From df366ab0fa0a251050b1f307476c1f9b85d91716 Mon Sep 17 00:00:00 2001 From: KMchaudhary Date: Fri, 3 Oct 2025 12:47:27 +0530 Subject: [PATCH 01/11] Remove handle_rest_pre_dispatch function call if godam plugin is active --- app/main/controllers/api/RTMediaJsonApi.php | 39 --------------------- 1 file changed, 39 deletions(-) diff --git a/app/main/controllers/api/RTMediaJsonApi.php b/app/main/controllers/api/RTMediaJsonApi.php index a5d402de9..f95984678 100644 --- a/app/main/controllers/api/RTMediaJsonApi.php +++ b/app/main/controllers/api/RTMediaJsonApi.php @@ -161,10 +161,6 @@ public function __construct() { add_action( 'wp_ajax_nopriv_rtmedia_api', array( $this, 'rtmedia_api_process_request' ) ); add_action( 'wp_ajax_rtmedia_api', array( $this, 'rtmedia_api_process_request' ) ); - - if ( defined( 'RTMEDIA_GODAM_ACTIVE' ) && RTMEDIA_GODAM_ACTIVE ) { - add_action( 'rest_api_init', [ $this, 'register_rest_pre_dispatch_filter' ] ); - } } /** @@ -1473,39 +1469,4 @@ public function api_new_media_upload_dir( $args ) { return $args; } } - - /** - * Registers the rest_pre_dispatch filter during rest_api_init. - */ - public function register_rest_pre_dispatch_filter() { - add_filter( 'rest_pre_dispatch', [ $this, 'handle_rest_pre_dispatch' ], 10, 3 ); - } - - /** - * Callback for rest_pre_dispatch filter. - * - * @param mixed $result Result to return instead of the request. Default null to continue with request. - * @param WP_REST_Server $server Server instance. - * @param WP_REST_Request $request Request object. - * - * @return mixed Modified result or original $result. - */ - public function handle_rest_pre_dispatch( $result, $server, $request ) { - $route = $request->get_route(); - $method = $request->get_method(); - - if ( 'GET' === $method && preg_match( '#^/wp/v2/media/(\d+)$#', $route, $matches ) ) { - $media_id = (int) $matches[1]; - $post = get_post( $media_id ); - - if ( $post && 'attachment' === $post->post_type ) { - $controller = new WP_REST_Attachments_Controller( 'attachment' ); - $response = $controller->prepare_item_for_response( $post, $request ); - - return rest_ensure_response( $response ); - } - } - - return $result; - } } From 0fbf1a56da49e5086534563a6c6fa4afd6cf2722 Mon Sep 17 00:00:00 2001 From: rohitmathur-7 Date: Mon, 6 Oct 2025 19:06:26 +0530 Subject: [PATCH 02/11] Conditionally allow file extensions when uploading through gallery --- .../shortcodes/RTMediaGalleryShortcode.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php b/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php index fe3e94877..af025c474 100755 --- a/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php +++ b/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php @@ -99,6 +99,19 @@ public static function register_scripts() { $request_uri = rtm_get_server_var( 'REQUEST_URI', 'FILTER_SANITIZE_URL' ); $url = rtmedia_get_upload_url( $request_uri ); + // Get all allowed media types from rtMedia. + $allowed_types = rtmedia_get_allowed_types(); + $allowed_extensions = get_rtmedia_allowed_upload_type(); // Default fallback. + + // Dynamically detect current media type based on the request URI. + if ( false !== strpos( $request_uri, '/photo/' ) && ! empty( $allowed_types['photo']['extn'] ) ) { + $allowed_extensions = implode( ',', $allowed_types['photo']['extn'] ); + } elseif ( false !== strpos( $request_uri, '/video/' ) && ! empty( $allowed_types['video']['extn'] ) ) { + $allowed_extensions = implode( ',', $allowed_types['video']['extn'] ); + } elseif ( false !== strpos( $request_uri, '/music/' ) && ! empty( $allowed_types['music']['extn'] ) ) { + $allowed_extensions = implode( ',', $allowed_types['music']['extn'] ); + } + $upload_max_size = ( wp_max_upload_size() ) / ( 1024 * 1024 ) . 'M'; $params = array( 'url' => $url, @@ -111,7 +124,7 @@ public static function register_scripts() { array( array( 'title' => esc_html__( 'Media Files', 'buddypress-media' ), - 'extensions' => get_rtmedia_allowed_upload_type(), + 'extensions' => $allowed_extensions, ), ) ), From 89327c392bd2aedaad8ae28ab9591e34728b9250 Mon Sep 17 00:00:00 2001 From: rohitmathur-7 Date: Tue, 7 Oct 2025 12:08:01 +0530 Subject: [PATCH 03/11] Add extensions for document --- app/main/controllers/shortcodes/RTMediaGalleryShortcode.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php b/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php index af025c474..beeae8607 100755 --- a/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php +++ b/app/main/controllers/shortcodes/RTMediaGalleryShortcode.php @@ -110,6 +110,8 @@ public static function register_scripts() { $allowed_extensions = implode( ',', $allowed_types['video']['extn'] ); } elseif ( false !== strpos( $request_uri, '/music/' ) && ! empty( $allowed_types['music']['extn'] ) ) { $allowed_extensions = implode( ',', $allowed_types['music']['extn'] ); + } elseif ( false !== strpos( $request_uri, '/document/' ) && ! empty( $allowed_types['document']['extn'] ) ) { + $allowed_extensions = implode( ',', $allowed_types['document']['extn'] ); } $upload_max_size = ( wp_max_upload_size() ) / ( 1024 * 1024 ) . 'M'; From ad0d17c57e89185c0a2f385c79d5f01004e2fc8c Mon Sep 17 00:00:00 2001 From: opurockey Date: Wed, 8 Oct 2025 11:29:37 +0600 Subject: [PATCH 04/11] Fixed typo on readme.txt --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index 4b3f5eb73..d9c1e94a0 100644 --- a/readme.txt +++ b/readme.txt @@ -88,7 +88,7 @@ rtMedia has a premium solution to take care of audio/video conversion. = Important Links = -* [Project Homepage](https://rtmedio.io/?utm_source=readme&utm_medium=plugin&utm_campaign=buddypress-media "Visit rtMedia's Project Homepage") +* [Project Homepage](https://rtmedia.io/?utm_source=readme&utm_medium=plugin&utm_campaign=buddypress-media "Visit rtMedia's Project Homepage") * [Roadmap](https://rtmedia.io/roadmap/?utm_source=readme&utm_medium=plugin&utm_campaign=buddypress-media "Visit rtMedia's Roadmap page") * [Documentation](https://rtmedia.io/docs/?utm_source=readme&utm_medium=plugin&utm_campaign=buddypress-media "Visit rtMedia's Documentation page") * [FAQ](https://rtmedia.io/faq/?utm_source=readme&utm_medium=plugin&utm_campaign=buddypress-media "Visit rtMedia's FAQ page") From 72e7e89e3d2f2ea39e1802230ed3c54773ecf799 Mon Sep 17 00:00:00 2001 From: KMchaudhary Date: Wed, 8 Oct 2025 15:46:03 +0530 Subject: [PATCH 05/11] Add PHPCS on PULL request workflow --- .github/workflows/phpcs_on_pull_request.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/phpcs_on_pull_request.yml diff --git a/.github/workflows/phpcs_on_pull_request.yml b/.github/workflows/phpcs_on_pull_request.yml new file mode 100644 index 000000000..1cc01b2a0 --- /dev/null +++ b/.github/workflows/phpcs_on_pull_request.yml @@ -0,0 +1,18 @@ +on: pull_request +name: Inspections +jobs: + runPHPCSInspection: + name: Run PHPCS inspection + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Run PHPCS inspection + uses: rtCamp/action-phpcs-code-review@master + env: + SKIP_FOLDERS: "tests,.github,lib,node_modules,vendor" + GH_BOT_TOKEN: ${{ secrets.RTBOT_TOKEN }} + PHPCS_SNIFFS_EXCLUDE: "WordPress.Files.FileName" + with: + args: WordPress,WordPress-Core,WordPress-Docs \ No newline at end of file From d867642972998f314ecea4f7e7b28979d221dd95 Mon Sep 17 00:00:00 2001 From: rohitmathur-7 Date: Fri, 17 Oct 2025 14:27:44 +0530 Subject: [PATCH 06/11] Add new file extensions --- app/main/RTMedia.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/main/RTMedia.php b/app/main/RTMedia.php index 8a16b3e59..d4e33fd06 100755 --- a/app/main/RTMedia.php +++ b/app/main/RTMedia.php @@ -564,7 +564,7 @@ public function set_allowed_types() { 'plural' => 'videos', 'label' => esc_html__( 'Video', 'buddypress-media' ), 'plural_label' => esc_html__( 'Videos', 'buddypress-media' ), - 'extn' => array( 'mp4' ), + 'extn' => array( 'mp4', 'mov', 'mpg', 'flv', 'wmv', 'mkv', 'webm', 'ogv', 'mxf', 'asf', 'vob', 'mts', 'qt', 'mpeg' ), 'thumbnail' => RTMEDIA_URL . 'app/assets/admin/img/video_thumb.png', 'settings_visibility' => true, ), @@ -573,7 +573,7 @@ public function set_allowed_types() { 'plural' => 'music', 'label' => esc_html__( 'Music', 'buddypress-media' ), 'plural_label' => esc_html__( 'Music', 'buddypress-media' ), - 'extn' => array( 'mp3' ), + 'extn' => array( 'mp3', 'wma', 'ogg', 'wav', 'm4a' ), 'thumbnail' => RTMEDIA_URL . 'app/assets/admin/img/audio_thumb.png', 'settings_visibility' => true, ), From ab382f37175b6d083c7d7309b9c2b64c9660d376 Mon Sep 17 00:00:00 2001 From: Kuldip Chaudhary <64731232+KMchaudhary@users.noreply.github.com> Date: Thu, 23 Oct 2025 12:25:10 +0530 Subject: [PATCH 07/11] Fix/plugin check security (#2183) * Address the Direct database call queries, and no-caching security issues app/importers/* ignore the phpcs errors, as app/importers directory contains data migration and import utilities which require direct DB calls and caching of queries should not be there for such operations * Fix phpcs indentation fixes * Fix the WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQL.NotPrepared PHPCS erros * Fix the WordPress.Security.ValidatedSanitizedInput.InputNotValidated issue on RTMediaMigration.php file * Fix mission validation, sanitization issues, and few nonce verification issues * fix: add proper ignore comments for nonce verification * Fixed Filesystem errors in rtUploadAttachment * Fixed filesystem errors in RTMediaSupport * Fixed filesystem errors in BPMediaImporter * fix: missing nonce handle * fix: update the nonce comment to explain more elaborately * feat: add nonce for todos * fix: repeated phpcs:ignore * Resolve the all posible inline script related issues * Add missing changes for godam notice dismisal * Replace inline script form upload-file-types notices template * Made filechanges fixes for RTMediaAdmin.php * Made filechanges fixes for RTMediaSupport.php * Made filechanges fixes for RTDBUpdate.php * Made filechanges fixes for BPMediaImporter.php * Made filechanges fixes for RTMediaMigration.php * Made filechanges fixes for RTMediaMedia.php * Made filechanges fixes for RTMediaUploadFile.php * Move rtmedia-migration page inline script into migration.js * Add localize variables with rtmedia-main.js for rtmedia-actions.php file * Remove console logs * fix: nonce action for convert_videos_mailchimp_send ajax call * feat: hide global album function nonce error * Code refactoring and add fix nonce input element selector * Remove begug comments * feat: update nonce comment for global album * Revert "Fix Nonce Verification flags in the Codebase" * Revert "Revert "Fix Nonce Verification flags in the Codebase"" * Add comments for unchanged - - - - get_results( $wpdb->prepare( "select media_type, count(id) as count from {$rtmedia_model->table_name} where blog_id=%d group by media_type", get_current_blog_id() ) ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query required; safe because table name is trusted. + $results = $wpdb->get_results( $wpdb->prepare( "SELECT media_type, count(id) as count FROM {$rtmedia_model->table_name} WHERE blog_id=%d GROUP BY media_type", get_current_blog_id() ) ); wp_cache_set( 'stats', $results, 'rt-dashboard', HOUR_IN_SECONDS ); } if ( $results ) { @@ -47,6 +48,7 @@ get_var( "select count(*) from {$wpdb->users}" ); wp_cache_set( 'total_count', $total_count, 'rt-dashboard', HOUR_IN_SECONDS ); } @@ -58,7 +60,8 @@ get_var( "select count(distinct media_author) from {$rtmedia_model->table_name}" ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query required; safe because table name is trusted. + $with_media_count = $wpdb->get_var( "SELECT count(distinct media_author) FROM {$rtmedia_model->table_name}" ); wp_cache_set( 'with_media', $with_media_count, 'rt-dashboard', HOUR_IN_SECONDS ); } ?> @@ -69,7 +72,8 @@ get_var( "select count(*) from {$wpdb->comments} where comment_post_ID in ( select media_id from {$rtmedia_model->table_name} )" ); // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.WP.GlobalVariablesOverride.Prohibited, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $comments = $wpdb->get_var( "SELECT count(*) FROM {$wpdb->comments} WHERE comment_post_ID IN ( SELECT media_id FROM {$rtmedia_model->table_name} )" ); wp_cache_set( 'comments', $comments, 'rt-dashboard', HOUR_IN_SECONDS ); } ?> @@ -80,7 +84,8 @@ get_var( "select sum(likes) from {$rtmedia_model->table_name}" ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query required; safe because table name is trusted. + $likes = $wpdb->get_var( "SELECT sum(likes) FROM {$rtmedia_model->table_name}" ); wp_cache_set( 'likes', $likes, 'rt-dashboard', HOUR_IN_SECONDS ); } ?> diff --git a/app/admin/templates/notices/addon-update.php b/app/admin/templates/notices/addon-update.php index 9afcadebc..6a63ab871 100644 --- a/app/admin/templates/notices/addon-update.php +++ b/app/admin/templates/notices/addon-update.php @@ -27,16 +27,3 @@

- diff --git a/app/admin/templates/notices/inspirebook-release.php b/app/admin/templates/notices/inspirebook-release.php index 82f3a3bb7..a76f03a60 100644 --- a/app/admin/templates/notices/inspirebook-release.php +++ b/app/admin/templates/notices/inspirebook-release.php @@ -20,16 +20,3 @@

- diff --git a/app/admin/templates/notices/premium-addon.php b/app/admin/templates/notices/premium-addon.php index 61b81d0ba..716a280f0 100644 --- a/app/admin/templates/notices/premium-addon.php +++ b/app/admin/templates/notices/premium-addon.php @@ -30,13 +30,3 @@

