= 4.2.0 =

~ Added: sanitize_sql_orderby ~ Formatting: code.
w3guy · Dec 14, 2022 · af00d29 · af00d29
1 parent 6129919
commit af00d29
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 13 deletions.
diff --git a/inc/admin/views/meta-boxes/course/settings.php b/inc/admin/views/meta-boxes/course/settings.php
@@ -478,7 +478,7 @@ public function save( $post_id ) {
 
 		// Check price is valid.
 		$price_regular = LP_Request::get( '_lp_regular_price', 0, 'float' );
-		$price_sale = LP_Request::get( '_lp_sale_price', 0, 'float' );
+		$price_sale    = LP_Request::get( '_lp_sale_price', 0, 'float' );
 		if ( $price_regular <= 0 ) {
 			$price_sale = 0;
 			update_post_meta( $post_id, '_lp_regular_price', '' );

diff --git a/inc/background-process/class-lp-background-single-course.php b/inc/background-process/class-lp-background-single-course.php
@@ -94,10 +94,10 @@ protected function save_price() {
 				return;
 			}
 
-			$sale_price     = $this->data['_lp_sale_price'] ?? '';
-			$start_date     = $this->data['_lp_sale_start'] ?? '';
-			$end_date       = $this->data['_lp_sale_end'] ?? '';
-			$price          = 0;
+			$sale_price = $this->data['_lp_sale_price'] ?? '';
+			$start_date = $this->data['_lp_sale_start'] ?? '';
+			$end_date   = $this->data['_lp_sale_end'] ?? '';
+			$price      = 0;
 
 			if ( '' != $regular_price ) {
 				$price = $regular_price;

diff --git a/inc/curds/class-lp-course-curd.php b/inc/curds/class-lp-course-curd.php
@@ -823,14 +823,14 @@ public function count_enrolled_users( $course_ids ) {
 		public function get_featured_courses( $args = array() ) {
 			global $wpdb;
 			$lp_course_db = LP_Course_DB::getInstance();
-			$courses = [];
+			$courses      = [];
 
 			try {
-				$limit = absint( $args['limit'] ?? 5 );
-				$order = LP_Helper::sanitize_params_submitted( $args['order'] ?? 'DESC' );
-				$order = in_array( $order, array( 'ASC', 'DESC' ) ) ? $order : 'DESC';
+				$limit    = absint( $args['limit'] ?? 5 );
+				$order    = LP_Helper::sanitize_params_submitted( $args['order'] ?? 'DESC' );
+				$order    = in_array( $order, array( 'ASC', 'DESC' ) ) ? $order : 'DESC';
 				$order_by = LP_Helper::sanitize_params_submitted( $args['order_by'] ?? 'post_date' );
-				$cols = $lp_course_db->get_cols_of_table( $lp_course_db->tb_posts );
+				$cols     = $lp_course_db->get_cols_of_table( $lp_course_db->tb_posts );
 				$order_by = in_array( $order_by, $cols ) ? $order_by : 'post_date'; // For security
 
 				if ( $limit <= 0 ) {

diff --git a/inc/databases/class-lp-db.php b/inc/databases/class-lp-db.php
@@ -619,11 +619,11 @@ public function execute( LP_Filter $filter, int &$total_rows = 0 ) {
 		// Order by
 		$ORDER_BY = '';
 		if ( ! $filter->return_string_query && $filter->order_by ) {
-			if ( ! in_array( $filter->order, [ 'DESC', 'ESC' ] ) ) {
-				$filter->order = 'DESC' ;
+			if ( ! in_array( $filter->order, [ 'DESC', 'ASC' ] ) ) {
+				$filter->order = 'DESC';
 			}
 
-			$ORDER_BY .= 'ORDER BY ' . $filter->order_by . ' ' . $filter->order . ' ';
+			$ORDER_BY .= 'ORDER BY ' . sanitize_sql_orderby( $filter->order_by ) . ' ' . $filter->order . ' ';
 			$ORDER_BY  = apply_filters( 'lp/query/order_by', $ORDER_BY, $filter );
 		}