PageRenderTime 37ms CodeModel.GetById 11ms RepoModel.GetById 1ms app.codeStats 0ms

/role-scoper/hardway/hardway-admin_non-administrator-legacy_rs.php

https://github.com/adityag2/suneha
PHP | 270 lines | 178 code | 62 blank | 30 comment | 71 complexity | 36bb68205205a1c6e1c3eac03ec8fe95 MD5 | raw file
Possible License(s): GPL-2.0, BSD-3-Clause
  1. <?php
  2. if ( 'nav-menus.php' != $GLOBALS['pagenow'] ) // nav-menus.php only needs admin_referer check.
  3. ScoperAdminHardway_Ltd_Legacy::add_filters();
  4. class ScoperAdminHardway_Ltd_Legacy {
  5. function add_filters() {
  6. // URIs ending in specified filename will not be subjected to low-level query filtering
  7. $nomess_uris = apply_filters( 'scoper_skip_lastresort_filter_uris', array( 'categories.php', 'themes.php', 'plugins.php', 'profile.php', 'link.php' ) );
  8. if ( empty( $_POST['ps'] ) ) // need to filter Find Posts query in Media Library
  9. $nomess_uris = array_merge($nomess_uris, array('admin-ajax.php'));
  10. if ( ! in_array( $GLOBALS['pagenow'], $nomess_uris ) && ! in_array( $GLOBALS['plugin_page_cr'], $nomess_uris ) )
  11. add_filter('query', array('ScoperAdminHardway_Ltd_Legacy', 'flt_last_resort_query') );
  12. // limit these links on post/page edit listing to drafts which current user can edit
  13. add_filter('get_others_drafts', array('ScoperAdminHardway_Ltd_Legacy', 'flt_get_others_drafts'), 50, 1);
  14. }
  15. function flt_last_resort_query($query) {
  16. static $in_process = false;
  17. if ( $in_process )
  18. return $query;
  19. $in_process = true;
  20. $query = ScoperAdminHardway_Ltd_Legacy::_flt_last_resort_query($query);
  21. $in_process = false;
  22. return $query;
  23. }
  24. function _flt_last_resort_query($query) {
  25. global $wpdb, $pagenow, $scoper;
  26. $posts = $wpdb->posts;
  27. $comments = $wpdb->comments;
  28. $links = $wpdb->links;
  29. $term_taxonomy = $wpdb->term_taxonomy;
  30. // WP 3.0: SELECT * FROM wp_comments c LEFT JOIN wp_posts p ON c.comment_post_ID = p.ID WHERE p.post_status != 'trash' AND ( c.comment_approved = '0' OR c.comment_approved = '1' ) ORDER BY c.comment_date_gmt
  31. //
  32. if ( strpos($query, "ELECT ") && preg_match ("/FROM\s*{$GLOBALS['wpdb']->comments}/", $query)
  33. && ( ! strpos($query, "ELECT COUNT") || empty( $_POST ) )
  34. && ( ! strpos($_SERVER['SCRIPT_FILENAME'], 'p-admin/upload.php') )
  35. ) // don't filter the comment count query prior to DB storage of comment_count to post record
  36. {
  37. //define( 'SCOPER_NO_COMMENT_FILTERING', true );
  38. if ( defined( 'SCOPER_NO_COMMENT_FILTERING' ) && empty( $GLOBALS['current_user']->allcaps['moderate_comments'] ) ) {
  39. return $query;
  40. }
  41. // cache the filtered results for pending comment count query, which (as of WP 3.0.1) is executed once per-post in the edit listing
  42. $post_id = 0;
  43. if ( $doing_pending_comment_count = strpos( $query, 'COUNT(comment_ID)' ) && strpos( $query, 'comment_post_ID' ) && strpos( $query, "comment_approved = '0'" ) ) {
  44. if ( 'index.php' != $pagenow ) { // there's too much happening on the dashboard (and too much low-level query filtering) to buffer listed IDs reliably.