- diff --git a/app/admin/templates/notices/transcoder.php b/app/admin/templates/notices/transcoder.php index 0706fff23..fb0a868a3 100644 --- a/app/admin/templates/notices/transcoder.php +++ b/app/admin/templates/notices/transcoder.php @@ -7,17 +7,17 @@ // Include plugin.php if not already loaded. if ( ! function_exists( 'is_plugin_active' ) ) { - include_once ABSPATH . 'wp-admin/includes/plugin.php'; + include_once ABSPATH . 'wp-admin/includes/plugin.php'; } // If GoDAM is active right now, set a permanent flag. if ( is_plugin_active( 'godam/godam.php' ) ) { - update_option( 'godam_plugin_activated_once', true ); + update_option( 'godam_plugin_activated_once', true ); } // If the permanent flag is set, never show the notice. if ( get_option( 'godam_plugin_activated_once' ) ) { - return; + return; } ?> @@ -36,16 +36,4 @@ ?>

- + diff --git a/app/admin/templates/notices/update-template.php b/app/admin/templates/notices/update-template.php index 450f80803..888180a44 100644 --- a/app/admin/templates/notices/update-template.php +++ b/app/admin/templates/notices/update-template.php @@ -10,19 +10,9 @@

- +

- diff --git a/app/admin/templates/notices/upload-file-types.php b/app/admin/templates/notices/upload-file-types.php index e4897117b..3aa8fd920 100644 --- a/app/admin/templates/notices/upload-file-types.php +++ b/app/admin/templates/notices/upload-file-types.php @@ -27,7 +27,6 @@

+ @@ -69,24 +68,6 @@

- - + + @@ -71,12 +73,10 @@ $rtmedia_support->render_support( $page_name ); } elseif ( 'rtmedia-themes' === $page_name ) { RTMediaThemes::render_themes( $page_name ); - } else { - if ( 'rtmedia-license' === $page_name ) { + } elseif ( 'rtmedia-license' === $page_name ) { RTMediaLicense::render_license( $page_name ); - } else { - do_settings_sections( $page_name ); - } + } else { + do_settings_sections( $page_name ); } do_action( 'rtmedia_admin_page_insert', $page_name ); ?> diff --git a/app/admin/templates/settings/media-sizes.php b/app/admin/templates/settings/media-sizes.php index 1127048b9..5e3cd43ad 100644 --- a/app/admin/templates/settings/media-sizes.php +++ b/app/admin/templates/settings/media-sizes.php @@ -56,7 +56,7 @@ ?> diff --git a/app/assets/admin/js/importer.js b/app/assets/admin/js/importer.js new file mode 100644 index 000000000..9ad9af980 --- /dev/null +++ b/app/assets/admin/js/importer.js @@ -0,0 +1,124 @@ +jQuery(document).ready(function () { + var $root = jQuery('#rtm-importer-root'); + if (!$root.length) { + return; + } + + var importerType = $root.data('importer'); + var done = parseInt($root.data('done') || 0, 10); + var total = parseInt($root.data('total') || 0, 10); + var lastId = parseInt($root.data('last-id') || 0, 10); + var nonceFieldId = String($root.data('nonce-field-id') || ''); + var adminAjax = String($root.data('admin-ajax') || (window.rtmedia_admin && window.rtmedia_admin.rtmedia_admin_ajax) || ''); + + if (total < 1) { + jQuery('#submit').attr('disabled', 'disabled'); + } + + function updateProgressBar(currentDone, currentTotal) { + var pct = Math.ceil((currentDone / currentTotal) * 100); + if (pct > 100) { + pct = 100; + } + jQuery('#rtprogressbar>div').css('width', pct + '%'); + jQuery('span.finished').text(currentDone); + jQuery('span.total').text(currentTotal); + } + + function showPending(pendingText) { + jQuery('span.pending').text(pendingText); + } + + function showSyncing(show) { + if (show) { + jQuery('#rtMediaSyncing').show(); + } else { + jQuery('#rtMediaSyncing').hide(); + } + } + + var failedIds = []; + + function startMigration(currentDone, currentTotal, lastProcessedId) { + if (currentDone < currentTotal) { + showSyncing(true); + + var action = ''; + if ('media-size' === importerType) { + action = 'rtmedia_media_size_import'; + } else if ('activity-upgrade' === importerType) { + action = 'rtmedia_activity_upgrade'; + } + + var ajaxData = { + action: action, + done: currentDone, + last_id: lastProcessedId, + nonce: jQuery.trim(jQuery('#' + nonceFieldId).val()) + }; + + jQuery.ajax({ + url: adminAjax, + type: 'post', + data: ajaxData + }).done(function (sdata) { + var data; + try { + data = JSON.parse(sdata); + } catch (e) { + jQuery('#submit').attr('disabled', ''); + return; + } + + if (data && data.status) { + var newDone = parseInt(data.done, 10); + var newTotal = parseInt(data.total, 10); + updateProgressBar(newDone, newTotal); + showPending(data.pending); + + if ('media-size' === importerType) { + if (data.imported === false) { + failedIds.push(data.media_id); + } + startMigration(newDone, newTotal, parseInt(data.media_id, 10)); + } else { + if (data.imported === false) { + failedIds.push(data.activity_id); + } + startMigration(newDone, newTotal, parseInt(data.activity_id, 10)); + } + } else { + alert('Migration completed.'); + showSyncing(false); + } + }).fail(function () { + alert('Error During Migration, Please Refresh Page then try again'); + jQuery('#submit').removeAttr('disabled'); + }); + } else { + if ('activity-upgrade' === importerType) { + jQuery.post(adminAjax, { action: 'rtmedia_activity_done_upgrade' }, function () { + alert('Database upgrade completed.'); + }); + } else { + alert('Migration completed.'); + } + + if (failedIds.length > 0) { + if ('media-size' === importerType) { + jQuery('span.pending').text('Media with ID: ' + failedIds.join(', ') + " can not be imported. Please check your server error log for more details. Don't worry, you can end importing media size now :)"); + } else { + jQuery('span.pending').html("Some activities are failed to upgrade, Don't worry about that."); + } + } + + showSyncing(false); + } + } + + jQuery(document).on('click', '#submit', function (e) { + e.preventDefault(); + jQuery(this).attr('disabled', 'disabled'); + startMigration(done, total, lastId); + }); +}); \ No newline at end of file diff --git a/app/assets/admin/js/importer.min.js b/app/assets/admin/js/importer.min.js new file mode 100644 index 000000000..22162ebf5 --- /dev/null +++ b/app/assets/admin/js/importer.min.js @@ -0,0 +1 @@ +jQuery(document).ready((function(){var e=jQuery("#rtm-importer-root");if(e.length){var t=e.data("importer"),a=parseInt(e.data("done")||0,10),i=parseInt(e.data("total")||0,10),r=parseInt(e.data("last-id")||0,10),n=String(e.data("nonce-field-id")||""),d=String(e.data("admin-ajax")||window.rtmedia_admin&&window.rtmedia_admin.rtmedia_admin_ajax||"");i<1&&jQuery("#submit").attr("disabled","disabled");var o=[];jQuery(document).on("click","#submit",(function(e){e.preventDefault(),jQuery(this).attr("disabled","disabled"),u(a,i,r)}))}function s(e){e?jQuery("#rtMediaSyncing").show():jQuery("#rtMediaSyncing").hide()}function u(e,a,i){if(e100&&(a=100),jQuery("#rtprogressbar>div").css("width",a+"%"),jQuery("span.finished").text(e),jQuery("span.total").text(t)}(r,n),i=a.pending,jQuery("span.pending").text(i),"media-size"===t?(!1===a.imported&&o.push(a.media_id),u(r,n,parseInt(a.media_id,10))):(!1===a.imported&&o.push(a.activity_id),u(r,n,parseInt(a.activity_id,10)))}else alert("Migration completed."),s(!1)})).fail((function(){alert("Error During Migration, Please Refresh Page then try again"),jQuery("#submit").removeAttr("disabled")}))}else"activity-upgrade"===t?jQuery.post(d,{action:"rtmedia_activity_done_upgrade"},(function(){alert("Database upgrade completed.")})):alert("Migration completed."),o.length>0&&("media-size"===t?jQuery("span.pending").text("Media with ID: "+o.join(", ")+" can not be imported. Please check your server error log for more details. Don't worry, you can end importing media size now :)"):jQuery("span.pending").html("Some activities are failed to upgrade, Don't worry about that.")),s(!1)}})); \ No newline at end of file diff --git a/app/assets/admin/js/migration.js b/app/assets/admin/js/migration.js new file mode 100644 index 000000000..50ce1ad38 --- /dev/null +++ b/app/assets/admin/js/migration.js @@ -0,0 +1,86 @@ +jQuery(function ($) { + if (typeof window.rtmedia_migration === 'undefined') { + return; + } + + var done = parseInt(window.rtmedia_migration.done || 0, 10); + var total = parseInt(window.rtmedia_migration.total || 0, 10); + var adminAjax = String(window.rtmedia_migration.admin_ajax || ''); + + $("#toplevel_page_rtmedia-settings").addClass("wp-has-current-submenu"); + $("#toplevel_page_rtmedia-settings").removeClass("wp-not-current-submenu"); + $("#toplevel_page_rtmedia-settings").addClass("wp-menu-open"); + $("#toplevel_page_rtmedia-settings>a").addClass("wp-menu-open"); + $("#toplevel_page_rtmedia-settings>a").addClass("wp-has-current-submenu"); + + if (total < 1) { + $("#submit").attr("disabled", "disabled"); + } + + function updateProgress(currentDone, currentTotal, pendingText) { + var pct = Math.ceil((currentDone / currentTotal) * 100); + if (pct > 100) { + pct = 100; + } + $("#rtprogressbar>div").css("width", pct + "%"); + $("span.finished").text(currentDone); + $("span.total").text(currentTotal); + if (typeof pendingText !== 'undefined') { + $("span.pending").text(pendingText); + } + } + + function showSyncing(show) { + if (show) { + $("#rtMediaSyncing").show(); + } else { + $("#rtMediaSyncing").hide(); + } + } + + function dbStartMigration(currentDone, currentTotal) { + if (currentDone < currentTotal) { + showSyncing(true); + $.ajax({ + url: adminAjax, + type: 'post', + data: { + action: 'bp_media_rt_db_migration', + done: currentDone + } + }).done(function (sdata) { + var data; + try { + data = JSON.parse(sdata); + } catch (e) { + $("#submit").attr('disabled', ''); + return; + } + + if (data && data.status) { + var newDone = parseInt(data.done, 10); + var newTotal = parseInt(data.total, 10); + updateProgress(newDone, newTotal, data.pending); + dbStartMigration(newDone, newTotal); + } else { + alert('Migration completed.'); + showSyncing(false); + } + }).fail(function () { + alert('Error During Migration, Please Refresh Page then try again'); + $("#submit").removeAttr('disabled'); + }); + } else { + alert('Migration completed.'); + showSyncing(false); + } + } + + $(document).on('click', '#submit', function (e) { + e.preventDefault(); + dbStartMigration(done, total); + $(this).attr('disabled', 'disabled'); + }); +}); + + diff --git a/app/assets/admin/js/migration.min.js b/app/assets/admin/js/migration.min.js new file mode 100644 index 000000000..6203942c3 --- /dev/null +++ b/app/assets/admin/js/migration.min.js @@ -0,0 +1 @@ +jQuery((function(t){if(void 0!==window.rtmedia_migration){var e=parseInt(window.rtmedia_migration.done||0,10),a=parseInt(window.rtmedia_migration.total||0,10),i=String(window.rtmedia_migration.admin_ajax||"");t("#toplevel_page_rtmedia-settings").addClass("wp-has-current-submenu"),t("#toplevel_page_rtmedia-settings").removeClass("wp-not-current-submenu"),t("#toplevel_page_rtmedia-settings").addClass("wp-menu-open"),t("#toplevel_page_rtmedia-settings>a").addClass("wp-menu-open"),t("#toplevel_page_rtmedia-settings>a").addClass("wp-has-current-submenu"),a<1&&t("#submit").attr("disabled","disabled"),t(document).on("click","#submit",(function(i){i.preventDefault(),r(e,a),t(this).attr("disabled","disabled")}))}function n(e){e?t("#rtMediaSyncing").show():t("#rtMediaSyncing").hide()}function r(e,a){e100&&(n=100),t("#rtprogressbar>div").css("width",n+"%"),t("span.finished").text(e),t("span.total").text(a),void 0!==i&&t("span.pending").text(i)}(i,s,a.pending),r(i,s)}else alert("Migration completed."),n(!1)})).fail((function(){alert("Error During Migration, Please Refresh Page then try again"),t("#submit").removeAttr("disabled")}))):(alert("Migration completed."),n(!1))}})); \ No newline at end of file diff --git a/app/assets/admin/js/rtmedia-admin.js b/app/assets/admin/js/rtmedia-admin.js new file mode 100644 index 000000000..be2c4b4f6 --- /dev/null +++ b/app/assets/admin/js/rtmedia-admin.js @@ -0,0 +1,114 @@ +jQuery(document).ready(function($) { + // Handle dismissal of the GoDAM banner + $(document).on('click', '.godam-admin-banner .notice-dismiss', function() { + // Send AJAX request to mark the banner as dismissed + var data = { + action: 'install_godam_hide_admin_notice', // action hook + security: window?.rtmedia_rtmedia_admin?.godam_banner_nonce // nonce for security + }; + + // Perform the AJAX request + $.post(ajaxurl, data, function(response) { + console.log('Notice dismissed and saved.'); + }); + }); + + /** + * Disable inputs and change background color to differentiate disabled inputs, + * if 'Activity Streams' component is disabled in BuddyPress Settings. + */ + if ( ! window?.rtmedia_rtmedia_admin?.bp_is_active__activity ) { + $('#rtmedia-bp-enable-activity, #rtmedia-enable-comment-activity, #rtmedia-enable-like-activity') + .prop('disabled', true) + .next().css('background-color', '#808080'); + + $('#rtmedia-activity-feed-limit').prop('disabled', true); + } + + /** + * Disable inputs and change background color to differentiate disabled inputs, + * if 'User Groups' component is disabled in BuddyPress Settings. + */ + if ( ! window?.rtmedia_rtmedia_admin?.bp_is_active__groups) { + $('#rtmedia-enable-on-group') + .prop('disabled', true) + .next().css('background-color', '#808080'); + } + + // Handle Notices + // Addon update notice dismissal + $( '.rtmedia-addon-update-notice.is-dismissible' ).on( 'click', '.notice-dismiss', function() { + var data = { + action: 'rtmedia_hide_addon_update_notice', + _rtm_nonce: $('#rtmedia-addon-notice').val(), + }; + $.post(ajaxurl, data, function (response) { + $('.rtmedia-addon-update-notice').remove(); + }); + }); + + // InspireBook release notice dismissal + $( '.rtmedia-inspire-book-notice.is-dismissible' ).on( 'click', '.notice-dismiss', function() { + var data = { + action: 'rtmedia_hide_inspirebook_release_notice', + _rtm_nonce: $('#rtmedia_hide_inspirebook_nonce').val() + }; + $.post( ajaxurl, data, function ( response ) { + $('.rtmedia-inspire-book-notice').remove(); + }); + }); + + // Premium Addon notice dismissal + $( '.rtmedia-pro-split-notice.is-dismissible' ).on( 