LLMS_AJAX_Handler::select2_query_posts()
Handle Select2 Search boxes for WordPress Posts by Post Type and Post Status.
Return Return
(void)
Source Source
File: includes/class.llms.ajax.handler.php
$term = llms_filter_input_sanitize_string( INPUT_POST, 'term', array( FILTER_FLAG_NO_ENCODE_QUOTES ) );
// Get the page.
$page = llms_filter_input( INPUT_POST, 'page', FILTER_SANITIZE_NUMBER_INT );
// Get post type(s).
$post_type = sanitize_text_field( llms_filter_input_sanitize_string( INPUT_POST, 'post_type' ) );
$post_types_array = explode( ',', $post_type );
foreach ( $post_types_array as &$str ) {
$str = "'" . esc_sql( trim( $str ) ) . "'";
}
$post_types = implode( ',', $post_types_array );
// Get post status(es).
$post_statuses = llms_filter_input_sanitize_string( INPUT_POST, 'post_statuses' );
$post_statuses = empty( $post_statuses ) ? 'publish' : $post_statuses;
$post_statuses_array = explode( ',', $post_statuses );
foreach ( $post_statuses_array as &$str ) {
$str = "'" . esc_sql( trim( $str ) ) . "'";
}
$post_statuses = implode( ',', $post_statuses_array );
// Filter posts (llms posts) by instructor ID.
$instructor_id = llms_filter_input( INPUT_POST, 'instructor_id', FILTER_SANITIZE_NUMBER_INT );
if ( ! empty( $instructor_id ) ) {
$serialized_iid = serialize(
array(
'id' => absint( $instructor_id ),
)
);
$serialized_iid = str_replace( array( 'a:1:{', '}' ), '', $serialized_iid );
$join = $wpdb->prepare(
" JOIN $wpdb->postmeta AS m ON p.ID = m.post_id AND m.meta_key = '_llms_instructors' AND m.meta_value LIKE %s",
'%' . $wpdb->esc_like( $serialized_iid ) . '%'
);
} else {
$join = '';
}
$limit = 30;
$start = $limit * $page;
if ( $term ) {
$like = " AND post_title LIKE '%s'";
$vars = array( '%' . $term . '%', $start, $limit );
} else {
$like = '';
$vars = array( $start, $limit );
}
// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
$posts = $wpdb->get_results(
$wpdb->prepare(
"SELECT p.ID as ID, p.post_title as post_title, p.post_type as post_type
FROM $wpdb->posts as p
$join
WHERE p.post_type IN ( $post_types )
AND p.post_status IN ( $post_statuses )
$like
ORDER BY post_title
LIMIT %d, %d
",
$vars
) // phpcs:ignore -- The number of params is correct, $vars is an array of two elements.
);// no-cache ok.
// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
$items = array();
$grouping = ( count( $post_types_array ) > 1 );
foreach ( $posts as $post ) {
$item = array(
'id' => $post->ID,
'name' => $post->post_title . ' (' . __( 'ID#', 'lifterlms' ) . ' ' . $post->ID . ')',
);
if ( $grouping ) {
// Setup an object for the optgroup if it's not already set up.
if ( ! isset( $items[ $post->post_type ] ) ) {
$obj = get_post_type_object( $post->post_type );
$items[ $post->post_type ] = array(
'label' => $obj->labels->name,
'items' => array(),
);
}
$items[ $post->post_type ]['items'][] = $item;
} else {
$items[] = $item;
}
}
echo json_encode(
array(
'items' => $items,
'more' => count( $items ) === $limit,
'success' => true,
)
);
wp_die();
}
/**
* Add or remove a student from a course or membership.
*
* @since 3.0.0
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
| Version | Description |
|---|---|
| 5.9.0 | Stop using deprecated FILTER_SANITIZE_STRING. |
| 5.5.0 | Do not encode quotes when sanitizing search term. |
| 3.37.2 | Posts can be 'filtered' by instructor via the $_POST['instructor_id']. |
| 3.32.0 | Posts can be queried by post status(es) via the $_POST['post_statuses']. By default only the published posts will be queried. |
| 3.0.0 | Introduced. |