Issues in update-1.x.php (2.x) - Issues in 2.x - pods-framework/pods - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

sql/update-1.x.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @package Pods\Upgrade
 */
global $wpdb;
function myFunction($a, $b) {
    // Do something
}

if ( version_compare( $old_version, '1.2.6', '<' ) ) {
	// Add the "required" option
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN required BOOL default 0 AFTER sister_field_id' );

	// Add the "label" option
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN label VARCHAR(32) AFTER name' );

	// Fix table prefixes
	if ( ! empty( $table_prefix ) ) {
		$result = $wpdb->get_results( "SHOW TABLES LIKE 'tbl_%'", ARRAY_N );


		foreach ( $result as $row ) {
			pods_query( "RENAME TABLE `{$row[0]}` TO `@wp_{$row[0]}`" );
		}
	}

	// Change the "post_type" of all pod items
	$result = pods_query( 'SELECT id, name FROM @wp_pod_types' );

	foreach ( $result as $row ) {
		$datatypes[ $row->id ] = $row->name;
	}

	$result = pods_query( 'SELECT post_id, datatype FROM @wp_pod' );

	foreach ( $result as $row ) {
		$datatype = $datatypes[ $row->datatype ];

		pods_query( "UPDATE @wp_posts SET post_type = '$datatype' WHERE ID = $row[0] LIMIT 1" );
	}

	update_option( 'pods_version', '126' );
}//end if

if ( version_compare( $old_version, '1.2.7', '<' ) ) {
	// Add the "comment" option
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN comment VARCHAR(128) AFTER label' );

	update_option( 'pods_version', '127' );
}

if ( version_compare( $old_version, '1.3.1', '<' ) ) {
	$result = $wpdb->get_results( "SHOW TABLES LIKE '{$wpdb->prefix}tbl_%'", ARRAY_N );


	foreach ( $result as $row ) {
		$rename = explode( 'tbl_', $row[0] );
		pods_query( "RENAME TABLE `{$row[0]}` TO `@wp_pod_tbl_{$rename[1]}`" );
	}

	update_option( 'pods_version', '131' );
}

if ( version_compare( $old_version, '1.3.2', '<' ) ) {
	pods_query( "UPDATE @wp_pod_pages SET phpcode = CONCAT('<" . '?' . "php\n', phpcode) WHERE phpcode NOT LIKE '" . '?' . ">%'" );
	pods_query( "UPDATE @wp_pod_pages SET phpcode = SUBSTR(phpcode, 3) WHERE phpcode LIKE '" . '?' . ">%'" );
	pods_query( "UPDATE @wp_pod_widgets SET phpcode = CONCAT('<" . '?' . "php\n', phpcode) WHERE phpcode NOT LIKE '" . '?' . ">%'" );
	pods_query( "UPDATE @wp_pod_widgets SET phpcode = SUBSTR(phpcode, 3) WHERE phpcode LIKE '" . '?' . ">%'" );

	update_option( 'pods_version', '132' );
}

if ( version_compare( $old_version, '1.4.3', '<' ) ) {
	$result = pods_query( "SHOW COLUMNS FROM @wp_pod_types LIKE 'description'" );

	if ( 0 < count( $result ) ) {
		pods_query( 'ALTER TABLE @wp_pod_types CHANGE description label VARCHAR(32)' );
	}

	pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN is_toplevel BOOL default 0 AFTER label' );

	update_option( 'pods_version', '143' );
}

if ( version_compare( $old_version, '1.4.5', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_pages ADD COLUMN title VARCHAR(128) AFTER uri' );

	$sql = '
        CREATE TABLE @wp_pod_menu (
            id INT unsigned auto_increment primary key,
            uri VARCHAR(128),
            title VARCHAR(128),
            lft INT unsigned,
            rgt INT unsigned,
            weight TINYINT unsigned default 0)';
	pods_query( $sql );

	pods_query( "INSERT INTO @wp_pod_menu (uri, title, lft, rgt) VALUES ('/', 'Home', 1, 2)" );

	update_option( 'pods_version', '145' );
}

if ( version_compare( $old_version, '1.4.8', '<' ) ) {
	add_option( 'pods_roles' );