'click', '.notice-dismiss', function() { + var data = {action: 'rtmedia_hide_premium_addon_notice', _rtm_nonce: $('#rtm_nonce').val() }; + $.post( ajaxurl, data, function ( response ) { + $('.rtmedia-pro-split-notice').remove(); + }); + }); + + // Transcoder notice dismissal + $( '.install-transcoder-notice.is-dismissible' ).on( 'click', '.notice-dismiss', function() { + var data = { + action: 'install_transcoder_hide_admin_notice', + install_transcoder_notice_nonce: $('#install_transcoder_hide_notice_nonce').val() + }; + $.post( ajaxurl, data, function ( response ) { + $('.install-transcoder-notice').remove(); + }); + }); + + // Media Size Import notice dismissal + $( '#rtmedia_hide_media_size_import_notice' ).on( 'click', function() { + var data = {action: 'rtmedia_hide_media_size_import_notice'}; + jQuery.post(ajaxurl, data, function (response) { + response = response.trim(); + if (response === '1') + jQuery('.rtmedia-media-size-import-error').remove(); + }); + }); + + // Template Override notice dismissal + $( '#rtmedia-hide-template-notice' ).on( 'click', function(e) { + e.preventDefault(); + var nonce = $(this).data('nonce'); + var data = {action: 'rtmedia_hide_template_override_notice', _rtm_nonce: nonce}; + jQuery.post(ajaxurl, data, function (response) { + response = response.trim(); + if (response === '1') + jQuery('.rtmedia-update-template-notice').remove(); + }); + }); + + $('.upload-filetype-network-settings-error').on('click', '.update-network-settings-upload-filetypes', function () { + $('.update-network-settings-upload-filetypes').siblings('img').show(); + $('.update-network-settings-upload-filetypes').prop('disabled', true); + $.post(ajaxurl, {action: 'rtmedia_correct_upload_filetypes', _rtm_nonce: $('#rtm-file-type-error').val()}, function (response) { + if (response) { + $('.upload-filetype-network-settings-error:first').after(''); + $('.upload-filetype-network-settings-error').remove(); + $('.bp-media-network-settings-updated-successfully').show(); + } + }); + }); + +}); \ No newline at end of file diff --git a/app/assets/admin/js/rtmedia-admin.min.js b/app/assets/admin/js/rtmedia-admin.min.js new file mode 100644 index 000000000..fb37489da --- /dev/null +++ b/app/assets/admin/js/rtmedia-admin.min.js @@ -0,0 +1 @@ +jQuery(document).ready((function(e){console.log("rtmedia-admin.js loaded",window?.rtmedia_rtmedia_admin),e(document).on("click",".godam-admin-banner .notice-dismiss",(function(){var i={action:"install_godam_hide_admin_notice",security:window?.rtmedia_rtmedia_admin?.godam_banner_nonce};e.post(ajaxurl,i,(function(e){console.log("Notice dismissed and saved.")}))})),window?.rtmedia_rtmedia_admin?.bp_is_active__activity||(e("#rtmedia-bp-enable-activity, #rtmedia-enable-comment-activity, #rtmedia-enable-like-activity").prop("disabled",!0).next().css("background-color","#808080"),e("#rtmedia-activity-feed-limit").prop("disabled",!0)),window?.rtmedia_rtmedia_admin?.bp_is_active__groups||e("#rtmedia-enable-on-group").prop("disabled",!0).next().css("background-color","#808080"),e(".rtmedia-addon-update-notice.is-dismissible").on("click",".notice-dismiss",(function(){var i={action:"rtmedia_hide_addon_update_notice",_rtm_nonce:e("#rtmedia-addon-notice").val()};e.post(ajaxurl,i,(function(i){e(".rtmedia-addon-update-notice").remove()}))})),e(".rtmedia-inspire-book-notice.is-dismissible").on("click",".notice-dismiss",(function(){var i={action:"rtmedia_hide_inspirebook_release_notice",_rtm_nonce:e("#rtmedia_hide_inspirebook_nonce").val()};e.post(ajaxurl,i,(function(i){e(".rtmedia-inspire-book-notice").remove()}))})),e(".rtmedia-pro-split-notice.is-dismissible").on("click",".notice-dismiss",(function(){var i={action:"rtmedia_hide_premium_addon_notice",_rtm_nonce:e("#rtm_nonce").val()};e.post(ajaxurl,i,(function(i){e(".rtmedia-pro-split-notice").remove()}))})),e(".install-transcoder-notice.is-dismissible").on("click",".notice-dismiss",(function(){var i={action:"install_transcoder_hide_admin_notice",install_transcoder_notice_nonce:e("#install_transcoder_hide_notice_nonce").val()};e.post(ajaxurl,i,(function(i){e(".install-transcoder-notice").remove()}))})),e("#rtmedia_hide_media_size_import_notice").on("click",(function(){console.log("clicked on rtmedia_hide_media_size_import_notice");jQuery.post(ajaxurl,{action:"rtmedia_hide_media_size_import_notice"},(function(e){"1"===(e=e.trim())&&jQuery(".rtmedia-media-size-import-error").remove()}))})),e("#rtmedia-hide-template-notice").on("click",(function(i){i.preventDefault();var t={action:"rtmedia_hide_template_override_notice",_rtm_nonce:e(this).data("nonce")};jQuery.post(ajaxurl,t,(function(e){"1"===(e=e.trim())&&jQuery(".rtmedia-update-template-notice").remove()}))})),e(".upload-filetype-network-settings-error").on("click",".update-network-settings-upload-filetypes",(function(){e(".update-network-settings-upload-filetypes").siblings("img").show(),e(".update-network-settings-upload-filetypes").prop("disabled",!0),e.post(ajaxurl,{action:"rtmedia_correct_upload_filetypes",_rtm_nonce:e("rtm-file-type-error").val()},(function(i){i&&(e(".upload-filetype-network-settings-error:first").after(''),e(".upload-filetype-network-settings-error").remove(),e(".bp-media-network-settings-updated-successfully").show())}))}))})); \ No newline at end of file diff --git a/app/assets/admin/js/settings.js b/app/assets/admin/js/settings.js index b2249f50f..19936e979 100755 --- a/app/assets/admin/js/settings.js +++ b/app/assets/admin/js/settings.js @@ -810,8 +810,10 @@ jQuery( document ).ready( function ( $ ) { email: jQuery( '.email' ).val(), url: jQuery( '.url' ).val(), choice: jQuery( 'input[name="choice"]:checked' ).val(), - interested: jQuery( 'input[name="interested"]:checked' ).val() + interested: jQuery( 'input[name="interested"]:checked' ).val(), + wp_nonce: RTMedia_Admin_Settings_JS?.rtmedia_buddypress_convert_nonce ?? '' }; + jQuery.post( ajaxurl, data, function ( response ) { var p_data = { msg :response, diff --git a/app/assets/js/rtMedia.backbone.js b/app/assets/js/rtMedia.backbone.js index 1c99c12bf..bb0fa8376 100755 --- a/app/assets/js/rtMedia.backbone.js +++ b/app/assets/js/rtMedia.backbone.js @@ -256,6 +256,7 @@ jQuery(function ($) { backbone: true, is_album: o_is_album, is_edit_allowed: o_is_edit_allowed, + wp_nonce: rtmedia_backbone_strings?.rtmedia_album_gallery_nonce, }, function () { rtmedia_load_template_flag = false; diff --git a/app/assets/js/wp67-mediaelement-init.js b/app/assets/js/wp67-mediaelement-init.js new file mode 100644 index 000000000..9e1c50a13 --- /dev/null +++ b/app/assets/js/wp67-mediaelement-init.js @@ -0,0 +1,20 @@ +jQuery(document).ready(function($) { + // WordPress 6.7 compatibility: Initialize MediaElement if not already done + if (typeof wp !== 'undefined' && wp.mediaelement && wp.mediaelement.initialize) { + wp.mediaelement.initialize(); + } + + // Fallback for older MediaElement initialization + if (typeof $().mediaelementplayer !== 'undefined') { + $('.wp-audio-shortcode, .wp-video-shortcode').not('.mejs-container').mediaelementplayer({ + success: function(mediaElement, domObject) { + // MediaElement successfully initialized + } + }); + } + + // WordPress 6.7 compatibility: Add console log to verify fixes are working + if (window.console && console.log) { + console.log('rtMedia: WordPress 6.7 compatibility mode active'); + } +}); \ No newline at end of file diff --git a/app/assets/js/wp67-mediaelement-init.min.js b/app/assets/js/wp67-mediaelement-init.min.js new file mode 100644 index 000000000..2dbbd77c5 --- /dev/null +++ b/app/assets/js/wp67-mediaelement-init.min.js @@ -0,0 +1 @@ +jQuery(document).ready((function(e){"undefined"!=typeof wp&&wp.mediaelement&&wp.mediaelement.initialize&&wp.mediaelement.initialize(),void 0!==e().mediaelementplayer&&e(".wp-audio-shortcode, .wp-video-shortcode").not(".mejs-container").mediaelementplayer({success:function(e,i){}}),window.console&&console.log&&console.log("rtMedia: WordPress 6.7 compatibility mode active")})); \ No newline at end of file diff --git a/app/helper/RTMediaCommentNotification.php b/app/helper/RTMediaCommentNotification.php index 11a2c4869..4f9f502b8 100644 --- a/app/helper/RTMediaCommentNotification.php +++ b/app/helper/RTMediaCommentNotification.php @@ -35,7 +35,7 @@ public function __construct() { $args = array( 'component_id' => 'rt_comment_notifier', 'component_slug' => 'rt_comment', - 'component_callback' => 'rt_comment_notifications_callback', + 'component_callback' => array( $this, 'rt_comment_notifications_callback' ), 'component_action' => $this->component_action, ); @@ -143,29 +143,28 @@ public function remove_comment_notification( $comment_id ) { BP_Notifications_Notification::delete( array( 'id' => $comment_notification_id ) ); delete_comment_meta( $comment_id, 'comment_notification_id' ); } - } -} -/** - * This is callback function for rt_like_notifier component dont call this callback method manually - * - * @param int $action action of component for notification. - * @param int $post_id ID of a post to notification. - * @param int $initiator_id secondary_item_id used in 'bp_notifications_add_notification'. - * @param int $total_items number of notification for same component. - * @param String $format string or array. - * - * @return String/Array formatted notification - */ -function rt_comment_notifications_callback( $action, $post_id, $initiator_id, $total_items, $format = 'string' ) { - $params = array( - 'action' => $action, - 'post_id' => $post_id, - 'initiator_id' => $initiator_id, - 'total_items' => $total_items, - 'format' => $format, - ); - - return apply_filters( 'rtmedia_comment_notifications', $params ); + /** + * This is callback function for rt_like_notifier component dont call this callback method manually + * + * @param int $action action of component for notification. + * @param int $post_id ID of a post to notification. + * @param int $initiator_id secondary_item_id used in 'bp_notifications_add_notification'. + * @param int $total_items number of notification for same component. + * @param String $format string or array. + * + * @return String/Array formatted notification + */ + public function rt_comment_notifications_callback( $action, $post_id, $initiator_id, $total_items, $format = 'string' ) { + $params = array( + 'action' => $action, + 'post_id' => $post_id, + 'initiator_id' => $initiator_id, + 'total_items' => $total_items, + 'format' => $format, + ); + + return apply_filters( 'rtmedia_comment_notifications', $params ); + } } diff --git a/app/helper/RTMediaLikeNotification.php b/app/helper/RTMediaLikeNotification.php index 9141da3c5..5c3b62842 100644 --- a/app/helper/RTMediaLikeNotification.php +++ b/app/helper/RTMediaLikeNotification.php @@ -35,7 +35,7 @@ public function __construct() { $args = array( 'component_id' => 'rt_like_notifier', 'component_slug' => 'rt_like', - 'component_callback' => 'like_notifications_callback', + 'component_callback' => array( $this, 'like_notifications_callback' ), 'component_action' => $this->component_action, ); @@ -171,27 +171,27 @@ public function fetch_media_like_stats( $media_id ) { return $media_likes; } -} -/** - * This is callback function for rt_like_notifier component dont call this callback method manually - * - * @param int $action action of component for notification. - * @param int $post_id ID of a post to notification. - * @param int $initiator_id secondary_item_id used in 'bp_notifications_add_notification'. - * @param int $total_items number of notification for same component. - * @param String $format string or array. - * - * @return String/Array formatted notification - */ -function like_notifications_callback( $action, $post_id, $initiator_id, $total_items, $format = 'string' ) { - $params = array( - 'action' => $action, - 'post_id' => $post_id, - 'initiator_id' => $initiator_id, - 'total_items' => $total_items, - 'format' => $format, - ); - - return apply_filters( 'rtmedia_like_notifications', $params ); + /** + * This is callback function for rt_like_notifier component dont call this callback method manually + * + * @param int $action action of component for notification. + * @param int $post_id ID of a post to notification. + * @param int $initiator_id secondary_item_id used in 'bp_notifications_add_notification'. + * @param int $total_items number of notification for same component. + * @param String $format string or array. + * + * @return String/Array formatted notification + */ + public function like_notifications_callback( $action, $post_id, $initiator_id, $total_items, $format = 'string' ) { + $params = array( + 'action' => $action, + 'post_id' => $post_id, + 'initiator_id' => $initiator_id, + 'total_items' => $total_items, + 'format' => $format, + ); + + return apply_filters( 'rtmedia_like_notifications', $params ); + } } diff --git a/app/helper/RTMediaModel.php b/app/helper/RTMediaModel.php index cb2a6a68f..48d1cf272 100755 --- a/app/helper/RTMediaModel.php +++ b/app/helper/RTMediaModel.php @@ -85,7 +85,7 @@ public function get( $columns, $offset = false, $per_page = false, $order_by = ' if ( ! isset( $meta_query['compare'] ) ) { $meta_query['compare'] = '='; } - $tbl_alias = esc_sql( chr( $temp ++ ) ); + $tbl_alias = esc_sql( chr( $temp++ ) ); if ( is_multisite() ) { $join .= " LEFT JOIN {$wpdb->base_prefix}{$this->meta_table_name} as {$tbl_alias} ON {$this->table_name}.id = {$tbl_alias}.media_id "; } else { @@ -98,31 +98,30 @@ public function get( $columns, $offset = false, $per_page = false, $order_by = ' $where .