mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-06-05 15:09:37 +09:00
- reviewed #1442;
This commit is contained in:
Mykyta Synelnikov
@@ -706,13 +706,29 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
// phpcs:enable WordPress.Security.NonceVerification -- verified via `UM()->check_ajax_nonce();`.
|
||||
if ( ! empty( $search_line ) ) {
|
||||
$searches = array();
|
||||
foreach ( $this->core_search_fields as $field ) {
|
||||
$field = esc_sql( $field );
|
||||
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $field is pre-escaped.
|
||||
$searches[] = $wpdb->prepare( "u.{$field} LIKE %s", '%' . $wpdb->esc_like( $search_line ) . '%' );
|
||||
|
||||
$exclude_fields = get_post_meta( $directory_id, '_um_search_exclude_fields', true );
|
||||
$include_fields = get_post_meta( $directory_id, '_um_search_include_fields', true );
|
||||
|
||||
$core_search = $this->get_core_search_fields();
|
||||
if ( ! empty( $include_fields ) ) {
|
||||
$core_search = array_intersect( $core_search, $include_fields );
|
||||
}
|
||||
if ( ! empty( $exclude_fields ) ) {
|
||||
$core_search = array_diff( $core_search, $exclude_fields );
|
||||
}
|
||||
if ( ! empty( $core_search ) ) {
|
||||
foreach ( $core_search as $field ) {
|
||||
$field = esc_sql( $field );
|
||||
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $field is pre-escaped.
|
||||
$searches[] = $wpdb->prepare( "u.{$field} LIKE %s", '%' . $wpdb->esc_like( $search_line ) . '%' );
|
||||
}
|
||||
}
|
||||
|
||||
$core_search = implode( ' OR ', $searches );
|
||||
if ( ! empty( $core_search ) ) {
|
||||
$core_search = ' OR ' . $core_search;
|
||||
}
|
||||
|
||||
$this->joins[] = "LEFT JOIN {$wpdb->prefix}um_metadata umm_search ON umm_search.user_id = u.ID";
|
||||
|
||||
@@ -720,27 +736,17 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
|
||||
$search_like_string = apply_filters( 'um_member_directory_meta_search_like_type', '%' . $wpdb->esc_like( $search_line ) . '%', $search_line );
|
||||
|
||||
$directory_id = $this->get_directory_by_hash( sanitize_key( $_POST['directory_id'] ) );
|
||||
$exclude_fields = get_post_meta( $directory_id, '_um_search_exclude_fields', true );
|
||||
$include_fields = get_post_meta( $directory_id, '_um_search_include_fields', true );
|
||||
$custom_fields_sql = '';
|
||||
|
||||
if ( ! empty( $exclude_fields ) ) {
|
||||
$custom_fields_sql = 'AND umm_search.um_key NOT IN (';
|
||||
foreach ( $exclude_fields as $exclude_field ) {
|
||||
$custom_fields_sql .= "'" . $exclude_field . "',";
|
||||
}
|
||||
$custom_fields_sql = rtrim( $custom_fields_sql, ',' );
|
||||
$custom_fields_sql .= ') ';
|
||||
$custom_fields_sql = " AND umm_search.um_key NOT IN ('" . implode( "','", $exclude_fields ) . "') ";
|
||||
}
|
||||
if ( ! empty( $include_fields ) ) {
|
||||
$custom_fields_sql = 'AND umm_search.um_key IN (';
|
||||
foreach ( $include_fields as $include_field ) {
|
||||
$custom_fields_sql .= "'" . $include_field . "',";
|
||||
}
|
||||
$custom_fields_sql = rtrim( $custom_fields_sql, ',' );
|
||||
$custom_fields_sql .= ') ';
|
||||
$custom_fields_sql = " AND umm_search.um_key IN ('" . implode( "','", $include_fields ) . "') ";
|
||||
}
|
||||
|
||||
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $core_search and $additional_search are pre-prepared.
|
||||
$this->where_clauses[] = $wpdb->prepare( "( umm_search.um_value = %s OR umm_search.um_value LIKE %s OR umm_search.um_value LIKE %s OR {$core_search}{$additional_search}) {$custom_fields_sql}", $search_line, $search_like_string, '%' . $wpdb->esc_like( maybe_serialize( (string) $search_line ) ) . '%' );
|
||||
$this->where_clauses[] = $wpdb->prepare( "( umm_search.um_value = %s OR umm_search.um_value LIKE %s OR umm_search.um_value LIKE %s{$core_search}{$additional_search}){$custom_fields_sql}", $search_line, $search_like_string, '%' . $wpdb->esc_like( maybe_serialize( (string) $search_line ) ) . '%' );
|
||||
|
||||
$this->is_search = true;
|
||||
}
|
||||
|
||||
@@ -42,6 +42,11 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
*/
|
||||
var $filter_fields = array();
|
||||
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
public $searching_fields = array();
|
||||
|
||||
|
||||
/**
|
||||
* @var array
|
||||
@@ -122,7 +127,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
* Get the WordPress core searching fields in wp_users query.
|
||||
* @return array
|
||||
*/
|
||||
private function get_core_search_fields() {
|
||||
protected function get_core_search_fields() {
|
||||
/**
|
||||
* Filters the WordPress core searching fields in wp_users query for UM Member directory query.
