diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-23 18:28:40 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-23 18:28:40 +0000 |
| commit | 87bb8cd69cc593fe6bed330fb1791eac9df87167 (patch) | |
| tree | 6b2ad252df89d2a1863198fd44b321b59e42ef54 /wp-includes/post.php | |
| parent | 0cbda3349a2571904ea063fdd73e018299919589 (diff) | |
| download | wordpress-mu-87bb8cd69cc593fe6bed330fb1791eac9df87167.tar.gz wordpress-mu-87bb8cd69cc593fe6bed330fb1791eac9df87167.tar.xz wordpress-mu-87bb8cd69cc593fe6bed330fb1791eac9df87167.zip | |
Merge with WordPress, rev 6285 and untested
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1125 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/post.php')
| -rw-r--r-- | wp-includes/post.php | 567 |
1 files changed, 229 insertions, 338 deletions
diff --git a/wp-includes/post.php b/wp-includes/post.php index f23ba32..ecc77c6 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -26,7 +26,7 @@ function update_attached_file( $attachment_id, $file ) { } function &get_children($args = '', $output = OBJECT) { - global $post_cache, $wpdb, $blog_id; + global $wpdb; if ( empty( $args ) ) { if ( isset( $GLOBALS['post'] ) ) { @@ -49,14 +49,13 @@ function &get_children($args = '', $output = OBJECT) { $children = get_posts( $r ); - if ( $children ) { - foreach ( $children as $key => $child ) { - $post_cache[$blog_id][$child->ID] =& $children[$key]; - $kids[$child->ID] =& $children[$key]; - } - } else { + if ( !$children ) return false; - } + + update_post_cache($children); + + foreach ( $children as $key => $child ) + $kids[$child->ID] =& $children[$key]; if ( $output == OBJECT ) { return $kids; @@ -93,37 +92,24 @@ function get_extended($post) { // Retrieves post data given a post ID or post object. // Handles post caching. function &get_post(&$post, $output = OBJECT, $filter = 'raw') { - global $post_cache, $wpdb, $blog_id; + global $wpdb; if ( empty($post) ) { if ( isset($GLOBALS['post']) ) $_post = & $GLOBALS['post']; else - $_post = null; + return null; } elseif ( is_object($post) ) { - if ( 'page' == $post->post_type ) - return get_page($post, $output); - if ( !isset($post_cache[$blog_id][$post->ID]) ) - $post_cache[$blog_id][$post->ID] = &$post; - $_post = & $post_cache[$blog_id][$post->ID]; + wp_cache_add($post->ID, $post, 'posts'); + $_post = &$post; } else { $post = (int) $post; - if ( isset($post_cache[$blog_id][$post]) ) - $_post = & $post_cache[$blog_id][$post]; - elseif ( $_post = wp_cache_get($post, 'pages') ) - return get_page($_post, $output); - else { - $query = "SELECT * FROM $wpdb->posts WHERE ID = '$post' LIMIT 1"; - $_post = & $wpdb->get_row($query); - if ( 'page' == $_post->post_type ) - return get_page($_post, $output); - $post_cache[$blog_id][$post] = & $_post; + if ( ! $_post = wp_cache_get($post, 'posts') ) { + $_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); + wp_cache_add($_post->ID, $_post, 'posts'); } } - if ( defined('WP_IMPORTING') ) - unset($post_cache[$blog_id]); - $_post = sanitize_post($_post, $filter); if ( $output == OBJECT ) { @@ -223,9 +209,9 @@ function get_posts($args) { if ( count($incposts) ) { foreach ( $incposts as $incpost ) { if (empty($inclusions)) - $inclusions = ' AND ( ID = ' . intval($incpost) . ' '; + $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpost); else - $inclusions .= ' OR ID = ' . intval($incpost) . ' '; + $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpost); } } } @@ -238,9 +224,9 @@ function get_posts($args) { if ( count($exposts) ) { foreach ( $exposts as $expost ) { if (empty($exclusions)) - $exclusions = ' AND ( ID <> ' . intval($expost) . ' '; + $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expost); else - $exclusions .= ' AND ID <> ' . intval($expost) . ' '; + $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expost); } } } @@ -251,15 +237,16 @@ function get_posts($args) { $query .= empty( $category ) ? '' : ", $wpdb->term_relationships, $wpdb->term_taxonomy "; $query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta "; $query .= " WHERE 1=1 "; - $query .= empty( $post_type ) ? '' : "AND post_type = '$post_type' "; - $query .= empty( $post_status ) ? '' : "AND post_status = '$post_status' "; + $query .= empty( $post_type ) ? '' : $wpdb->prepare("AND post_type = %s ", $post_type); + $query .= empty( $post_status ) ? '' : $wpdb->prepare("AND post_status = %s ", $post_status); $query .