= $wpdb->prepare( " AND {$tbl_alias}.meta_key = %s ", $meta_query['key'] ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared } } - } else { - if ( is_array( $colvalue ) ) { - if ( ! isset( $colvalue['compare'] ) ) { - $compare = 'IN'; - } else { - $compare = $colvalue['compare']; - } + } elseif ( is_array( $colvalue ) ) { + if ( ! isset( $colvalue['compare'] ) ) { + $compare = 'IN'; + } else { + $compare = $colvalue['compare']; + } $tmp_val = isset( $colvalue['value'] ) ? $colvalue['value'] : $colvalue; $col_val_comapare = ( is_array( $tmp_val ) ) ? implode( "','", esc_sql( $tmp_val ) ) : esc_sql( $tmp_val ); - if ( 'IS NOT' === $compare ) { - $col_val_comapare = ! empty( $colvalue['value'] ) ? $colvalue['value'] : $col_val_comapare; - } + if ( 'IS NOT' === $compare ) { + $col_val_comapare = ! empty( $colvalue['value'] ) ? $colvalue['value'] : $col_val_comapare; + } $compare = esc_sql( $compare ); $where .= " AND {$this->table_name}.{$colname} {$compare} ('{$col_val_comapare}')"; - } else { - $where .= $wpdb->prepare( " AND {$this->table_name}.{$colname} = %s", $colvalue ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - } + } else { + $where .= $wpdb->prepare( " AND {$this->table_name}.{$colname} = %s", $colvalue ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + } } $qgroup_by = ' '; - $allowed_order_columns = array( 'media_id', 'media_title','file_size'); // Define allowed columns. + $allowed_order_columns = array( 'media_id', 'media_title', 'file_size' ); // Define allowed columns. list( $order_column, $order_direction ) = explode( ' ', $order_by . ' ' ); // Default to space if no direction provided. if ( ! in_array( strtolower( $order_column ), $allowed_order_columns ) || ! in_array( @@ -459,10 +458,8 @@ public function get_other_album_count( $profile_id, $context = 'profile' ) { if ( 'profile' === $context ) { $sql .= $wpdb->prepare( ' AND media_author=%d ', $profile_id ); - } else { - if ( 'group' === $context ) { + } elseif ( 'group' === $context ) { $sql .= $wpdb->prepare( ' AND context_id=%d ', $profile_id ); - } } $sql .= 'limit 100'; @@ -486,7 +483,7 @@ public function get_media_count() { $remaining_music = 0; $remaining_videos = 0; $remaining_all_media = 0; - $remaining_docs = 0; + $remaining_docs = 0; // Fetch the remaining media count. if ( class_exists( 'RTMediaNav' ) ) { @@ -500,12 +497,10 @@ public function get_media_count() { $counts = $rtmedia_nav_obj->actual_counts( $bp->groups->current_group->id, 'group' ); $other_count = $this->get_other_album_count( $bp->groups->current_group->id, 'group' ); } - } else { + } elseif ( function_exists( 'bp_displayed_user_id' ) ) { - if ( function_exists( 'bp_displayed_user_id' ) ) { $counts = $rtmedia_nav_obj->actual_counts( bp_displayed_user_id(), 'profile' ); $other_count = $this->get_other_album_count( bp_displayed_user_id(), 'profile' ); - } } $remaining_all_media = ( ! empty( $counts['total']['all'] ) ) ? $counts['total']['all'] : 0; @@ -513,7 +508,7 @@ public function get_media_count() { $remaining_photos = ( ! empty( $counts['total']['photo'] ) ) ? $counts['total']['photo'] : 0; $remaining_videos = ( ! empty( $counts['total']['video'] ) ) ? $counts['total']['video'] : 0; $remaining_music = ( ! empty( $counts['total']['music'] ) ) ? $counts['total']['music'] : 0; - $remaining_docs = ( ! empty( $counts['total']['document'] ) ) ? $counts['total']['document'] : 0; + $remaining_docs = ( ! empty( $counts['total']['document'] ) ) ? $counts['total']['document'] : 0; } $media_counts = array( diff --git a/app/helper/RTMediaSettings.php b/app/helper/RTMediaSettings.php index e26a20fb3..c87debb06 100755 --- a/app/helper/RTMediaSettings.php +++ b/app/helper/RTMediaSettings.php @@ -20,12 +20,17 @@ class RTMediaSettings { * @access public */ public function __construct() { - // todo: nonce required. + if ( ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) { add_action( 'admin_init', array( $this, 'settings' ) ); - $rtmedia_option_save = filter_input( INPUT_POST, 'rtmedia-options-save', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); + $rtmedia_option_save = filter_input( INPUT_POST, 'rtmedia-options-save', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing -- Not required since we are only checking if it is a save action. if ( isset( $rtmedia_option_save ) ) { + + if ( ! isset( $_POST ) || ! array_key_exists( 'wp_nonce', $_POST ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['wp_nonce'] ) ), 'rtmedia_settings' ) ) { + return; + } + add_action( 'init', array( $this, 'settings' ) ); } } @@ -208,15 +213,16 @@ public function sanitize_before_save_options( $options ) { * @return void */ public function settings() { - // todo: nonce required. + global $rtmedia, $rtmedia_addon, $rtmedia_save_setting_single; $options = rtmedia_get_site_option( 'rtmedia-options' ); $options = $this->sanitize_options( $options ); $rtmedia->options = $options; // Save Settings first then proceed. - $rtmedia_option_save = filter_input( INPUT_POST, 'rtmedia-options-save', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); + $rtmedia_option_save = filter_input( INPUT_POST, 'rtmedia-options-save', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing -- Not required since it is the responsibility of caller function to verify nonce. if ( isset( $rtmedia_option_save ) && current_user_can( 'manage_options' ) ) { - $options = filter_input( INPUT_POST, 'rtmedia-options', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY ); + // Sanitization not required since it is being sanitized in sanitize_before_save_options function. + $options = filter_input( INPUT_POST, 'rtmedia-options', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing -- Not required since it is the responsibility of caller function to verify nonce. $options = $this->sanitize_before_save_options( $options ); $options = apply_filters( 'rtmedia_pro_options_save_settings', $options ); $is_rewrite_rule_flush = apply_filters( 'rtmedia_flush_rewrite_rule', false ); @@ -226,7 +232,7 @@ public function settings() { flush_rewrite_rules( false ); } $settings_saved = ''; - $setting_save = filter_input( INPUT_GET, 'settings-saved', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); + $setting_save = filter_input( INPUT_GET, 'settings-saved', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing -- Not required since it is the responsibility of caller function to verify nonce. if ( ! isset( $setting_save ) ) { $settings_saved = '&settings-saved=true'; } @@ -282,6 +288,31 @@ public function settings() { } } + /** + * Deep sanitize post data. + * + * @param array $data Data array. + * + * @return array + */ + public function rtmedia_deep_sanitize_post( $data ) { + $sanitized = array(); + + foreach ( $data as $key => $value ) { + if ( is_array( $value ) ) { + $sanitized[ $key ] = $this->rtmedia_deep_sanitize_post( $value ); + } elseif ( is_numeric( $value ) ) { + $sanitized[ $key ] = absint( $value ); + } elseif ( false !== filter_var( $value, FILTER_VALIDATE_URL ) ) { + $sanitized[ $key ] = esc_url_raw( $value ); + } else { + $sanitized[ $key ] = sanitize_text_field( $value ); + } + } + + return $sanitized; + } + /** * Show network notices. * @@ -405,7 +436,8 @@ public function sanitize( $input ) { rtmedia_update_site_option( 'rtm-settings-saved', esc_html__( 'Settings saved.', 'buddypress-media' ) ); } - do_action( 'rtmedia_sanitize_settings', $_POST, $input ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing + $sanitized_post = $this->rtmedia_deep_sanitize_post( $_POST ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing -- Not required since we are only sanitizing the data. + do_action( 'rtmedia_sanitize_settings', $sanitized_post, $input ); return $input; } diff --git a/app/helper/RTMediaSupport.php b/app/helper/RTMediaSupport.php index 5cb902465..7e745cde1 100755 --- a/app/helper/RTMediaSupport.php +++ b/app/helper/RTMediaSupport.php @@ -179,7 +179,7 @@ public function render_support( $page = '' ) { * @return void */ public function service_selector() { - // todo: nonce required. + // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing -- Not required since we are only checking which tab is checked in the settings. $form = filter_input( INPUT_POST, 'form', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); include RTMEDIA_PATH . 'app/helper/templates/service-sector.php'; @@ -255,10 +255,8 @@ public function rtmedia_scan_template_files( $template_path ) { $rt_to_dir_path = str_replace( '//', '/', $rt_to_dir_paths ); $result[] = str_replace( ABSPATH . 'wp-content/', '', $rt_to_dir_path ); } - } else { - if ( 'main.php' !== $value ) { + } elseif ( 'main.php' !== $value ) { $result[] = $value; - } } } } @@ -411,9 +409,9 @@ public function migration_html( $page = '' ) { * @return void */ public function get_form( $form = '' ) { - // todo: nonce required. + if ( empty( $form ) ) { - $form = filter_input( INPUT_POST, 'form' . FILTER_SANITIZE_FULL_SPECIAL_CHARS ); + $form = filter_input( INPUT_POST, 'form' . FILTER_SANITIZE_FULL_SPECIAL_CHARS ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.NonceVerification.Missing -- Not required since we are only checking which tab is selected and send the form for it. $form = isset( $form ) ? $form : 'premium_support'; } $meta_title = ''; @@ -533,7 +531,14 @@ public function submit_request() { ) ) { // delete file after sending it to mail. if ( ! empty( $attachment_file ) ) { - unlink( $attachment_file ); + if ( ! function_exists( 'WP_Filesystem' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + global $wp_filesystem; + if ( ! $wp_filesystem ) { + WP_Filesystem(); + } + $wp_filesystem->delete( $attachment_file ); } echo '
'; @@ -630,12 +635,20 @@ public function download_debuginfo_as_text() { echo wp_kses_post( ucwords( str_replace( '_', ' ', $option ) ) . str_repeat( ' ', 50 - strlen( $option ) ) . wp_strip_all_tags( $value ) . PHP_EOL ); } - readfile( 'debuginfo.txt' ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_readfile + if ( ! function_exists( 'WP_Filesystem' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + + global $wp_filesystem; + + if ( ! $wp_filesystem ) { + WP_Filesystem(); + } + + echo esc_html( $wp_filesystem->get_contents( 'debuginfo.txt' ) ); + exit(); } - } - } - } diff --git a/app/helper/db/RTDBUpdate.php b/app/helper/db/RTDBUpdate.php index 94c2c3bd6..217e89276 100644 --- a/app/helper/db/RTDBUpdate.php +++ b/app/helper/db/RTDBUpdate.php @@ -78,13 +78,13 @@ public function __construct( $current_version = false, $plugin_path = false, $sc if ( false !== $schema_path ) { $this->schema_path = $schema_path; } else { - $this->schema_path = realpath( dirname( __FILE__ ) . $this->schema_path ); + $this->schema_path = realpath( __DIR__ . $this->schema_path ); } if ( false !== $plugin_path ) { $this->plugin_path = $plugin_path; } else { - $this->plugin_path = realpath( dirname( __FILE__ ) . $this->plugin_path ); + $this->plugin_path = realpath( __DIR__ . $this->plugin_path ); } $this->mu_single_table = $mu_single_table; @@ -169,17 +169,32 @@ public function do_upgrade() { if ( false !== strpos( $entry, '.schema' ) && file_exists( $path . '/' . $entry ) ) { if ( is_multisite() ) { $table_name = str_replace( '.schema', '', strtolower( $entry ) ); - $check_res = $wpdb->get_results( $wpdb->prepare( 'SHOW TABLES LIKE %s', '%rt_' . $table_name ), ARRAY_N ); + + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared -- Direct query is required for custom table. + $check_res = $wpdb->get_results( $wpdb->prepare( 'SHOW TABLES LIKE %s', '%rt_' . $table_name ), ARRAY_N ); + if ( $check_res && count( $check_res ) > 0 && is_array( $check_res ) && isset( $check_res[0][0] ) ) { $tb_name = $check_res[0][0]; $table_name = ( ( $this->mu_single_table ) ? $wpdb->base_prefix : $wpdb->prefix ) . 'rt_' . $table_name; if ( $tb_name !== $table_name ) { - $alter_sql = 'ALTER TABLE ' . $tb_name . ' RENAME TO ' . $table_name; - $wpdb->query( $alter_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $alter_sql = "ALTER TABLE `{$tb_name}` RENAME TO `{$table_name}`"; + $wpdb->query( $alter_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. } } } - $this->create_table( $this->genrate_sql( $entry, file_get_contents( $path . '/' . $entry ) ) ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents + if ( ! function_exists( 'WP_Filesystem' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + + global $wp_filesystem; + + if ( ! $wp_filesystem ) { + WP_Filesystem(); + } + + $file_content = $wp_filesystem->get_contents( $path . '/' . $entry ); + + $this->create_table( $this->genrate_sql( $entry, $file_content ) ); } } } @@ -206,6 +221,7 @@ public function do_upgrade() { public static function table_exists( $table ) { global $wpdb; + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared -- Direct query is required for custom table. if ( 1 === intval( $wpdb->query( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table ) ) ) ) { return true; } diff --git a/app/helper/rtDimensions.php b/app/helper/rtDimensions.php index 86ff9e8c2..90c8c7b5a 100755 --- a/app/helper/rtDimensions.php +++ b/app/helper/rtDimensions.php @@ -50,7 +50,7 @@ private function get_default_id() { * @access private */ private function update_default_id() { - self::$id_count ++; + self::$id_count++; } /** @@ -85,7 +85,7 @@ private function embedd_class( $element, $class = null ) { if ( is_array( $class ) ) { $html .= ' ' . implode( ' ', $class ); } else { - throw new rtFormsInvalidArgumentsException( 'class [' . $element . ']' ); + throw new rtFormsInvalidArgumentsException( 'class [' . esc_html( $element ) . ']' ); } } $html .= '"'; @@ -192,5 +192,4 @@ public function get_dimensions( $attributes = '' ) { public function display_dimensions( $args = '' ) { echo wp_kses( $this->get_dimensions( $args ), RTMedia::expanded_allowed_tags() ); } - } diff --git a/app/helper/rtForm.php b/app/helper/rtForm.php index 36fd64067..e417af274 100755 --- a/app/helper/rtForm.php +++ b/app/helper/rtForm.php @@ -142,7 +142,7 @@ private function get_default_id( $element ) { * @param string $element element. */ private function update_default_id( $element ) { - self::$id_counts[ $element ] ++; + self::$id_counts[ $element ]++; } /** @@ -179,7 +179,7 @@ private function embedd_class( $element, $class = null ) { if ( is_array( $class ) ) { $html .= ' ' . esc_attr( implode( ' ', $class ) ); } else { - throw new rtFormInvalidArgumentsException( 'class [' . $element . ']' ); + throw new rtFormInvalidArgumentsException( 'class [' . esc_html( $element ) . ']' ); } } $html .= '" '; @@ -415,21 +415,15 @@ private function container_enclosed_elements( $element, $attrib, $rtform_options if ( 'checked' === $key ) { $attrib['checked'] = esc_attr( $val ); - } else { - if ( 'selected' === $key ) { + } elseif ( 'selected' === $key ) { $attrib['selected'] = esc_attr( $val ); - } else { - if ( 'desc' === $key ) { - $attrib['desc'] = esc_attr( $val ); - } else { - if ( 'id' === $key ) { - $attrib['id'] = esc_attr( $val ); - } else { - $attrib['key'] = $key; - $attrib['value'] = esc_attr( $val ); - } - } - } + } elseif ( 'desc' === $key ) { + $attrib['desc'] = esc_attr( $val ); + } elseif ( 'id' === $key ) { + $attrib['id'] = esc_attr( $val ); + } else { + $attrib['key'] = $key; + $attrib['value'] = esc_attr( $val ); } } @@ -481,18 +475,16 @@ private function container_enclosed_elements( $element, $attrib, $rtform_options $data ); - } else { - if ( ( isset( $attrib['switch'] ) && $attrib['switch'] ) || ( isset( $attrib['switch_square'] ) && $attrib['switch_square'] ) ) { + } elseif ( ( isset( $attrib['switch'] ) && $attrib['switch'] ) || ( isset( $attrib['switch_square'] ) && $attrib['switch_square'] ) ) { $label_class = array( 'switch' ); $data = $this->enclose_label( $element, $data, $attrib['key'], $label_class ); - if ( $size > 1 ) { - $data = '