  45. if ( preg_match( "/comment_post_ID IN \( '([0-9]+)' \)/", $query, $matches ) ) {
  46. if ( $matches[1] )
  47. $post_id = $matches[1];
  48. }
  49. }
  50. if ( $post_id ) {
  51. static $cache_pending_comment_count;
  52. if ( ! isset($cache_pending_comment_count) ) {
  53. $cache_pending_comment_count = array();
  54. } elseif ( isset( $cache_pending_comment_count[$post_id] ) ) {
  55. return "SELECT $post_id AS comment_post_ID, {$cache_pending_comment_count[$post_id]} AS num_comments";
  56. }
  57. }
  58. }
  59. $comment_alias = ( strpos( $query, "$comments c" ) || strpos( $query, "$comments AS c" ) ) ? 'c' : $comments;
  60. // apply DISTINCT clause so JOINs don't cause redundant comment count
  61. $query = str_replace( "SELECT *", "SELECT DISTINCT $comment_alias.*", $query);
  62. $query = str_replace( "SELECT SQL_CALC_FOUND_ROWS *", "SELECT SQL_CALC_FOUND_ROWS DISTINCT $comment_alias.*", $query);
  63. if ( ! strpos( $query, ' DISTINCT ' ) )
  64. $query = str_replace( "SELECT ", "SELECT DISTINCT ", $query);
  65. //$query = str_replace( "COUNT(*)", " COUNT(DISTINCT $comments.comment_ID)", $query); // TODO: confirm preg_replace works and str_replace is not needed
  66. //$query = str_replace( "COUNT(comment_ID)", " COUNT(DISTINCT $comments.comment_ID)", $query);
  67. $query = preg_replace( "/COUNT(\s*\*\s*)/", " COUNT(DISTINCT $comments.comment_ID)", $query);
  68. $query = preg_replace( "/COUNT(\s*comment_ID\s*)/", " COUNT(DISTINCT $comments.comment_ID)", $query);
  69. $query = str_replace( " user_id ", " $comment_alias.user_id ", $query);
  70. if ( ! strpos( $query, "JOIN $posts" ) ) {
  71. if ( strpos( $query, "$comments c" ) )
  72. $query = preg_replace( "/FROM\s*{$comments} c\s*WHERE /", "FROM $comments c INNER JOIN $posts ON $posts.ID = $comment_alias.comment_post_ID WHERE ", $query);
  73. else
  74. $query = preg_replace( "/FROM\s*{$comments}\s*WHERE /", "FROM $comments INNER JOIN $posts ON $posts.ID = $comment_alias.comment_post_ID WHERE ", $query);
  75. if ( strpos( $query, "GROUP BY" ) )
  76. $query = preg_replace( "/FROM\s*{$comments}\s*GROUP BY /", "FROM $comments INNER JOIN $posts ON $posts.ID = $comment_alias.comment_post_ID GROUP BY ", $query);
  77. }
  78. $generic_uri = in_array( $pagenow, array( 'index.php', 'comments.php' ) );
  79. if ( ! $generic_uri && ( $_post_type = cr_find_post_type( '', false ) ) ) // arg: don't return 'post' as default if detection fails
  80. $post_types = array( $_post_type => get_post_type_object( $_post_type ) );
  81. else
  82. $post_types = array_diff_key( get_post_types( array( 'public' => true ), 'object' ), array( 'attachment' => true ) );
  83. $post_statuses = get_post_stati( array( 'internal' => null ), 'object' );
  84. $reqd_caps = array();
  85. $use_post_types = scoper_get_option( 'use_post_types' );
  86. foreach( $post_types as $_post_type => $type_obj ) {
  87. if ( empty( $use_post_types[$_post_type] ) )
  88. continue;
  89. foreach ( $post_statuses as $status => $status_obj ) {
  90. $reqd_caps[$_post_type][$status] = array( $type_obj->cap->edit_others_posts, 'moderate_comments' );
  91. if ( $status_obj->private )
  92. $reqd_caps[$_post_type][$status] []= $type_obj->cap->edit_private_posts;