	update_option( 'pods_version', '148' );
}

if ( version_compare( $old_version, '1.4.9', '<' ) ) {
	pods_query( 'RENAME TABLE @wp_pod_widgets TO @wp_pod_helpers' );

	update_option( 'pods_version', '149' );
}

if ( version_compare( $old_version, '1.5', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN `unique` BOOL default 0 AFTER required' );
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN `multiple` BOOL default 0 AFTER `unique`' );
	pods_query( 'ALTER TABLE @wp_pod_pages ADD COLUMN page_template VARCHAR(128) AFTER phpcode' );
	pods_query( 'ALTER TABLE @wp_pod_helpers ADD COLUMN helper_type VARCHAR(16) AFTER name' );
	pods_query( 'ALTER TABLE @wp_pod ADD COLUMN name VARCHAR(128) AFTER datatype' );
	pods_query( 'ALTER TABLE @wp_pod ADD COLUMN created VARCHAR(128) AFTER name' );
	pods_query( 'ALTER TABLE @wp_pod ADD COLUMN modified VARCHAR(128) AFTER created' );
	pods_query( 'ALTER TABLE @wp_pod CHANGE row_id tbl_row_id INT unsigned' );
	pods_query( 'ALTER TABLE @wp_pod_rel CHANGE term_id tbl_row_id INT unsigned' );
	pods_query( 'ALTER TABLE @wp_pod_rel CHANGE post_id pod_id INT unsigned' );
	pods_query( 'ALTER TABLE @wp_pod_rel CHANGE sister_post_id sister_pod_id INT unsigned' );

	// Make all pick columns "multiple" for consistency
	pods_query( "UPDATE @wp_pod_fields SET `multiple` = 1 WHERE coltype = 'pick'" );

	// Use "display" as the default helper type
	pods_query( "UPDATE @wp_pod_helpers SET helper_type = 'display'" );

	// Replace all post_ids with its associated pod_id
	$sql = '
    SELECT
        p.id, p.post_id, r.post_title AS name, r.post_date AS created, r.post_modified AS modified
    FROM
        @wp_pod p
    INNER JOIN
        @wp_posts r ON r.ID = p.post_id
    ';

	$result = pods_query( $sql );

	foreach ( $result as $row ) {
		$row = get_object_vars( $row );

		foreach ( $row as $key => $val ) {
			${$key} = pods_sanitize( trim( $val ) );
		}

		$posts_to_delete[]       = $post_id;
		$all_pod_ids[ $post_id ] = $id;

		pods_query( "UPDATE @wp_pod SET name = '$name', created = '$created', modified = '$modified' WHERE id = $id LIMIT 1" );
	}

	// Replace post_id with pod_id
	$result = pods_query( 'SELECT id, pod_id, sister_pod_id FROM @wp_pod_rel' );

	foreach ( $result as $row ) {
		$id                = $row->id;
		$new_pod_id        = $all_pod_ids[ $row->pod_id ];
		$new_sister_pod_id = $all_pod_ids[ $row->sister_pod_id ];

		pods_query( "UPDATE @wp_pod_rel SET pod_id = '$new_pod_id', sister_pod_id = '$new_sister_pod_id' WHERE id = '$id' LIMIT 1" );
	}

	$posts_to_delete = implode( ',', $posts_to_delete );

	// Remove all traces from wp_posts
	pods_query( 'ALTER TABLE @wp_pod DROP COLUMN post_id' );
	pods_query( "DELETE FROM @wp_posts WHERE ID IN ($posts_to_delete)" );

	update_option( 'pods_version', '150' );
}//end if

if ( version_compare( $old_version, '1.5.1', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN helper VARCHAR(32) AFTER label' );
	pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN before_helpers TEXT AFTER tpl_list' );
	pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN after_helpers TEXT AFTER before_helpers' );

	update_option( 'pods_version', '151' );
}

if ( version_compare( $old_version, '1.6.0', '<' ) ) {
	// Add the "templates" table
	$sql = '
    CREATE TABLE IF NOT EXISTS @wp_pod_templates (
        id INT unsigned auto_increment primary key,
        name VARCHAR(32),
        code TEXT)';
	pods_query( $sql );