' . $data . '
'; - } - } else { - $data = $this->enclose_label( $element, $data, $attrib['key'] ); + if ( $size > 1 ) { + $data = '
' . $data . '
'; } + } else { + $data = $this->enclose_label( $element, $data, $attrib['key'] ); } $data .= ''; @@ -542,7 +534,7 @@ private function parse_multiple_options( $element, $attributes ) { 'rtForm_options' => $rtform_options, ); } else { - throw new rtFormInvalidArgumentsException( 'rtForm_options [' . $element . ']' ); + throw new rtFormInvalidArgumentsException( 'rtForm_options [' . esc_html( $element ) . ']' ); } } else { throw new rtFormInvalidArgumentsException( 'attributes' ); diff --git a/app/helper/rtProgress.php b/app/helper/rtProgress.php index acf713b45..2e847c363 100755 --- a/app/helper/rtProgress.php +++ b/app/helper/rtProgress.php @@ -18,7 +18,6 @@ class rtProgress { // phpcs:ignore PEAR.NamingConventions.ValidClassName.StartWi * @access public */ public function __construct() { - } /** diff --git a/app/helper/rtUploadAttachment.php b/app/helper/rtUploadAttachment.php index fc2783cfb..c42f2f01f 100755 --- a/app/helper/rtUploadAttachment.php +++ b/app/helper/rtUploadAttachment.php @@ -44,8 +44,18 @@ function rtmedia_admin_upload() { $uploaddir = $wpuploaddir['basedir'] . '/rtMedia/tmp/'; // If folder is not there, then create it. - if ( ! is_dir( $uploaddir ) ) { - if ( ! mkdir( $uploaddir, 0777, true ) ) { + if ( ! function_exists( 'WP_Filesystem' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + + global $wp_filesystem; + + if ( ! $wp_filesystem ) { + WP_Filesystem(); + } + + if ( ! $wp_filesystem->is_dir( $uploaddir ) ) { + if ( ! $wp_filesystem->mkdir( $uploaddir, FS_CHMOD_DIR ) ) { die( 'Failed to create folders...' ); } } @@ -62,38 +72,44 @@ function rtmedia_admin_upload() { // Move file to target folder. foreach ( $_FILES as $name => $file ) { + $safe_key = sanitize_key( $name ); + $safe_name = isset( $file['name'] ) ? sanitize_file_name( $file['name'] ) : ''; + $file_size = isset( $file['size'] ) ? intval( $file['size'] ) : 0; + $tmp_name = isset( $file['tmp_name'] ) ? $file['tmp_name'] : ''; + $ext = pathinfo( $safe_name, PATHINFO_EXTENSION ); - if ( $file['size'] <= 2000000 ) { - $ext = pathinfo( basename( $file['name'] ), PATHINFO_EXTENSION ); + if ( $file_size > 2000000 ) { + $size_error = array( 'exceed_size_msg' => esc_html__( 'You can not upload more than 2 MB.', 'buddypress-media' ) ); + echo wp_json_encode( $size_error ); + exit(); + } - if ( $import_export ) { + if ( ! is_uploaded_file( $tmp_name ) ) { + $error = true; + continue; + } - if ( 'json' === strtolower( $ext ) && move_uploaded_file( $file['tmp_name'], $uploaddir . basename( $file['name'] ) ) ) { - $uploaded_file = $uploaddir . $file['name']; + if ( $import_export ) { + if ( 'json' === strtolower( $ext ) && $wp_filesystem->move( $tmp_name, $uploaddir . $safe_name, true ) ) { + $uploaded_file = $uploaddir . $safe_name; + $rtadmin = new RTMediaAdmin(); - $rtadmin = new RTMediaAdmin(); - $rtadmin->import_settings( $uploaded_file ); - } else { - $error = true; - } - } elseif ( in_array( strtolower( $ext ), $allowed_type, true ) && move_uploaded_file( $file['tmp_name'], $uploaddir . basename( $file['name'] ) ) ) { - $files[] = $uploaddir . $file['name']; + $rtadmin->import_settings( $uploaded_file ); } else { $error = true; } + } elseif ( in_array( strtolower( $ext ), $allowed_type, true ) && $wp_filesystem->move( $tmp_name, $uploaddir . $safe_name, true ) ) { + $files[] = $uploaddir . $safe_name; } else { - $size_error = array( 'exceed_size_msg' => esc_html__( 'You can not upload more than 2 MB.', 'buddypress-media' ) ); - echo wp_json_encode( $size_error ); - exit(); + $error = true; } } $data = ( $error ) ? array( 'error' => esc_html__( 'There was an error uploading your files', 'buddypress-media' ) ) : array( 'debug_attachmanet' => $files ); - } else { $data = array( 'success' => esc_html__( 'Form was submitted', 'buddypress-media' ), - 'formData' => $_POST, + 'formData' => rtmedia_deep_sanitize_post( $_POST ), ); } @@ -103,4 +119,29 @@ function rtmedia_admin_upload() { } } } -} + + /** + * Deep sanitize post data. + * + * @param array $data Data array. + * + * @return array + */ + function rtmedia_deep_sanitize_post( $data ) { + $sanitized = array(); + + foreach ( $data as $key => $value ) { + if ( is_array( $value ) ) { + $sanitized[ $key ] = rtmedia_deep_sanitize_post( $value ); + } elseif ( is_numeric( $value ) ) { + $sanitized[ $key ] = absint( $value ); + } elseif ( false !== filter_var( $value, FILTER_VALIDATE_URL ) ) { + $sanitized[ $key ] = esc_url_raw( $value ); + } else { + $sanitized[ $key ] = sanitize_text_field( $value ); + } + } + + return $sanitized; + } +} \ No newline at end of file diff --git a/app/importers/BPMediaAlbumimporter.php b/app/importers/BPMediaAlbumimporter.php index 95b06867c..5e251a0b5 100755 --- a/app/importers/BPMediaAlbumimporter.php +++ b/app/importers/BPMediaAlbumimporter.php @@ -35,7 +35,9 @@ public function update_table() { } global $wpdb; + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared -- Direct query is required for custom table. return $wpdb->query( + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.SchemaChange "ALTER TABLE {$wpdb->base_prefix}bp_album ADD COLUMN import_status BIGINT (20) NOT NULL DEFAULT 0, ADD COLUMN old_activity_id BIGINT (20) NOT NULL DEFAULT 0, @@ -54,6 +56,8 @@ public function update_table() { public function column_exists( $column ) { global $wpdb; + // Direct query is required for custom table. safe because SQL is prepared. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching return $wpdb->query( $wpdb->prepare( "SHOW COLUMNS FROM {$wpdb->base_prefix}bp_album LIKE %s limit 1", $column ) ); } @@ -217,12 +221,12 @@ public function ui() { /** * Create album. * - * @param string $author_id Author id. * @param string $album_name Album name. + * @param string $author_id Author id. * * @return mixed */ - public function create_album( $album_name = '', $author_id = 1 ) { + public function create_album( $album_name = '', $author_id = 1 ) { global $bp_media, $wpdb; // Set album_name to 'Imported Media' if it is empty. @@ -236,6 +240,8 @@ public function create_album( $album_name = '', $author_id = 1 ) { } } + // Direct query is required for because core function may return invalid result due to caching. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching $result = $wpdb->get_results( $wpdb->prepare( "SELECT ID from $wpdb->posts WHERE post_type='bp_media_album' AND post_status = 'publish' AND post_author = %d AND post_title LIKE %s limit 1", $author_id, $album_name ) ); if ( count( $result ) < 1 ) { $album = new BPMediaAlbum(); @@ -244,6 +250,7 @@ public function create_album( $album_name = '', $author_id = 1 ) { } else { $album_id = $result[0]->ID; } + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $wpdb->update( $wpdb->base_prefix . 'bp_activity', array( 'secondary_item_id' => - 999 ), array( 'id' => get_post_meta( $album_id, 'bp_media_child_activity', true ) ) ); return $album_id; @@ -258,6 +265,7 @@ public static function get_total_count() { global $wpdb; $table = $wpdb->base_prefix . 'bp_album'; if ( self::table_exists( $table ) ) { + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. return $wpdb->get_results( "SELECT COUNT(DISTINCT owner_id) as users, COUNT(id) as media FROM {$table}" ); } @@ -274,8 +282,9 @@ public function get_remaining_comments() { $bp_album_table = $wpdb->base_prefix . 'bp_album'; $activity_table = $wpdb->base_prefix . 'bp_activity'; if ( $this->table_exists( $bp_album_table ) ) { - // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. return $wpdb->get_var( + // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared "SELECT SUM( b.count ) AS total FROM ( SELECT ( @@ -285,15 +294,15 @@ public function get_remaining_comments() { AND a.component = 'activity' AND a.type = 'activity_comment' ) AS count - FROM $activity_table AS activity - INNER JOIN $bp_album_table AS album ON ( album.id = activity.item_id ) + FROM {$activity_table} AS activity + INNER JOIN {$bp_album_table} AS album ON ( album.id = activity.item_id ) WHERE activity.component = 'album' AND activity.type = 'bp_album_picture' AND album.import_status =0 )b" - ); // phpcs:enable WordPress.DB.PreparedSQL.NotPrepared WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared + ); } - return 0; } @@ -307,6 +316,8 @@ public function get_finished_comments() { $bp_album_table = $wpdb->base_prefix . 'bp_album'; if ( $this->table_exists( $bp_album_table ) ) { + // Direct query is required for custom table. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.DirectDatabaseQuery.SchemaChange return $wpdb->get_var( "SELECT COUNT( activity.id ) AS count FROM {$wpdb->base_prefix}bp_activity AS activity @@ -329,6 +340,8 @@ public static function get_completed_users() { $table = $wpdb->base_prefix . 'bp_album'; if ( self::table_exists( $table ) ) { + // Direct query is required for custom table. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching return $wpdb->get_results( "SELECT COUNT( DISTINCT owner_id ) AS users FROM {$wpdb->base_prefix}bp_album @@ -354,6 +367,8 @@ public static function get_completed_media() { global $wpdb; $table = $wpdb->base_prefix . 'bp_album'; if ( self::table_exists( $table ) ) { + // Direct query is required for custom table. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching return $wpdb->get_results( "SELECT COUNT(id) as media FROM {$wpdb->base_prefix}bp_album WHERE import_status!=0" ); } @@ -369,6 +384,8 @@ public static function get_corrupt_media() { global $wpdb; $table = $wpdb->base_prefix . 'bp_album'; if ( self::table_exists( $table ) ) { + // Direct query is required for custom table. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching return $wpdb->get_results( "SELECT id,title,pic_org_url FROM {$wpdb->base_prefix}bp_album WHERE import_status=-1" ); } @@ -387,6 +404,8 @@ public static function batch_import( $count = 5 ) { $table = $wpdb->base_prefix . 'bp_album'; if ( self::table_exists( $table ) ) { + // Direct query is required for custom table. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching $bp_album_data = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->base_prefix}bp_album WHERE import_status = 0 ORDER BY owner_id LIMIT %d", $count ) ); return $bp_album_data; } @@ -426,15 +445,52 @@ public static function bpmedia_ajax_import_callback() { $bpm_host_wp->check_and_create_album( 0, 0, $bp_album_item->owner_id ); $album_id = self::create_album( $bp_album_item->owner_id, 'Imported Media' ); $imported_media_id = BPMediaImporter::add_media( $album_id, $bp_album_item->title, $bp_album_item->description, $bp_album_item->pic_org_path, $bp_album_item->privacy, $bp_album_item->owner_id, 'Imported Media' ); + + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $wpdb->update( $table, array( 'import_status' => ( $imported_media_id ) ? $imported_media_id : - 1 ), array( 'id' => $bp_album_item->id ), array( '%d' ), array( '%d' ) ); + if ( $imported_media_id ) { $comments += (int) self::update_recorded_time_and_comments( $imported_media_id, $bp_album_item->id, "{$wpdb->base_prefix}bp_album" ); - $bp_album_media_id = $wpdb->get_var( "SELECT activity.id from $activity_table as activity INNER JOIN $table as album ON ( activity.item_id = album.id ) WHERE activity.item_id = $bp_album_item->id AND activity.component = 'album' AND activity.type='bp_album_picture'" ); - $wpdb->update( $table, array( 'old_activity_id' => $bp_album_media_id ), array( 'id' => $bp_album_item->id ), array( '%d' ), array( '%d' ) ); - $bp_new_activity_id = $wpdb->get_var( "SELECT id from $activity_table WHERE item_id = $imported_media_id AND component = 'activity' AND type='activity_update' AND secondary_item_id=0" ); - $wpdb->update( $table, array( 'new_activity_id' => $bp_new_activity_id ), array( 'id' => $bp_album_item->id ), array( '%d' ), array( '%d' ) ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $bp_album_media_id = $wpdb->get_var( + $wpdb->prepare( + "SELECT activity.id FROM {$activity_table} AS activity INNER JOIN {$table} AS album ON ( activity.item_id = album.id ) WHERE activity.item_id = %d AND activity.component = %s AND activity.type = %s", // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $bp_album_item->id, + 'album', + 'bp_album_picture' + ) + ); + + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $wpdb->update( + $table, + array( 'old_activity_id' => $bp_album_media_id ), + array( 'id' => $bp_album_item->id ), + array( '%d' ), + array( '%d' ) + ); + + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $bp_new_activity_id = $wpdb->get_var( + $wpdb->prepare( + "SELECT id FROM {$activity_table} WHERE item_id = %d AND component = %s AND type = %s AND secondary_item_id = 0", // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $imported_media_id, + 'activity', + 'activity_update' + ) + ); + + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $wpdb->update( + $table, + array( 'new_activity_id' => $bp_new_activity_id ), + array( 'id' => $bp_album_item->id ), + array( '%d' ), + array( '%d' ) + ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. if ( $wpdb->update( $activity_meta_table, array( 'activity_id' => $bp_new_activity_id ), @@ -479,7 +535,7 @@ public static function bpmedia_ajax_import_favorites() { echo wp_json_encode( array( - 'favorites' => $wpdb->get_var( "SELECT COUNT(id) from $table WHERE favorites != 0" ), // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + 'favorites' => $wpdb->get_var( "SELECT COUNT(id) from $table WHERE favorites != 0" ), // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. 'users' => $users['total_users'], 'offset' => (int) get_site_option( 'bp_media_bp_album_favorite_import_status', 0 ), ) @@ -522,7 +578,8 @@ public static function bpmedia_ajax_import_step_favorites() { $new_favorite_activities = $favorite_activities; foreach ( $favorite_activities as $key => $favorite ) { - $new_act = $wpdb->get_var( $wpdb->prepare( "SELECT new_activity_id from $table WHERE old_activity_id = %d limit 1", $favorite ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $new_act = $wpdb->get_var( $wpdb->prepare( "SELECT new_activity_id from {$table} WHERE old_activity_id = %d limit 1", $favorite ) ); if ( ! empty( $new_act ) ) { $new_favorite_activities[ $key ] = $new_act; } @@ -578,19 +635,25 @@ public static function update_recorded_time_and_comments( $media, $bp_album_id, $comments = 0; if ( $activity_id ) { - $date_uploaded = $wpdb->get_var( $wpdb->prepare( "SELECT date_uploaded from $table WHERE id = %d", $bp_album_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $date_uploaded = $wpdb->get_var( $wpdb->prepare( "SELECT date_uploaded from {$table} WHERE id = %d", $bp_album_id ) ); + + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. $old_activity_id = $wpdb->get_var( $wpdb->prepare( "SELECT id from {$wpdb->base_prefix}bp_activity WHERE component = 'album' AND type = 'bp_album_picture' AND item_id = %d", $bp_album_id ) ); if ( $old_activity_id ) { + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $comments = $wpdb->get_results( $wpdb->prepare( "SELECT id,secondary_item_id from {$wpdb->base_prefix}bp_activity WHERE component = 'activity' AND type = 'activity_comment' AND item_id = %d", $old_activity_id ) ); foreach ( $comments as $comment ) { $update = array( 'item_id' => $activity_id ); if ( $comment->secondary_item_id === $old_activity_id ) { $update['secondary_item_id'] = $activity_id; } + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Update date recorded in custom table. $wpdb->update( $wpdb->base_prefix . 'bp_activity', $update, array( 'id' => $comment->id ) ); BP_Activity_Activity::rebuild_activity_comment_tree( $activity_id ); } } + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Update date recorded in custom table. $wpdb->update( $wpdb->base_prefix . 'bp_activity', array( 'date_recorded' => $date_uploaded ), array( 'id' => $activity_id ) ); return count( $comments ); diff --git a/app/importers/BPMediaImporter.php b/app/importers/BPMediaImporter.php index e79f88fbb..cd677ccf0 100755 --- a/app/importers/BPMediaImporter.php +++ b/app/importers/BPMediaImporter.php @@ -30,7 +30,6 @@ class BPMediaImporter { * BPMediaImporter constructor. */ public function __construct() { - } /** @@ -43,6 +42,7 @@ public function __construct() { public static function table_exists( $table ) { global $wpdb; + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. if ( 1 === intval( $wpdb->query( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table ) ) ) ) { return true; } @@ -111,7 +111,14 @@ public static function make_copy( $filepath ) { } if ( file_exists( $filepath ) ) { - if ( copy( $filepath, $newpath ) ) { + if ( ! function_exists( 'WP_Filesystem' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + global $wp_filesystem; + if ( ! $wp_filesystem ) { + WP_Filesystem(); + } + if ( $wp_filesystem->copy( $filepath, $newpath, true ) ) { return self::file_array( $newpath ); } } @@ -198,7 +205,10 @@ public static function add_media( $album_id, $title = '', $description = '', $fi */ public static function cleanup( $table, $directory ) { global $wpdb; - $wpdb->query( "DROP TABLE IF EXISTS $table" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $table = esc_sql( $table ); + $sql = "DROP TABLE IF EXISTS `{$table}`"; + $wpdb->query( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.SchemaChange, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->base_prefix}bp_activity WHERE component = %s", 'album' ) ); if ( is_dir( $directory ) ) { self::delete( $directory ); @@ -213,6 +223,16 @@ public static function cleanup( $table, $directory ) { * @return bool */ public static function delete( $path ) { + global $wp_filesystem; + + if ( ! function_exists( 'WP_Filesystem' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + + if ( ! $wp_filesystem ) { + WP_Filesystem(); + } + if ( true === is_dir( $path ) ) { $files = array_diff( scandir( $path ), array( '.', '..' ) ); @@ -220,11 +240,9 @@ public static function delete( $path ) { self::delete( realpath( $path ) . '/' . $file ); } - return rmdir( $path ); - } else { - if ( true === is_file( $path ) ) { - return unlink( $path ); - } + return $wp_filesystem->rmdir( $path ); + } elseif ( true === is_file( $path ) ) { + return $wp_filesystem->delete( $path ); } return false; diff --git a/app/importers/RTMediaActivityUpgrade.php b/app/importers/RTMediaActivityUpgrade.php index f2cc0efa9..fb378b074 100644 --- a/app/importers/RTMediaActivityUpgrade.php +++ b/app/importers/RTMediaActivityUpgrade.php @@ -105,15 +105,16 @@ public function rtmedia_activity_upgrade( $lastid = 0, $limit = 1 ) { if ( check_ajax_referer( 'rtmedia_media_activity_upgrade_nonce', 'nonce' ) ) { $rtmedia_model = new RTMediaModel(); $rtmedia_activity_model = new RTMediaActivityModel(); - $activity_sql = $wpdb->prepare( " SELECT *, max(privacy) as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit %d", $limit ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $activity_sql = $wpdb->prepare( "SELECT *, max(privacy) as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit %d", $limit ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared $lastid = filter_input( INPUT_POST, 'last_id', FILTER_SANITIZE_NUMBER_INT ); if ( ! empty( $lastid ) ) { - $activity_sql = $wpdb->prepare( " SELECT *, max(privacy) as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id > %d AND activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit %d", $lastid, $limit ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $activity_sql = $wpdb->prepare( "SELECT *, max(privacy) as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id > %d AND activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit %d", $lastid, $limit ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared } - $activity_data = $wpdb->get_results( $activity_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared -- Direct query is required for custom table. + $activity_data = $wpdb->get_results( $activity_sql ); if ( is_array( $activity_data ) && ! empty( $activity_data ) ) { if ( $rtmedia_activity_model->check( $activity_data[0]->activity_id ) ) { @@ -140,7 +141,6 @@ public function rtmedia_activity_upgrade( $lastid = 0, $limit = 1 ) { echo '0'; wp_die(); } - } /** @@ -207,14 +207,15 @@ public function get_pending_count( $activity_id = false ) { global $wpdb; $rtmedia_activity_model = new RTMediaActivityModel(); $rtmedia_model = new RTMediaModel(); - $query_pending = $wpdb->prepare( " SELECT count( DISTINCT activity_id) as pending from {$rtmedia_model->table_name} where activity_id NOT IN( SELECT activity_id from {$rtmedia_activity_model->table_name} ) AND activity_id > %d ", 0 ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $query_pending = $wpdb->prepare( "SELECT count( DISTINCT activity_id) as pending from {$rtmedia_model->table_name} where activity_id NOT IN( SELECT activity_id from {$rtmedia_activity_model->table_name} ) AND activity_id > %d", 0 ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared $last_imported = $this->get_last_imported(); if ( $last_imported ) { $query_pending .= $wpdb->prepare( ' AND activity_id > %d', intval( $last_imported ) ); } - $pending_count = $wpdb->get_results( $query_pending ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared -- Direct query is required for custom table. + $pending_count = $wpdb->get_results( $query_pending ); if ( $pending_count && count( $pending_count ) > 0 ) { return $pending_count[0]->pending; @@ -231,7 +232,8 @@ public function get_pending_count( $activity_id = false ) { public function get_total_count() { global $wpdb; $rtmedia_model = new RTMediaModel(); - $total_count = $wpdb->get_results( $wpdb->prepare( " SELECT count( DISTINCT activity_id) as total FROM {$rtmedia_model->table_name} WHERE activity_id > %d ", 0 ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $total_count = $wpdb->get_results( $wpdb->prepare( "SELECT count( DISTINCT activity_id) as total FROM {$rtmedia_model->table_name} WHERE activity_id > %d", 0 ) ); if ( $total_count && count( $total_count ) > 0 ) { return $total_count[0]->total; @@ -248,7 +250,8 @@ public function get_total_count() { public function get_last_imported() { global $wpdb; $rtmedia_activity_model = new RTMediaActivityModel(); - $last_imported = $wpdb->get_results( $wpdb->prepare( " SELECT activity_id from {$rtmedia_activity_model->table_name} ORDER BY activity_id DESC limit %d ", 1 ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $last_imported = $wpdb->get_results( $wpdb->prepare( "SELECT activity_id from {$rtmedia_activity_model->table_name} ORDER BY activity_id DESC limit %d", 1 ) ); if ( $last_imported && count( $last_imported ) > 0 && isset( $last_imported[0] ) && isset( $last_imported[0]->activity_id ) ) { return $last_imported[0]->activity_id; diff --git a/app/importers/RTMediaMediaSizeImporter.php b/app/importers/RTMediaMediaSizeImporter.php index 961f22242..eb5ccf0ae 100644 --- a/app/importers/RTMediaMediaSizeImporter.php +++ b/app/importers/RTMediaMediaSizeImporter.php @@ -104,7 +104,7 @@ public function add_rtmedia_media_size_import_notice() { if ( current_user_can( 'manage_options' ) ) { $this->create_notice( sprintf( - '

rtMedia: %1$s %3$s %4$s. %5$s

', + '

rtMedia: %1$s %3$s %4$s. %5$s