|
||||
*
|
||||
@@ -433,6 +438,25 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
|
||||
$this->filter_supported_fields = apply_filters( 'um_members_directory_custom_field_types_supported_filter', array( 'date', 'time', 'select', 'multiselect', 'radio', 'checkbox', 'rating', 'text', 'textarea', 'number' ) );
|
||||
|
||||
$core_search_keys = $this->get_core_search_fields();
|
||||
|
||||
$this->searching_fields = array();
|
||||
if ( ! empty( UM()->builtin()->all_user_fields() ) ) {
|
||||
foreach ( UM()->builtin()->all_user_fields() as $key => $data ) {
|
||||
if ( in_array( $key, $core_search_keys, true ) ) {
|
||||
if ( isset( $data['title'] ) && array_search( $data['title'], $this->searching_fields, true ) !== false ) {
|
||||
$data['title'] = $data['title'] . ' (' . $key . ')';
|
||||
}
|
||||
|
||||
$title = isset( $data['title'] ) ? $data['title'] : ( isset( $data['label'] ) ? $data['label'] : '' );
|
||||
if ( empty( $title ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$this->searching_fields[ $key ] = $title;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ( ! empty( UM()->builtin()->saved_fields ) ) {
|
||||
foreach ( UM()->builtin()->saved_fields as $key => $data ) {
|
||||
|
||||
@@ -459,6 +483,9 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
|
||||
ksort( $this->filter_fields );
|
||||
|
||||
$this->searching_fields = array_merge( $this->searching_fields, $this->filter_fields );
|
||||
asort( $this->searching_fields );
|
||||
|
||||
$this->filter_types = apply_filters( 'um_members_directory_filter_types', array(
|
||||
'country' => 'select',
|
||||
'gender' => 'select',
|
||||
@@ -1757,38 +1784,57 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
$custom_fields[] = $field_key;
|
||||
}
|
||||
} else {
|
||||
$custom_fields = $include_fields;
|
||||
foreach ( $include_fields as $field_key ) {
|
||||
if ( empty( $field_key ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$data = UM()->fields()->get_field( $field_key );
|
||||
if ( ! um_can_view_field( $data ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$custom_fields[] = $field_key;
|
||||
}
|
||||
}
|
||||
|
||||
$custom_fields = apply_filters( 'um_general_search_custom_fields', $custom_fields );
|
||||
|
||||
if ( ! empty( $custom_fields ) ) {
|
||||
if ( ! empty( $exclude_fields ) ) {
|
||||
$custom_fields = array_diff( $custom_fields, $exclude_fields );
|
||||
}
|
||||
|
||||
$sql['join'] = preg_replace(
|
||||
'/(' . $meta_join_for_search . ' ON \( ' . $wpdb->users . '\.ID = ' . $meta_join_for_search . '\.user_id )(\))/im',
|
||||
"$1 AND " . $meta_join_for_search . ".meta_key IN( '" . implode( "','", $custom_fields ) . "' ) $2",
|
||||
$sql['join']
|
||||
);
|
||||
}
|
||||
|
||||
if ( ! empty( $exclude_fields ) ) {
|
||||
foreach ( $exclude_fields as $field ) {
|
||||
$sql['join'] = str_replace( ",'" . $field . "'", '', $sql['join'] );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Add OR instead AND to search in WP core fields user_email, user_login, user_display_name
|
||||
$search_where = $context->get_search_sql( $search, $this->get_core_search_fields(), 'both' );
|
||||
$core_search = $this->get_core_search_fields();
|
||||
if ( ! empty( $include_fields ) ) {
|
||||
$core_search = array_intersect( $core_search, $include_fields );
|
||||
}
|
||||
if ( ! empty( $exclude_fields ) ) {
|
||||
$core_search = array_diff( $core_search, $exclude_fields );
|
||||
}
|
||||
|
||||
$search_where = preg_replace( '/ AND \((.*?)\)/im', "$1 OR", $search_where );
|
||||
if ( ! empty( $core_search ) ) {
|
||||
// Add OR instead AND to search in WP core fields user_email, user_login, user_display_name
|
||||
$search_where = $context->get_search_sql( $search, $core_search, 'both' );
|
||||
|
||||
// str_replace( '/', '\/', wp_slash( $search ) ) means that we add backslashes to special symbols + add backslash to slash(/) symbol for proper regular pattern.
|
||||
$sql['where'] = preg_replace(
|
||||
'/(' . $meta_join_for_search . '.meta_value = \'' . str_replace( '/', '\/', wp_slash( $search ) ) . '\')/im',
|
||||
trim( $search_where ) . " $1",
|
||||
$sql['where'],
|
||||
1
|
||||
);
|
||||
$search_where = preg_replace( '/ AND \((.*?)\)/im', "$1 OR", $search_where );
|
||||
|
||||
// str_replace( '/', '\/', wp_slash( $search ) ) means that we add backslashes to special symbols + add backslash to slash(/) symbol for proper regular pattern.
|
||||
$sql['where'] = preg_replace(
|
||||
'/(' . $meta_join_for_search . '.meta_value = \'' . str_replace( '/', '\/', wp_slash( $search ) ) . '\')/im',
|
||||
trim( $search_where ) . " $1",
|
||||
$sql['where'],
|
||||
1
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user