= "$exclusions $inclusions " ; - $query .= empty( $category ) ? '' : "AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = " . $category. ") "; - $query .= empty( $post_parent ) ? '' : "AND $wpdb->posts.post_parent = '$post_parent' "; + $query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d) ", $category); + $query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent); + // expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works $query .= empty( $meta_key ) | empty($meta_value) ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )"; $query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order; if ( 0 < $numberposts ) - $query .= " LIMIT " . $offset . ',' . $numberposts; + $query .= $wpdb->prepare(" LIMIT %d,%d", $offset, $numberposts); $posts = $wpdb->get_results($query); @@ -272,124 +259,118 @@ function get_posts($args) { // Post meta functions // -function add_post_meta($post_id, $key, $value, $unique = false) { - global $wpdb, $post_meta_cache, $blog_id; +function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { + global $wpdb; - $post_id = (int) $post_id; + // expected_slashed ($meta_key) + $meta_key = stripslashes($meta_key); - if ( $unique ) { - if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) { - return false; - } - } + if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) + return false; - $post_meta_cache[$blog_id][$post_id][$key][] = $value; + $cache = wp_cache_get($post_id, 'post_meta'); + if ( ! is_array($cache) ) + $cache = array(); + // expected_slashed ($meta_key) + $cache[$wpdb->escape($meta_key)][] = $meta_value; - $value = maybe_serialize($value); - $value = $wpdb->escape($value); + wp_cache_set($post_id, $cache, 'post_meta'); - $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')"); + $meta_value = maybe_serialize($meta_value); + $wpdb->insert( $wpdb->postmeta, compact( 'post_id', 'meta_key', 'meta_value' ) ); return true; } function delete_post_meta($post_id, $key, $value = '') { - global $wpdb, $post_meta_cache, $blog_id; + global $wpdb; - $post_id = (int) $post_id; + $post_id = absint( $post_id ); - if ( empty($value) ) { - $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'"); - } else { - $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'"); - } + // expected_slashed ($key, $value) + $key = stripslashes( $key ); + $value = stripslashes( $value ); + + if ( empty( $value ) ) + $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) ); + else + $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) ); if ( !$meta_id ) return false; - if ( empty($value) ) { - $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'"); - unset($post_meta_cache[$blog_id][$post_id][$key]); - } else { - $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'"); - $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; - if ($cache_key) foreach ( $cache_key as $index => $data ) - if ( $data == $value ) - unset($post_meta_cache[$blog_id][$post_id][$key][$index]); - } + if ( empty( $value ) ) + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) ); + else + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) ); - unset($post_meta_cache[$blog_id][$post_id][$key]); + wp_cache_delete($post_id, 'post_meta'); return true; } function get_post_meta($post_id, $key, $single = false) { - global $wpdb, $post_meta_cache, $blog_id; + global $wpdb; $post_id = (int) $post_id; - if ( isset($post_meta_cache[$blog_id][$post_id][$key]) ) { + $meta_cache = wp_cache_get($post_id, 'post_meta'); + + if ( isset($meta_cache[$key]) ) { if ( $single ) { - return maybe_unserialize( $post_meta_cache[$blog_id][$post_id][$key][0] ); + return maybe_unserialize( $meta_cache[$key][0] ); } else { - return maybe_unserialize( $post_meta_cache[$blog_id][$post_id][$key] ); + return maybe_unserialize( $meta_cache[$key] ); } } - if ( !isset($post_meta_cache[$blog_id][$post_id]) ) + if ( !