', esc_html__( ': Database table structure for rtMedia has been updated. Please', 'buddypress-media' ), esc_url( admin_url( 'admin.php?page=rtmedia-migration-media-size-import&force=true' ) ), esc_html__( 'Click Here', 'buddypress-media' ), @@ -112,19 +112,6 @@ public function add_rtmedia_media_size_import_notice() { esc_html__( 'Hide', 'buddypress-media' ) ) ); - - ?> - - array(), 'onclick' => array(), 'style' => array(), + 'id' => array(), ), 'strong' => array(), ); @@ -179,10 +167,12 @@ public function get_pending_count( $media_id = false ) { if ( $media_id ) { $media_id = intval( $media_id ); - $query_pending = $wpdb->prepare( "SELECT COUNT(*) as pending from {$rtmedia_model->table_name} where file_size IS NULL AND media_type in ('photo','video','document','music','other') AND id > %d", $media_id ); + $query_pending = $wpdb->prepare( "SELECT COUNT(*) as pending from {$rtmedia_model->table_name} where file_size IS NULL AND media_type in ('photo','video','document','music','other') AND id > %d", $media_id ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared } - $pending_count = $wpdb->get_results( $query_pending ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // Direct query is required for custom table. safe because SQL is prepared. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $pending_count = $wpdb->get_results( $query_pending ); if ( $pending_count && count( $pending_count ) > 0 ) { return $pending_count[0]->pending; } @@ -198,8 +188,10 @@ public function get_pending_count( $media_id = false ) { public function get_total_count() { global $wpdb; $rtmedia_model = new RTMediaModel(); - $query_total = "SELECT COUNT(*) as total from {$rtmedia_model->table_name} where media_type in ('photo','video','document','music','other') "; - $total_count = $wpdb->get_results( $query_total ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $query_total = "SELECT COUNT(*) as total from {$rtmedia_model->table_name} where media_type in ('photo','video','document','music','other') "; // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // Direct query is required for custom table. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared + $total_count = $wpdb->get_results( $query_total ); if ( $total_count && count( $total_count ) > 0 ) { return $total_count[0]->total; @@ -218,12 +210,14 @@ public function rtmedia_media_size_import( $lastid = 0, $limit = 1 ) { global $wpdb; if ( check_ajax_referer( 'rtmedia_media_size_import_nonce', 'nonce' ) ) { $rtmedia_model = new RTMediaModel(); - $get_media_sql = $wpdb->prepare( "SELECT * from {$rtmedia_model->table_name} where file_size is NULL and media_type in ('photo','video','document','music','other') order by id limit %d", $limit ); + $get_media_sql = $wpdb->prepare( "SELECT * from {$rtmedia_model->table_name} where file_size is NULL and media_type in ('photo','video','document','music','other') order by id limit %d", $limit ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared $lastid = filter_input( INPUT_POST, 'last_id', FILTER_SANITIZE_NUMBER_INT ); if ( ! empty( $lastid ) ) { - $get_media_sql = $wpdb->prepare( "SELECT * from {$rtmedia_model->table_name} where id > %d AND file_size is NULL and media_type in ('photo','video','document','music','other') order by id limit %d", $lastid, $limit ); + $get_media_sql = $wpdb->prepare( "SELECT * from {$rtmedia_model->table_name} where id > %d AND file_size is NULL and media_type in ('photo','video','document','music','other') order by id limit %d", $lastid, $limit ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared } - $result = $wpdb->get_results( $get_media_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // Direct query is required for custom table. safe because SQL is prepared. + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared + $result = $wpdb->get_results( $get_media_sql ); if ( $result && count( $result ) > 0 ) { $migrate = $this->migrate_single_media( $result[0] ); } diff --git a/app/importers/RTMediaMigration.php b/app/importers/RTMediaMigration.php index b80c1770e..ca27dc0e7 100755 --- a/app/importers/RTMediaMigration.php +++ b/app/importers/RTMediaMigration.php @@ -78,6 +78,7 @@ public function migrate_image_size_fix() { if ( '' === rtmedia_get_site_option( 'rt_image_size_migration_fix', '' ) ) { global $wpdb; + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $wpdb->get_row( $wpdb->prepare( "update $wpdb->postmeta set meta_value=replace(meta_value ,%s,%s) where meta_key = '_wp_attachment_metadata';", 'bp_media', 'rt_media' ) ); update_option( 'rt_image_size_migration_fix', 'fix' ); @@ -125,6 +126,7 @@ public function create_notice( $message, $type = 'error' ) { public static function table_exists( $table ) { global $wpdb; + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. if ( 1 === intval( $wpdb->query( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table ) ) ) ) { return true; } @@ -163,13 +165,19 @@ public function get_total_count() { } $sql_album_usercount = "select count(*) FROM $wpdb->usermeta where meta_key ='bp-media-default-album' "; - $_SESSION['migration_user_album'] = $wpdb->get_var( $sql_album_usercount ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $count = intval( $_SESSION['migration_user_album'] ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $_SESSION['migration_user_album'] = $wpdb->get_var( $sql_album_usercount ); + if ( ! empty( $_SESSION['migration_user_album'] ) ) { + $count = intval( isset( $_SESSION['migration_user_album'] ) ? $_SESSION['migration_user_album'] : 0 ); + } if ( $this->table_exists( $bp_prefix . 'bp_groups_groupmeta' ) ) { $sql_album_groupcount = $wpdb->prepare( "select count(*) FROM {$bp_prefix}bp_groups_groupmeta where meta_key =%s", 'bp_media_default_album' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $_SESSION['migration_group_album'] = $wpdb->get_var( $sql_album_groupcount ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $count += intval( $_SESSION['migration_group_album'] ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $_SESSION['migration_group_album'] = $wpdb->get_var( $sql_album_groupcount ); + if ( ! empty( $_SESSION['migration_group_album'] ) ) { + $count += intval( $_SESSION['migration_group_album'] ); + } } if ( $this->table_exists( $bp_prefix . 'bp_activity' ) ) { @@ -191,8 +199,10 @@ public function get_total_count() { and is_spam <>1 and not p.meta_value is NULL"; - $_SESSION['migration_activity'] = $wpdb->get_var( $sql_bpm_comment_count ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $count += intval( $_SESSION['migration_activity'] ); + $_SESSION['migration_activity'] = $wpdb->get_var( $sql_bpm_comment_count ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + if ( ! empty( $_SESSION['migration_activity'] ) ) { + $count += intval( $_SESSION['migration_activity'] ); + } } $sql = "select count(*) @@ -210,8 +220,11 @@ public function get_total_count() { a.post_id > 0 and (NOT p.ID IS NULL) and a.meta_key = 'bp-media-key'"; - $_SESSION['migration_media'] = $wpdb->get_var( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $count += intval( $_SESSION['migration_media'] ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $_SESSION['migration_media'] = $wpdb->get_var( $sql ); + if ( ! empty( $_SESSION['migration_media'] ) ) { + $count += intval( $_SESSION['migration_media'] ); + } return $count; } @@ -226,15 +239,20 @@ public function get_last_imported() { $album_id = $album[0]; global $wpdb; - $sql = "select a.post_ID - from - {$wpdb->postmeta} a left join - {$wpdb->posts} p ON (a.post_id = p.ID) - where - a.meta_key = 'bp-media-key' and (NOT p.ID IS NULL) and a.post_id not in (select media_id - from {$this->bmp_table} where blog_id = %d and media_id <> %d ) order by a.post_ID"; - $sql = $wpdb->prepare( $sql, get_current_blog_id(), $album_id ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $row = $wpdb->get_row( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + + // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $sql = $wpdb->prepare( + "SELECT a.post_ID FROM + {$wpdb->postmeta} a LEFT JOIN + {$wpdb->posts} p ON (a.post_id = p.ID) + WHERE + a.meta_key = 'bp-media-key' AND (NOT p.ID IS NULL) AND a.post_id NOT IN (SELECT media_id + FROM {$this->bmp_table} WHERE blog_id = %d AND media_id <> %d ) ORDER BY a.post_ID", + get_current_blog_id(), + $album_id + ); // phpcs:enable WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared -- Direct query is required for custom table. + $row = $wpdb->get_row( $sql ); if ( $row ) { return $row->post_ID; } else { @@ -267,7 +285,8 @@ public function get_done_count( $flag = false ) { a.post_id > 0 and (NOT p.ID IS NULL) and a.meta_key = 'bp-media-key')"; - $media_count = $wpdb->get_var( $wpdb->prepare( $sql, get_current_blog_id() ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $media_count = $wpdb->get_var( $wpdb->prepare( $sql, get_current_blog_id() ) ); if ( $flag ) { return $media_count - 1; @@ -275,7 +294,7 @@ public function get_done_count( $flag = false ) { $state = intval( rtmedia_get_site_option( 'rtmedia-migration', '0' ) ); - if ( 5 === $state ) { + if ( 5 === $state && isset( $_SESSION['migration_user_album'] ) ) { $album_count = intval( $_SESSION['migration_user_album'] ); $album_count += ( isset( $_SESSION['migration_group_album'] ) ) ? intval( $_SESSION['migration_group_album'] ) : 0; } elseif ( $state > 0 ) { @@ -291,7 +310,8 @@ public function get_done_count( $flag = false ) { $pending_count .= " or ID in (select meta_value FROM {$bp_prefix}bp_groups_groupmeta where meta_key ='bp_media_default_album')"; } $pending_count .= ')'; - $pending_count = $wpdb->get_var( $pending_count ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $pending_count = $wpdb->get_var( $pending_count ); $album_count = intval( $_SESSION['migration_user_album'] ); $album_count += ( isset( $_SESSION['migration_group_album'] ) ) ? intval( $_SESSION['migration_group_album'] ) : 0; @@ -300,15 +320,22 @@ public function get_done_count( $flag = false ) { $album_count = 0; } - if ( isset( $_SESSION['migration_activity'] ) && intval( $_SESSION['migration_media'] ) === intval( $media_count ) ) { - $comment_sql = $_SESSION['migration_activity']; + if ( isset( $_SESSION['migration_activity'] ) && isset( $_SESSION['migration_media'] ) && intval( $_SESSION['migration_media'] ) === intval( $media_count ) ) { + $comment_sql = intval( $_SESSION['migration_activity'] ); } else { - // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared + // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $comment_sql = $wpdb->get_var( - "select count(*) from $wpdb->comments a - where a.comment_post_ID in (select b.media_id from $this->bmp_table b left join - {$wpdb->posts} p ON (b.media_id = p.ID) where (NOT p.ID IS NULL) ) and a.comment_agent=''" - ); + "SELECT COUNT(*) + FROM {$wpdb->comments} a + WHERE a.comment_post_ID IN ( + SELECT b.media_id + FROM {$this->bmp_table} b + LEFT JOIN {$wpdb->posts} p ON b.media_id = p.ID + WHERE p.ID IS NOT NULL + ) + AND a.comment_agent = ''" + ); // phpcs:enable WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared } @@ -365,7 +392,8 @@ public function manage_album() { global $wpdb; - $album_id = $wpdb->get_var( $wpdb->prepare( "select media_id from $this->bmp_table where id = %d", $album_rt_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $album_id = $wpdb->get_var( $wpdb->prepare( "select media_id from $this->bmp_table where id = %d", $album_rt_id ) ); if ( function_exists( 'bp_core_get_table_prefix' ) ) { $bp_prefix = bp_core_get_table_prefix(); @@ -384,9 +412,11 @@ public function manage_album() { } $sql = $wpdb->prepare( "update {$bp_prefix}bp_activity set content=replace(content,%s,%s) where id > 0;", '
    ', '
      ' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $wpdb->get_row( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $wpdb->get_row( $sql ); $sql = $wpdb->prepare( "update {$bp_prefix}bp_activity set content=replace(content,%s,%s) where id > 0;", '
    ', '
' ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $wpdb->get_row( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $wpdb->get_row( $sql ); $sql_group = "update $wpdb->posts set post_parent='{$album_id}' where post_parent in (select meta_value FROM $wpdb->usermeta where meta_key ='bp-media-default-album') "; @@ -394,7 +424,8 @@ public function manage_album() { $sql_group .= " or post_parent in (select meta_value FROM {$bp_prefix}bp_groups_groupmeta where meta_key ='bp_media_default_album')"; } - $wpdb->query( $sql_group ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $wpdb->query( $sql_group ); $stage = 1; rtmedia_update_site_option( 'rtmedia-migration', $stage ); $this->return_migration(); @@ -402,7 +433,21 @@ public function manage_album() { if ( $stage < 2 ) { - $results = $wpdb->get_results( "select * from $wpdb->posts where post_type='bp_media_album' and ID in (select meta_value FROM $wpdb->usermeta where meta_key ='bp-media-default-album') limit 10" ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $results = $wpdb->get_results( + $wpdb->prepare( + "SELECT * FROM `{$wpdb->posts}` + WHERE post_type = %s + AND ID IN ( + SELECT meta_value + FROM `{$wpdb->usermeta}` + WHERE meta_key = %s + ) + LIMIT 10", + 'bp_media_album', + 'bp-media-default-album' + ) + ); $delete_ids = ''; $sep = ''; @@ -413,8 +458,13 @@ public function manage_album() { } if ( '' !== $delete_ids ) { - // @todo missing prepare - $wpdb->query( "delete from $wpdb->posts where ID in ({$delete_ids})" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $wpdb->query( + $wpdb->prepare( + "DELETE FROM `{$wpdb->posts}` WHERE ID IN (%s)", + $delete_ids + ) + ); } if ( count( $results ) < 10 ) { @@ -429,8 +479,24 @@ public function manage_album() { if ( $this->table_exists( $bp_prefix . 'bp_groups_groupmeta' ) ) { - $sql_delete = "select * from $wpdb->posts where post_type='bp_media_album' and ID in (select meta_value FROM {$bp_prefix}bp_groups_groupmeta where meta_key ='bp_media_default_album') limit 10"; - $results = $wpdb->get_results( $sql_delete ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $groupmeta_table = $bp_prefix . 'bp_groups_groupmeta'; + + // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $sql_delete = $wpdb->prepare( + "SELECT * FROM `{$wpdb->posts}` + WHERE post_type = %s + AND ID IN ( + SELECT meta_value + FROM `{$groupmeta_table}` + WHERE meta_key = %s + ) + LIMIT 10", + 'bp_media_album', + 'bp_media_default_album' + ); // phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared + + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared -- Direct query is required for custom table, safe because SQL is prepared. + $results = $wpdb->get_results( $sql_delete ); $delete_ids = ''; $sep = ''; @@ -445,7 +511,8 @@ public function manage_album() { if ( '' !== $delete_ids ) { // @todo prepare - $wpdb->query( "delete from $wpdb->posts where ID in ({$delete_ids})" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $wpdb->query( "delete from $wpdb->posts where ID in ({$delete_ids})" ); } if ( count( $results ) < 10 ) { @@ -465,7 +532,8 @@ public function manage_album() { $sql = "update $wpdb->posts set post_type='{$album_post_type}' where post_type='bp_media_album'"; - if ( false !== $wpdb->query( $sql ) ) { // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + if ( false !== $wpdb->query( $sql ) ) { rtmedia_update_site_option( 'rtmedia-migration', '5' ); return true; @@ -514,6 +582,18 @@ public function test() { (int) $done, + 'total' => (int) $total, + 'admin_ajax' => admin_url( 'admin-ajax.php' ), + ) + ); + ?>
@@ -523,26 +603,25 @@ public function test() {




- ?>
