AyeCode / invoicing

includes/api/class-getpaid-rest-posts-controller.php

Indentation +617 added lines, -617 removed lines

@@ -18,626 +18,626 @@
 class GetPaid_REST_Posts_Controller extends GetPaid_REST_CRUD_Controller {
 
     /**
-	 * Post type.
-	 *
-	 * @var string
-	 */
-	protected $post_type;
-
-	/**
-	 * Controls visibility on frontend.
-	 *
-	 * @var string
-	 */
-	public $public = false;
-
-	/**
-	 * Registers the routes for the objects of the controller.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @see register_rest_route()
-	 */
-	public function register_namespace_routes( $namespace ) {
-
-		parent::register_namespace_routes( $namespace );
-
-		register_rest_route(
-			$namespace,
-			'/' . $this->rest_base . '/batch',
-			array(
-				array(
-					'methods'             => WP_REST_Server::EDITABLE,
-					'callback'            => array( $this, 'batch_items' ),
-					'permission_callback' => array( $this, 'batch_items_permissions_check' ),
-					'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
-				),
-				'schema' => array( $this, 'get_public_batch_schema' ),
-			)
-		);
-
-	}
-
-	/**
-	 * Check permissions of items on REST API.
-	 *
-	 * @since 1.0.19
-	 * @param string $context   Request context.
-	 * @param int    $object_id Post ID.
-	 * @return bool
-	 */
-	public function check_post_permissions( $context = 'read', $object_id = 0 ) {
-
-		$contexts = array(
-			'read'   => 'read_private_posts',
-			'create' => 'publish_posts',
-			'edit'   => 'edit_post',
-			'delete' => 'delete_post',
-			'batch'  => 'edit_others_posts',
-		);
-
-		$cap              = $contexts[ $context ];
-		$post_type_object = get_post_type_object( $this->post_type );
-		$permission       = current_user_can( $post_type_object->cap->$cap, $object_id );
-
-		return apply_filters( 'getpaid_rest_check_permissions', $permission, $context, $object_id, $this->post_type );
-	}
-
-	/**
-	 * Check if a given request has access to read items.
-	 *
-	 * @param  WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|boolean
-	 */
-	public function get_items_permissions_check( $request ) {
-		return $this->check_post_permissions() ? true : new WP_Error( 'rest_cannot_view', __( 'Sorry, you cannot list resources.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
-	}
-
-	/**
-	 * Check if a given request has access to create an item.
-	 *
-	 * @param  WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|boolean
-	 */
-	public function create_item_permissions_check( $request ) {
-		return $this->check_post_permissions( 'create' ) ? true : new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create resources.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
-	}
-
-	/**
-	 * Check if a given request has access to read an item.
-	 *
-	 * @param  WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|boolean
-	 */
-	public function get_item_permissions_check( $request ) {
-		$post = get_post( (int) $request['id'] );
-
-		if ( $post && ! $this->check_post_permissions( 'read', $post->ID ) ) {
-			return new WP_Error( 'rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check if a given request has access to update an item.
-	 *
-	 * @param  WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|boolean
-	 */
-	public function update_item_permissions_check( $request ) {
-		$post = get_post( (int) $request['id'] );
-
-		if ( $post && ! $this->check_post_permissions( 'edit', $post->ID ) ) {
-			return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check if a given request has access to delete an item.
-	 *
-	 * @param  WP_REST_Request $request Full details about the request.
-	 * @return bool|WP_Error
-	 */
-	public function delete_item_permissions_check( $request ) {
-		$post = get_post( (int) $request['id'] );
-
-		if ( $post && ! $this->check_post_permissions( 'delete', $post->ID ) ) {
-			return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check if a given request has access batch create, update and delete items.
-	 *
-	 * @param  WP_REST_Request $request Full details about the request.
-	 *
-	 * @return boolean|WP_Error
-	 */
-	public function batch_items_permissions_check( $request ) {
-		return $this->check_post_permissions( 'batch' ) ? true : new WP_Error( 'rest_cannot_batch', __( 'Sorry, you are not allowed to batch manipulate this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
-	}
-
-	/**
-	 * @deprecated
-	 */
-	public function get_post( $object_id ) {
-		return $this->get_object( $object_id );
+     * Post type.
+     *
+     * @var string
+     */
+    protected $post_type;
+
+    /**
+     * Controls visibility on frontend.
+     *
+     * @var string
+     */
+    public $public = false;
+
+    /**
+     * Registers the routes for the objects of the controller.
+     *
+     * @since 1.0.19
+     *
+     * @see register_rest_route()
+     */
+    public function register_namespace_routes( $namespace ) {
+
+        parent::register_namespace_routes( $namespace );
+
+        register_rest_route(
+            $namespace,
+            '/' . $this->rest_base . '/batch',
+            array(
+                array(
+                    'methods'             => WP_REST_Server::EDITABLE,
+                    'callback'            => array( $this, 'batch_items' ),
+                    'permission_callback' => array( $this, 'batch_items_permissions_check' ),
+                    'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
+                ),
+                'schema' => array( $this, 'get_public_batch_schema' ),
+            )
+        );
+
+    }
+
+    /**
+     * Check permissions of items on REST API.
+     *
+     * @since 1.0.19
+     * @param string $context   Request context.
+     * @param int    $object_id Post ID.
+     * @return bool
+     */
+    public function check_post_permissions( $context = 'read', $object_id = 0 ) {
+
+        $contexts = array(
+            'read'   => 'read_private_posts',
+            'create' => 'publish_posts',
+            'edit'   => 'edit_post',
+            'delete' => 'delete_post',
+            'batch'  => 'edit_others_posts',
+        );
+
+        $cap              = $contexts[ $context ];
+        $post_type_object = get_post_type_object( $this->post_type );
+        $permission       = current_user_can( $post_type_object->cap->$cap, $object_id );
+
+        return apply_filters( 'getpaid_rest_check_permissions', $permission, $context, $object_id, $this->post_type );
+    }
+
+    /**
+     * Check if a given request has access to read items.
+     *
+     * @param  WP_REST_Request $request Full details about the request.
+     * @return WP_Error|boolean
+     */
+    public function get_items_permissions_check( $request ) {
+        return $this->check_post_permissions() ? true : new WP_Error( 'rest_cannot_view', __( 'Sorry, you cannot list resources.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
+    }
+
+    /**
+     * Check if a given request has access to create an item.
+     *
+     * @param  WP_REST_Request $request Full details about the request.
+     * @return WP_Error|boolean
+     */
+    public function create_item_permissions_check( $request ) {
+        return $this->check_post_permissions( 'create' ) ? true : new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create resources.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
+    }
+
+    /**
+     * Check if a given request has access to read an item.
+     *
+     * @param  WP_REST_Request $request Full details about the request.
+     * @return WP_Error|boolean
+     */
+    public function get_item_permissions_check( $request ) {
+        $post = get_post( (int) $request['id'] );
+
+        if ( $post && ! $this->check_post_permissions( 'read', $post->ID ) ) {
+            return new WP_Error( 'rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if a given request has access to update an item.
+     *
+     * @param  WP_REST_Request $request Full details about the request.
+     * @return WP_Error|boolean
+     */
+    public function update_item_permissions_check( $request ) {
+        $post = get_post( (int) $request['id'] );
+
+        if ( $post && ! $this->check_post_permissions( 'edit', $post->ID ) ) {
+            return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if a given request has access to delete an item.
+     *
+     * @param  WP_REST_Request $request Full details about the request.
+     * @return bool|WP_Error
+     */
+    public function delete_item_permissions_check( $request ) {
+        $post = get_post( (int) $request['id'] );
+
+        if ( $post && ! $this->check_post_permissions( 'delete', $post->ID ) ) {
+            return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if a given request has access batch create, update and delete items.
+     *
+     * @param  WP_REST_Request $request Full details about the request.
+     *
+     * @return boolean|WP_Error
+     */
+    public function batch_items_permissions_check( $request ) {
+        return $this->check_post_permissions( 'batch' ) ? true : new WP_Error( 'rest_cannot_batch', __( 'Sorry, you are not allowed to batch manipulate this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
+    }
+
+    /**
+     * @deprecated
+     */
+    public function get_post( $object_id ) {
+        return $this->get_object( $object_id );
+    }
+
+    /**
+     * Get a single object.
+     *
+     * @param WP_REST_Request $request Full details about the request.
+     * @return WP_Error|WP_REST_Response
+     */
+    public function get_item( $request ) {
+
+        // Fetch item.
+        $response = parent::get_item( $request );
+
+        // (Maybe) add a link to the html pagee.
+        if ( $this->public && ! is_wp_error( $response ) ) {
+            $response->link_header( 'alternate', get_permalink( $this->data_object->get_id() ), array( 'type' => 'text/html' ) );
+        }
+
+        return $response;
+    }
+
+    /**
+     * Create a single object.
+     *
+     * @param WP_REST_Request $request Full details about the request.
+     * @return WP_Error|WP_REST_Response
+     */
+    public function create_item( $request ) {
+
+        // Create item.
+        $response = parent::create_item( $request );
+
+        // Fire a hook after an item is created.
+        if ( ! is_wp_error( $response ) ) {
+
+            /**
+             * Fires after a single item is created or updated via the REST API.
+             *
+             * @param WP_Post         $post      Post object.
+             * @param WP_REST_Request $request   Request object.
+             * @param boolean         $creating  True when creating item, false when updating.
+             */
+            do_action( "getpaid_rest_insert_{$this->post_type}", $this->data_object, $request, true );
+
+        }
+
+        return $response;
+
     }
 