  93. $status_name = ( ( 'publish' == $status ) || ( 'future' == $status ) ) ? 'published' : $status;
  94. $property = "edit_{$status_name}_posts";
  95. if ( ! empty( $type_obj->cap->$property ) && ! in_array( $type_obj->cap->$property, $reqd_caps[$_post_type][$status] ) )
  96. $reqd_caps[$_post_type][$status] []= $type_obj->cap->$property;
  97. }
  98. }
  99. $args = array( 'force_reqd_caps' => $reqd_caps );
  100. if ( strpos( $query, "$posts p" ) || strpos( $query, "$posts AS p" ) )
  101. $args['source_alias'] = 'p';
  102. $object_type = ( 'edit.php' == $pagenow ) ? cr_find_post_type() : '';
  103. $query = apply_filters( 'objects_request_rs', $query, 'post', $object_type, $args );
  104. // pre-execute the comments listing query and buffer the listed IDs for more efficient user_has_cap calls
  105. if ( strpos( $query, "* FROM $comments") && empty($scoper->listed_ids['post']) ) {
  106. if ( $results = scoper_get_results($query) ) {
  107. $scoper->listed_ids['post'] = array();
  108. foreach ( $results as $row ) {
  109. if ( ! empty($row->comment_post_ID) )
  110. $scoper->listed_ids['post'][$row->comment_post_ID] = true;
  111. }
  112. }
  113. } elseif ( $doing_pending_comment_count && $post_id ) {
  114. if ( isset($scoper->listed_ids['post']) )
  115. $listed_ids = array_keys($scoper->listed_ids['post']);
  116. elseif ( ! empty($GLOBALS['wp_object_cache']->cache['posts']) && is_array($GLOBALS['wp_object_cache']->cache['posts']) )
  117. $listed_ids = array_keys($GLOBALS['wp_object_cache']->cache['posts']);
  118. else
  119. $listed_ids = array();
  120. // make sure our current post_id is in the list
  121. $listed_ids[] = $post_id;
  122. if ( count( $listed_ids ) > 1 ) {
  123. // cache the pending comment count for all listed posts
  124. $query = str_replace( "comment_post_ID IN ( '$post_id' )", "comment_post_ID IN ( '" . implode( "','", $listed_ids ) . "' )", $query );
  125. $results = scoper_get_results( $query );
  126. $cache_pending_comment_count = array_fill_keys( $listed_ids, 0 );
  127. foreach( $results as $row )
  128. $cache_pending_comment_count[ $row->comment_post_ID ] = $row->comment_count;
  129. }
  130. }
  131. //d_echo( "<br />replaced: $query<br />" );
  132. //rs_errlog ("<br /><br />replaced with $query<br /><br />");
  133. } // endif matched query substring
  134. // num cats: "SELECT COUNT(*) FROM wp_term_taxonomy"
  135. // SELECT DISTINCT COUNT(tt.term_id) FROM wp_term_taxonomy AS tt WHERE 1=1 AND tt.taxonomy = 'category'
  136. // SELECT DISTINCT tt.term_id FROM wp_term_taxonomy AS tt WHERE
  137. if ( ! in_array( $pagenow, array( 'post.php', 'post-new.php') ) && ! defined('XMLRPC_REQUEST') ) {
  138. if ( strpos($query, " FROM $term_taxonomy") || strpos($query, " FROM $wpdb->terms") )
  139. {
  140. //rs_errlog ("<br />caught $query <br />");
  141. // don't mess with parent category selection/availability for single term edit
  142. $is_term_admin = ( in_array( $pagenow, array( 'edit-tags.php', 'edit-link-categories.php' ) ) );
  143. if ( $is_term_admin ) {
  144. if ( ! empty( $_REQUEST['tag_ID'] ) )
  145. return $query;
  146. }
  147. $matches = array();
  148. if ( $return = preg_match( "/taxonomy IN \('(.*)'/", $query, $matches ) )
  149. $taxonomy = explode( "','", str_replace( ' ', '', $matches[1] ) );