$meta_cache ) { update_postmeta_cache($post_id); + $meta_cache = wp_cache_get($post_id, 'post_meta'); + } if ( $single ) { - if ( isset($post_meta_cache[$blog_id][$post_id][$key][0]) ) - return maybe_unserialize($post_meta_cache[$blog_id][$post_id][$key][0]); + if ( isset($meta_cache[$key][0]) ) + return maybe_unserialize($meta_cache[$key][0]); else return ''; - } else { - return maybe_unserialize($post_meta_cache[$blog_id][$post_id][$key]); + } else { + return maybe_unserialize($meta_cache[$key]); } } -function update_post_meta($post_id, $key, $value, $prev_value = '') { - global $wpdb, $post_meta_cache, $blog_id; - - $post_id = (int) $post_id; +function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { + global $wpdb; - $original_value = $value; - $value = maybe_serialize($value); - $value = $wpdb->escape($value); + $original_value = $meta_value; + $meta_value = maybe_serialize($meta_value); $original_prev = $prev_value; $prev_value = maybe_serialize($prev_value); - $prev_value = $wpdb->escape($prev_value); - if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) { + // expected_slashed ($meta_key) + $meta_key = stripslashes($meta_key); + + if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) return false; - } - if ( empty($prev_value) ) { - $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id'"); - $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; - if ( !empty($cache_key) ) - foreach ($cache_key as $index => $data) - $post_meta_cache[$blog_id][$post_id][$key][$index] = $original_value; - } else { - $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'"); - $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; - if ( !empty($cache_key) ) - foreach ($cache_key as $index => $data) - if ( $data == $original_prev ) - $post_meta_cache[$blog_id][$post_id][$key][$index] = $original_value; - } + $data = compact( 'meta_value' ); + $where = compact( 'meta_key', 'post_id' ); + if ( !empty( $prev_value ) ) + $where['meta_value'] = $prev_value; + + $wpdb->update( $wpdb->postmeta, $data, $where ); + wp_cache_delete($post_id, 'post_meta'); return true; } function delete_post_meta_by_key($post_meta_key) { - global $wpdb, $post_meta_cache, $blog_id; - $post_meta_key = $wpdb->escape($post_meta_key); - if ( $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = '$post_meta_key'") ) { - unset($post_meta_cache[$blog_id]); // not worth doing the work to iterate through the cache + global $wpdb; + if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { + // TODO Get post_ids and delete cache + // wp_cache_delete($post_id, 'post_meta'); return true; } return false; @@ -397,17 +378,17 @@ function delete_post_meta_by_key($post_meta_key) { function get_post_custom($post_id = 0) { - global $id, $post_meta_cache, $wpdb, $blog_id; + global $id, $wpdb; if ( !$post_id ) $post_id = (int) $id; $post_id = (int) $post_id; - if ( !isset($post_meta_cache[$blog_id][$post_id]) ) + if ( ! wp_cache_get($post_id, 'post_meta') ) update_postmeta_cache($post_id); - return $post_meta_cache[$blog_id][$post_id]; + return wp_cache_get($post_id, 'post_meta'); } function get_post_custom_keys( $post_id = 0 ) { @@ -504,9 +485,8 @@ function sanitize_post_field($field, $value, $post_id, $context) { function wp_delete_post($postid = 0) { global $wpdb, $wp_rewrite; - $postid = (int) $postid; - if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") ) + if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) return $post; if ( 'attachment' == $post->post_type ) @@ -517,20 +497,25 @@ function wp_delete_post($postid = 0) { // TODO delete for pluggable post taxonomies too wp_delete_object_term_relationships($postid, array('category', 'post_tag')); + $parent_data = array( 'post_parent' => $post->post_parent ); + $parent_where = array( 'post_parent' => $postid ); + if ( 'page' == $post->post_type ) - $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'page'"); + $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'page' ) ); - $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'attachment'"); + $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) ); - $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid"); + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); - $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid"); + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); - $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid"); + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); if ( 'page' == $post->post_type ) { clean_page_cache($postid); $wp_rewrite->flush_rules(); + } else { + clean_post_cache($postid); } do_action('deleted_post', $postid); @@ -657,6 +642,14 @@ function wp_insert_post($postarr = array()) { $post_date_gmt = get_gmt_from_date($post_date); } + if ( $update ) { + $post_modified = current_time( 'mysql' ); + $post_modified_gmt = current_time( 'mysql', 1 ); + } else { + $post_modified = $post_date; + $post_modified_gmt = $post_date_gmt; + } + if ( 'publish' == $post_status ) { $now = gmdate('Y-m-d H:i:59'); if ( mysql2date('U', $post_date_gmt) > mysql2date('U', $now) ) @@ -694,54 +687,36 @@ function wp_insert_post($postarr = array()) { $post_password = ''; if ( 'draft' != $post_status ) { - $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); + $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent)); if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { $suffix = 2; do { $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix"; - $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); + // expected_slashed ($alt_post_name, $post_name, $post_type) + $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); $suffix++; } while ($post_name_check); $post_name = $alt_post_name; } } + // expected_slashed (everything!) + $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order' ) ); + $data = stripslashes_deep( $data ); + $where = array( 'ID' => $post_ID ); + if ($update) { - $wpdb->query( - "UPDATE IGNORE $wpdb->posts SET - post_author = '$post_author', - post_date = '$post_date', - post_date_gmt = '$post_date_gmt', - post_content = '$post_content', - post_content_filtered = '$post_content_filtered', - post_title = '$post_title', - post_excerpt = '$post_excerpt', - post_status = '$post_status', - post_type = '$post_type', - comment_status = '$comment_status', - ping_status = '$ping_status', - post_password = '$post_password', - post_name = '$post_name', - to_ping = '$to_ping', - pinged = '$pinged', - post_modified = '".current_time('mysql')."', - post_modified_gmt = '".current_time('mysql',1)."', - post_parent = '$post_parent', - menu_order = '$menu_order' - WHERE ID = $post_ID"); + $wpdb->update( $wpdb->posts, $data, $where ); } else { - $wpdb->query( - "INSERT IGNORE INTO $wpdb->posts - (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type) - VALUES - ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type')"); - $post_ID = (int) $wpdb->insert_id; + $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update + $wpdb->insert( $wpdb->posts, $data ); + $post_ID = (int) $wpdb->insert_id; } if ( empty($post_name) && 'draft' != $post_status ) { $post_name = sanitize_title($post_title, $post_ID); - $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" ); + $wpdb->update( $wpdb->posts, compact( 'post_name' ), $where ); } wp_set_post_categories( $post_ID, $post_category ); @@ -755,7 +730,7 @@ function wp_insert_post($postarr = array()) { // Set GUID if ( ! $update ) - $wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post_ID) . "' WHERE ID = '$post_ID'"); + $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post_ID ) ), $where ); $post = get_post($post_ID); if ( !empty($page_template) ) @@ -823,7 +798,7 @@ function wp_publish_post($post_id) { if ( 'publish' == $post->post_status ) return; - $wpdb->query( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = '$post_id'" ); + $wpdb->update( $wpdb->posts, array( 'post_status' => 'publish' ), array( 'ID' => $post_id ) ); $old_status = $post->post_status; $post->post_status = 'publish'; @@ -883,13 +858,15 @@ function wp_transition_post_status($new_status, $old_status, $post) { function add_ping($post_id, $uri) { // Add a URL to those already pung global $wpdb; - $pung = $wpdb->get_var("SELECT pinged FROM $wpdb->posts WHERE ID = $post_id"); + $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); $pung = trim($pung); $pung = preg_split('/\s/', $pung); $pung[] = $uri; $new = implode("\n", $pung); $new = apply_filters('add_ping', $new); - return $wpdb->query("UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = $post_id"); + // expected_slashed ($new) + $new = stripslashes($new); + return $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post_id ) ); } function get_enclosed($post_id) { // Get enclosures already enclosed for a post @@ -913,7 +890,7 @@ function get_enclosed($post_id) { // Get enclosures already enclosed for a post function get_pung($post_id) { // Get URLs already pung for a post global $wpdb; - $pung = $wpdb->get_var("SELECT pinged FROM $wpdb->posts WHERE ID = $post_id"); + $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); $pung = trim($pung); $pung = preg_split('/\s/', $pung); $pung = apply_filters('get_pung', $pung); @@ -922,7 +899,7 @@ function get_pung($post_id) { // Get URLs already pung for a post function get_to_ping($post_id) { // Get any URLs in the todo list