-	/**
-	 * Get a single object.
-	 *
-	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|WP_REST_Response
-	 */
-	public function get_item( $request ) {
-
-		// Fetch item.
-		$response = parent::get_item( $request );
-
-		// (Maybe) add a link to the html pagee.
-		if ( $this->public && ! is_wp_error( $response ) ) {
-			$response->link_header( 'alternate', get_permalink( $this->data_object->get_id() ), array( 'type' => 'text/html' ) );
-		}
-
-		return $response;
-	}
-
-	/**
-	 * Create a single object.
-	 *
-	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|WP_REST_Response
-	 */
-	public function create_item( $request ) {
-
-		// Create item.
-		$response = parent::create_item( $request );
-
-		// Fire a hook after an item is created.
-		if ( ! is_wp_error( $response ) ) {
-
-			/**
-			 * Fires after a single item is created or updated via the REST API.
-			 *
-			 * @param WP_Post         $post      Post object.
-			 * @param WP_REST_Request $request   Request object.
-			 * @param boolean         $creating  True when creating item, false when updating.
-			 */
-			do_action( "getpaid_rest_insert_{$this->post_type}", $this->data_object, $request, true );
-
-		}
-
-		return $response;
-
-	}
-
-	/**
-	 * Update a single object.
-	 *
-	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|WP_REST_Response
-	 */
-	public function update_item( $request ) {
-
-		// Create item.
-		$response = parent::update_item( $request );
-
-		// Fire a hook after an item is created.
-		if ( ! is_wp_error( $response ) ) {
-
-			/**
-			 * Fires after a single item is created or updated via the REST API.
-			 *
-			 * @param WP_Post         $post      Post object.
-			 * @param WP_REST_Request $request   Request object.
-			 * @param boolean         $creating  True when creating item, false when updating.
-			 */
-			do_action( "getpaid_rest_insert_{$this->post_type}", $this->data_object, $request, false );
-
-		}
-
-		return $response;
-
-	}
-
-	/**
-	 * Get a collection of objects.
-	 *
-	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|WP_REST_Response
-	 */
-	public function get_items( $request ) {
-
-		$args                         = array();
-		$args['offset']               = $request['offset'];
-		$args['order']                = $request['order'];
-		$args['orderby']              = $request['orderby'];
-		$args['paged']                = $request['page'];
-		$args['post__in']             = $request['include'];
-		$args['post__not_in']         = $request['exclude'];
-		$args['posts_per_page']       = $request['per_page'];
-		$args['name']                 = $request['slug'];
-		$args['post_parent__in']      = $request['parent'];
-		$args['post_parent__not_in']  = $request['parent_exclude'];
-		$args['s']                    = $request['search'];
-		$args['post_status']          = wpinv_parse_list( $request['status'] );
-
-		$args['date_query'] = array();
-
-		// Set before into date query. Date query must be specified as an array of an array.
-		if ( isset( $request['before'] ) ) {
-			$args['date_query'][0]['before'] = $request['before'];
-		}
-
-		// Set after into date query. Date query must be specified as an array of an array.
-		if ( isset( $request['after'] ) ) {
-			$args['date_query'][0]['after'] = $request['after'];
-		}
-
-		// Force the post_type & fields arguments, since they're not a user input variable.
-		$args['post_type'] = $this->post_type;
-		$args['fields']    = 'ids';
-
-		// Filter the query arguments for a request.
-		$args       = apply_filters( "getpaid_rest_{$this->post_type}_query", $args, $request );
-		$query_args = $this->prepare_items_query( $args, $request );
-
-		$posts_query = new WP_Query();
-		$query_result = $posts_query->query( $query_args );
-
-		$posts = array();
-		foreach ( $query_result as $post_id ) {
-			if ( ! $this->check_post_permissions( 'read', $post_id ) ) {
-				continue;
-			}
-
-			$data    = $this->prepare_item_for_response( $this->get_object( $post_id ), $request );
-			$posts[] = $this->prepare_response_for_collection( $data );
-		}
-
-		$page        = (int) $query_args['paged'];
-		$total_posts = $posts_query->found_posts;
-
-		if ( $total_posts < 1 ) {
-			// Out-of-bounds, run the query again without LIMIT for total count.
-			unset( $query_args['paged'] );
-			$count_query = new WP_Query();
-			$count_query->query( $query_args );
-			$total_posts = $count_query->found_posts;
-		}
-
-		$max_pages = ceil( $total_posts / (int) $query_args['posts_per_page'] );
-
-		$response = rest_ensure_response( $posts );
-		$response->header( 'X-WP-Total', (int) $total_posts );
-		$response->header( 'X-WP-TotalPages', (int) $max_pages );
-
-		$request_params = $request->get_query_params();
-		$base = add_query_arg( $request_params, rest_url( sprintf( '/%s/%s', $this->namespace, $this->rest_base ) ) );
-
-		if ( $page > 1 ) {
-			$prev_page = $page - 1;
-			if ( $prev_page > $max_pages ) {
-				$prev_page = $max_pages;
-			}
-			$prev_link = add_query_arg( 'page', $prev_page, $base );
-			$response->link_header( 'prev', $prev_link );
-		}
-		if ( $max_pages > $page ) {
-			$next_page = $page + 1;
-			$next_link = add_query_arg( 'page', $next_page, $base );
-			$response->link_header( 'next', $next_link );
-		}
-
-		return $response;
-	}
-
-	/**
-	 * Delete a single item.
-	 *
-	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_REST_Response|WP_Error
-	 */
-	public function delete_item( $request ) {
-
-		// Fetch the item.
-		$item = $this->get_object( $request['id'] );
-		if ( is_wp_error( $item ) ) {
-			return $item;
-		}
-
-		$supports_trash = EMPTY_TRASH_DAYS > 0;
-		$force          = $supports_trash && (bool) $request['force'];
-
-		if ( ! $this->check_post_permissions( 'delete', $item->ID ) ) {
-			return new WP_Error( 'cannot_delete', __( 'Sorry, you are not allowed to delete this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
-		}
-
-		$request->set_param( 'context', 'edit' );
-		$response = $this->prepare_item_for_response( $item, $request );
-
-		if ( ! wp_delete_post( $item->ID, $force ) ) {
-			return new WP_Error( 'rest_cannot_delete', sprintf( __( 'The resource cannot be deleted.', 'invoicing' ), $this->post_type ), array( 'status' => 500 ) );
-		}
-
-		return $response;
-	}
-
-	/**
-	 * Prepare links for the request.
-	 *
-	 * @param GetPaid_Data    $object GetPaid_Data object.
-	 * @return array Links for the given object.
-	 */
-	protected function prepare_links( $object ) {
-
-		$links = parent::prepare_links( $object );
-
-		if ( is_callable( array( $object, 'get_user_id' ) ) ) {
-			$links['user'] = array(
-				'href'       => rest_url( 'wp/v2/users/' . call_user_func( array( $object, 'get_user_id' ) ) ),
-				'embeddable' => true,
-			);
-		}
-
-		if ( is_callable( array( $object, 'get_owner' ) ) ) {
-			$links['owner']  = array(
-				'href'       => rest_url( 'wp/v2/users/' . call_user_func( array( $object, 'get_owner' ) ) ),
-				'embeddable' => true,
-			);
-		}
-
-		if ( is_callable( array( $object, 'get_parent_id' ) ) && call_user_func( array( $object, 'get_parent_id' ) ) ) {
-			$links['parent']  = array(
-				'href'       => rest_url( "$this->namespace/$this->rest_base/" . call_user_func( array( $object, 'get_parent_id' ) ) ),
-				'embeddable' => true,
-			);
-		}
-
-		return $links;
-	}
-
-	/**
-	 * Determine the allowed query_vars for a get_items() response and
-	 * prepare for WP_Query.
-	 *
-	 * @param array           $prepared_args Prepared arguments.
-	 * @param WP_REST_Request $request Request object.
-	 * @return array          $query_args
-	 */
-	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
-
-		$valid_vars = array_flip( $this->get_allowed_query_vars() );
-		$query_args = array();
-		foreach ( $valid_vars as $var => $index ) {
-			if ( isset( $prepared_args[ $var ] ) ) {
-				$query_args[ $var ] = apply_filters( "getpaid_rest_query_var-{$var}", $prepared_args[ $var ], $index );
-			}
-		}
-
-		$query_args['ignore_sticky_posts'] = true;
-
-		if ( 'include' === $query_args['orderby'] ) {
-			$query_args['orderby'] = 'post__in';
-		} elseif ( 'id' === $query_args['orderby'] ) {
-			$query_args['orderby'] = 'ID'; // ID must be capitalized.
-		} elseif ( 'slug' === $query_args['orderby'] ) {
-			$query_args['orderby'] = 'name';
-		}
-
-		return apply_filters( 'getpaid_rest_prepare_items_query', $query_args, $request, $this );
-
-	}
-
-	/**
-	 * Get all the WP Query vars that are allowed for the API request.
-	 *
-	 * @return array
-	 */
-	protected function get_allowed_query_vars() {
-		global $wp;
-
-		/**
-		 * Filter the publicly allowed query vars.
-		 *
-		 * Allows adjusting of the default query vars that are made public.
-		 *
-		 * @param array  Array of allowed WP_Query query vars.
-		 */
-		$valid_vars = apply_filters( 'query_vars', $wp->public_query_vars );
-
-		$post_type_obj = get_post_type_object( $this->post_type );
-		if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
-			$private = apply_filters( 'getpaid_rest_private_query_vars', $wp->private_query_vars );
-			$valid_vars = array_merge( $valid_vars, $private );
-		}
-
-		// Define our own in addition to WP's normal vars.
-		$rest_valid = array(
-			'post_status',
-			'date_query',
-			'ignore_sticky_posts',
-			'offset',
-			'post__in',
-			'post__not_in',
-			'post_parent',
-			'post_parent__in',
-			'post_parent__not_in',
-			'posts_per_page',
-			'meta_query',
-			'tax_query',
-			'meta_key',
-			'meta_value',
-			'meta_compare',
-			'meta_value_num',
-		);
-		$valid_vars = array_merge( $valid_vars, $rest_valid );
-
-		// Filter allowed query vars for the REST API.
-		$valid_vars = apply_filters( 'getpaid_rest_query_vars', $valid_vars, $this );
-
-		return $valid_vars;
-	}
-
-	/**
-	 * Get the query params for collections of attachments.
-	 *
-	 * @return array
-	 */
-	public function get_collection_params() {
-
-		return array_merge(
-			parent::get_collection_params(),
-			array(
-				'status'  => array(
-					'default'           => $this->get_post_statuses(),
-					'description'       => __( 'Limit result set to resources assigned one or more statuses.', 'invoicing' ),
-					'type'              => array( 'array', 'string' ),
-					'items'             => array(
-						'enum' => $this->get_post_statuses(),
-						'type' => 'string',
-					),
-					'validate_callback' => 'rest_validate_request_arg',
-					'sanitize_callback' => array( $this, 'sanitize_post_statuses' ),
-				),
-				'after'   => array(
-					'description'       => __( 'Limit response to resources created after a given ISO8601 compliant date.', 'invoicing' ),
-					'type'              => 'string',
-					'format'            => 'string',
-					'validate_callback' => 'rest_validate_request_arg',
-					'sanitize_callback' => 'sanitize_text_field',
-				),
-				'before'  => array(
-					'description'       => __( 'Limit response to resources created before a given ISO8601 compliant date.', 'invoicing' ),
-					'type'              => 'string',
-					'format'            => 'string',
-					'validate_callback' => 'rest_validate_request_arg',
-					'sanitize_callback' => 'sanitize_text_field',
-				),
-				'exclude' => array(
-					'description'       => __( 'Ensure result set excludes specific IDs.', 'invoicing' ),
-					'type'              => 'array',
-					'items'             => array(
-						'type' => 'integer',
-					),
-					'default'           => array(),
-					'sanitize_callback' => 'wp_parse_id_list',
-					'validate_callback' => 'rest_validate_request_arg',
-				),
-				'include' => array(
-					'description'       => __( 'Limit result set to specific ids.', 'invoicing' ),
-					'type'              => 'array',
-					'items'             => array(
-						'type' => 'integer',
-					),
-					'default'           => array(),
-					'sanitize_callback' => 'wp_parse_id_list',
-					'validate_callback' => 'rest_validate_request_arg',
-				),
-				'offset'  => array(
-					'description'       => __( 'Offset the result set by a specific number of items.', 'invoicing' ),
-					'type'              => 'integer',
-					'sanitize_callback' => 'absint',
-					'validate_callback' => 'rest_validate_request_arg',
-				),
-				'order'   => array(
-					'description'       => __( 'Order sort attribute ascending or descending.', 'invoicing' ),
-					'type'              => 'string',
-					'default'           => 'desc',
-					'enum'              => array( 'asc', 'desc' ),
-					'validate_callback' => 'rest_validate_request_arg',
-				),
-				'orderby' => array(
-					'description'       => __( 'Sort collection by object attribute.', 'invoicing' ),
-					'type'              => 'string',
-					'default'           => 'date',
-					'enum'              => array(
-						'date',
-						'id',
-						'include',
-						'title',
-						'slug',
-						'modified',
-					),
-					'validate_callback' => 'rest_validate_request_arg',
-				),
-			)
-		);
-	}
-
-	/**
-	 * Retrieves the items's schema, conforming to JSON Schema.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @return array Item schema data.
-	 */
-	public function get_item_schema() {
-
-		// Maybe retrieve the schema from cache.
-		if ( ! empty( $this->schema ) ) {
-			return $this->add_additional_fields_schema( $this->schema );
-		}
-
-		$type   = str_replace( 'wpi_', '', $this->post_type );
-		$schema = array(
-			'$schema'    => 'http://json-schema.org/draft-04/schema#',
-			'title'      => $this->post_type,
-			'type'       => 'object',
-			'properties' => wpinv_get_data( "$type-schema" ),
-		);
-
-		// Filters the invoice schema for the REST API.
+    /**
+     * Update a single object.
+     *
+     * @param WP_REST_Request $request Full details about the request.
+     * @return WP_Error|WP_REST_Response
+     */
+    public function update_item( $request ) {
+
+        // Create item.
+        $response = parent::update_item( $request );
+
+        // Fire a hook after an item is created.
+        if ( ! is_wp_error( $response ) ) {
+
+            /**
+             * Fires after a single item is created or updated via the REST API.
+             *
+             * @param WP_Post         $post      Post object.
+             * @param WP_REST_Request $request   Request object.
+             * @param boolean         $creating  True when creating item, false when updating.
+             */
+            do_action( "getpaid_rest_insert_{$this->post_type}", $this->data_object, $request, false );
+
+        }
+
+        return $response;
+
+    }
+
+    /**
+     * Get a collection of objects.
+     *
+     * @param WP_REST_Request $request Full details about the request.
+     * @return WP_Error|WP_REST_Response
+     */
+    public function get_items( $request ) {
+
+        $args                         = array();
+        $args['offset']               = $request['offset'];
+        $args['order']                = $request['order'];
+        $args['orderby']              = $request['orderby'];
+        $args['paged']                = $request['page'];
+        $args['post__in']             = $request['include'];
+        $args['post__not_in']         = $request['exclude'];
+        $args['posts_per_page']       = $request['per_page'];
+        $args['name']                 = $request['slug'];
+        $args['post_parent__in']      = $request['parent'];
+        $args['post_parent__not_in']  = $request['parent_exclude'];
+        $args['s']                    = $request['search'];
+        $args['post_status']          = wpinv_parse_list( $request['status'] );
+
+        $args['date_query'] = array();
+
+        // Set before into date query. Date query must be specified as an array of an array.
+        if ( isset( $request['before'] ) ) {
+            $args['date_query'][0]['before'] = $request['before'];
+        }
+
+        // Set after into date query. Date query must be specified as an array of an array.
+        if ( isset( $request['after'] ) ) {
+            $args['date_query'][0]['after'] = $request['after'];
+        }
+
+        // Force the post_type & fields arguments, since they're not a user input variable.
+        $args['post_type'] = $this->post_type;
+        $args['fields']    = 'ids';
+
+        // Filter the query arguments for a request.
+        $args       = apply_filters( "getpaid_rest_{$this->post_type}_query", $args, $request );
+        $query_args = $this->prepare_items_query( $args, $request );
+
+        $posts_query = new WP_Query();
+        $query_result = $posts_query->query( $query_args );
+
+        $posts = array();
+        foreach ( $query_result as $post_id ) {
+            if ( ! $this->check_post_permissions( 'read', $post_id ) ) {
+                continue;
+            }
+
+            $data    = $this->prepare_item_for_response( $this->get_object( $post_id ), $request );
+            $posts[] = $this->prepare_response_for_collection( $data );
+        }
+
+        $page        = (int) $query_args['paged'];
+        $total_posts = $posts_query->found_posts;
+
+        if ( $total_posts < 1 ) {
+            // Out-of-bounds, run the query again without LIMIT for total count.
+            unset( $query_args['paged'] );
+            $count_query = new WP_Query();
+            $count_query->query( $query_args );
+            $total_posts = $count_query->found_posts;
+        }
+
+        $max_pages = ceil( $total_posts / (int) $query_args['posts_per_page'] );
+
+        $response = rest_ensure_response( $posts );
+        $response->header( 'X-WP-Total', (int) $total_posts );
+        $response->header( 'X-WP-TotalPages', (int) $max_pages );
+
+        $request_params = $request->get_query_params();
+        $base = add_query_arg( $request_params, rest_url( sprintf( '/%s/%s', $this->namespace, $this->rest_base ) ) );
+
+        if ( $page > 1 ) {
+            $prev_page = $page - 1;
+            if ( $prev_page > $max_pages ) {
+                $prev_page = $max_pages;
+            }
+            $prev_link = add_query_arg( 'page', $prev_page, $base );
+            $response->link_header( 'prev', $prev_link );
+        }
+        if ( $max_pages > $page ) {
+            $next_page = $page + 1;
+            $next_link = add_query_arg( 'page', $next_page, $base );
+            $response->link_header( 'next', $next_link );
+        }
+
+        return $response;
+    }
+
+    /**
+     * Delete a single item.
+     *
+     * @param WP_REST_Request $request Full details about the request.
+     * @return WP_REST_Response|WP_Error
+     */
+    public function delete_item( $request ) {
+
+        // Fetch the item.
+        $item = $this->get_object( $request['id'] );
+        if ( is_wp_error( $item ) ) {
+            return $item;
+        }
+
+        $supports_trash = EMPTY_TRASH_DAYS > 0;
+        $force          = $supports_trash && (bool) $request['force'];
+
+        if ( ! $this->check_post_permissions( 'delete', $item->ID ) ) {
+            return new WP_Error( 'cannot_delete', __( 'Sorry, you are not allowed to delete this resource.', 'invoicing' ), array( 'status' => rest_authorization_required_code() ) );
+        }
+
+        $request->set_param( 'context', 'edit' );
+        $response = $this->prepare_item_for_response( $item, $request );
+
+        if ( ! wp_delete_post( $item->ID, $force ) ) {
+            return new WP_Error( 'rest_cannot_delete', sprintf( __( 'The resource cannot be deleted.', 'invoicing' ), $this->post_type ), array( 'status' => 500 ) );
+        }
+
+        return $response;
+    }
+
+    /**
+     * Prepare links for the request.
+     *
+     * @param GetPaid_Data    $object GetPaid_Data object.
+     * @return array Links for the given object.
+     */
+    protected function prepare_links( $object ) {
+
+        $links = parent::prepare_links( $object );
+
+        if ( is_callable( array( $object, 'get_user_id' ) ) ) {
+            $links['user'] = array(
+                'href'       => rest_url( 'wp/v2/users/' . call_user_func( array( $object, 'get_user_id' ) ) ),
+                'embeddable' => true,
+            );
+        }
+
+        if ( is_callable( array( $object, 'get_owner' ) ) ) {
+            $links['owner']  = array(
+                'href'       => rest_url( 'wp/v2/users/' . call_user_func( array( $object, 'get_owner' ) ) ),
+                'embeddable' => true,
+            );
+        }
+
+        if ( is_callable( array( $object, 'get_parent_id' ) ) && call_user_func( array( $object, 'get_parent_id' ) ) ) {
+            $links['parent']  = array(
+                'href'       => rest_url( "$this->namespace/$this->rest_base/" . call_user_func( array( $object, 'get_parent_id' ) ) ),
+                'embeddable' => true,
+            );
+        }
+
+        return $links;
+    }
+
+    /**
+     * Determine the allowed query_vars for a get_items() response and
+     * prepare for WP_Query.
+     *
+     * @param array           $prepared_args Prepared arguments.
+     * @param WP_REST_Request $request Request object.
+     * @return array          $query_args
+     */
+    protected function prepare_items_query( $prepared_args = array(), $request = null ) {
+
+        $valid_vars = array_flip( $this->get_allowed_query_vars() );
+        $query_args = array();
+        foreach ( $valid_vars as $var => $index ) {
+            if ( isset( $prepared_args[ $var ] ) ) {
+                $query_args[ $var ] = apply_filters( "getpaid_rest_query_var-{$var}", $prepared_args[ $var ], $index );
+            }
+        }
+
+        $query_args['ignore_sticky_posts'] = true;
+
+        if ( 'include' === $query_args['orderby'] ) {
+            $query_args['orderby'] = 'post__in';
+        } elseif ( 'id' === $query_args['orderby'] ) {
+            $query_args['orderby'] = 'ID'; // ID must be capitalized.
+        } elseif ( 'slug' === $query_args['orderby'] ) {
+            $query_args['orderby'] = 'name';
+        }
+
+        return apply_filters( 'getpaid_rest_prepare_items_query', $query_args, $request, $this );
+
+    }
+
+    /**
+     * Get all the WP Query vars that are allowed for the API request.
+     *
+     * @return array
+     */
+    protected function get_allowed_query_vars() {
+        global $wp;
+
+        /**
+         * Filter the publicly allowed query vars.
+         *
+         * Allows adjusting of the default query vars that are made public.
+         *
+         * @param array  Array of allowed WP_Query query vars.
+         */
+        $valid_vars = apply_filters( 'query_vars', $wp->public_query_vars );
+
+        $post_type_obj = get_post_type_object( $this->post_type );
+        if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
+            $private = apply_filters( 'getpaid_rest_private_query_vars', $wp->private_query_vars );
+            $valid_vars = array_merge( $valid_vars, $private );
+        }
+
+        // Define our own in addition to WP's normal vars.
+        $rest_valid = array(
+            'post_status',
+            'date_query',
+            'ignore_sticky_posts',
+            'offset',
+            'post__in',
+            'post__not_in',
+            'post_parent',
+            'post_parent__in',
+            'post_parent__not_in',
+            'posts_per_page',
+            'meta_query',
+            'tax_query',
+            'meta_key',
+            'meta_value',
+            'meta_compare',
+            'meta_value_num',
+        );
+        $valid_vars = array_merge( $valid_vars, $rest_valid );
+
+        // Filter allowed query vars for the REST API.
+        $valid_vars = apply_filters( 'getpaid_rest_query_vars', $valid_vars, $this );
+
+        return $valid_vars;
+    }
+
+    /**
+     * Get the query params for collections of attachments.
+     *
+     * @return array
+     */
+    public function get_collection_params() {
+
+        return array_merge(
+            parent::get_collection_params(),
+            array(
+                'status'  => array(
+                    'default'           => $this->get_post_statuses(),
+                    'description'       => __( 'Limit result set to resources assigned one or more statuses.', 'invoicing' ),
+                    'type'              => array( 'array', 'string' ),
+                    'items'             => array(
+                        'enum' => $this->get_post_statuses(),
+                        'type' => 'string',
+                    ),
+                    'validate_callback' => 'rest_validate_request_arg',
+                    'sanitize_callback' => array( $this, 'sanitize_post_statuses' ),
+                ),
+                'after'   => array(
+                    'description'       => __( 'Limit response to resources created after a given ISO8601 compliant date.', 'invoicing' ),
+                    'type'              => 'string',
+                    'format'            => 'string',
+                    'validate_callback' => 'rest_validate_request_arg',
+                    'sanitize_callback' => 'sanitize_text_field',
+                ),
+                'before'  => array(
+                    'description'       => __( 'Limit response to resources created before a given ISO8601 compliant date.', 'invoicing' ),
+                    'type'              => 'string',
+                    'format'            => 'string',
+                    'validate_callback' => 'rest_validate_request_arg',
+                    'sanitize_callback' => 'sanitize_text_field',
+                ),
+                'exclude' => array(
+                    'description'       => __( 'Ensure result set excludes specific IDs.', 'invoicing' ),
+                    'type'              => 'array',
+                    'items'             => array(
+                        'type' => 'integer',
+                    ),
+                    'default'           => array(),
+                    'sanitize_callback' => 'wp_parse_id_list',
+                    'validate_callback' => 'rest_validate_request_arg',
+                ),
+                'include' => array(
+                    'description'       => __( 'Limit result set to specific ids.', 'invoicing' ),
+                    'type'              => 'array',
+                    'items'             => array(
+                        'type' => 'integer',
+                    ),
+                    'default'           => array(),
+                    'sanitize_callback' => 'wp_parse_id_list',
+                    'validate_callback' => 'rest_validate_request_arg',
+                ),
+                'offset'  => array(
+                    'description'       => __( 'Offset the result set by a specific number of items.', 'invoicing' ),
+                    'type'              => 'integer',
+                    'sanitize_callback' => 'absint',
+                    'validate_callback' => 'rest_validate_request_arg',
+                ),
+                'order'   => array(
+                    'description'       => __( 'Order sort attribute ascending or descending.', 'invoicing' ),
+                    'type'              => 'string',
+                    'default'           => 'desc',
+                    'enum'              => array( 'asc', 'desc' ),
+                    'validate_callback' => 'rest_validate_request_arg',
+                ),
+                'orderby' => array(
+                    'description'       => __( 'Sort collection by object attribute.', 'invoicing' ),
+                    'type'              => 'string',
+                    'default'           => 'date',
+                    'enum'              => array(
+                        'date',
+                        'id',
+                        'include',
+                        'title',
+                        'slug',
+                        'modified',
+                    ),
+                    'validate_callback' => 'rest_validate_request_arg',
+                ),
+            )
+        );
+    }
+
+    /**
+     * Retrieves the items's schema, conforming to JSON Schema.
+     *
+     * @since 1.0.19
+     *
+     * @return array Item schema data.
+     */
+    public function get_item_schema() {
+
+        // Maybe retrieve the schema from cache.
+        if ( ! empty( $this->schema ) ) {
+            return $this->add_additional_fields_schema( $this->schema );
+        }
+
+        $type   = str_replace( 'wpi_', '', $this->post_type );
+        $schema = array(
+            '$schema'    => 'http://json-schema.org/draft-04/schema#',
+            'title'      => $this->post_type,
+            'type'       => 'object',
+            'properties' => wpinv_get_data( "$type-schema" ),
+        );
+
+        // Filters the invoice schema for the REST API.
         $schema = apply_filters( "wpinv_rest_{$type}_schema", $schema );
 