  150. elseif ( $return = preg_match( "/taxonomy\s*=\s*'(.*)'/", $query, $matches ) )
  151. $taxonomy = $matches[1];
  152. if ( ! empty($taxonomy) ) {
  153. if ( 'profile.php' == $pagenow )
  154. return $query;
  155. else
  156. $query = apply_filters( 'terms_request_rs', $query, $taxonomy, array( 'is_term_admin' => $is_term_admin ) );
  157. }
  158. //rs_errlog ("<br /><br /> returning $query <br />");
  159. return $query;
  160. }
  161. }
  162. // get_users_drafts() and get_others_unpublished_posts()
  163. //
  164. // Recent posts: SELECT ID, post_title FROM wp_posts WHERE post_type = 'post' AND (post_status = 'publish' OR post_status = 'private') AND post_date_gmt < '2008-04-30 05:04:04' ORDER BY post_date DESC LIMIT 5
  165. // Scheduled entries: SELECT ID, post_title, post_date_gmt FROM wp_posts WHERE post_type = 'post' AND post_status = 'future' ORDER BY post_date ASC"
  166. if (
  167. ( strpos($query, "post_date_gmt <") && strpos ($query, "ELECT ID, post_title") && strpos($query, " FROM $posts WHERE ") )
  168. || ( strpos ($query, "ELECT ID, post_title, post_date_gmt") && strpos($query, " FROM $posts WHERE ") )
  169. ) {
  170. if ( $_post_type = cr_find_post_type() )
  171. $query = apply_filters('objects_request_rs', $query, 'post', $_post_type, '');
  172. }
  173. // links
  174. //SELECT * , IF (DATE_ADD(link_updated, INTERVAL 120 MINUTE) >= NOW(), 1,0) as recently_updated FROM wp_links WHERE 1=1 ORDER BY link_name ASC
  175. if ( ( strpos($query, "FROM $links WHERE") || strpos($query, "FROM $links WHERE") ) && strpos($query, "ELECT ") ) {
  176. $query = apply_filters('objects_request_rs', $query, 'link', 'link');
  177. return $query;
  178. }
  179. return $query;
  180. } // end function
  181. // Note: this filter is never invoked by WP core as of WP 2.7
  182. function flt_get_others_drafts($results) {
  183. global $wpdb, $current_user, $scoper;
  184. // buffer titles in case they were filtered previously
  185. $titles = scoper_get_property_array( $results, 'ID', 'post_title' );
  186. // WP 2.3 added pending status, but no new hook or hook argument
  187. $draft_query = strpos($wpdb->last_query, 'draft');
  188. $pending_query = strpos($wpdb->last_query, 'pending');
  189. if ( $draft_query && $pending_query )
  190. $status_clause = "AND ( post_status = 'draft' OR post_status = 'pending' )";
  191. elseif ( $draft_query )
  192. $status_clause = "AND post_status = 'draft'";
  193. else
  194. $status_clause = "AND post_status = 'pending'";
  195. $object_type = cr_find_post_type();
  196. if ( ! $object_type )
  197. $object_type = 'post';
  198. if ( ! $otype_val = $scoper->data_sources->member_property('post', 'object_types', $object_type, 'val') )
  199. $otype_val = $object_type;
  200. $qry = "SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = '$otype_val' AND post_author != '$current_user->ID' $status_clause";
  201. $qry = apply_filters('objects_request_rs', $qry, 'post', '', '');
  202. $items = scoper_get_results($qry);
  203. // restore buffered titles in case they were filtered previously
  204. scoper_restore_property_array( $items, $titles, 'ID', 'post_title' );
  205. return $items;
  206. }
  207. } // end class
  208. ?>