode( ', ', array_fill( 0, count( $q_values ), '%s' ) ); |
| | 808 | $field_name_where = sprintf( " {$wpdb->posts}.{$field_name} IN ( %s )", $esses ); |
| | 809 | |
| | 810 | $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( |
| | 811 | $field_name_where, // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared |
| | 812 | $q_values |
| | 813 | ); |
| 797 | 814 | } |
| 798 | 815 | } |
| 799 | 816 | |
| 800 | 817 | // Comment author IDs for an IN clause. |
| 801 | 818 | if ( ! empty( $this->query_vars['author__in'] ) ) { |
| | 819 | // @todo Use wpdb->prepare on this statement. |
| 802 | 820 | $this->sql_clauses['where']['author__in'] = 'user_id IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__in'] ) ) . ' )'; |
| 803 | 821 | } |
| 804 | 822 | |
| 805 | 823 | // Comment author IDs for a NOT IN clause. |
| 806 | 824 | if ( ! empty( $this->query_vars['author__not_in'] ) ) { |
| | 825 | // @todo Use wpdb->prepare on this statement. |
| 807 | 826 | $this->sql_clauses['where']['author__not_in'] = 'user_id NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__not_in'] ) ) . ' )'; |
| 808 | 827 | } |
| 809 | 828 | |
| 810 | 829 | // Post author IDs for an IN clause. |
| 811 | 830 | if ( ! empty( $this->query_vars['post_author__in'] ) ) { |
| 812 | | $join_posts_table = true; |
| | 831 | $join_posts_table = true; |
| | 832 | // @todo Use wpdb->prepare on this statement. |
| 813 | 833 | $this->sql_clauses['where']['post_author__in'] = 'post_author IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__in'] ) ) . ' )'; |
| 814 | 834 | } |
| 815 | 835 | |
| 816 | 836 | // Post author IDs for a NOT IN clause. |
| 817 | 837 | if ( ! empty( $this->query_vars['post_author__not_in'] ) ) { |
| 818 | | $join_posts_table = true; |
| | 838 | $join_posts_table = true; |
| | 839 | // @todo Use wpdb->prepare on this statement. |
| 819 | 840 | $this->sql_clauses['where']['post_author__not_in'] = 'post_author NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__not_in'] ) ) . ' )'; |
| 820 | 841 | } |
| 821 | 842 | |
| … |
… |
|
| 888 | 909 | |
| 889 | 910 | $this->request = "{$this->sql_clauses['select']} {$this->sql_clauses['from']} {$where} {$this->sql_clauses['groupby']} {$this->sql_clauses['orderby']} {$this->sql_clauses['limits']}"; |
| 890 | 911 | |
| | 912 | /* |
| | 913 | * The following ignores (WordPress.WP.PreparedSQL.NotPrepared) have been added because the query used is |
| | 914 | * build up right above. There is no possibility it can be changed from the outside (even though it is a |
| | 915 | * public class variable). |
| | 916 | * |
| | 917 | * It cannot be prepared at this location, the separate parts should be |
| | 918 | * prepared instead. |
| | 919 | */ |
| 891 | 920 | if ( $this->query_vars['count'] ) { |
| 892 | | return intval( $wpdb->get_var( $this->request ) ); |
| 893 | | } else { |
| 894 | | $comment_ids = $wpdb->get_col( $this->request ); |
| 895 | | return array_map( 'intval', $comment_ids ); |
| 896 | | } |
| | 921 | return intval( $wpdb->get_var( $this->request ) ); // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared |
| | 922 | } |
| | 923 | |
| | 924 | $comment_ids = $wpdb->get_col( $this->request ); // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared |
| | 925 | return array_map( 'intval', $comment_ids ); |
| 897 | 926 | } |
| 898 | 927 | |
| 899 | 928 | /** |
| … |
… |
|
| 913 | 942 | * |
| 914 | 943 | * @since 4.4.0 |
| 915 | 944 | * |
| 916 | | * @param string $found_comments_query SQL query. Default 'SELECT FOUND_ROWS()' |
| | 945 | * @param string $found_comments_query SQL query. Default 'SELECT FOUND_ROWS()', should use wpdb->prepare. |
| 917 | 946 | * @param WP_Comment_Query $comment_query The `WP_Comment_Query` instance. |
| 918 | 947 | */ |
| 919 | 948 | $found_comments_query = apply_filters( 'found_comments_query', 'SELECT FOUND_ROWS()', $this ); |