-		// Cache the invoice schema.
-		$this->schema = $schema;
-
-		return $this->add_additional_fields_schema( $this->schema );
-	}
-
-	/**
-	 * Sanitizes and validates the list of post statuses.
-	 *
-	 * @since 1.0.13
-	 *
-	 * @param string|array    $statuses  One or more post statuses.
-	 * @param WP_REST_Request $request   Full details about the request.
-	 * @param string          $parameter Additional parameter to pass to validation.
-	 * @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
-	 */
-	public function sanitize_post_statuses( $statuses, $request, $parameter ) {
-		return array_intersect( wp_parse_slug_list( $statuses ), $this->get_post_statuses() );
-	}
-
-	/**
-	 * Retrieves a valid list of post statuses.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @return array A list of registered item statuses.
-	 */
-	public function get_post_statuses() {
-		return get_post_stati();
-	}
-
-	/**
-	 * Checks if a key should be included in a response.
-	 *
-	 * @since  1.0.19
-	 * @param  GetPaid_Data $object  Data object.
-	 * @param  string       $field_key The key to check for.
-	 * @return bool
-	 */
-	public function object_supports_field( $object, $field_key ) {
-		$supports = parent::object_supports_field( $object, $field_key );
-		return apply_filters( "getpaid_rest_{$this->post_type}_object_supports_key", $supports, $object, $field_key );
-	}
+        // Cache the invoice schema.
+        $this->schema = $schema;
+
+        return $this->add_additional_fields_schema( $this->schema );
+    }
+
+    /**
+     * Sanitizes and validates the list of post statuses.
+     *
+     * @since 1.0.13
+     *
+     * @param string|array    $statuses  One or more post statuses.
+     * @param WP_REST_Request $request   Full details about the request.
+     * @param string          $parameter Additional parameter to pass to validation.
+     * @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
+     */
+    public function sanitize_post_statuses( $statuses, $request, $parameter ) {
+        return array_intersect( wp_parse_slug_list( $statuses ), $this->get_post_statuses() );
+    }
+
+    /**
+     * Retrieves a valid list of post statuses.
+     *
+     * @since 1.0.19
+     *
+     * @return array A list of registered item statuses.
+     */
+    public function get_post_statuses() {
+        return get_post_stati();
+    }
+
+    /**
+     * Checks if a key should be included in a response.
+     *
+     * @since  1.0.19
+     * @param  GetPaid_Data $object  Data object.
+     * @param  string       $field_key The key to check for.
+     * @return bool
+     */
+    public function object_supports_field( $object, $field_key ) {
+        $supports = parent::object_supports_field( $object, $field_key );
+        return apply_filters( "getpaid_rest_{$this->post_type}_object_supports_key", $supports, $object, $field_key );
+    }
 
 }

includes/class-getpaid-template.php

Indentation +152 added lines, -152 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 if ( ! defined( 'ABSPATH' ) ) {
-	exit;
+    exit;
 }
 
 /**
@@ -20,29 +20,29 @@ 
     public $templates_url;
 
     /**
-	 * Class constructor.
-	 *
-	 * @since 1.0.19
-	 */
-	public function __construct() {
+     * Class constructor.
+     *
+     * @since 1.0.19
+     */
+    public function __construct() {
 
         $this->templates_dir = apply_filters( 'getpaid_default_templates_dir', WPINV_PLUGIN_DIR . 'templates' );
         $this->templates_url = apply_filters( 'getpaid_default_templates_url', WPINV_PLUGIN_URL . 'templates' );
 
         // Oxygen plugin
-		if ( defined( 'CT_VERSION' ) ) {
-			add_filter( 'wpinv_locate_template', array( $this, 'oxygen_override_template' ), 11, 4 );
-		}
+        if ( defined( 'CT_VERSION' ) ) {
+            add_filter( 'wpinv_locate_template', array( $this, 'oxygen_override_template' ), 11, 4 );
+        }
 
     }
 
     /**
-	 * Checks if this is a preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_preview() {
+     * Checks if this is a preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_preview() {
         return $this->is_divi_preview() ||
             $this->is_elementor_preview() ||
             $this->is_beaver_preview() ||
@@ -53,73 +53,73 @@ 
     }
 
     /**
-	 * Checks if this is an elementor preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_elementor_preview() {
-		return isset( $_REQUEST['elementor-preview'] ) || ( is_admin() && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'elementor' ) || ( isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'elementor_ajax' );
-	}
-
-	/**
-	 * Checks if this is a DIVI preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_divi_preview() {
-		return isset( $_REQUEST['et_fb'] ) || isset( $_REQUEST['et_pb_preview'] ) || ( is_admin() && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'et_pb' );
-	}
-
-	/**
-	 * Checks if this is a beaver builder preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_beaver_preview() {
-		return isset( $_REQUEST['fl_builder'] );
-	}
-
-	/**
-	 * Checks if this is a siteorigin builder preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_siteorigin_preview() {
-		return ! empty( $_REQUEST['siteorigin_panels_live_editor'] );
-	}
-
-	/**
-	 * Checks if this is a cornerstone builder preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_cornerstone_preview() {
-		return ! empty( $_REQUEST['cornerstone_preview'] ) || basename( $_SERVER['REQUEST_URI'] ) == 'cornerstone-endpoint';
-	}
-
-	/**
-	 * Checks if this is a fusion builder preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_fusion_preview() {
-		return ! empty( $_REQUEST['fb-edit'] ) || ! empty( $_REQUEST['fusion_load_nonce'] );
-	}
-
-	/**
-	 * Checks if this is an oxygen builder preview page
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	public function is_oxygen_preview() {
-		return ! empty( $_REQUEST['ct_builder'] ) || ( ! empty( $_REQUEST['action'] ) && ( substr( $_REQUEST['action'], 0, 11 ) === 'oxy_render_' || substr( $_REQUEST['action'], 0, 10 ) === 'ct_render_' ) );
+     * Checks if this is an elementor preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_elementor_preview() {
+        return isset( $_REQUEST['elementor-preview'] ) || ( is_admin() && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'elementor' ) || ( isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'elementor_ajax' );
+    }
+
+    /**
+     * Checks if this is a DIVI preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_divi_preview() {
+        return isset( $_REQUEST['et_fb'] ) || isset( $_REQUEST['et_pb_preview'] ) || ( is_admin() && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'et_pb' );
+    }
+
+    /**
+     * Checks if this is a beaver builder preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_beaver_preview() {
+        return isset( $_REQUEST['fl_builder'] );
+    }
+
+    /**
+     * Checks if this is a siteorigin builder preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_siteorigin_preview() {
+        return ! empty( $_REQUEST['siteorigin_panels_live_editor'] );
+    }
+
+    /**
+     * Checks if this is a cornerstone builder preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_cornerstone_preview() {
+        return ! empty( $_REQUEST['cornerstone_preview'] ) || basename( $_SERVER['REQUEST_URI'] ) == 'cornerstone-endpoint';
+    }
+
+    /**
+     * Checks if this is a fusion builder preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_fusion_preview() {
+        return ! empty( $_REQUEST['fb-edit'] ) || ! empty( $_REQUEST['fusion_load_nonce'] );
+    }
+
+    /**
+     * Checks if this is an oxygen builder preview page
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    public function is_oxygen_preview() {
+        return ! empty( $_REQUEST['ct_builder'] ) || ( ! empty( $_REQUEST['action'] ) && ( substr( $_REQUEST['action'], 0, 11 ) === 'oxy_render_' || substr( $_REQUEST['action'], 0, 10 ) === 'ct_render_' ) );
     }
 
     /**
@@ -129,7 +129,7 @@ 
      * @param string $template_path The template path relative to the theme's root dir. Defaults to 'invoicing'.
      * @param string $default_path The root path to the default template. Defaults to invoicing/templates
      */
-	public function locate_template( $template_name, $template_path = '', $default_path = '' ) {
+    public function locate_template( $template_name, $template_path = '', $default_path = '' ) {
 
         // Load the defaults for the template path and default path.
         $template_path = empty( $template_path ) ? 'invoicing' : $template_path;
@@ -150,22 +150,22 @@ 
     }
 
     /**
-	 * Loads a template
-	 *
-	 * @since 1.0.19
-	 * @return bool
-	 */
-	protected function load_template( $template_name, $template_path, $args ) {
+     * Loads a template
+     *
+     * @since 1.0.19
+     * @return bool
+     */
+    protected function load_template( $template_name, $template_path, $args ) {
 
         if ( is_array( $args ) ) {
             extract( $args );
         }
 
         // Fires before loading a template.
-	    do_action( 'wpinv_before_template_part', $template_name, $template_path, $args );
+        do_action( 'wpinv_before_template_part', $template_name, $template_path, $args );
 
         // Load the template.
-	    include $template_path;
+        include $template_path;
 
         // Fires after loading a template.
         do_action( 'wpinv_after_template_part', $template_name, $template_path, $args );
@@ -182,7 +182,7 @@ 
      * @param string $template_path The templates directory relative to the theme's root dir. Defaults to 'invoicing'.
      * @param string $default_path The root path to the default template. Defaults to invoicing/templates
      */
-	public function display_template( $template_name, $args = array(), $template_path = '', $default_path = '' ) {
+    public function display_template( $template_name, $args = array(), $template_path = '', $default_path = '' ) {
 
         // Locate the template.
         $located = $this->locate_template( $template_name, $template_path, $default_path );
@@ -207,74 +207,74 @@ 
      * @param string $template_path The templates directory relative to the theme's root dir. Defaults to 'invoicing'.
      * @param string $default_path The root path to the default template. Defaults to invoicing/templates
      */
-	public function get_template( $template_name, $args = array(), $template_path = '', $default_path = '' ) {
+    public function get_template( $template_name, $args = array(), $template_path = '', $default_path = '' ) {
         ob_start();
         $this->display_template( $template_name, $args, $template_path, $default_path );
         return ob_get_clean();
     }
 
     /**
-	 * Get the geodirectory templates theme path.
-	 *
-	 *
-	 * @return string Template path.
-	 */
-	public static function get_theme_template_path() {
-		$template   = get_template();
-		$theme_root = get_theme_root( $template );
-
-		return $theme_root . '/' . $template . '/' . untrailingslashit( wpinv_get_theme_template_dir_name() );
-
-	}
-
-	/**
-	 * Oxygen locate theme template.
-	 *
-	 * @param string $template The template.
-	 * @return string The theme template.
-	 */
-	public static function oxygen_locate_template( $template ) {
-
-		if ( empty( $template ) ) {
-			return '';
-		}
-
-		$has_filter = has_filter( 'template', 'ct_oxygen_template_name' );
-
-		// Remove template filter
-		if ( $has_filter ) {
-			remove_filter( 'template', 'ct_oxygen_template_name' );
-		}
-
-		$template = self::get_theme_template_path() . '/' . $template;
-
-		if ( ! file_exists( $template ) ) {
-			$template = '';
-		}
-
-		// Add template filter
-		if ( $has_filter ) {
-			add_filter( 'template', 'ct_oxygen_template_name' );
-		}
-
-		return $template;
-	}
-
-	/**
-	 * Oxygen override theme template.
-	 *
-	 * @param string $located Located template.
-	 * @param string $template_name Template name.
-	 * @return string Located template.
-	 */
-	public function oxygen_override_template( $located, $template_name ) {
+     * Get the geodirectory templates theme path.
+     *
+     *
+     * @return string Template path.
+     */
+    public static function get_theme_template_path() {
+        $template   = get_template();
+        $theme_root = get_theme_root( $template );
+
+        return $theme_root . '/' . $template . '/' . untrailingslashit( wpinv_get_theme_template_dir_name() );
+
+    }
+
+    /**
+     * Oxygen locate theme template.
+     *
+     * @param string $template The template.
+     * @return string The theme template.
+     */
+    public static function oxygen_locate_template( $template ) {
+
+        if ( empty( $template ) ) {
+            return '';
+        }
+
+        $has_filter = has_filter( 'template', 'ct_oxygen_template_name' );
+
+        // Remove template filter
+        if ( $has_filter ) {
+            remove_filter( 'template', 'ct_oxygen_template_name' );
+        }
+
+        $template = self::get_theme_template_path() . '/' . $template;
+
+        if ( ! file_exists( $template ) ) {
+            $template = '';
+        }
+
+        // Add template filter
+        if ( $has_filter ) {
+            add_filter( 'template', 'ct_oxygen_template_name' );
+        }
+
+        return $template;
+    }
+
+    /**
+     * Oxygen override theme template.
+     *
+     * @param string $located Located template.
+     * @param string $template_name Template name.
+     * @return string Located template.
+     */
+    public function oxygen_override_template( $located, $template_name ) {
 
         $oxygen_overide = self::oxygen_locate_template( $template_name );
-		if ( ! empty( $oxygen_overide ) ) {
-			return $oxygen_overide;
-		}
+        if ( ! empty( $oxygen_overide ) ) {
+            return $oxygen_overide;
+        }
 