global $wpdb; - $to_ping = $wpdb->get_var("SELECT to_ping FROM $wpdb->posts WHERE ID = $post_id"); + $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); $to_ping = trim($to_ping); $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); $to_ping = apply_filters('get_to_ping', $to_ping); @@ -961,9 +938,9 @@ function trackback_url_list($tb_list, $post_id) { function get_all_page_ids() { global $wpdb; - if ( ! $page_ids = wp_cache_get('all_page_ids', 'pages') ) { + if ( ! $page_ids = wp_cache_get('all_page_ids', 'posts') ) { $page_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'page'"); - wp_cache_add('all_page_ids', $page_ids, 'pages'); + wp_cache_add('all_page_ids', $page_ids, 'posts'); } return $page_ids; @@ -972,56 +949,15 @@ function get_all_page_ids() { // Retrieves page data given a page ID or page object. // Handles page caching. -function &get_page(&$page, $output = OBJECT) { - global $wpdb, $blog_id; - +function &get_page(&$page, $output = OBJECT, $filter = 'raw') { if ( empty($page) ) { - if ( isset( $GLOBALS['page'] ) && isset( $GLOBALS['page']->ID ) ) { - $_page = & $GLOBALS['page']; - wp_cache_add($_page->ID, $_page, 'pages'); - } else { - // shouldn't we just return NULL at this point? ~ Mark - $_page = null; - } - } elseif ( is_object($page) ) { - if ( 'post' == $page->post_type ) - return get_post($page, $output); - wp_cache_add($page->ID, $page, 'pages'); - $_page = $page; - } else { - $page = (int) $page; - // first, check the cache - if ( ! ( $_page = wp_cache_get($page, 'pages') ) ) { - // not in the page cache? - if ( isset($GLOBALS['page']->ID) && ($page == $GLOBALS['page']->ID) ) { // for is_page() views - // I don't think this code ever gets executed ~ Mark - $_page = & $GLOBALS['page']; - wp_cache_add($_page->ID, $_page, 'pages'); - } elseif ( isset($GLOBALS['post_cache'][$blog_id][$page]) ) { // it's actually a page, and is cached - return get_post($page, $output); - } else { // it's not in any caches, so off to the DB we go - // Why are we using assignment for this query? - $_page = & $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID= '$page' LIMIT 1"); - if ( 'post' == $_page->post_type ) - return get_post($_page, $output); - // Potential issue: we're not checking to see if the post_type = 'page' - // So all non-'post' posts will get cached as pages. - wp_cache_add($_page->ID, $_page, 'pages'); - } - } + if ( isset( $GLOBALS['page'] ) && isset( $GLOBALS['page']->ID ) ) + return get_post($GLOBALS['page'], $output, $filter); + else + return null; } - // at this point, one way or another, $_post contains the page object - - if ( $output == OBJECT ) { - return $_page; - } elseif ( $output == ARRAY_A ) { - return get_object_vars($_page); - } elseif ( $output == ARRAY_N ) { - return array_values(get_object_vars($_page)); - } else { - return $_page; - } + return get_post($page, $output, $filter); } function get_page_by_path($page_path, $output = OBJECT) { @@ -1035,7 +971,7 @@ function get_page_by_path($page_path, $output = OBJECT) { foreach($page_paths as $pathdir) $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir); - $pages = $wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = '$leaf_path' AND post_type='page'"); + $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND post_type='page'", $leaf_path )); if ( empty($pages) ) return NULL; @@ -1044,7 +980,7 @@ function get_page_by_path($page_path, $output = OBJECT) { $path = '/' . $leaf_path; $curpage = $page; while ($curpage->post_parent != 0) { - $curpage = $wpdb->get_row("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = '$curpage->post_parent' and post_type='page'"); + $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); $path = '/' . $curpage->post_name . $path; } @@ -1057,8 +993,7 @@ function get_page_by_path($page_path, $output = OBJECT) { function get_page_by_title($page_title, $output = OBJECT) { global $wpdb; - $page_title = $wpdb->escape($page_title); - $page = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$page_title' AND post_type='page'"); + $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); if ( $page ) return get_page($page, $output); @@ -1066,11 +1001,6 @@ function get_page_by_title($page_title, $output = OBJECT) { } function &get_page_children($page_id, $pages) { - global $page_cache, $blog_id; - - if ( empty($pages) ) - $pages = &$page_cache[$blog_id]; - $page_list = array(); foreach ( $pages as $page ) { if ( $page->post_parent == $page_id ) { @@ -1127,7 +1057,7 @@ function &get_pages($args = '') { extract( $r, EXTR_SKIP ); $key = md5( serialize( $r ) ); - if ( $cache = wp_cache_get( 'get_pages', 'page' ) ) + if ( $cache = wp_cache_get( 'get_pages', 'posts' ) ) if ( isset( $cache[ $key ] ) ) return apply_filters('get_pages', $cache[ $key ], $r ); @@ -1141,9 +1071,9 @@ function &get_pages($args = '') { if ( count($incpages) ) { foreach ( $incpages as $incpage ) { if (empty($inclusions)) - $inclusions = ' AND ( ID = ' . intval($incpage) . ' '; + $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpage); else - $inclusions .