| 920 | 949 | |
| 921 | | $this->found_comments = (int) $wpdb->get_var( $found_comments_query ); |
| | 950 | $this->found_comments = (int) $wpdb->get_var( $found_comments_query ); // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared |
| 922 | 951 | } |
| 923 | 952 | } |
| 924 | 953 | |
| … |
… |
|
| 950 | 979 | $exclude_keys = array( 'parent', 'parent__in', 'parent__not_in' ); |
| 951 | 980 | do { |
| 952 | 981 | // Parent-child relationships may be cached. Only query for those that are not. |
| 953 | | $child_ids = $uncached_parent_ids = array(); |
| | 982 | $child_ids = array(); |
| | 983 | $uncached_parent_ids = array(); |
| | 984 | |
| 954 | 985 | $_parent_ids = $levels[ $level ]; |
| 955 | 986 | foreach ( $_parent_ids as $parent_id ) { |
| 956 | 987 | $cache_key = "get_comment_child_ids:$parent_id:$key:$last_changed"; |
| … |
… |
|
| 995 | 1026 | |
| 996 | 1027 | // Prime comment caches for non-top-level comments. |
| 997 | 1028 | $descendant_ids = array(); |
| 998 | | for ( $i = 1, $c = count( $levels ); $i < $c; $i++ ) { |
| | 1029 | $c = count( $levels ); |
| | 1030 | for ( $i = 1; $i < $c; $i ++ ) { |
| 999 | 1031 | $descendant_ids = array_merge( $descendant_ids, $levels[ $i ] ); |
| 1000 | 1032 | } |
| 1001 | 1033 | |
| … |
… |
|
| 1009 | 1041 | |
| 1010 | 1042 | // If a threaded representation was requested, build the tree. |
| 1011 | 1043 | if ( 'threaded' === $this->query_vars['hierarchical'] ) { |
| 1012 | | $threaded_comments = $ref = array(); |
| | 1044 | $threaded_comments = array(); |
| | 1045 | $ref = array(); |
| | 1046 | |
| 1013 | 1047 | foreach ( $all_comments as $k => $c ) { |
| 1014 | 1048 | $_c = get_comment( $c->comment_ID ); |
| 1015 | 1049 | |
| … |
… |
|
| 1046 | 1080 | * |
| 1047 | 1081 | * @global wpdb $wpdb WordPress database abstraction object. |
| 1048 | 1082 | * |
| 1049 | | * @param string $string |
| 1050 | | * @param array $cols |
| 1051 | | * @return string |
| | 1083 | * @param string $string Search string. |
| | 1084 | * @param array $cols List of columns to search in. |
| | 1085 | * @return string Prepared database query. |
| 1052 | 1086 | */ |
| 1053 | 1087 | protected function get_search_sql( $string, $cols ) { |
| 1054 | 1088 | global $wpdb; |
| … |
… |
|
| 1057 | 1091 | |
| 1058 | 1092 | $searches = array(); |
| 1059 | 1093 | foreach ( $cols as $col ) { |
| 1060 | | $searches[] = $wpdb->prepare( "$col LIKE %s", $like ); |
| | 1094 | /* |
| | 1095 | * The following ignore (WordPress.WP.PreparedSQL.NotPrepared) has been added because |
| | 1096 | * rewriting this code to have a more dynamic build-up of the query would make it |
| | 1097 | * less readable/usable. |
| | 1098 | */ |
| | 1099 | $searches[] = $wpdb->prepare( "$col LIKE %s", $like ); // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared |
| 1061 | 1100 | } |
| 1062 | 1101 | |
| 1063 | 1102 | return ' AND (' . implode( ' OR ', $searches ) . ')'; |
| … |
… |
|
| 1106 | 1145 | } |
| 1107 | 1146 | |
| 1108 | 1147 | $parsed = false; |
| 1109 | | if ( $orderby == $this->query_vars['meta_key'] || $orderby == 'meta_value' ) { |
| | 1148 | if ( $orderby === $this->query_vars['meta_key'] || 'meta_value' === $orderby ) { |
| 1110 | 1149 | $parsed = "$wpdb->commentmeta.meta_value"; |
| 1111 | | } elseif ( $orderby == 'meta_value_num' ) { |
| | 1150 | } elseif ( 'meta_value_num' === $orderby ) { |
| 1112 | 1151 | $parsed = "$wpdb->commentmeta.meta_value+0"; |
| 1113 | | } elseif ( $orderby == 'comment__in' ) { |
| | 1152 | } elseif ( 'comment__in' === $orderby ) { |
| 1114 | 1153 | $comment__in = implode( ',', array_map( 'absint', $this->query_vars['comment__in'] ) ); |
| 1115 | 1154 | $parsed = "FIELD( {$wpdb->comments}.comment_ID, $comment__in )"; |
| 1116 | 1155 | } elseif ( in_array( $orderby, $allowed_keys ) ) { |