-		return $located;
-	}
+        return $located;
+    }
 
 }

includes/class-getpaid-subscriptions-query.php

Indentation +487 added lines, -487 removed lines

@@ -16,494 +16,494 @@
  */
 class GetPaid_Subscriptions_Query {
 
-	/**
-	 * Query vars, after parsing
-	 *
-	 * @since 1.0.19
-	 * @var array
-	 */
-	public $query_vars = array();
-
-	/**
-	 * List of found subscriptions.
-	 *
-	 * @since 1.0.19
-	 * @var array
-	 */
-	private $results;
-
-	/**
-	 * Total number of found subscriptions for the current query
-	 *
-	 * @since 1.0.19
-	 * @var int
-	 */
-	private $total_subscriptions = 0;
-
-	/**
-	 * The SQL query used to fetch matching subscriptions.
-	 *
-	 * @since 1.0.19
-	 * @var string
-	 */
-	public $request;
-
-	// SQL clauses
-
-	/**
-	 * Contains the 'FIELDS' sql clause
-	 *
-	 * @since 1.0.19
-	 * @var string
-	 */
-	public $query_fields;
-
-	/**
-	 * Contains the 'FROM' sql clause
-	 *
-	 * @since 1.0.19
-	 * @var string
-	 */
-	public $query_from;
-
-	/**
-	 * Contains the 'WHERE' sql clause
-	 *
-	 * @since 1.0.19
-	 * @var string
-	 */
-	public $query_where;
-
-	/**
-	 * Contains the 'ORDER BY' sql clause
-	 *
-	 * @since 1.0.19
-	 * @var string
-	 */
-	public $query_orderby;
-
-	/**
-	 * Contains the 'LIMIT' sql clause
-	 *
-	 * @since 1.0.19
-	 * @var string
-	 */
-	public $query_limit;
-
-	/**
-	 * Class constructor.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param null|string|array $query Optional. The query variables.
-	 */
-	public function __construct( $query = null ) {
-		if ( ! is_null( $query ) ) {
-			$this->prepare_query( $query );
-			$this->query();
-		}
-	}
-
-	/**
-	 * Fills in missing query variables with default values.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param  string|array $args Query vars, as passed to `GetPaid_Subscriptions_Query`.
-	 * @return array Complete query variables with undefined ones filled in with defaults.
-	 */
-	public static function fill_query_vars( $args ) {
-		$defaults = array(
-			'status'          => 'all',
-			'customer_in'     => array(),
-			'customer_not_in' => array(),
-			'product_in'      => array(),
-			'product_not_in'  => array(),
-			'include'         => array(),
-			'exclude'         => array(),
-			'orderby'         => 'id',
-			'order'           => 'DESC',
-			'offset'          => '',
-			'number'          => 10,
-			'paged'           => 1,
-			'count_total'     => true,
-			'fields'          => 'all',
-		);
-
-		return wp_parse_args( $args, $defaults );
-	}
-
-	/**
-	 * Prepare the query variables.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @global wpdb $wpdb WordPress database abstraction object.
-	 *
-	 * @param string|array $query {
-	 *     Optional. Array or string of Query parameters.
-	 *
-	 *     @type string|array $status              The subscription status to filter by. Can either be a single status or an array of statuses.
-	 *                                             Default is all.
-	 *     @type int[]        $customer_in         An array of customer ids to filter by.
-	 *     @type int[]        $customer_not_in     An array of customer ids whose subscriptions should be excluded.
-	 *     @type int[]        $invoice_in          An array of invoice ids to filter by.
-	 *     @type int[]        $invoice_not_in      An array of invoice ids whose subscriptions should be excluded.
-	 *     @type int[]        $product_in          An array of product ids to filter by.
-	 *     @type int[]        $product_not_in      An array of product ids whose subscriptions should be excluded.
-	 *     @type array        $date_created_query  A WP_Date_Query compatible array use to filter subscriptions by their date of creation.
-	 *     @type array        $date_expires_query  A WP_Date_Query compatible array use to filter subscriptions by their expiration date.
-	 *     @type array        $include             An array of subscription IDs to include. Default empty array.
-	 *     @type array        $exclude             An array of subscription IDs to exclude. Default empty array.
-	 *     @type string|array $orderby             Field(s) to sort the retrieved subscription by. May be a single value,
-	 *                                             an array of values, or a multi-dimensional array with fields as
-	 *                                             keys and orders ('ASC' or 'DESC') as values. Accepted values are
-	 *                                             'id', 'customer_id', 'frequency', 'period', 'initial_amount,
-	 *                                             'recurring_amount', 'bill_times', 'parent_payment_id', 'created', 'expiration'
-	 *                                             'transaction_id', 'product_id', 'trial_period', 'include', 'status', 'profile_id'. Default array( 'id' ).
-	 *     @type string       $order               Designates ascending or descending order of subscriptions. Order values
-	 *                                             passed as part of an `$orderby` array take precedence over this
-	 *                                             parameter. Accepts 'ASC', 'DESC'. Default 'DESC'.
-	 *     @type int          $offset              Number of subscriptions to offset in retrieved results. Can be used in
-	 *                                             conjunction with pagination. Default 0.
-	 *     @type int          $number              Number of subscriptions to limit the query for. Can be used in
-	 *                                             conjunction with pagination. Value -1 (all) is supported, but
-	 *                                             should be used with caution on larger sites.
-	 *                                             Default 10.
-	 *     @type int          $paged               When used with number, defines the page of results to return.
-	 *                                             Default 1.
-	 *     @type bool         $count_total         Whether to count the total number of subscriptions found. If pagination
-	 *                                             is not needed, setting this to false can improve performance.
-	 *                                             Default true.
-	 *     @type string|array $fields              Which fields to return. Single or all fields (string), or array
-	 *                                             of fields. Accepts 'id', 'customer_id', 'frequency', 'period', 'initial_amount,
-	 *                                             'recurring_amount', 'bill_times', 'parent_payment_id', 'created', 'expiration'
-	 *                                             'transaction_id', 'product_id', 'trial_period', 'status', 'profile_id'.
-	 *                                             Use 'all' for all fields. Default 'all'.
-	 * }
-	 */
-	public function prepare_query( $query = array() ) {
-		global $wpdb;
-
-		if ( empty( $this->query_vars ) || ! empty( $query ) ) {
-			$this->query_limit = null;
-			$this->query_vars  = $this->fill_query_vars( $query );
-		}
-
-		if ( ! empty( $this->query_vars['fields'] ) && 'all' !== $this->query_vars['fields'] ) {
-			$this->query_vars['fields'] = wpinv_parse_list( $this->query_vars['fields'] );
-		}
-
-		do_action( 'getpaid_pre_get_subscriptions', array( &$this ) );
-
-		// Ensure that query vars are filled after 'getpaid_pre_get_subscriptions'.
-		$qv                =& $this->query_vars;
-		$qv                = $this->fill_query_vars( $qv );
-		$table             = $wpdb->prefix . 'wpinv_subscriptions';
-		$this->query_from  = "FROM $table";
-
-		// Prepare query fields.
-		$this->prepare_query_fields( $qv, $table );
-
-		// Prepare query where.
-		$this->prepare_query_where( $qv, $table );
-
-		// Prepare query order.
-		$this->prepare_query_order( $qv, $table );
-
-		// limit
-		if ( isset( $qv['number'] ) && $qv['number'] > 0 ) {
-			if ( $qv['offset'] ) {
-				$this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['offset'], $qv['number'] );
-			} else {
-				$this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] );
-			}
-		}
-
-		do_action_ref_array( 'getpaid_after_subscriptions_query', array( &$this ) );
-	}
-
-	/**
-	 * Prepares the query fields.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param array $qv Query vars.
-	 * @param string $table Table name.
-	 */
-	protected function prepare_query_fields( &$qv, $table ) {
-
-		if ( is_array( $qv['fields'] ) ) {
-			$qv['fields'] = array_unique( $qv['fields'] );
-
-			$query_fields = array();
-			foreach ( $qv['fields'] as $field ) {
-				$field          = sanitize_key( $field );
-				$query_fields[] = "$table.`$field`";
-			}
-			$this->query_fields = implode( ',', $query_fields );
-		} else {
-			$this->query_fields = "$table.*";
-		}
-
-		if ( isset( $qv['count_total'] ) && $qv['count_total'] ) {
-			$this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields;
-		}
-
-	}
-
-	/**
-	 * Prepares the query where.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param array $qv Query vars.
-	 * @param string $table Table name.
-	 */
-	protected function prepare_query_where( &$qv, $table ) {
-		global $wpdb;
-		$this->query_where = 'WHERE 1=1';
-
-		// Status.
-		if ( 'all' !== $qv['status'] ) {
-			$statuses           = wpinv_clean( wpinv_parse_list( $qv['status'] ) );
-			$prepared_statuses  = join( ',', array_fill( 0, count( $statuses ), '%s' ) );
-			$this->query_where .= $wpdb->prepare( " AND $table.`status` IN ( $prepared_statuses )", $statuses );
-		}
-
-		if ( ! empty( $qv['customer_in'] ) ) {
-			$customer_in        = implode( ',', wp_parse_id_list( $qv['customer_in'] ) );
-			$this->query_where .= " AND $table.`customer_id` IN ($customer_in)";
-		} elseif ( ! empty( $qv['customer_not_in'] ) ) {
-			$customer_not_in    = implode( ',', wp_parse_id_list( $qv['customer_not_in'] ) );
-			$this->query_where .= " AND $table.`customer_id` NOT IN ($customer_not_in)";
-		}
-
-		if ( ! empty( $qv['product_in'] ) ) {
-			$product_in         = implode( ',', wp_parse_id_list( $qv['product_in'] ) );
-			$this->query_where .= " AND $table.`product_id` IN ($product_in)";
-		} elseif ( ! empty( $qv['product_not_in'] ) ) {
-			$product_not_in     = implode( ',', wp_parse_id_list( $qv['product_not_in'] ) );
-			$this->query_where .= " AND $table.`product_id` NOT IN ($product_not_in)";
-		}
-
-		if ( ! empty( $qv['invoice_in'] ) ) {
-			$invoice_in         = implode( ',', wp_parse_id_list( $qv['invoice_in'] ) );
-			$this->query_where .= " AND $table.`parent_payment_id` IN ($invoice_in)";
-		} elseif ( ! empty( $qv['invoice_not_in'] ) ) {
-			$invoice_not_in     = implode( ',', wp_parse_id_list( $qv['invoice_not_in'] ) );
-			$this->query_where .= " AND $table.`parent_payment_id` NOT IN ($invoice_not_in)";
-		}
-
-		if ( ! empty( $qv['include'] ) ) {
-			$include            = implode( ',', wp_parse_id_list( $qv['include'] ) );
-			$this->query_where .= " AND $table.`id` IN ($include)";
-		} elseif ( ! empty( $qv['exclude'] ) ) {
-			$exclude            = implode( ',', wp_parse_id_list( $qv['exclude'] ) );
-			$this->query_where .= " AND $table.`id` NOT IN ($exclude)";
-		}
-
-		// Date queries are allowed for the subscription creation date.
-		if ( ! empty( $qv['date_created_query'] ) && is_array( $qv['date_created_query'] ) ) {
-			$date_created_query = new WP_Date_Query( $qv['date_created_query'], "$table.created" );
-			$this->query_where .= $date_created_query->get_sql();
-		}
-
-		// Date queries are also allowed for the subscription expiration date.
-		if ( ! empty( $qv['date_expires_query'] ) && is_array( $qv['date_expires_query'] ) ) {
-			$date_expires_query = new WP_Date_Query( $qv['date_expires_query'], "$table.expiration" );
-			$this->query_where .= $date_expires_query->get_sql();
-		}
-
-	}
-
-	/**
-	 * Prepares the query order.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param array $qv Query vars.
-	 * @param string $table Table name.
-	 */
-	protected function prepare_query_order( &$qv, $table ) {
-
-		// sorting.
-		$qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : '';
-		$order       = $this->parse_order( $qv['order'] );
-
-		// Default order is by 'id' (latest subscriptions).
-		if ( empty( $qv['orderby'] ) ) {
-			$qv['orderby'] = array( 'id' );
-		}
-
-		// 'orderby' values may be an array, comma- or space-separated list.
-		$ordersby      = array_filter( wpinv_parse_list( $qv['orderby'] ) );
-
-		$orderby_array = array();
-		foreach ( $ordersby as $_key => $_value ) {
-
-			if ( is_int( $_key ) ) {
-				// Integer key means this is a flat array of 'orderby' fields.
-				$_orderby = $_value;
-				$_order   = $order;
-			} else {
-				// Non-integer key means that the key is the field and the value is ASC/DESC.
-				$_orderby = $_key;
-				$_order   = $_value;
-			}
-
-			$parsed = $this->parse_orderby( $_orderby, $table );
-
-			if ( $parsed ) {
-				$orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
-			}
+    /**
+     * Query vars, after parsing
+     *
+     * @since 1.0.19
+     * @var array
+     */
+    public $query_vars = array();
+
+    /**
+     * List of found subscriptions.
+     *
+     * @since 1.0.19
+     * @var array
+     */
+    private $results;
+
+    /**
+     * Total number of found subscriptions for the current query
+     *
+     * @since 1.0.19
+     * @var int
+     */
+    private $total_subscriptions = 0;
+
+    /**
+     * The SQL query used to fetch matching subscriptions.
+     *
+     * @since 1.0.19
+     * @var string
+     */
+    public $request;
+
+    // SQL clauses
+
+    /**
+     * Contains the 'FIELDS' sql clause
+     *
+     * @since 1.0.19
+     * @var string
+     */
+    public $query_fields;
+
+    /**
+     * Contains the 'FROM' sql clause
+     *
+     * @since 1.0.19
+     * @var string
+     */
+    public $query_from;
+
+    /**
+     * Contains the 'WHERE' sql clause
+     *
+     * @since 1.0.19
+     * @var string
+     */
+    public $query_where;
+
+    /**
+     * Contains the 'ORDER BY' sql clause
+     *
+     * @since 1.0.19
+     * @var string
+     */
+    public $query_orderby;
+
+    /**
+     * Contains the 'LIMIT' sql clause
+     *
+     * @since 1.0.19
+     * @var string
+     */
+    public $query_limit;
+
+    /**
+     * Class constructor.
+     *
+     * @since 1.0.19
+     *
+     * @param null|string|array $query Optional. The query variables.
+     */
+    public function __construct( $query = null ) {
+        if ( ! is_null( $query ) ) {
+            $this->prepare_query( $query );
+            $this->query();
+        }
+    }
+
+    /**
+     * Fills in missing query variables with default values.
+     *
+     * @since 1.0.19
+     *
+     * @param  string|array $args Query vars, as passed to `GetPaid_Subscriptions_Query`.
+     * @return array Complete query variables with undefined ones filled in with defaults.
+     */
+    public static function fill_query_vars( $args ) {
+        $defaults = array(
+            'status'          => 'all',
+            'customer_in'     => array(),
+            'customer_not_in' => array(),
+            'product_in'      => array(),
+            'product_not_in'  => array(),
+            'include'         => array(),
+            'exclude'         => array(),
+            'orderby'         => 'id',
+            'order'           => 'DESC',
+            'offset'          => '',
+            'number'          => 10,
+            'paged'           => 1,
+            'count_total'     => true,
+            'fields'          => 'all',
+        );
+
+        return wp_parse_args( $args, $defaults );
+    }
+
+    /**
+     * Prepare the query variables.
+     *
+     * @since 1.0.19
+     *
+     * @global wpdb $wpdb WordPress database abstraction object.
+     *
+     * @param string|array $query {
+     *     Optional. Array or string of Query parameters.
+     *
+     *     @type string|array $status              The subscription status to filter by. Can either be a single status or an array of statuses.
+     *                                             Default is all.
+     *     @type int[]        $customer_in         An array of customer ids to filter by.
+     *     @type int[]        $customer_not_in     An array of customer ids whose subscriptions should be excluded.
+     *     @type int[]        $invoice_in          An array of invoice ids to filter by.
+     *     @type int[]        $invoice_not_in      An array of invoice ids whose subscriptions should be excluded.
+     *     @type int[]        $product_in          An array of product ids to filter by.
+     *     @type int[]        $product_not_in      An array of product ids whose subscriptions should be excluded.
+     *     @type array        $date_created_query  A WP_Date_Query compatible array use to filter subscriptions by their date of creation.
+     *     @type array        $date_expires_query  A WP_Date_Query compatible array use to filter subscriptions by their expiration date.
+     *     @type array        $include             An array of subscription IDs to include. Default empty array.
+     *     @type array        $exclude             An array of subscription IDs to exclude. Default empty array.
+     *     @type string|array $orderby             Field(s) to sort the retrieved subscription by. May be a single value,
+     *                                             an array of values, or a multi-dimensional array with fields as
+     *                                             keys and orders ('ASC' or 'DESC') as values. Accepted values are
+     *                                             'id', 'customer_id', 'frequency', 'period', 'initial_amount,
+     *                                             'recurring_amount', 'bill_times', 'parent_payment_id', 'created', 'expiration'
+     *                                             'transaction_id', 'product_id', 'trial_period', 'include', 'status', 'profile_id'. Default array( 'id' ).
+     *     @type string       $order               Designates ascending or descending order of subscriptions. Order values
+     *                                             passed as part of an `$orderby` array take precedence over this
+     *                                             parameter. Accepts 'ASC', 'DESC'. Default 'DESC'.
+     *     @type int          $offset              Number of subscriptions to offset in retrieved results. Can be used in
+     *                                             conjunction with pagination. Default 0.
+     *     @type int          $number              Number of subscriptions to limit the query for. Can be used in
+     *                                             conjunction with pagination. Value -1 (all) is supported, but
+     *                                             should be used with caution on larger sites.
+     *                                             Default 10.
+     *     @type int          $paged               When used with number, defines the page of results to return.
+     *                                             Default 1.
+     *     @type bool         $count_total         Whether to count the total number of subscriptions found. If pagination
+     *                                             is not needed, setting this to false can improve performance.
+     *                                             Default true.
+     *     @type string|array $fields              Which fields to return. Single or all fields (string), or array
+     *                                             of fields. Accepts 'id', 'customer_id', 'frequency', 'period', 'initial_amount,
+     *                                             'recurring_amount', 'bill_times', 'parent_payment_id', 'created', 'expiration'
+     *                                             'transaction_id', 'product_id', 'trial_period', 'status', 'profile_id'.
+     *                                             Use 'all' for all fields. Default 'all'.
+     * }
+     */
+    public function prepare_query( $query = array() ) {
+        global $wpdb;
+
+        if ( empty( $this->query_vars ) || ! empty( $query ) ) {
+            $this->query_limit = null;
+            $this->query_vars  = $this->fill_query_vars( $query );
+        }
+
+        if ( ! empty( $this->query_vars['fields'] ) && 'all' !== $this->query_vars['fields'] ) {
+            $this->query_vars['fields'] = wpinv_parse_list( $this->query_vars['fields'] );
+        }
+
+        do_action( 'getpaid_pre_get_subscriptions', array( &$this ) );
+
+        // Ensure that query vars are filled after 'getpaid_pre_get_subscriptions'.
+        $qv                =& $this->query_vars;
+        $qv                = $this->fill_query_vars( $qv );
+        $table             = $wpdb->prefix . 'wpinv_subscriptions';
+        $this->query_from  = "FROM $table";
+
+        // Prepare query fields.
+        $this->prepare_query_fields( $qv, $table );
+
+        // Prepare query where.
+        $this->prepare_query_where( $qv, $table );
+
+        // Prepare query order.
+        $this->prepare_query_order( $qv, $table );
+
+        // limit
+        if ( isset( $qv['number'] ) && $qv['number'] > 0 ) {
+            if ( $qv['offset'] ) {
+                $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['offset'], $qv['number'] );
+            } else {
+                $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] );
+            }
+        }
+
+        do_action_ref_array( 'getpaid_after_subscriptions_query', array( &$this ) );
+    }
+
+    /**
+     * Prepares the query fields.
+     *
+     * @since 1.0.19
+     *
+     * @param array $qv Query vars.
+     * @param string $table Table name.
+     */
+    protected function prepare_query_fields( &$qv, $table ) {
+
+        if ( is_array( $qv['fields'] ) ) {
+            $qv['fields'] = array_unique( $qv['fields'] );
+
+            $query_fields = array();
+            foreach ( $qv['fields'] as $field ) {
+                $field          = sanitize_key( $field );
+                $query_fields[] = "$table.`$field`";
+            }
+            $this->query_fields = implode( ',', $query_fields );
+        } else {
+            $this->query_fields = "$table.*";
+        }
+
+        if ( isset( $qv['count_total'] ) && $qv['count_total'] ) {
+            $this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields;
+        }
+
+    }
+
+    /**
+     * Prepares the query where.
+     *
+     * @since 1.0.19
+     *
+     * @param array $qv Query vars.
+     * @param string $table Table name.
+     */
+    protected function prepare_query_where( &$qv, $table ) {
+        global $wpdb;
+        $this->query_where = 'WHERE 1=1';
+
+        // Status.
+        if ( 'all' !== $qv['status'] ) {
+            $statuses           = wpinv_clean( wpinv_parse_list( $qv['status'] ) );
+            $prepared_statuses  = join( ',', array_fill( 0, count( $statuses ), '%s' ) );
+            $this->query_where .= $wpdb->prepare( " AND $table.`status` IN ( $prepared_statuses )", $statuses );
+        }
+
+        if ( ! empty( $qv['customer_in'] ) ) {
+            $customer_in        = implode( ',', wp_parse_id_list( $qv['customer_in'] ) );
+            $this->query_where .= " AND $table.`customer_id` IN ($customer_in)";
+        } elseif ( ! empty( $qv['customer_not_in'] ) ) {
+            $customer_not_in    = implode( ',', wp_parse_id_list( $qv['customer_not_in'] ) );
+            $this->query_where .= " AND $table.`customer_id` NOT IN ($customer_not_in)";
+        }
+
+        if ( ! empty( $qv['product_in'] ) ) {
+            $product_in         = implode( ',', wp_parse_id_list( $qv['product_in'] ) );
+            $this->query_where .= " AND $table.`product_id` IN ($product_in)";
+        } elseif ( ! empty( $qv['product_not_in'] ) ) {
+            $product_not_in     = implode( ',', wp_parse_id_list( $qv['product_not_in'] ) );
+            $this->query_where .= " AND $table.`product_id` NOT IN ($product_not_in)";
+        }
+
+        if ( ! empty( $qv['invoice_in'] ) ) {
+            $invoice_in         = implode( ',', wp_parse_id_list( $qv['invoice_in'] ) );
+            $this->query_where .= " AND $table.`parent_payment_id` IN ($invoice_in)";
+        } elseif ( ! empty( $qv['invoice_not_in'] ) ) {
+            $invoice_not_in     = implode( ',', wp_parse_id_list( $qv['invoice_not_in'] ) );
+            $this->query_where .= " AND $table.`parent_payment_id` NOT IN ($invoice_not_in)";
+        }
+
+        if ( ! empty( $qv['include'] ) ) {
+            $include            = implode( ',', wp_parse_id_list( $qv['include'] ) );
+            $this->query_where .= " AND $table.`id` IN ($include)";
+        } elseif ( ! empty( $qv['exclude'] ) ) {
+            $exclude            = implode( ',', wp_parse_id_list( $qv['exclude'] ) );
+            $this->query_where .= " AND $table.`id` NOT IN ($exclude)";
+        }
+
+        // Date queries are allowed for the subscription creation date.
+        if ( ! empty( $qv['date_created_query'] ) && is_array( $qv['date_created_query'] ) ) {
+            $date_created_query = new WP_Date_Query( $qv['date_created_query'], "$table.created" );
+            $this->query_where .= $date_created_query->get_sql();
+        }
+
+        // Date queries are also allowed for the subscription expiration date.
+        if ( ! empty( $qv['date_expires_query'] ) && is_array( $qv['date_expires_query'] ) ) {
+            $date_expires_query = new WP_Date_Query( $qv['date_expires_query'], "$table.expiration" );
+            $this->query_where .= $date_expires_query->get_sql();
+        }
+
+    }
+
+    /**
+     * Prepares the query order.
+     *
+     * @since 1.0.19
+     *
+     * @param array $qv Query vars.
+     * @param string $table Table name.
+     */
+    protected function prepare_query_order( &$qv, $table ) {
+
+        // sorting.
+        $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : '';
+        $order       = $this->parse_order( $qv['order'] );
+
+        // Default order is by 'id' (latest subscriptions).
+        if ( empty( $qv['orderby'] ) ) {
+            $qv['orderby'] = array( 'id' );
+        }
+
+        // 'orderby' values may be an array, comma- or space-separated list.
+        $ordersby      = array_filter( wpinv_parse_list( $qv['orderby'] ) );
+
+        $orderby_array = array();
+        foreach ( $ordersby as $_key => $_value ) {
+
+            if ( is_int( $_key ) ) {
+                // Integer key means this is a flat array of 'orderby' fields.
+                $_orderby = $_value;
+                $_order   = $order;
+            } else {
+                // Non-integer key means that the key is the field and the value is ASC/DESC.
+                $_orderby = $_key;
+                $_order   = $_value;
+            }
+
+            $parsed = $this->parse_orderby( $_orderby, $table );
+
+            if ( $parsed ) {
+                $orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
+            }
 }
 