@@ -565,72 +644,7 @@ public function test() { $temp = $prog->progress( $done, $total ); $prog->progress_ui( $temp, true ); ?> - +
@@ -695,7 +709,8 @@ public function migrate_to_new_db( $lastid = 0, $limit = 1 ) { order by a.post_id limit %d"; - $results = $wpdb->get_results( $wpdb->prepare( $sql, $lastid, $limit ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $results = $wpdb->get_results( $wpdb->prepare( $sql, $lastid, $limit ) ); if ( function_exists( 'bp_core_get_table_prefix' ) ) { $bp_prefix = bp_core_get_table_prefix(); @@ -762,7 +777,8 @@ public function migrate_single_media( $result, $album = false ) { if ( false !== $album && ! ( is_object( $result ) ) ) { - $id = $wpdb->get_var( $wpdb->prepare( "select ID from {$this->bmp_table} where media_id = %d", $result ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $id = $wpdb->get_var( $wpdb->prepare( "select ID from {$this->bmp_table} where media_id = %d", $result ) ); if ( null === $id ) { $sql = "select @@ -788,7 +804,7 @@ public function migrate_single_media( $result, $album = false ) { where a.post_id = %d and (NOT p.ID IS NULL) and a.meta_key = 'bp_media_privacy'"; - $result = $wpdb->get_row( $wpdb->prepare( $sql, $result ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $result = $wpdb->get_row( $wpdb->prepare( $sql, $result ) ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared } else { return $id; } @@ -826,31 +842,30 @@ public function migrate_single_media( $result, $album = false ) { } } - $activity_data = $wpdb->get_row( $wpdb->prepare( "select * from {$bp_prefix}bp_activity where id= %d", $result->activity_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. + $activity_data = $wpdb->get_row( $wpdb->prepare( "select * from {$bp_prefix}bp_activity where id= %d", $result->activity_id ) ); if ( 'album' !== $media_type ) { $this->importmedia( $media_id, $prefix ); } if ( $this->table_exists( $bp_prefix . 'bp_activity' ) && class_exists( 'BP_Activity_Activity' ) ) { $bp_activity = new BP_Activity_Activity(); - // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared + // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared $activity_sql = $wpdb->prepare( - "SELECT - * - FROM - {$bp_prefix}bp_activity - where - id in (select distinct - a.meta_value - from - $wpdb->postmeta a - left join - $wpdb->posts p ON (a.post_id = p.ID) - where - (NOT p.ID IS NULL) and p.ID = %d - and a.meta_key = 'bp_media_child_activity')", - $media_id + "SELECT * + FROM {$bp_prefix}bp_activity + WHERE id IN ( + SELECT DISTINCT a.meta_value + FROM $wpdb->postmeta a + LEFT JOIN $wpdb->posts p ON a.post_id = p.ID + WHERE (NOT p.ID IS NULL) + AND p.ID = %d + AND a.meta_key = %s + )", + $media_id, + 'bp_media_child_activity' ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $all_activity = $wpdb->get_results( $activity_sql ); remove_all_actions( 'wp_insert_comment' ); @@ -876,6 +891,7 @@ public function migrate_single_media( $result, $album = false ) { $likes = 0; } + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $wpdb->insert( $this->bmp_table, array( @@ -894,6 +910,7 @@ public function migrate_single_media( $result, $album = false ) { array( '%d', '%d', '%s', '%s', '%d', '%d', '%d', '%d', '%s', '%d', '%d' ) ); + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $last_id = $wpdb->insert_id; if ( 'album' !== $media_type && ( function_exists( 'bp_core_get_user_domain' ) || function_exists( 'bp_members_get_user_url' ) ) && $activity_data ) { @@ -916,6 +933,7 @@ public function migrate_single_media( $result, $album = false ) { $activity_data->content = str_replace( $last_baseurl, $replace_img, $activity_data->content ); } global $wpdb; + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $wpdb->update( $bp_prefix . 'bp_activity', array( @@ -1053,12 +1071,22 @@ public function importmedia( $id, $prefix ) { $kaltura_remote_id = get_post_meta( $id, 'bp_media_kaltura_remote_id', true ); if ( wp_mkdir_p( $basedir . "rtMedia/$prefix/" . $year_month ) ) { - if ( copy( $attached_file, str_replace( $basedir, $basedir . "rtMedia/$prefix/", $attached_file ) ) ) { + if ( ! function_exists( 'WP_Filesystem' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + + global $wp_filesystem; + + if ( ! $wp_filesystem ) { + WP_Filesystem(); + } + + if ( $wp_filesystem->copy( $attached_file, str_replace( $basedir, $basedir . "rtMedia/$prefix/", $attached_file ), true ) ) { $delete = true; if ( isset( $metadata['sizes'] ) ) { foreach ( $metadata['sizes'] as $size ) { - if ( ! copy( $file_folder_path . $size['file'], $new_file_folder_path . $size['file'] ) ) { + if ( ! $wp_filesystem->copy( $file_folder_path . $size['file'], $new_file_folder_path . $size['file'], true ) ) { $delete = false; } else { $delete_sizes[] = $file_folder_path . $size['file']; @@ -1068,7 +1096,7 @@ public function importmedia( $id, $prefix ) { } if ( $backup_metadata ) { foreach ( $backup_metadata as $backup_images ) { - if ( ! copy( $file_folder_path . $backup_images['file'], $new_file_folder_path . $backup_images['file'] ) ) { + if ( ! $wp_filesystem->copy( $file_folder_path . $backup_images['file'], $new_file_folder_path . $backup_images['file'], true ) ) { $delete = false; } else { $delete_sizes[] = $file_folder_path . $backup_images['file']; @@ -1080,7 +1108,7 @@ public function importmedia( $id, $prefix ) { if ( $instagram_thumbs ) { foreach ( $instagram_thumbs as $key => $insta_thumb ) { try { - if ( ! copy( str_replace( $baseurl, $basedir, $insta_thumb ), str_replace( $baseurl, $basedir . "rtMedia/$prefix/", $insta_thumb ) ) ) { + if ( ! $wp_filesystem->copy( str_replace( $baseurl, $basedir, $insta_thumb ), str_replace( $baseurl, $basedir . "rtMedia/$prefix/", $insta_thumb ), true ) ) { $delete = false; } else { $delete_sizes[] = str_replace( $baseurl, $basedir, $insta_thumb ); @@ -1095,7 +1123,7 @@ public function importmedia( $id, $prefix ) { if ( $instagram_full_images ) { foreach ( $instagram_full_images as $key => $insta_full_image ) { - if ( ! copy( $insta_full_image, str_replace( $basedir, $basedir . "rtMedia/$prefix/", $insta_full_image ) ) ) { + if ( ! $wp_filesystem->copy( $insta_full_image, str_replace( $basedir, $basedir . "rtMedia/$prefix/", $insta_full_image ), true ) ) { $delete = false; } else { $delete_sizes[] = $insta_full_image; @@ -1109,14 +1137,14 @@ public function importmedia( $id, $prefix ) { $instagram_metadata_new = $instagram_metadata; foreach ( $instagram_metadata as $wp_size => $insta_metadata ) { if ( isset( $insta_metadata['file'] ) ) { - if ( ! copy( $basedir . $insta_metadata['file'], $basedir . "rtMedia/$prefix/" . $insta_metadata['file'] ) ) { + if ( ! $wp_filesystem->copy( $basedir . $insta_metadata['file'], $basedir . "rtMedia/$prefix/" . $insta_metadata['file'], true ) ) { $delete = false; } else { $delete_sizes[] = $basedir . $insta_metadata['file']; $instagram_metadata_new[ $wp_size ]['file'] = "rtMedia/$prefix/" . $insta_metadata['file']; if ( isset( $insta_metadata['sizes'] ) ) { foreach ( $insta_metadata['sizes'] as $key => $insta_size ) { - if ( ! copy( $file_folder_path . $insta_size['file'], $new_file_folder_path . $insta_size['file'] ) ) { + if ( ! $wp_filesystem->copy( $file_folder_path . $insta_size['file'], $new_file_folder_path . $insta_size['file'], true ) ) { $delete = false; } else { $delete_sizes[] = $file_folder_path . $insta_size['file']; @@ -1131,13 +1159,13 @@ public function importmedia( $id, $prefix ) { if ( $delete ) { if ( file_exists( $attached_file ) ) { - unlink( $attached_file ); + $wp_filesystem->delete( $attached_file ); } if ( isset( $delete_sizes ) ) { foreach ( $delete_sizes as $delete_size ) { if ( file_exists( $delete_size ) ) { - unlink( $delete_size ); + $wp_filesystem->delete( $delete_size ); } } } @@ -1203,9 +1231,8 @@ public function search_and_replace( $old, $new ) { } else { $bp_prefix = $wpdb->prefix; } - $sql = $wpdb->prepare( "update {$bp_prefix}bp_activity set action=replace(action,%s,%s) ,content=replace(content,%s,%s), primary_link=replace(primary_link,%s,%s) where id > 0;", $old, $new, $old, $new, $old, $new ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $wpdb->get_row( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + $wpdb->get_row( $sql ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Direct query is required for custom table. } /** diff --git a/app/importers/templates/activity-upgrade.php b/app/importers/templates/activity-upgrade.php index 30fa49d16..6e8f0132f 100644 --- a/app/importers/templates/activity-upgrade.php +++ b/app/importers/templates/activity-upgrade.php @@ -28,6 +28,7 @@ $temp = $prog->progress( $done, $total ); $prog->progress_ui( $temp, true ); + // No a security issue, so keeping the style here. ?> - +
+
diff --git a/app/importers/templates/media-size-importer.php b/app/importers/templates/media-size-importer.php index 0afcb01b0..c92840ab5 100644 --- a/app/importers/templates/media-size-importer.php +++ b/app/importers/templates/media-size-importer.php @@ -29,83 +29,13 @@ $temp = $prog->progress( $done, $total ); $prog->progress_ui( $temp, true ); ?> - +
+
diff --git a/app/main/RTMedia.php b/app/main/RTMedia.php index d4e33fd06..a332ce0bf 100755 --- a/app/main/RTMedia.php +++ b/app/main/RTMedia.php @@ -112,9 +112,9 @@ public function __construct() { add_action( 'plugins_loaded', array( $this, 'load_translation' ), 10 ); add_action( 'plugins_loaded', array( $this, 'init' ), 20 ); add_action( 'wp_enqueue_scripts', array( 'RTMediaGalleryShortcode', 'register_scripts' ) ); - add_action( 'wp_enqueue_scripts', array( &$this, 'enqueue_scripts_styles' ), 999 ); + add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_scripts_styles' ), 999 ); - // WordPress 6.7 compatibility + // WordPress 6.7 compatibility. add_action( 'wp_enqueue_scripts', array( $this, 'wp67_compatibility_scripts' ), 1 ); add_action( 'admin_enqueue_scripts', array( $this, 'wp67_compatibility_scripts' ), 1 ); @@ -192,7 +192,7 @@ public function fix_parent_id() { global $wpdb; $row = $album_row['result'][0]; if ( isset( $row['media_id'] ) ) { - // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared + // phpcs:disable WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared $sql = $wpdb->prepare( "update $wpdb->posts p left join @@ -207,7 +207,8 @@ public function fix_parent_id() { get_current_blog_id(), $row['media_id'], '%/rtMedia/%' - ); + ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.PreparedSQL.InterpolatedNotPrepared + // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. $wpdb->query( $sql ); } } @@ -221,7 +222,8 @@ public function fix_privacy() { global $wpdb; $model = new RTMediaModel(); $update_sql = "UPDATE {$model->table_name} SET privacy = '80' where privacy = '-1' "; - $wpdb->query( $update_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $wpdb->query( $update_sql ); } /** @@ -232,15 +234,17 @@ public function fix_group_media_privacy() { // if buddypress is active and groups are enabled. global $wpdb; $table_exist = false; - if ( $wpdb->query( "SHOW TABLES LIKE '{$wpdb->prefix}bp_groups'" ) ) { + // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Direct query is required for custom table. + $bp_groups_exists = $wpdb->query( "SHOW TABLES LIKE '{$wpdb->prefix}bp_groups'" ); + if ( $bp_groups_exists ) { $table_exist = true; } if ( class_exists( 'BuddyPress' ) && $table_exist ) { $model = new RTMediaModel(); $sql_group = " UPDATE $model->table_name m join {$wpdb->prefix}bp_groups bp on m.context_id = bp.id SET m.privacy = 0 where m.context = 'group' and bp.status = 'public' and m.privacy <> 80 "; - $wpdb->query( $sql_group ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $wpdb->query( $sql_group ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching $sql_group = " UPDATE $model->table_name m join {$wpdb->prefix}bp_groups bp on m.context_id = bp.id SET m.privacy = 20 where m.context = 'group' and ( bp.status = 'private' OR bp.status = 'hidden' ) and m.privacy <> 80 "; - $wpdb->query( $sql_group ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $wpdb->query( $sql_group ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching } } @@ -252,11 +256,11 @@ public function fix_db_collation() { $model = new RTMediaModel(); $interaction_model = new RTMediaInteractionModel(); $update_media_sql = 'ALTER TABLE ' . $model->table_name . ' CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci'; - $wpdb->query( $update_media_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $wpdb->query( $update_media_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- No caching required for altering table. $update_media_meta_sql = 'ALTER TABLE ' . $wpdb->base_prefix . $model->meta_table_name . ' CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci'; - $wpdb->query( $update_media_meta_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $wpdb->query( $update_media_meta_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- No caching required for altering table. $update_media_interaction_sql = 'ALTER TABLE ' . $interaction_model->table_name . ' CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci'; - $wpdb->query( $update_media_interaction_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared + $wpdb->query( $update_media_interaction_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- No caching required for altering table. } /** @@ -371,6 +375,7 @@ public function add_image_sizes() { */ public function custom_style_for_image_size() { if ( apply_filters( 'rtmedia_custom_image_style', true ) ) { + // No a security issue, so keeping the style here. ?> ' + . '' // No a security issue, so keeping the style here. . do_shortcode( '[godam_video id="' . $media_id . '"]' ) . '
'; } @@ -2188,6 +2198,7 @@ function rtmedia_comment_form() { +