= 4.2.0 =

~ Fixed: inject SQL, shortcode "get_recent_courses", "get_featured_courses"
w3guy · Dec 13, 2022 · bd2334f · bd2334f
1 parent f285d22
commit bd2334f
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 40 deletions.
diff --git a/inc/abstracts/abstract-shortcode-courses.php b/inc/abstracts/abstract-shortcode-courses.php
@@ -93,7 +93,7 @@ public function get_atts() {
 			$order      = strtoupper( $order );
 
 			if ( ! in_array( $order, $arr_orders ) ) {
-				$atts['order_by'] = 'DESC';
+				$atts['order'] = 'DESC';
 			}
 
 			return $atts;

diff --git a/inc/curds/class-lp-course-curd.php b/inc/curds/class-lp-course-curd.php
@@ -705,28 +705,29 @@ public function remove_item( $item_id, $course_id = 0 ) {
 		 * @param array $args
 		 *
 		 * @return array
+		 * @since 3.0.0
+		 * @version 1.0.1
 		 */
 		public function get_recent_courses( $args = array() ) {
 			global $wpdb;
 
-			$limit = ! empty( $args['limit'] ) ? $args['limit'] : - 1;
-			$order = ! empty( $args['order'] ) ? $args['order'] : 'DESC';
-
-			if ( $limit <= 0 ) {
-				$limit = 0;
+			$limit = absint( $args['limit'] ?? 5 );
+			$order = LP_Helper::sanitize_params_submitted( $args['order'] ?? 'DESC' );
+			if ( ! in_array( $order, array( 'ASC', 'DESC' ) ) ) {
+				$order = 'DESC';
 			}
 
 			$query = apply_filters(
 				'learn-press/course-curd/query-recent-courses',
 				$wpdb->prepare(
 					"
 					SELECT DISTINCT p.ID
-						FROM $wpdb->posts AS p
-						WHERE p.post_type = %s
-						AND p.post_status = %s
-						ORDER BY p.post_date {$order}
-						LIMIT %d
-				",
+					FROM $wpdb->posts AS p
+					WHERE p.post_type = %s
+					AND p.post_status = %s
+					ORDER BY p.post_date {$order}
+					LIMIT %d
+					",
 					LP_COURSE_CPT,
 					'publish',
 					$limit
@@ -757,7 +758,7 @@ public function get_user_enrolled( $course_id, $limit = - 1 ) {
 				WHERE user_item.item_id = %d
 				AND user_item.item_type = %s
 				LIMIT %d
-			",
+				",
 				$course_id,
 				LP_COURSE_CPT,
 				$limit
@@ -815,40 +816,54 @@ public function count_enrolled_users( $course_ids ) {
 		 * @param array $args
 		 *
 		 * @return array
+		 * @version 1.0.1
+		 * @since 3.0.0
+		 * @Todo: should call LP_Course_DB
 		 */
 		public function get_featured_courses( $args = array() ) {
 			global $wpdb;
+			$lp_course_db = LP_Course_DB::getInstance();
+			$courses = [];
 
-			$limit    = ! empty( $args['limit'] ) ? $args['limit'] : - 1;
-			$order_by = ! empty( $args['order_by'] ) ? $args['order_by'] : 'post_date';
-			$order    = ! empty( $args['order'] ) ? $args['order'] : 'DESC';
+			try {
+				$limit = absint( $args['limit'] ?? 5 );
+				$order = LP_Helper::sanitize_params_submitted( $args['order'] ?? 'DESC' );
+				$order = in_array( $order, array( 'ASC', 'DESC' ) ) ? $order : 'DESC';
+				$order_by = LP_Helper::sanitize_params_submitted( $args['order_by'] ?? 'post_date' );
+				$cols = $lp_course_db->get_cols_of_table( $lp_course_db->tb_posts );
+				$order_by = in_array( $order_by, $cols ) ? $order_by : 'post_date'; // For security
+
+				if ( $limit <= 0 ) {
+					$limit = 0;
+				}
 
-			if ( $limit <= 0 ) {
-				$limit = 0;
-			}
+				$query = apply_filters(
+					'learn-press/course-curd/query-featured-courses',
+					$wpdb->prepare(
+						"
+						SELECT DISTINCT p.ID
+						FROM {$wpdb->posts} p
+	                    LEFT JOIN {$wpdb->postmeta} as pmeta ON p.ID=pmeta.post_id AND pmeta.meta_key = %s
+	                    WHERE p.post_type = %s
+							AND p.post_status = %s
+							AND pmeta.meta_value = %s
+	                    ORDER BY p.{$order_by} {$order}
+	                    LIMIT %d
+                		",
+						'_lp_featured',
+						LP_COURSE_CPT,
+						'publish',
+						'yes',
+						$limit
+					)
+				);
 
-			$query = apply_filters(
-				'learn-press/course-curd/query-featured-courses',
-				$wpdb->prepare(
-					"
-					SELECT DISTINCT p.ID
-					FROM {$wpdb->posts} p
-                    LEFT JOIN {$wpdb->postmeta} as pmeta ON p.ID=pmeta.post_id AND pmeta.meta_key = %s
-                    WHERE p.post_type = %s
-						AND p.post_status = %s
-						AND pmeta.meta_value = %s
-                    ORDER BY p.{$order_by} {$order}
-                    LIMIT %d
-                ",
-					'_lp_featured',
-					LP_COURSE_CPT,
-					'publish',
-					'yes',
-					$limit
-				)
-			);
+				$courses = $wpdb->get_col( $query );
+			} catch ( Throwable $e ) {
+				error_log( $e->getMessage() );
+			}
 
-			return $wpdb->get_col( $query );
+			return $courses;
 		}
 	}
 }
diff --git a/inc/databases/class-lp-db.php b/inc/databases/class-lp-db.php
@@ -619,6 +619,10 @@ public function execute( LP_Filter $filter, int &$total_rows = 0 ) {
 		// Order by
 		$ORDER_BY = '';
 		if ( ! $filter->return_string_query && $filter->order_by ) {
+			if ( ! in_array( $filter->order, [ 'DESC', 'ESC' ] ) ) {
+				$filter->order = 'DESC' ;
+			}
+
 			$ORDER_BY .= 'ORDER BY ' . $filter->order_by . ' ' . $filter->order . ' ';
 			$ORDER_BY  = apply_filters( 'lp/query/order_by', $ORDER_BY, $filter );
 		}