-		// If no valid clauses were found, order by id.
-		if ( empty( $orderby_array ) ) {
-			$orderby_array[] = "id $order";
-		}
-
-		$this->query_orderby = 'ORDER BY ' . implode( ', ', $orderby_array );
-
-	}
-
-	/**
-	 * Execute the query, with the current variables.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @global wpdb $wpdb WordPress database abstraction object.
-	 */
-	public function query() {
-		global $wpdb;
-
-		$qv =& $this->query_vars;
-
-		// Return a non-null value to bypass the default GetPaid subscriptions query and remember to set the
-		// total_subscriptions property.
-		$this->results = apply_filters_ref_array( 'getpaid_subscriptions_pre_query', array( null, &$this ) );
-
-		if ( null === $this->results ) {
-			$this->request = "SELECT $this->query_fields $this->query_from $this->query_where $this->query_orderby $this->query_limit";
-
-			if ( ( is_array( $qv['fields'] ) && 1 != count( $qv['fields'] ) ) || 'all' == $qv['fields'] ) {
-				$this->results = $wpdb->get_results( $this->request );
-			} else {
-				$this->results = $wpdb->get_col( $this->request );
-			}
-
-			if ( isset( $qv['count_total'] ) && $qv['count_total'] ) {
-				$found_subscriptions_query = apply_filters( 'getpaid_found_subscriptions_query', 'SELECT FOUND_ROWS()', $this );
-				$this->total_subscriptions   = (int) $wpdb->get_var( $found_subscriptions_query );
-			}
-		}
-
-		if ( 'all' == $qv['fields'] ) {
-			foreach ( $this->results as $key => $subscription ) {
-				wp_cache_set( $subscription->id, $subscription, 'getpaid_subscriptions' );
-				wp_cache_set( $subscription->profile_id, $subscription->id, 'getpaid_subscription_profile_ids_to_subscription_ids' );
-				wp_cache_set( $subscription->transaction_id, $subscription->id, 'getpaid_subscription_transaction_ids_to_subscription_ids' );
-				wp_cache_set( $subscription->transaction_id, $subscription->id, 'getpaid_subscription_transaction_ids_to_subscription_ids' );
-				$this->results[ $key ] = new WPInv_Subscription( $subscription );
-			}
-		}
-
-	}
-
-	/**
-	 * Retrieve query variable.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param string $query_var Query variable key.
-	 * @return mixed
-	 */
-	public function get( $query_var ) {
-		if ( isset( $this->query_vars[ $query_var ] ) ) {
-			return $this->query_vars[ $query_var ];
-		}
-
-		return null;
-	}
-
-	/**
-	 * Set query variable.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param string $query_var Query variable key.
-	 * @param mixed $value Query variable value.
-	 */
-	public function set( $query_var, $value ) {
-		$this->query_vars[ $query_var ] = $value;
-	}
-
-	/**
-	 * Return the list of subscriptions.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @return WPInv_Subscription[]|array Found subscriptions.
-	 */
-	public function get_results() {
-		return $this->results;
-	}
-
-	/**
-	 * Return the total number of subscriptions for the current query.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @return int Number of total subscriptions.
-	 */
-	public function get_total() {
-		return $this->total_subscriptions;
-	}
-
-	/**
-	 * Parse and sanitize 'orderby' keys passed to the subscriptions query.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param string $orderby Alias for the field to order by.
-	 *  @param string $table The current table.
-	 * @return string Value to use in the ORDER clause, if `$orderby` is valid.
-	 */
-	protected function parse_orderby( $orderby, $table ) {
-
-		$_orderby = '';
-		if ( in_array( $orderby, array( 'customer_id', 'frequency', 'period', 'initial_amount', 'recurring_amount', 'bill_times', 'transaction_id', 'parent_payment_id', 'product_id', 'created', 'expiration', 'trial_period', 'status', 'profile_id' ) ) ) {
-			$_orderby = "$table.`$orderby`";
-		} elseif ( 'id' === strtolower( $orderby ) ) {
-			$_orderby = "$table.id";
-		} elseif ( 'include' === $orderby && ! empty( $this->query_vars['include'] ) ) {
-			$include     = wp_parse_id_list( $this->query_vars['include'] );
-			$include_sql = implode( ',', $include );
-			$_orderby    = "FIELD( $table.id, $include_sql )";
-		}
-
-		return $_orderby;
-	}
-
-	/**
-	 * Parse an 'order' query variable and cast it to ASC or DESC as necessary.
-	 *
-	 * @since 1.0.19
-	 *
-	 * @param string $order The 'order' query variable.
-	 * @return string The sanitized 'order' query variable.
-	 */
-	protected function parse_order( $order ) {
-		if ( ! is_string( $order ) || empty( $order ) ) {
-			return 'DESC';
-		}
-
-		if ( 'ASC' === strtoupper( $order ) ) {
-			return 'ASC';
-		} else {
-			return 'DESC';
-		}
-	}
+        // If no valid clauses were found, order by id.
+        if ( empty( $orderby_array ) ) {
+            $orderby_array[] = "id $order";
+        }
+
+        $this->query_orderby = 'ORDER BY ' . implode( ', ', $orderby_array );
+
+    }
+
+    /**
+     * Execute the query, with the current variables.
+     *
+     * @since 1.0.19
+     *
+     * @global wpdb $wpdb WordPress database abstraction object.
+     */
+    public function query() {
+        global $wpdb;
+
+        $qv =& $this->query_vars;
+
+        // Return a non-null value to bypass the default GetPaid subscriptions query and remember to set the
+        // total_subscriptions property.
+        $this->results = apply_filters_ref_array( 'getpaid_subscriptions_pre_query', array( null, &$this ) );
+
+        if ( null === $this->results ) {
+            $this->request = "SELECT $this->query_fields $this->query_from $this->query_where $this->query_orderby $this->query_limit";
+
+            if ( ( is_array( $qv['fields'] ) && 1 != count( $qv['fields'] ) ) || 'all' == $qv['fields'] ) {
+                $this->results = $wpdb->get_results( $this->request );
+            } else {
+                $this->results = $wpdb->get_col( $this->request );
+            }
+
+            if ( isset( $qv['count_total'] ) && $qv['count_total'] ) {
+                $found_subscriptions_query = apply_filters( 'getpaid_found_subscriptions_query', 'SELECT FOUND_ROWS()', $this );
+                $this->total_subscriptions   = (int) $wpdb->get_var( $found_subscriptions_query );
+            }
+        }
+
+        if ( 'all' == $qv['fields'] ) {
+            foreach ( $this->results as $key => $subscription ) {
+                wp_cache_set( $subscription->id, $subscription, 'getpaid_subscriptions' );
+                wp_cache_set( $subscription->profile_id, $subscription->id, 'getpaid_subscription_profile_ids_to_subscription_ids' );
+                wp_cache_set( $subscription->transaction_id, $subscription->id, 'getpaid_subscription_transaction_ids_to_subscription_ids' );
+                wp_cache_set( $subscription->transaction_id, $subscription->id, 'getpaid_subscription_transaction_ids_to_subscription_ids' );
+                $this->results[ $key ] = new WPInv_Subscription( $subscription );
+            }
+        }
+
+    }
+
+    /**
+     * Retrieve query variable.
+     *
+     * @since 1.0.19
+     *
+     * @param string $query_var Query variable key.
+     * @return mixed
+     */
+    public function get( $query_var ) {
+        if ( isset( $this->query_vars[ $query_var ] ) ) {
+            return $this->query_vars[ $query_var ];
+        }
+
+        return null;
+    }
+
+    /**
+     * Set query variable.
+     *
+     * @since 1.0.19
+     *
+     * @param string $query_var Query variable key.
+     * @param mixed $value Query variable value.
+     */
+    public function set( $query_var, $value ) {
+        $this->query_vars[ $query_var ] = $value;
+    }
+
+    /**
+     * Return the list of subscriptions.
+     *
+     * @since 1.0.19
+     *
+     * @return WPInv_Subscription[]|array Found subscriptions.
+     */
+    public function get_results() {
+        return $this->results;
+    }
+
+    /**
+     * Return the total number of subscriptions for the current query.
+     *
+     * @since 1.0.19
+     *
+     * @return int Number of total subscriptions.
+     */
+    public function get_total() {
+        return $this->total_subscriptions;
+    }
+
+    /**
+     * Parse and sanitize 'orderby' keys passed to the subscriptions query.
+     *
+     * @since 1.0.19
+     *
+     * @param string $orderby Alias for the field to order by.
+     *  @param string $table The current table.
+     * @return string Value to use in the ORDER clause, if `$orderby` is valid.
+     */
+    protected function parse_orderby( $orderby, $table ) {
+
+        $_orderby = '';
+        if ( in_array( $orderby, array( 'customer_id', 'frequency', 'period', 'initial_amount', 'recurring_amount', 'bill_times', 'transaction_id', 'parent_payment_id', 'product_id', 'created', 'expiration', 'trial_period', 'status', 'profile_id' ) ) ) {
+            $_orderby = "$table.`$orderby`";
+        } elseif ( 'id' === strtolower( $orderby ) ) {
+            $_orderby = "$table.id";
+        } elseif ( 'include' === $orderby && ! empty( $this->query_vars['include'] ) ) {
+            $include     = wp_parse_id_list( $this->query_vars['include'] );
+            $include_sql = implode( ',', $include );
+            $_orderby    = "FIELD( $table.id, $include_sql )";
+        }
+
+        return $_orderby;
+    }
+
+    /**
+     * Parse an 'order' query variable and cast it to ASC or DESC as necessary.
+     *
+     * @since 1.0.19
+     *
+     * @param string $order The 'order' query variable.
+     * @return string The sanitized 'order' query variable.
+     */
+    protected function parse_order( $order ) {
+        if ( ! is_string( $order ) || empty( $order ) ) {
+            return 'DESC';
+        }
+
+        if ( 'ASC' === strtoupper( $order ) ) {
+            return 'ASC';
+        } else {
+            return 'DESC';
+        }
+    }
 
