LLMS_AJAX_Handler::select2_query_posts()
Handle Select2 Search boxes for WordPress Posts by Post Type and Post Status.
Return Return
(void)
Source Source
File: includes/class.llms.ajax.handler.php
889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 | $term = llms_filter_input_sanitize_string( INPUT_POST, 'term', array( FILTER_FLAG_NO_ENCODE_QUOTES ) ); // Get the page. $page = llms_filter_input( INPUT_POST, 'page', FILTER_SANITIZE_NUMBER_INT ); // Get post type(s). $post_type = sanitize_text_field( llms_filter_input_sanitize_string( INPUT_POST, 'post_type' ) ); $post_types_array = explode( ',', $post_type ); foreach ( $post_types_array as &$str ) { $str = "'" . esc_sql( trim( $str ) ) . "'"; } $post_types = implode( ',', $post_types_array ); // Get post status(es). $post_statuses = llms_filter_input_sanitize_string( INPUT_POST, 'post_statuses' ); $post_statuses = empty( $post_statuses ) ? 'publish' : $post_statuses; $post_statuses_array = explode( ',', $post_statuses ); foreach ( $post_statuses_array as &$str ) { $str = "'" . esc_sql( trim( $str ) ) . "'"; } $post_statuses = implode( ',', $post_statuses_array ); // Filter posts (llms posts) by instructor ID. $instructor_id = llms_filter_input( INPUT_POST, 'instructor_id', FILTER_SANITIZE_NUMBER_INT ); if ( ! empty( $instructor_id ) ) { $serialized_iid = serialize( array( 'id' => absint( $instructor_id ), ) ); $serialized_iid = str_replace( array( 'a:1:{', '}' ), '', $serialized_iid ); $join = $wpdb->prepare( " JOIN $wpdb->postmeta AS m ON p.ID = m.post_id AND m.meta_key = '_llms_instructors' AND m.meta_value LIKE %s", '%' . $wpdb->esc_like( $serialized_iid ) . '%' ); } else { $join = ''; } $limit = 30; $start = $limit * $page; if ( $term ) { $like = " AND post_title LIKE '%s'"; $vars = array( '%' . $term . '%', $start, $limit ); } else { $like = ''; $vars = array( $start, $limit ); } // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared $posts = $wpdb->get_results( $wpdb->prepare( "SELECT p.ID as ID, p.post_title as post_title, p.post_type as post_type FROM $wpdb->posts as p $join WHERE p.post_type IN ( $post_types ) AND p.post_status IN ( $post_statuses ) $like ORDER BY post_title LIMIT %d, %d ", $vars ) // phpcs:ignore -- The number of params is correct, $vars is an array of two elements. );// no-cache ok. // phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared $items = array(); $grouping = ( count( $post_types_array ) > 1 ); foreach ( $posts as $post ) { $item = array( 'id' => $post->ID, 'name' => $post->post_title . ' (' . __( 'ID#', 'lifterlms' ) . ' ' . $post->ID . ')', ); if ( $grouping ) { // Setup an object for the optgroup if it's not already set up. if ( ! isset( $items[ $post->post_type ] ) ) { $obj = get_post_type_object( $post->post_type ); $items[ $post->post_type ] = array( 'label' => $obj->labels->name, 'items' => array(), ); } $items[ $post->post_type ]['items'][] = $item; } else { $items[] = $item; } } echo json_encode( array( 'items' => $items, 'more' => count( $items ) === $limit, 'success' => true, ) ); wp_die();}/** * Add or remove a student from a course or membership. * * @since 3.0.0 |
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
| Version | Description |
|---|---|
| 5.9.0 | Stop using deprecated FILTER_SANITIZE_STRING. |
| 5.5.0 | Do not encode quotes when sanitizing search term. |
| 3.37.2 | Posts can be 'filtered' by instructor via the $_POST['instructor_id']. |
| 3.32.0 | Posts can be queried by post status(es) via the $_POST['post_statuses']. By default only the published posts will be queried. |
| 3.0.0 | Introduced. |