= ' OR ID = ' . intval($incpage) . ' '; + $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpage); } } } @@ -1156,9 +1086,9 @@ function &get_pages($args = '') { if ( count($expages) ) { foreach ( $expages as $expage ) { if (empty($exclusions)) - $exclusions = ' AND ( ID <> ' . intval($expage) . ' '; + $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expage); else - $exclusions .= ' AND ID <> ' . intval($expage) . ' '; + $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expage); } } } @@ -1182,9 +1112,9 @@ function &get_pages($args = '') { } if ( '' == $author_query ) - $author_query = ' post_author = ' . intval($post_author) . ' '; + $author_query = $wpdb->prepare(' post_author = %d ', $post_author); else - $author_query .= ' OR post_author = ' . intval($post_author) . ' '; + $author_query .= $wpdb->prepare(' OR post_author = %d ', $post_author); } if ( '' != $author_query ) $author_query = " AND ($author_query)"; @@ -1194,6 +1124,7 @@ function &get_pages($args = '') { $query = "SELECT * FROM $wpdb->posts " ; $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ; $query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ; + // expected_slashed ($meta_key, $meta_value) -- also, it looks funky $query .= ( empty( $meta_key ) | empty($meta_value) ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ; $query .= $author_query; $query .= " ORDER BY " . $sort_column . " " . $sort_order ; @@ -1201,7 +1132,7 @@ function &get_pages($args = '') { $pages = $wpdb->get_results($query); if ( empty($pages) ) - return array(); + return apply_filters('get_pages', array(), $r); // Update cache. update_page_cache($pages); @@ -1210,7 +1141,7 @@ function &get_pages($args = '') { $pages = & get_page_children($child_of, $pages); $cache[ $key ] = $pages; - wp_cache_set( 'get_pages', $cache, 'page' ); + wp_cache_set( 'get_pages', $cache, 'posts' ); $pages = apply_filters('get_pages', $pages, $r); @@ -1234,7 +1165,7 @@ function generate_page_uri_index() { // URL => page name $uri = get_page_uri($id); - $attachments = $wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = '$id'"); + $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); if ( $attachments ) { foreach ( $attachments as $attachment ) { $attach_uri = get_page_uri($attachment->ID); @@ -1312,14 +1243,16 @@ function wp_insert_attachment($object, $file = false, $parent = 0) { else $post_name = sanitize_title($post_name); + // expected_slashed ($post_name) $post_name_check = - $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != '$post_ID' LIMIT 1"); + $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID)); if ($post_name_check) { $suffix = 2; while ($post_name_check) { $alt_post_name = $post_name . "-$suffix"; - $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); + // expected_slashed ($alt_post_name, $post_name) + $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); $suffix++; } $post_name = $alt_post_name; @@ -1360,43 +1293,20 @@ function wp_insert_attachment($object, $file = false, $parent = 0) { if ( ! isset($pinged) ) $pinged = ''; - if ($update) { - $wpdb->query( - "UPDATE $wpdb->posts SET - post_author = '$post_author', - post_date = '$post_date', - post_date_gmt = '$post_date_gmt', - post_content = '$post_content', - post_content_filtered = '$post_content_filtered', - post_title = '$post_title', - post_excerpt = '$post_excerpt', - post_status = '$post_status', - post_type = '$post_type', - comment_status = '$comment_status', - ping_status = '$ping_status', - post_password = '$post_password', - post_name = '$post_name', - to_ping = '$to_ping', - pinged = '$pinged', - post_modified = '".current_time('mysql')."', - post_modified_gmt = '".current_time('mysql',1)."', - post_parent = '$post_parent', - menu_order = '$menu_order', - post_mime_type = '$post_mime_type', - guid = '$guid' - WHERE ID = $post_ID"); + // expected_slashed (everything!) + $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) ); + $data = stripslashes_deep( $data ); + + if ( $update ) { + $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) ); } else { - $wpdb->query( - "INSERT INTO $wpdb->posts - (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid) - VALUES - ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')"); - $post_ID = (int) $wpdb->insert_id; + $wpdb->insert( $wpdb->posts, $data ); + $post_ID = (int) $wpdb->insert_id; } if ( empty($post_name) ) { $post_name = sanitize_title($post_title, $post_ID); - $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" ); + $wpdb->update( $wpdb->posts, compact( $post_name ), array( 'ID' => $post_ID ) ); } wp_set_post_categories($post_ID, $post_category); @@ -1417,9 +1327,8 @@ function wp_insert_attachment($object, $file = false, $parent = 0) { function wp_delete_attachment($postid) { global $wpdb; - $postid = (int) $postid; - if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") ) + if ( !$post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) return $post; if ( 'attachment' != $post->post_type ) @@ -1431,15 +1340,15 @@ function wp_delete_attachment($postid) { // TODO delete for pluggable post taxonomies too wp_delete_object_term_relationships($postid, array('category', 'post_tag')); - $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'"); + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); - $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'"); + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); - $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'"); + $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); if ( ! empty($meta['thumb']) ) { // Don't delete the thumb if another attachment uses it - if (! $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid")) { + if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) { $thumbfile = str_replace(basename($file), $meta['thumb'], $file); $thumbfile = apply_filters('wp_delete_file', $thumbfile); @ unlink($thumbfile); @@ -1451,6 +1360,8 @@ function wp_delete_attachment($postid) { if ( ! empty($file) ) @ unlink($file); + clean_post_cache($postid); + do_action('delete_attachment', $postid); return $post; @@ -1708,118 +1619,105 @@ function get_lastpostmodified($timezone = 'server') { // function update_post_cache(&$posts) { - global $post_cache, $blog_id; - if ( !$posts ) return; - for ($i = 0; $i < count($posts); $i++) { - $post_cache[$blog_id][$posts[$i]->ID] = &$posts[$i]; - } + foreach ( $posts as $post ) + wp_cache_add($post->ID, $post, 'posts'); } function clean_post_cache($id) { - global $post_cache, $post_meta_cache, $post_term_cache, $blog_id; - - if ( isset( $post_cache[$blog_id][$id] ) ) - unset( $post_cache[$blog_id][$id] ); - - if ( isset ($post_meta_cache[$blog_id][$id] ) ) - unset( $post_meta_cache[$blog_id][$id] ); + wp_cache_delete($id, 'posts'); + wp_cache_delete($id, 'post_meta'); clean_object_term_cache($id, 'post'); + + do_action('clean_post_cache', $id); } function update_page_cache(&$pages) { - global $page_cache, $blog_id; - - if ( !$pages ) - return; - - for ($i = 0; $i < count($pages); $i++) { - $page_cache[$blog_id][$pages[$i]->ID] = &$pages[$i]; - wp_cache_add($pages[$i]->ID, $pages[$i], 'pages'); - } + update_post_cache($pages); } function clean_page_cache($id) { - global $page_cache, $blog_id; + clean_post_cache($id); - if ( isset( $page_cache[$blog_id][$id] ) ) - unset( $page_cache[$blog_id][$id] ); + wp_cache_delete( 'all_page_ids', 'posts' ); + wp_cache_delete( 'get_pages', 'posts' ); - wp_cache_delete($id, 'pages'); - wp_cache_delete( 'all_page_ids', 'pages' ); - wp_cache_delete( 'get_pages', 'page' ); + do_action('clean_page_cache', $id); } function update_post_caches(&$posts) { - global $post_cache; - global $wpdb, $blog_id; + global $wpdb; // No point in doing all this work if we didn't match any posts. if ( !