 }

includes/class-wpinv-db.php

Indentation +232 added lines, -232 removed lines

@@ -7,237 +7,237 @@
 
 abstract class Wpinv_DB {
 
-	/**
-	 * The name of our database table
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 */
-	public $table_name;
-
-	/**
-	 * The version of our database table
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 */
-	public $version;
-
-	/**
-	 * The name of the primary column
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 */
-	public $primary_key;
-
-	/**
-	 * Get things started
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 */
-	public function __construct() {}
-
-	/**
-	 * Whitelist of columns
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  array
-	 */
-	public function get_columns() {
-		return array();
-	}
-
-	/**
-	 * Default column values
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  array
-	 */
-	public function get_column_defaults() {
-		return array();
-	}
-
-	/**
-	 * Retrieve a row by the primary key
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  object
-	 */
-	public function get( $row_id ) {
-		global $wpdb;
-		return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
-	}
-
-	/**
-	 * Retrieve a row by a specific column / value
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  object
-	 */
-	public function get_by( $column, $row_id ) {
-		global $wpdb;
-		$column = esc_sql( $column );
-		return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $column = %s LIMIT 1;", $row_id ) );
-	}
-
-	/**
-	 * Retrieve a specific column's value by the primary key
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  string
-	 */
-	public function get_column( $column, $row_id ) {
-		global $wpdb;
-		$column = esc_sql( $column );
-		return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
-	}
-
-	/**
-	 * Retrieve a specific column's value by the the specified column / value
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  string
-	 */
-	public function get_column_by( $column, $column_where, $column_value ) {
-		global $wpdb;
-		$column_where = esc_sql( $column_where );
-		$column       = esc_sql( $column );
-		return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $column_where = %s LIMIT 1;", $column_value ) );
-	}
-
-	/**
-	 * Insert a new row
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  int
-	 */
-	public function insert( $data, $type = '' ) {
-		global $wpdb;
-
-		// Set default values
-		$data = wp_parse_args( $data, $this->get_column_defaults() );
-
-		do_action( 'wpinv_pre_insert_' . $type, $data );
-
-		// Initialise column format array
-		$column_formats = $this->get_columns();
-
-		// Force fields to lower case
-		$data = array_change_key_case( $data );
-
-		// White list columns
-		$data = array_intersect_key( $data, $column_formats );
-
-		// Reorder $column_formats to match the order of columns given in $data
-		$data_keys = array_keys( $data );
-		$column_formats = array_merge( array_flip( $data_keys ), $column_formats );
-
-		$wpdb->insert( $this->table_name, $data, $column_formats );
-		$wpdb_insert_id = $wpdb->insert_id;
-
-		do_action( 'wpinv_post_insert_' . $type, $wpdb_insert_id, $data );
-
-		return $wpdb_insert_id;
-	}
-
-	/**
-	 * Update a row
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  bool
-	 */
-	public function update( $row_id, $data = array(), $where = '' ) {
-
-		global $wpdb;
-
-		// Row ID must be positive integer
-		$row_id = absint( $row_id );
-
-		if ( empty( $row_id ) ) {
-			return false;
-		}
-
-		if ( empty( $where ) ) {
-			$where = $this->primary_key;
-		}
-
-		// Initialise column format array
-		$column_formats = $this->get_columns();
-
-		// Force fields to lower case
-		$data = array_change_key_case( $data );
-
-		// White list columns
-		$data = array_intersect_key( $data, $column_formats );
-
-		// Reorder $column_formats to match the order of columns given in $data
-		$data_keys = array_keys( $data );
-		$column_formats = array_merge( array_flip( $data_keys ), $column_formats );
-
-		if ( false === $wpdb->update( $this->table_name, $data, array( $where => $row_id ), $column_formats ) ) {
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Delete a row identified by the primary key
-	 *
-	 * @access  public
-	 * @since   1.0.0
-	 * @return  bool
-	 */
-	public function delete( $row_id = 0 ) {
-
-		global $wpdb;
-
-		// Row ID must be positive integer
-		$row_id = absint( $row_id );
-
-		if ( empty( $row_id ) ) {
-			return false;
-		}
-
-		if ( false === $wpdb->query( $wpdb->prepare( "DELETE FROM $this->table_name WHERE $this->primary_key = %d", $row_id ) ) ) {
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check if the given table exists
-	 *
-	 * @since  2.4
-	 * @param  string $table The table name
-	 * @return bool          If the table name exists
-	 */
-	public function table_exists( $table ) {
-		global $wpdb;
-		$table = sanitize_text_field( $table );
-
-		return $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE '%s'", $table ) ) === $table;
-	}
-
-	/**
-	 * Check if the table was ever installed
-	 *
-	 * @since  2.4
-	 * @return bool Returns if the customers table was installed and upgrade routine run
-	 */
-	public function installed() {
-		return $this->table_exists( $this->table_name );
-	}
+    /**
+     * The name of our database table
+     *
+     * @access  public
+     * @since   1.0.0
+     */
+    public $table_name;
+
+    /**
+     * The version of our database table
+     *
+     * @access  public
+     * @since   1.0.0
+     */
+    public $version;
+
+    /**
+     * The name of the primary column
+     *
+     * @access  public
+     * @since   1.0.0
+     */
+    public $primary_key;
+
+    /**
+     * Get things started
+     *
+     * @access  public
+     * @since   1.0.0
+     */
+    public function __construct() {}
+
+    /**
+     * Whitelist of columns
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  array
+     */
+    public function get_columns() {
+        return array();
+    }
+
+    /**
+     * Default column values
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  array
+     */
+    public function get_column_defaults() {
+        return array();
+    }
+
+    /**
+     * Retrieve a row by the primary key
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  object
+     */
+    public function get( $row_id ) {
+        global $wpdb;
+        return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
+    }
+
+    /**
+     * Retrieve a row by a specific column / value
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  object
+     */
+    public function get_by( $column, $row_id ) {
+        global $wpdb;
+        $column = esc_sql( $column );
+        return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $column = %s LIMIT 1;", $row_id ) );
+    }
+
+    /**
+     * Retrieve a specific column's value by the primary key
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  string
+     */
+    public function get_column( $column, $row_id ) {
+        global $wpdb;
+        $column = esc_sql( $column );
+        return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
+    }
+
+    /**
+     * Retrieve a specific column's value by the the specified column / value
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  string
+     */
+    public function get_column_by( $column, $column_where, $column_value ) {
+        global $wpdb;
+        $column_where = esc_sql( $column_where );
+        $column       = esc_sql( $column );
+        return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $column_where = %s LIMIT 1;", $column_value ) );
+    }
+
+    /**
+     * Insert a new row
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  int
+     */
+    public function insert( $data, $type = '' ) {
+        global $wpdb;
+
+        // Set default values
+        $data = wp_parse_args( $data, $this->get_column_defaults() );
+
+        do_action( 'wpinv_pre_insert_' . $type, $data );
+
+        // Initialise column format array
+        $column_formats = $this->get_columns();
+
+        // Force fields to lower case
+        $data = array_change_key_case( $data );
+
+        // White list columns
+        $data = array_intersect_key( $data, $column_formats );
+
+        // Reorder $column_formats to match the order of columns given in $data
+        $data_keys = array_keys( $data );
+        $column_formats = array_merge( array_flip( $data_keys ), $column_formats );
+
+        $wpdb->insert( $this->table_name, $data, $column_formats );
+        $wpdb_insert_id = $wpdb->insert_id;
+
+        do_action( 'wpinv_post_insert_' . $type, $wpdb_insert_id, $data );
+
+        return $wpdb_insert_id;
+    }
+
+    /**
+     * Update a row
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  bool
+     */
+    public function update( $row_id, $data = array(), $where = '' ) {
+
+        global $wpdb;
+
+        // Row ID must be positive integer
+        $row_id = absint( $row_id );
+
+        if ( empty( $row_id ) ) {
+            return false;
+        }
+
+        if ( empty( $where ) ) {
+            $where = $this->primary_key;
+        }
+
+        // Initialise column format array
+        $column_formats = $this->get_columns();
+
+        // Force fields to lower case
+        $data = array_change_key_case( $data );
+
+        // White list columns
+        $data = array_intersect_key( $data, $column_formats );
+
+        // Reorder $column_formats to match the order of columns given in $data
+        $data_keys = array_keys( $data );
+        $column_formats = array_merge( array_flip( $data_keys ), $column_formats );
+
+        if ( false === $wpdb->update( $this->table_name, $data, array( $where => $row_id ), $column_formats ) ) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Delete a row identified by the primary key
+     *
+     * @access  public
+     * @since   1.0.0
+     * @return  bool
+     */
+    public function delete( $row_id = 0 ) {
+
+        global $wpdb;
+
+        // Row ID must be positive integer
+        $row_id = absint( $row_id );
+
+        if ( empty( $row_id ) ) {
+            return false;
+        }
+
+        if ( false === $wpdb->query( $wpdb->prepare( "DELETE FROM $this->table_name WHERE $this->primary_key = %d", $row_id ) ) ) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the given table exists
+     *
+     * @since  2.4
+     * @param  string $table The table name
+     * @return bool          If the table name exists
+     */
+    public function table_exists( $table ) {
+        global $wpdb;
+        $table = sanitize_text_field( $table );
+
+        return $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE '%s'", $table ) ) === $table;
+    }
+
+    /**
+     * Check if the table was ever installed
+     *
+     * @since  2.4
+     * @return bool Returns if the customers table was installed and upgrade routine run
+     */
+    public function installed() {
+        return $this->table_exists( $this->table_name );
+    }
 
 }

includes/class-getpaid-daily-maintenance.php

Indentation +137 added lines, -137 removed lines

@@ -12,144 +12,144 @@
  */
 class GetPaid_Daily_Maintenance {
 
-	/**
-	 * Class constructor.
-	 */
-	public function __construct() {
-
-		// Clear deprecated events.
-		add_action( 'wp', array( $this, 'maybe_clear_deprecated_events' ) );
-
-		// (Maybe) schedule a cron that runs daily.
-		add_action( 'wp', array( $this, 'maybe_create_scheduled_event' ) );
-
-		// Fired everyday at 7 a.m (this might vary for sites with few visitors)
-		add_action( 'getpaid_daily_maintenance', array( $this, 'log_cron_run' ) );
-		add_action( 'getpaid_daily_maintenance', array( $this, 'backwards_compat' ) );
-		add_action( 'getpaid_daily_maintenance', array( $this, 'maybe_expire_subscriptions' ) );
-		add_action( 'getpaid_daily_maintenance', array( $this, 'check_renewing_subscriptions' ) );
-		add_action( 'getpaid_daily_maintenance', array( $this, 'maybe_update_geoip_databases' ) );
-
-	}
-
-	/**
-	 * Schedules a cron to run every day at 7 a.m
-	 *
-	 */
-	public function maybe_create_scheduled_event() {
-
-		if ( ! wp_next_scheduled( 'getpaid_daily_maintenance' ) ) {
-			$timestamp = strtotime( 'tomorrow 07:00:00', current_time( 'timestamp' ) );
-			wp_schedule_event( $timestamp, 'daily', 'getpaid_daily_maintenance' );
-		}
-
-	}
-
-	/**
-	 * Clears deprecated events.
-	 *
-	 */
-	public function maybe_clear_deprecated_events() {
-
-		if ( ! get_option( 'wpinv_cleared_old_events' ) ) {
-			wp_clear_scheduled_hook( 'wpinv_register_schedule_event_twicedaily' );
-			wp_clear_scheduled_hook( 'wpinv_register_schedule_event_daily' );
-			update_option( 'wpinv_cleared_old_events', 1 );
-		}
-
-	}
-
-	/**
-	 * Fires the old hook for backwards compatibility.
-	 *
-	 */
-	public function backwards_compat() {
-		do_action( 'wpinv_register_schedule_event_daily' );
-	}
-
-	/**
-	 * Checks for subscriptions that are scheduled to renew.
-	 *
-	 */
-	public function check_renewing_subscriptions() {
-
-		// Fetch subscriptions that expire today.
-		$args  = array(
-			'number'             => -1,
-			'count_total'        => false,
-			'status'             => 'trialling active',
-			'date_expires_query' => array(
-				array(
-					'year'    => date( 'Y', current_time( 'timestamp' ) ),
-					'month'   => date( 'n', current_time( 'timestamp' ) ),
-					'day'     => date( 'j', current_time( 'timestamp' ) ),
-					'compare' => '=',
-				),
-			),
-		);
-
-		$subscriptions = new GetPaid_Subscriptions_Query( $args );
-
-		foreach ( $subscriptions->get_results() as $subscription ) {
-
-			/** @var WPInv_Subscription $subscription */
-			if ( $subscription->is_last_renewal() ) {
-				$subscription->complete();
-			} else {
-				do_action( 'getpaid_should_renew_subscription', $subscription );
-			}
+    /**
+     * Class constructor.
+     */
+    public function __construct() {
+
+        // Clear deprecated events.
+        add_action( 'wp', array( $this, 'maybe_clear_deprecated_events' ) );
+
+        // (Maybe) schedule a cron that runs daily.
+        add_action( 'wp', array( $this, 'maybe_create_scheduled_event' ) );
+
+        // Fired everyday at 7 a.m (this might vary for sites with few visitors)
+        add_action( 'getpaid_daily_maintenance', array( $this, 'log_cron_run' ) );
+        add_action( 'getpaid_daily_maintenance', array( $this, 'backwards_compat' ) );
+        add_action( 'getpaid_daily_maintenance', array( $this, 'maybe_expire_subscriptions' ) );
+        add_action( 'getpaid_daily_maintenance', array( $this, 'check_renewing_subscriptions' ) );
+        add_action( 'getpaid_daily_maintenance', array( $this, 'maybe_update_geoip_databases' ) );
+
+    }
+
+    /**
+     * Schedules a cron to run every day at 7 a.m
+     *
+     */
+    public function maybe_create_scheduled_event() {
+
+        if ( ! wp_next_scheduled( 'getpaid_daily_maintenance' ) ) {
+            $timestamp = strtotime( 'tomorrow 07:00:00', current_time( 'timestamp' ) );
+            wp_schedule_event( $timestamp, 'daily', 'getpaid_daily_maintenance' );
+        }
+
+    }
+
+    /**
+     * Clears deprecated events.
+     *
+     */
+    public function maybe_clear_deprecated_events() {
+
+        if ( ! get_option( 'wpinv_cleared_old_events' ) ) {
+            wp_clear_scheduled_hook( 'wpinv_register_schedule_event_twicedaily' );
+            wp_clear_scheduled_hook( 'wpinv_register_schedule_event_daily' );
+            update_option( 'wpinv_cleared_old_events', 1 );
+        }
+
+    }
+
+    /**
+     * Fires the old hook for backwards compatibility.
+     *
+     */
+    public function backwards_compat() {
+        do_action( 'wpinv_register_schedule_event_daily' );
+    }
+
+    /**
+     * Checks for subscriptions that are scheduled to renew.
+     *
+     */
+    public function check_renewing_subscriptions() {
+
+        // Fetch subscriptions that expire today.
+        $args  = array(
+            'number'             => -1,
+            'count_total'        => false,
+            'status'             => 'trialling active',
+            'date_expires_query' => array(
+                array(
+                    'year'    => date( 'Y', current_time( 'timestamp' ) ),
+                    'month'   => date( 'n', current_time( 'timestamp' ) ),
+                    'day'     => date( 'j', current_time( 'timestamp' ) ),
+                    'compare' => '=',
+                ),
+            ),
+        );
+
+        $subscriptions = new GetPaid_Subscriptions_Query( $args );
+
+        foreach ( $subscriptions->get_results() as $subscription ) {
+
+            /** @var WPInv_Subscription $subscription */
+            if ( $subscription->is_last_renewal() ) {
+                $subscription->complete();
+            } else {
+                do_action( 'getpaid_should_renew_subscription', $subscription );
+            }
 }
 
-	}
-
-	/**
-	 * Expires expired subscriptions.
-	 *
-	 */
-	public function maybe_expire_subscriptions() {
-
-		// Fetch expired subscriptions (skips those that expire today).
-		$args  = array(
-			'number'             => -1,
-			'count_total'        => false,
-			'status'             => 'trialling active failing cancelled',
-			'date_expires_query' => array(
-				'before'    => 'yesterday',
-				'inclusive' => false,
-			),
-		);
-
-		$subscriptions = new GetPaid_Subscriptions_Query( $args );
-
-		foreach ( $subscriptions->get_results() as $subscription ) {
-			if ( apply_filters( 'getpaid_daily_maintenance_should_expire_subscription', false, $subscription ) ) {
-				$subscription->set_status( 'expired' );
-				$subscription->save();
-			}
-		}
-
-	}
-
-	/**
-	 * Logs cron runs.
-	 *
-	 */
-	public function log_cron_run() {
-		wpinv_error_log( 'GetPaid Daily Cron', false );
-	}
-
-	/**
-	 * Updates GeoIP databases.
-	 *
-	 */
-	public function maybe_update_geoip_databases() {
-		$updated = get_transient( 'getpaid_updated_geoip_databases' );
-
-		if ( false === $updated ) {
-			set_transient( 'getpaid_updated_geoip_databases', 1, 15 * DAY_IN_SECONDS );
-			do_action( 'getpaid_update_geoip_databases' );
-		}
-
-	}
+    }
+
+    /**
+     * Expires expired subscriptions.
+     *
+     */
+    public function maybe_expire_subscriptions() {
+
+        // Fetch expired subscriptions (skips those that expire today).
+        $args  = array(
+            'number'             => -1,
+            'count_total'        => false,
+            'status'             => 'trialling active failing cancelled',
+            'date_expires_query' => array(
+                'before'    => 'yesterday',
+                'inclusive' => false,
+            ),
+        );
+
+        $subscriptions = new GetPaid_Subscriptions_Query( $args );
+
+        foreach ( $subscriptions->get_results() as $subscription ) {
+            if ( apply_filters( 'getpaid_daily_maintenance_should_expire_subscription', false, $subscription ) ) {
+                $subscription->set_status( 'expired' );
+                $subscription->save();
+            }
+        }
+
+    }
+
+    /**
+     * Logs cron runs.
+     *
+     */
+    public function log_cron_run() {
+        wpinv_error_log( 'GetPaid Daily Cron', false );
+    }
+
+    /**
+     * Updates GeoIP databases.
+     *
+     */
+    public function maybe_update_geoip_databases() {
+        $updated = get_transient( 'getpaid_updated_geoip_databases' );
+
+        if ( false === $updated ) {
+            set_transient( 'getpaid_updated_geoip_databases', 1, 15 * DAY_IN_SECONDS );
+            do_action( 'getpaid_update_geoip_databases' );
+        }
+
+    }
 
