LLMS_AJAX_Handler::select2_query_posts()

Handle Select2 Search boxes for WordPress Posts by Post Type and Post Status.


Return Return

(void)


Top ↑

Source Source

File: includes/class.llms.ajax.handler.php

	public static function select2_query_posts() {

		global $wpdb;

		// Grab the search term if it exists.
		$term = llms_filter_input_sanitize_string( INPUT_POST, 'term', array( FILTER_FLAG_NO_ENCODE_QUOTES ) );

		// Get the page.
		$page = llms_filter_input( INPUT_POST, 'page', FILTER_SANITIZE_NUMBER_INT );

		// Get post type(s).
		$post_type        = sanitize_text_field( llms_filter_input_sanitize_string( INPUT_POST, 'post_type' ) );
		$post_types_array = explode( ',', $post_type );
		foreach ( $post_types_array as &$str ) {
			$str = "'" . esc_sql( trim( $str ) ) . "'";
		}
		$post_types = implode( ',', $post_types_array );

		// Get post status(es).
		$post_statuses       = llms_filter_input_sanitize_string( INPUT_POST, 'post_statuses' );
		$post_statuses       = empty( $post_statuses ) ? 'publish' : $post_statuses;
		$post_statuses_array = explode( ',', $post_statuses );
		foreach ( $post_statuses_array as &$str ) {
			$str = "'" . esc_sql( trim( $str ) ) . "'";
		}
		$post_statuses = implode( ',', $post_statuses_array );

		// Filter posts (llms posts) by instructor ID.
		$instructor_id = llms_filter_input( INPUT_POST, 'instructor_id', FILTER_SANITIZE_NUMBER_INT );
		if ( ! empty( $instructor_id ) ) {
			$serialized_iid = serialize(
				array(
					'id' => absint( $instructor_id ),
				)
			);
			$serialized_iid = str_replace( array( 'a:1:{', '}' ), '', $serialized_iid );

			$join = $wpdb->prepare(
				" JOIN $wpdb->postmeta AS m ON p.ID = m.post_id AND m.meta_key = '_llms_instructors' AND m.meta_value LIKE %s",
				'%' . $wpdb->esc_like( $serialized_iid ) . '%'
			);
		} else {
			$join = '';
		}

		$limit = 30;
		$start = $limit * $page;

		if ( $term ) {
			$like = " AND post_title LIKE '%s'";
			$vars = array( '%' . $term . '%', $start, $limit );
		} else {
			$like = '';
			$vars = array( $start, $limit );
		}

		// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
		$posts = $wpdb->get_results(
			$wpdb->prepare(
				"SELECT p.ID as ID, p.post_title as post_title, p.post_type as post_type
			 FROM $wpdb->posts as p
			 $join
			 WHERE p.post_type IN ( $post_types )
			   AND p.post_status IN ( $post_statuses )
			       $like
			 ORDER BY post_title
			 LIMIT %d, %d
			",
				$vars
			) // phpcs:ignore -- The number of params is correct, $vars is an array of two elements.
		);// no-cache ok.
		// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared

		$items = array();

		$grouping = ( count( $post_types_array ) > 1 );

		foreach ( $posts as $post ) {

			$item = array(
				'id'   => $post->ID,
				'name' => $post->post_title . ' (' . __( 'ID#', 'lifterlms' ) . ' ' . $post->ID . ')',
			);

			if ( $grouping ) {

				// Setup an object for the optgroup if it's not already set up.
				if ( ! isset( $items[ $post->post_type ] ) ) {
					$obj                       = get_post_type_object( $post->post_type );
					$items[ $post->post_type ] = array(
						'label' => $obj->labels->name,
						'items' => array(),
					);
				}

				$items[ $post->post_type ]['items'][] = $item;

			} else {

				$items[] = $item;

			}
		}

		echo json_encode(
			array(
				'items'   => $items,
				'more'    => count( $items ) === $limit,
				'success' => true,
			)
		);
		wp_die();

	}


Top ↑

Changelog Changelog

Changelog
Version Description
5.9.0 Stop using deprecated FILTER_SANITIZE_STRING.
5.5.0 Do not encode quotes when sanitizing search term.
3.37.2 Posts can be 'filtered' by instructor via the $_POST['instructor_id'].
3.32.0 Posts can be queried by post status(es) via the $_POST['post_statuses']. By default only the published posts will be queried.
3.0.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.