$posts ) return; - // Get the categories for all the posts - for ($i = 0; $i < count($posts); $i++) { - $post_id_array[] = $posts[$i]->ID; - $post_cache[$blog_id][$posts[$i]->ID] = &$posts[$i]; - } + update_post_cache($posts); - $post_id_list = implode(',', $post_id_array); + $post_ids = array(); - update_object_term_cache($post_id_list, 'post'); + for ($i = 0; $i < count($posts); $i++) + $post_ids[] = $posts[$i]->ID; - update_postmeta_cache($post_id_list); -} + update_object_term_cache($post_ids, 'post'); -function update_postmeta_cache($post_id_list = '') { - global $wpdb, $post_meta_cache, $blog_id; + update_postmeta_cache($post_ids); +} - // We should validate this comma-separated list for the upcoming SQL query - $post_id_list = preg_replace('|[^0-9,]|', '', $post_id_list); +function update_postmeta_cache($post_ids) { + global $wpdb; - if ( empty( $post_id_list ) ) + if ( empty( $post_ids ) ) return false; - // we're marking each post as having its meta cached (with no keys... empty array), to prevent posts with no meta keys from being queried again - // any posts that DO have keys will have this empty array overwritten with a proper array, down below - $post_id_array = (array) explode(',', $post_id_list); - $count = count( $post_id_array); - for ( $i = 0; $i < $count; $i++ ) { - $post_id = (int) $post_id_array[ $i ]; - if ( isset( $post_meta_cache[$blog_id][$post_id] ) ) { // If the meta is already cached - unset( $post_id_array[ $i ] ); - continue; - } - $post_meta_cache[$blog_id][$post_id] = array(); + if ( !is_array($post_ids) ) { + $post_ids = preg_replace('|[^0-9,]|', '', $post_ids); + $post_ids = explode(',', $post_ids); } - if ( count( $post_id_array ) == 0 ) - return; - $post_id_list = join( ',', $post_id_array ); // with already cached stuff removeds - // Get post-meta info - if ( $meta_list = $wpdb->get_results("SELECT post_id, meta_key, meta_value FROM $wpdb->postmeta WHERE post_id IN($post_id_list) ORDER BY post_id, meta_key", ARRAY_A) ) { - // Change from flat structure to hierarchical: - if ( !isset($post_meta_cache) ) - $post_meta_cache[$blog_id] = array(); + $post_ids = array_map('intval', $post_ids); + + $ids = array(); + foreach ( (array) $post_ids as $id ) { + if ( false === wp_cache_get($id, 'post_meta') ) + $ids[] = $id; + } + + if ( empty( $ids ) ) + return false; - foreach ($meta_list as $metarow) { + // Get post-meta info + $id_list = join(',', $ids); + $cache = array(); + if ( $meta_list = $wpdb->get_results("SELECT post_id, meta_key, meta_value FROM $wpdb->postmeta WHERE post_id IN ($id_list) ORDER BY post_id, meta_key", ARRAY_A) ) { + foreach ( (array) $meta_list as $metarow) { $mpid = (int) $metarow['post_id']; $mkey = $metarow['meta_key']; $mval = $metarow['meta_value']; // Force subkeys to be array type: - if ( !isset($post_meta_cache[$blog_id][$mpid]) || !is_array($post_meta_cache[$blog_id][$mpid]) ) - $post_meta_cache[$blog_id][$mpid] = array(); - if ( !isset($post_meta_cache[$blog_id][$mpid]["$mkey"]) || !is_array($post_meta_cache[$blog_id][$mpid]["$mkey"]) ) - $post_meta_cache[$blog_id][$mpid]["$mkey"] = array(); + if ( !isset($cache[$mpid]) || !is_array($cache[$mpid]) ) + $cache[$mpid] = array(); + if ( !isset($cache[$mpid][$mkey]) || !is_array($cache[$mpid][$mkey]) ) + $cache[$mpid][$mkey] = array(); // Add a value to the current pid/key: - $post_meta_cache[$blog_id][$mpid][$mkey][] = $mval; + $cache[$mpid][$mkey][] = $mval; } } + + foreach ( (array) $ids as $id ) { + if ( ! isset($cache[$id]) ) + $cache[$id] = array(); + } + + foreach ( array_keys($cache) as $post) + wp_cache_set($post, $cache[$post], 'post_meta'); + + return $cache; } // @@ -1831,7 +1729,7 @@ function _transition_post_status($new_status, $old_status, $post) { if ( $old_status != 'publish' && $new_status == 'publish' ) { // Reset GUID if transitioning to publish. - $wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post->ID) . "' WHERE ID = '$post->ID'"); + $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post->ID ) ), array( 'ID' => $post->ID ) ); do_action('private_to_published', $post->ID); // Deprecated, use private_to_publish } @@ -1858,17 +1756,10 @@ function _publish_post_hook($post_id) { $post = get_post($post_id); + $data = array( 'post_id' => $post_id, 'meta_value' => '1' ); if ( get_option('default_pingback_flag') ) - $result = $wpdb->query(" - INSERT INTO $wpdb->postmeta - (post_id,meta_key,meta_value) - VALUES ('$post_id','_pingme','1') - "); - $result = $wpdb->query(" - INSERT INTO $wpdb->postmeta - (post_id,meta_key,meta_value) - VALUES ('$post_id','_encloseme','1') - "); + $wpdb->insert( $wpdb->postmeta, $data + array( 'meta_key' => '_pingme' ) ); + $wpdb->insert( $wpdb->postmeta, $data + array( 'meta_key' => '_encloseme' ) ); wp_schedule_single_event(time(), 'do_pings'); } |