 }

includes/class-wpinv-session-handler.php

Indentation +274 added lines, -274 removed lines

@@ -12,125 +12,125 @@ 
  */
 class WPInv_Session_Handler extends WPInv_Session {
 
-	/**
-	 * Cookie name used for the session.
-	 *
-	 * @var string cookie name
-	 */
-	protected $_cookie;
-
-	/**
-	 * Stores session expiry.
-	 *
-	 * @var int session due to expire timestamp
-	 */
-	protected $_session_expiring;
-
-	/**
-	 * Stores session due to expire timestamp.
-	 *
-	 * @var string session expiration timestamp
-	 */
-	protected $_session_expiration;
-
-	/**
-	 * True when the cookie exists.
-	 *
-	 * @var bool Based on whether a cookie exists.
-	 */
-	protected $_has_cookie = false;
-
-	/**
-	 * Table name for session data.
-	 *
-	 * @var string Custom session table name
-	 */
-	protected $_table;
-
-	/**
-	 * Constructor for the session class.
-	 */
-	public function __construct() {
-
-	    $this->_cookie = apply_filters( 'wpinv_cookie', 'wpinv_session_' . COOKIEHASH );
+    /**
+     * Cookie name used for the session.
+     *
+     * @var string cookie name
+     */
+    protected $_cookie;
+
+    /**
+     * Stores session expiry.
+     *
+     * @var int session due to expire timestamp
+     */
+    protected $_session_expiring;
+
+    /**
+     * Stores session due to expire timestamp.
+     *
+     * @var string session expiration timestamp
+     */
+    protected $_session_expiration;
+
+    /**
+     * True when the cookie exists.
+     *
+     * @var bool Based on whether a cookie exists.
+     */
+    protected $_has_cookie = false;
+
+    /**
+     * Table name for session data.
+     *
+     * @var string Custom session table name
+     */
+    protected $_table;
+
+    /**
+     * Constructor for the session class.
+     */
+    public function __construct() {
+
+        $this->_cookie = apply_filters( 'wpinv_cookie', 'wpinv_session_' . COOKIEHASH );
         add_action( 'init', array( $this, 'init' ), -1 );
-		add_action( 'wp_logout', array( $this, 'destroy_session' ) );
-		add_action( 'wp', array( $this, 'set_customer_session_cookie' ), 10 );
-		add_action( 'shutdown', array( $this, 'save_data' ), 20 );
-
-	}
-
-	/**
-	 * Init hooks and session data.
-	 *
-	 * @since 3.3.0
-	 */
-	public function init() {
-		$this->init_session_cookie();
-
-		if ( ! is_user_logged_in() ) {
-			add_filter( 'nonce_user_logged_out', array( $this, 'nonce_user_logged_out' ), 10, 2 );
-		}
-	}
-
-	/**
-	 * Setup cookie and customer ID.
-	 *
-	 * @since 3.6.0
-	 */
-	public function init_session_cookie() {
-		$cookie = $this->get_session_cookie();
-
-		if ( $cookie ) {
-			$this->_customer_id        = $cookie[0];
-			$this->_session_expiration = $cookie[1];
-			$this->_session_expiring   = $cookie[2];
-			$this->_has_cookie         = true;
-			$this->_data               = $this->get_session_data();
-
-			// If the user logs in, update session.
-			if ( is_user_logged_in() && get_current_user_id() != $this->_customer_id ) {
-				$this->_customer_id = get_current_user_id();
-				$this->_dirty       = true;
-				$this->save_data();
-				$this->set_customer_session_cookie( true );
-			}
-
-			// Update session if its close to expiring.
-			if ( time() > $this->_session_expiring ) {
-				$this->set_session_expiration();
-				$this->update_session_timestamp( $this->_customer_id, $this->_session_expiration );
-			}
-		} else {
-			$this->set_session_expiration();
-			$this->_customer_id = $this->generate_customer_id();
-			$this->_data        = $this->get_session_data();
-		}
-	}
-
-	/**
-	 * Sets the session cookie on-demand (usually after adding an item to the cart).
-	 *
-	 * Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set.
-	 *
-	 * Warning: Cookies will only be set if this is called before the headers are sent.
-	 *
-	 * @param bool $set Should the session cookie be set.
-	 */
-	public function set_customer_session_cookie( $set ) {
-		if ( $set ) {
-			$to_hash           = $this->_customer_id . '|' . $this->_session_expiration;
-			$cookie_hash       = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );
-			$cookie_value      = $this->_customer_id . '||' . $this->_session_expiration . '||' . $this->_session_expiring . '||' . $cookie_hash;
-			$this->_has_cookie = true;
-
-			if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) {
-				$this->setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true );
-			}
-		}
-	}
-
-	public function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) {
+        add_action( 'wp_logout', array( $this, 'destroy_session' ) );
+        add_action( 'wp', array( $this, 'set_customer_session_cookie' ), 10 );
+        add_action( 'shutdown', array( $this, 'save_data' ), 20 );
+
+    }
+
+    /**
+     * Init hooks and session data.
+     *
+     * @since 3.3.0
+     */
+    public function init() {
+        $this->init_session_cookie();
+
+        if ( ! is_user_logged_in() ) {
+            add_filter( 'nonce_user_logged_out', array( $this, 'nonce_user_logged_out' ), 10, 2 );
+        }
+    }
+
+    /**
+     * Setup cookie and customer ID.
+     *
+     * @since 3.6.0
+     */
+    public function init_session_cookie() {
+        $cookie = $this->get_session_cookie();
+
+        if ( $cookie ) {
+            $this->_customer_id        = $cookie[0];
+            $this->_session_expiration = $cookie[1];
+            $this->_session_expiring   = $cookie[2];
+            $this->_has_cookie         = true;
+            $this->_data               = $this->get_session_data();
+
+            // If the user logs in, update session.
+            if ( is_user_logged_in() && get_current_user_id() != $this->_customer_id ) {
+                $this->_customer_id = get_current_user_id();
+                $this->_dirty       = true;
+                $this->save_data();
+                $this->set_customer_session_cookie( true );
+            }
+
+            // Update session if its close to expiring.
+            if ( time() > $this->_session_expiring ) {
+                $this->set_session_expiration();
+                $this->update_session_timestamp( $this->_customer_id, $this->_session_expiration );
+            }
+        } else {
+            $this->set_session_expiration();
+            $this->_customer_id = $this->generate_customer_id();
+            $this->_data        = $this->get_session_data();
+        }
+    }
+
+    /**
+     * Sets the session cookie on-demand (usually after adding an item to the cart).
+     *
+     * Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set.
+     *
+     * Warning: Cookies will only be set if this is called before the headers are sent.
+     *
+     * @param bool $set Should the session cookie be set.
+     */
+    public function set_customer_session_cookie( $set ) {
+        if ( $set ) {
+            $to_hash           = $this->_customer_id . '|' . $this->_session_expiration;
+            $cookie_hash       = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );
+            $cookie_value      = $this->_customer_id . '||' . $this->_session_expiration . '||' . $this->_session_expiring . '||' . $cookie_hash;
+            $this->_has_cookie = true;
+
+            if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) {
+                $this->setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true );
+            }
+        }
+    }
+
+    public function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) {
         if ( ! headers_sent() ) {
             setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'wpinv_cookie_httponly', $httponly, $name, $value, $expire, $secure ) );
         } elseif ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
@@ -139,86 +139,86 @@ 
         }
     }
 
-	/**
-	 * Should the session cookie be secure?
-	 *
-	 * @since 3.6.0
-	 * @return bool
-	 */
-	protected function use_secure_cookie() {
+    /**
+     * Should the session cookie be secure?
+     *
+     * @since 3.6.0
+     * @return bool
+     */
+    protected function use_secure_cookie() {
         $is_https = false !== strstr( get_option( 'home' ), 'https:' );
-		return apply_filters( 'wpinv_session_use_secure_cookie', $is_https && is_ssl() );
-	}
-
-	/**
-	 * Return true if the current user has an active session, i.e. a cookie to retrieve values.
-	 *
-	 * @return bool
-	 */
-	public function has_session() {
-		return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in(); // @codingStandardsIgnoreLine.
-	}
-
-	/**
-	 * Set session expiration.
-	 */
-	public function set_session_expiration() {
-		$this->_session_expiring   = time() + intval( apply_filters( 'wpinv_session_expiring', 60 * 60 * 47 ) ); // 47 Hours.
-		$this->_session_expiration = time() + intval( apply_filters( 'wpinv_session_expiration', 60 * 60 * 48 ) ); // 48 Hours.
-	}
-
-	/**
-	 * Generates session ids.
-	 *
-	 * @return string
-	 */
-	public function generate_customer_id() {
-		require_once ABSPATH . 'wp-includes/class-phpass.php';
-		$hasher      = new PasswordHash( 8, false );
-		return md5( $hasher->get_random_bytes( 32 ) );
-	}
-
-	/**
-	 * Get the session cookie, if set. Otherwise return false.
-	 *
-	 * Session cookies without a customer ID are invalid.
-	 *
-	 * @return bool|array
-	 */
-	public function get_session_cookie() {
-		$cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wp_unslash( $_COOKIE[ $this->_cookie ] ) : false; // @codingStandardsIgnoreLine.
-
-		if ( empty( $cookie_value ) || ! is_string( $cookie_value ) ) {
-			return false;
-		}
-
-		list( $customer_id, $session_expiration, $session_expiring, $cookie_hash ) = explode( '||', $cookie_value );
-
-		if ( empty( $customer_id ) ) {
-			return false;
-		}
-
-		// Validate hash.
-		$to_hash = $customer_id . '|' . $session_expiration;
-		$hash    = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );
-
-		if ( empty( $cookie_hash ) || ! hash_equals( $hash, $cookie_hash ) ) {
-			return false;
-		}
-
-		return array( $customer_id, $session_expiration, $session_expiring, $cookie_hash );
-	}
-
-	/**
-	 * Get session data.
-	 *
-	 * @return array
-	 */
-	public function get_session_data() {
-		return $this->has_session() ? (array) $this->get_session( $this->_customer_id ) : array();
-	}
-
-	public function generate_key( $customer_id ) {
+        return apply_filters( 'wpinv_session_use_secure_cookie', $is_https && is_ssl() );
+    }
+
+    /**
+     * Return true if the current user has an active session, i.e. a cookie to retrieve values.
+     *
+     * @return bool
+     */
+    public function has_session() {
+        return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in(); // @codingStandardsIgnoreLine.
+    }
+
+    /**
+     * Set session expiration.
+     */
+    public function set_session_expiration() {
+        $this->_session_expiring   = time() + intval( apply_filters( 'wpinv_session_expiring', 60 * 60 * 47 ) ); // 47 Hours.
+        $this->_session_expiration = time() + intval( apply_filters( 'wpinv_session_expiration', 60 * 60 * 48 ) ); // 48 Hours.
+    }
+
+    /**
+     * Generates session ids.
+     *
+     * @return string
+     */
+    public function generate_customer_id() {
+        require_once ABSPATH . 'wp-includes/class-phpass.php';
+        $hasher      = new PasswordHash( 8, false );
+        return md5( $hasher->get_random_bytes( 32 ) );
+    }
+
+    /**
+     * Get the session cookie, if set. Otherwise return false.
+     *
+     * Session cookies without a customer ID are invalid.
+     *
+     * @return bool|array
+     */
+    public function get_session_cookie() {
+        $cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wp_unslash( $_COOKIE[ $this->_cookie ] ) : false; // @codingStandardsIgnoreLine.
+
+        if ( empty( $cookie_value ) || ! is_string( $cookie_value ) ) {
+            return false;
+        }
+
+        list( $customer_id, $session_expiration, $session_expiring, $cookie_hash ) = explode( '||', $cookie_value );
+
+        if ( empty( $customer_id ) ) {
+            return false;
+        }
+
+        // Validate hash.
+        $to_hash = $customer_id . '|' . $session_expiration;
+        $hash    = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );
+
+        if ( empty( $cookie_hash ) || ! hash_equals( $hash, $cookie_hash ) ) {
+            return false;
+        }
+
+        return array( $customer_id, $session_expiration, $session_expiring, $cookie_hash );
+    }
+
+    /**
+     * Get session data.
+     *
+     * @return array
+     */
+    public function get_session_data() {
+        return $this->has_session() ? (array) $this->get_session( $this->_customer_id ) : array();
+    }
+
+    public function generate_key( $customer_id ) {
         if ( ! $customer_id ) {
             return;
         }
@@ -226,68 +226,68 @@ 
         return 'wpi_trans_' . $customer_id;
     }
 
-	/**
-	 * Save data.
-	 */
-	public function save_data() {
-		// Dirty if something changed - prevents saving nothing new.
-		if ( $this->_dirty && $this->has_session() ) {
+    /**
+     * Save data.
+     */
+    public function save_data() {
+        // Dirty if something changed - prevents saving nothing new.
+        if ( $this->_dirty && $this->has_session() ) {
 
             set_transient( $this->generate_key( $this->_customer_id ), $this->_data, $this->_session_expiration );
 
-			$this->_dirty = false;
-		}
-	}
-
-	/**
-	 * Destroy all session data.
-	 */
-	public function destroy_session() {
-		$this->delete_session( $this->_customer_id );
-		$this->forget_session();
-	}
-
-	/**
-	 * Forget all session data without destroying it.
-	 */
-	public function forget_session() {
-		$this->setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true );
-
-		wpinv_empty_cart();
-
-		$this->_data        = array();
-		$this->_dirty       = false;
-		$this->_customer_id = $this->generate_customer_id();
-	}
-
-	/**
-	 * When a user is logged out, ensure they have a unique nonce by using the customer/session ID.
-	 *
-	 * @param int $uid User ID.
-	 * @return string
-	 */
-	public function nonce_user_logged_out( $uid ) {
-
-		// Check if one of our nonces.
-		if ( substr( $uid, 0, 5 ) === 'wpinv' || substr( $uid, 0, 7 ) === 'getpaid' ) {
-			return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid;
-		}
-
-		return $uid;
-	}
-
-	/**
-	 * Returns the session.
-	 *
-	 * @param string $customer_id Customer ID.
-	 * @param mixed  $default Default session value.
-	 * @return string|array
-	 */
-	public function get_session( $customer_id, $default = false ) {
-
-		if ( defined( 'WP_SETUP_CONFIG' ) ) {
-			return array();
-		}
+            $this->_dirty = false;
+        }
+    }
+
+    /**
+     * Destroy all session data.
+     */
+    public function destroy_session() {
+        $this->delete_session( $this->_customer_id );
+        $this->forget_session();
+    }
+
+    /**
+     * Forget all session data without destroying it.
+     */
+    public function forget_session() {
+        $this->setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true );
+
+        wpinv_empty_cart();
+
+        $this->_data        = array();
+        $this->_dirty       = false;
+        $this->_customer_id = $this->generate_customer_id();
+    }
+
+    /**
+     * When a user is logged out, ensure they have a unique nonce by using the customer/session ID.
+     *
+     * @param int $uid User ID.
+     * @return string
+     */
+    public function nonce_user_logged_out( $uid ) {
+
+        // Check if one of our nonces.
+        if ( substr( $uid, 0, 5 ) === 'wpinv' || substr( $uid, 0, 7 ) === 'getpaid' ) {
+            return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid;
+        }
+
+        return $uid;
+    }
+
+    /**
+     * Returns the session.
+     *
+     * @param string $customer_id Customer ID.
+     * @param mixed  $default Default session value.
+     * @return string|array
+     */
+    public function get_session( $customer_id, $default = false ) {
+
+        if ( defined( 'WP_SETUP_CONFIG' ) ) {
+            return array();
+        }
 
         $key = $this->generate_key( $customer_id );
         $value = get_transient( $key );
@@ -296,30 +296,30 @@ 
             $value = $default;
         }
 
-		return maybe_unserialize( $value );
-	}
+        return maybe_unserialize( $value );
+    }
 
-	/**
-	 * Delete the session from the cache and database.
-	 *
-	 * @param int $customer_id Customer ID.
-	 */
-	public function delete_session( $customer_id ) {
+    /**
+     * Delete the session from the cache and database.
+     *
+     * @param int $customer_id Customer ID.
+     */
+    public function delete_session( $customer_id ) {
 
         $key = $this->generate_key( $customer_id );
 
-		delete_transient( $key );
-	}
+        delete_transient( $key );
+    }
 
-	/**
-	 * Update the session expiry timestamp.
-	 *
-	 * @param string $customer_id Customer ID.
-	 * @param int    $timestamp Timestamp to expire the cookie.
-	 */
-	public function update_session_timestamp( $customer_id, $timestamp ) {
+    /**
+     * Update the session expiry timestamp.
+     *
+     * @param string $customer_id Customer ID.
+     * @param int    $timestamp Timestamp to expire the cookie.
+     */
+    public function update_session_timestamp( $customer_id, $timestamp ) {
 
         set_transient( $this->generate_key( $customer_id ), maybe_serialize( $this->_data ), $timestamp );
 
-	}
+    }
 }

includes/invoice-functions.php

Indentation +37 added lines, -37 removed lines

@@ -67,7 +67,7 @@ 
  * Checks if the current user cna view an invoice receipt.
  */
 function wpinv_can_view_receipt( $invoice ) {
-	return (bool) apply_filters( 'wpinv_can_view_receipt', wpinv_user_can_view_invoice( $invoice ), $invoice );
+    return (bool) apply_filters( 'wpinv_can_view_receipt', wpinv_user_can_view_invoice( $invoice ), $invoice );
 }
 
 /**
@@ -556,37 +556,37 @@ 
     $label   = empty( $label ) ? __( 'Invoice', 'invoicing' ) : sanitize_text_field( $label );
     $columns = array(
 
-		'invoice-number'  => array(
-			'title' => $label,
-			'class' => 'text-left',
-		),
+        'invoice-number'  => array(
+            'title' => $label,
+            'class' => 'text-left',
+        ),
 
-		'created-date'    => array(
-			'title' => __( 'Created Date', 'invoicing' ),
-			'class' => 'text-left',
-		),
+        'created-date'    => array(
+            'title' => __( 'Created Date', 'invoicing' ),
+            'class' => 'text-left',
+        ),
 
-		'payment-date'    => array(
-			'title' => __( 'Payment Date', 'invoicing' ),
-			'class' => 'text-left',
-		),
+        'payment-date'    => array(
+            'title' => __( 'Payment Date', 'invoicing' ),
+            'class' => 'text-left',
+        ),
 
-		'invoice-status'  => array(
-			'title' => __( 'Status', 'invoicing' ),
-			'class' => 'text-center',
-		),
+        'invoice-status'  => array(
+            'title' => __( 'Status', 'invoicing' ),
+            'class' => 'text-center',
+        ),
 
-		'invoice-total'   => array(
-			'title' => __( 'Total', 'invoicing' ),
-			'class' => 'text-right',
-		),
+        'invoice-total'   => array(
+            'title' => __( 'Total', 'invoicing' ),
+            'class' => 'text-right',
+        ),
 
-		'invoice-actions' => array(
-			'title' => ' ',
-			'class' => 'text-center',
-		),
+        'invoice-actions' => array(
+            'title' => ' ',
+            'class' => 'text-center',
+        ),
 
-	);
+    );
 
     return apply_filters( 'wpinv_user_invoices_columns', $columns, $post_type );
 }
@@ -1274,22 +1274,22 @@ 
  */
 function getpaid_get_invoice_status_classes() {
 
-	return apply_filters(
-		'getpaid_get_invoice_status_classes',
-		array(
+    return apply_filters(
+        'getpaid_get_invoice_status_classes',
+        array(
             'wpi-quote-declined' => 'badge-danger',
             'wpi-failed'         => 'badge-danger',
-			'wpi-processing'     => 'badge-info',
-			'wpi-onhold'         => 'badge-warning',
-			'wpi-quote-accepted' => 'badge-success',
-			'publish'            => 'badge-success',
-			'wpi-renewal'        => 'badge-primary',
+            'wpi-processing'     => 'badge-info',
+            'wpi-onhold'         => 'badge-warning',
+            'wpi-quote-accepted' => 'badge-success',
+            'publish'            => 'badge-success',
+            'wpi-renewal'        => 'badge-primary',
             'wpi-cancelled'      => 'badge-secondary',
             'wpi-pending'        => 'badge-dark',
             'wpi-quote-pending'  => 'badge-dark',
             'wpi-refunded'       => 'badge-secondary',
-		)
-	);
+        )
+    );
 
 }
 
@@ -1303,7 +1303,7 @@ 
 function getpaid_get_invoice_tax_rate( $invoice, $item ) {
 
     $rates   = getpaid_get_item_tax_rates( $item, $invoice->get_country(), $invoice->get_state() );
-	$rates   = getpaid_filter_item_tax_rates( $item, $rates );
+    $rates   = getpaid_filter_item_tax_rates( $item, $rates );
     $rates   = wp_list_pluck( $rates, 'rate' );
 
     return array_sum( $rates );

includes/wpinv-general-functions.php

Indentation +73 added lines, -73 removed lines

@@ -31,16 +31,16 @@ 
 }
 
 function wpinv_can_checkout() {
-	$can_checkout = true; // Always true for now
+    $can_checkout = true; // Always true for now
 
-	return (bool) apply_filters( 'wpinv_can_checkout', $can_checkout );
+    return (bool) apply_filters( 'wpinv_can_checkout', $can_checkout );
 }
 
 function wpinv_get_success_page_uri() {
-	$page_id = wpinv_get_option( 'success_page', 0 );
-	$page_id = absint( $page_id );
+    $page_id = wpinv_get_option( 'success_page', 0 );
+    $page_id = absint( $page_id );
 
-	return apply_filters( 'wpinv_get_success_page_uri', get_permalink( $page_id ) );
+    return apply_filters( 'wpinv_get_success_page_uri', get_permalink( $page_id ) );
 }
 
 /**
@@ -51,22 +51,22 @@ 
  */
 function wpinv_get_history_page_uri( $post_type = 'wpi_invoice' ) {
     $post_type = sanitize_key( str_replace( 'wpi_', '', $post_type ) );
-	$page_id   = wpinv_get_option( "{$post_type}_history_page", 0 );
-	$page_id   = absint( $page_id );
-	return apply_filters( 'wpinv_get_history_page_uri', get_permalink( $page_id ), $post_type );
+    $page_id   = wpinv_get_option( "{$post_type}_history_page", 0 );
+    $page_id   = absint( $page_id );
+    return apply_filters( 'wpinv_get_history_page_uri', get_permalink( $page_id ), $post_type );
 }
 
 function wpinv_is_success_page() {
-	$is_success_page = wpinv_get_option( 'success_page', false );
-	$is_success_page = ! empty( $is_success_page ) ? is_page( $is_success_page ) : false;
+    $is_success_page = wpinv_get_option( 'success_page', false );
+    $is_success_page = ! empty( $is_success_page ) ? is_page( $is_success_page ) : false;
 
-	return apply_filters( 'wpinv_is_success_page', $is_success_page );
+    return apply_filters( 'wpinv_is_success_page', $is_success_page );
 }
 
 function wpinv_is_invoice_history_page() {
-	$ret = wpinv_get_option( 'invoice_history_page', false );
-	$ret = $ret ? is_page( $ret ) : false;
-	return apply_filters( 'wpinv_is_invoice_history_page', $ret );
+    $ret = wpinv_get_option( 'invoice_history_page', false );
+    $ret = $ret ? is_page( $ret ) : false;
+    return apply_filters( 'wpinv_is_invoice_history_page', $ret );
 }
 
 function wpinv_is_subscriptions_history_page() {
@@ -92,7 +92,7 @@ 
 }
 
 function wpinv_send_to_failed_page( $args = null ) {
-	$redirect = wpinv_get_failed_transaction_uri();
+    $redirect = wpinv_get_failed_transaction_uri();
 
     if ( ! empty( $args ) ) {
         // Check for backward compatibility
@@ -113,58 +113,58 @@ 
 }
 
 function wpinv_get_checkout_uri( $args = array() ) {
-	$uri = wpinv_get_option( 'checkout_page', false );
-	$uri = isset( $uri ) ? get_permalink( $uri ) : null;
+    $uri = wpinv_get_option( 'checkout_page', false );
+    $uri = isset( $uri ) ? get_permalink( $uri ) : null;
 
-	if ( ! empty( $args ) ) {
-		// Check for backward compatibility
-		if ( is_string( $args ) ) {
-			$args = str_replace( '?', '', $args );
+    if ( ! empty( $args ) ) {
+        // Check for backward compatibility
+        if ( is_string( $args ) ) {
+            $args = str_replace( '?', '', $args );
         }
 
-		$args = wp_parse_args( $args );
+        $args = wp_parse_args( $args );
 
-		$uri = add_query_arg( $args, $uri );
-	}
+        $uri = add_query_arg( $args, $uri );
+    }
 
-	$scheme = defined( 'FORCE_SSL_ADMIN' ) && FORCE_SSL_ADMIN ? 'https' : 'admin';
+    $scheme = defined( 'FORCE_SSL_ADMIN' ) && FORCE_SSL_ADMIN ? 'https' : 'admin';
 
-	$ajax_url = admin_url( 'admin-ajax.php', $scheme );
+    $ajax_url = admin_url( 'admin-ajax.php', $scheme );
 
-	if ( ( ! preg_match( '/^https/', $uri ) && preg_match( '/^https/', $ajax_url ) ) || wpinv_is_ssl_enforced() ) {
-		$uri = preg_replace( '/^http:/', 'https:', $uri );
-	}
+    if ( ( ! preg_match( '/^https/', $uri ) && preg_match( '/^https/', $ajax_url ) ) || wpinv_is_ssl_enforced() ) {
+        $uri = preg_replace( '/^http:/', 'https:', $uri );
+    }
 
-	return apply_filters( 'wpinv_get_checkout_uri', $uri );
+    return apply_filters( 'wpinv_get_checkout_uri', $uri );
 }
 
 function wpinv_get_success_page_url( $query_string = null ) {
-	$success_page = wpinv_get_option( 'success_page', 0 );
-	$success_page = get_permalink( $success_page );
+    $success_page = wpinv_get_option( 'success_page', 0 );
+    $success_page = get_permalink( $success_page );
 
-	if ( $query_string ) {
-		$success_page .= $query_string;
+    if ( $query_string ) {
+        $success_page .= $query_string;
     }
 
-	return apply_filters( 'wpinv_success_page_url', $success_page );
+    return apply_filters( 'wpinv_success_page_url', $success_page );
 }
 
 function wpinv_get_failed_transaction_uri( $extras = false ) {
-	$uri = wpinv_get_option( 'failure_page', '' );
-	$uri = ! empty( $uri ) ? trailingslashit( get_permalink( $uri ) ) : home_url();
+    $uri = wpinv_get_option( 'failure_page', '' );
+    $uri = ! empty( $uri ) ? trailingslashit( get_permalink( $uri ) ) : home_url();
 
-	if ( $extras ) {
-		$uri .= $extras;
+    if ( $extras ) {
+        $uri .= $extras;
     }
 
-	return apply_filters( 'wpinv_get_failed_transaction_uri', $uri );
+    return apply_filters( 'wpinv_get_failed_transaction_uri', $uri );
 }
 
 function wpinv_is_failed_transaction_page() {
-	$ret = wpinv_get_option( 'failure_page', false );
-	$ret = isset( $ret ) ? is_page( $ret ) : false;
+    $ret = wpinv_get_option( 'failure_page', false );
+    $ret = isset( $ret ) ? is_page( $ret ) : false;
 
-	return apply_filters( 'wpinv_is_failure_page', $ret );
+    return apply_filters( 'wpinv_is_failure_page', $ret );
 }
 
 function wpinv_transaction_query( $type = 'start' ) {
@@ -244,36 +244,36 @@ 
     $require_billing_details = apply_filters( 'wpinv_checkout_required_billing_details', wpinv_use_taxes() );
 
     if ( $require_billing_details ) {
-		if ( (bool)wpinv_get_option( 'fname_mandatory' ) ) {
-			$required_fields['first_name'] = array(
-				'error_id'      => 'invalid_first_name',
-				'error_message' => __( 'Please enter your first name', 'invoicing' ),
-			);
-		}
-		if ( (bool)wpinv_get_option( 'address_mandatory' ) ) {
-			$required_fields['address'] = array(
-				'error_id'      => 'invalid_address',
-				'error_message' => __( 'Please enter your address', 'invoicing' ),
-			);
-		}
-		if ( (bool)wpinv_get_option( 'city_mandatory' ) ) {
-			$required_fields['city'] = array(
-				'error_id'      => 'invalid_city',
-				'error_message' => __( 'Please enter your billing city', 'invoicing' ),
-			);
-		}
-		if ( (bool)wpinv_get_option( 'state_mandatory' ) ) {
-			$required_fields['state'] = array(
-				'error_id'      => 'invalid_state',
-				'error_message' => __( 'Please enter billing state / province', 'invoicing' ),
-			);
-		}
-		if ( (bool)wpinv_get_option( 'country_mandatory' ) ) {
-			$required_fields['country'] = array(
-				'error_id'      => 'invalid_country',
-				'error_message' => __( 'Please select your billing country', 'invoicing' ),
-			);
-		}
+        if ( (bool)wpinv_get_option( 'fname_mandatory' ) ) {
+            $required_fields['first_name'] = array(
+                'error_id'      => 'invalid_first_name',
+                'error_message' => __( 'Please enter your first name', 'invoicing' ),
+            );
+        }
+        if ( (bool)wpinv_get_option( 'address_mandatory' ) ) {
+            $required_fields['address'] = array(
+                'error_id'      => 'invalid_address',
+                'error_message' => __( 'Please enter your address', 'invoicing' ),
+            );
+        }
+        if ( (bool)wpinv_get_option( 'city_mandatory' ) ) {
+            $required_fields['city'] = array(
+                'error_id'      => 'invalid_city',
+                'error_message' => __( 'Please enter your billing city', 'invoicing' ),
+            );
+        }
+        if ( (bool)wpinv_get_option( 'state_mandatory' ) ) {
+            $required_fields['state'] = array(
+                'error_id'      => 'invalid_state',
+                'error_message' => __( 'Please enter billing state / province', 'invoicing' ),
+            );
+        }
+        if ( (bool)wpinv_get_option( 'country_mandatory' ) ) {
+            $required_fields['country'] = array(
+                'error_id'      => 'invalid_country',
+                'error_message' => __( 'Please select your billing country', 'invoicing' ),
+            );
+        }
     }
 
     return apply_filters( 'wpinv_checkout_required_fields', $required_fields );

includes/wpinv-discount-functions.php

Indentation +33 added lines, -33 removed lines

@@ -160,50 +160,50 @@
  */
 function getpaid_calculate_invoice_discount( $invoice, $discount ) {
 
-	$initial_discount   = 0;
-	$recurring_discount = 0;
+    $initial_discount   = 0;
+    $recurring_discount = 0;
 
-	foreach ( $invoice->get_items() as $item ) {
+    foreach ( $invoice->get_items() as $item ) {
 
-		// Abort if it is not valid for this item.
-		if ( ! $discount->is_valid_for_items( array( $item->get_id() ) ) ) {
-			continue;
-		}
+        // Abort if it is not valid for this item.
+        if ( ! $discount->is_valid_for_items( array( $item->get_id() ) ) ) {
+            continue;
+        }
 
-		// Calculate the initial amount...
-		$item_discount           = $discount->get_discounted_amount( $item->get_sub_total() );
-		$recurring_item_discount = 0;
+        // Calculate the initial amount...
+        $item_discount           = $discount->get_discounted_amount( $item->get_sub_total() );
+        $recurring_item_discount = 0;
 
-		// ... and maybe the recurring amount.
-		if ( $item->is_recurring() && $discount->is_recurring() ) {
-			$recurring_item_discount = $discount->get_discounted_amount( $item->get_recurring_sub_total() );
-		}
+        // ... and maybe the recurring amount.
+        if ( $item->is_recurring() && $discount->is_recurring() ) {
+            $recurring_item_discount = $discount->get_discounted_amount( $item->get_recurring_sub_total() );
+        }
 
-		// Discount should not exceed discounted amount.
-		if ( ! $discount->is_type( 'percent' ) ) {
+        // Discount should not exceed discounted amount.
+        if ( ! $discount->is_type( 'percent' ) ) {
 
-			if ( ( $initial_discount + $item_discount ) > $discount->get_amount() ) {
-				$item_discount = $discount->get_amount() - $initial_discount;
-			}
+            if ( ( $initial_discount + $item_discount ) > $discount->get_amount() ) {
+                $item_discount = $discount->get_amount() - $initial_discount;
+            }
 
-			if ( ( $recurring_discount + $recurring_item_discount ) > $discount->get_amount() ) {
-				$recurring_item_discount = $discount->get_amount() - $recurring_discount;
-			}
+            if ( ( $recurring_discount + $recurring_item_discount ) > $discount->get_amount() ) {
+                $recurring_item_discount = $discount->get_amount() - $recurring_discount;
+            }
 }
 
-		$initial_discount             += $item_discount;
-		$recurring_discount           += $recurring_item_discount;
-		$item->item_discount           = $item_discount;
-		$item->recurring_item_discount = $recurring_item_discount;
+        $initial_discount             += $item_discount;
+        $recurring_discount           += $recurring_item_discount;
+        $item->item_discount           = $item_discount;
+        $item->recurring_item_discount = $recurring_item_discount;
 
-	}
+    }
 
-	return array(
-		'name'               => 'discount_code',
-		'discount_code'      => $discount->get_code(),
-		'initial_discount'   => $initial_discount,
-		'recurring_discount' => $recurring_discount,
-	);
+    return array(
+        'name'               => 'discount_code',
+        'discount_code'      => $discount->get_code(),
+        'initial_discount'   => $initial_discount,
+        'recurring_discount' => $recurring_discount,
+    );
 
 }