	// Add list and detail template presets
	$tpl_list   = '<p><a href="{@detail_url}">{@name}</a></p>';
	$tpl_detail = "<h2>{@name}</h2>\n{@body}";
	pods_query( "INSERT INTO @wp_pod_templates (name, code) VALUES ('detail', '$tpl_detail'),('list', '$tpl_list')" );

	// Try to route old templates as best as possible
	$result = pods_query( 'SELECT name, tpl_detail, tpl_list FROM @wp_pod_types' );

	foreach ( $result as $row ) {
		// Create the new template, e.g. "dtname_list" or "dtname_detail"
		$row = pods_sanitize( $row );

		pods_query( "INSERT INTO @wp_pod_templates (name, code) VALUES ('{$row->name}_detail', '{$row->tpl_detail}'),('{$row->name}_list', '{$row->tpl_list}')" );
	}

	// Drop the "tpl_detail" and "tpl_list" columns
	pods_query( 'ALTER TABLE @wp_pod_types DROP COLUMN tpl_detail, DROP COLUMN tpl_list' );

	// Add the "pick_filter" column
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN pick_filter VARCHAR(128) AFTER pickval' );

	update_option( 'pods_version', '160' );
}//end if

if ( version_compare( $old_version, '1.6.2', '<' ) ) {
	// Remove all beginning and ending slashes from Pod Pages
	pods_query( "UPDATE @wp_pod_pages SET uri = TRIM(BOTH '/' FROM uri)" );

	update_option( 'pods_version', '162' );
}

if ( version_compare( $old_version, '1.6.4', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN pick_orderby TEXT AFTER pick_filter' );
	pods_query( 'ALTER TABLE @wp_pod_fields CHANGE helper display_helper TEXT' );
	pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN input_helper TEXT AFTER display_helper' );

	update_option( 'pods_version', '164' );
}

if ( version_compare( $old_version, '1.6.7', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_pages ADD COLUMN precode LONGTEXT AFTER phpcode' );

	update_option( 'pods_version', '167' );
}

if ( version_compare( $old_version, '1.7.3', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN detail_page VARCHAR(128) AFTER is_toplevel' );

	update_option( 'pods_version', '173' );
}

if ( version_compare( $old_version, '1.7.5', '<' ) ) {
	if ( empty( $pods_roles ) && ! is_array( $pods_roles ) ) {
		$pods_roles = @unserialize( get_option( 'pods_roles' ) );


		if ( ! is_array( $pods_roles ) ) {
			$pods_roles = array();
		}
	}

	if ( is_array( $pods_roles ) ) {
		foreach ( $pods_roles as $role => $privs ) {
			if ( in_array( 'manage_podpages', $privs, true ) ) {
				$pods_roles[ $role ][] = 'manage_pod_pages';

				unset( $pods_roles[ $role ]['manage_podpages'] );
			}
		}
	}

	delete_option( 'pods_roles' );
	add_option( 'pods_roles', serialize( $pods_roles ) );

	update_option( 'pods_version', '175' );
}//end if

if ( version_compare( $old_version, '1.7.6', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_types CHANGE label label VARCHAR(128)' );
	pods_query( 'ALTER TABLE @wp_pod_fields CHANGE label label VARCHAR(128)' );

	$result = pods_query( "SELECT f.id AS field_id, f.name AS field_name, f.datatype AS datatype_id, dt.name AS datatype FROM @wp_pod_fields AS f LEFT JOIN @wp_pod_types AS dt ON dt.id = f.datatype WHERE f.coltype='file'" );

	foreach ( $result as $row ) {
		$items   = pods_query( "SELECT t.id AS tbl_row_id, t.{$row->field_name} AS file, p.id AS pod_id FROM @wp_pod_tbl_{$row->datatype} AS t LEFT JOIN @wp_pod AS p ON p.tbl_row_id = t.id AND p.datatype = {$row->datatype_id} WHERE t.{$row->field_name} != '' AND t.{$row->field_name} IS NOT NULL" );
		$success = false;
		$rels    = array();

		foreach ( (array) $items as $item ) {
			$filename = $item->file;

			if ( strpos( $filename, get_site_url() ) !== false && 0 === strpos( $filename, get_site_url() ) ) {

				$filename = ltrim( $filename, get_site_url() );
			}

			$upload_dir = wp_upload_dir();

			if ( strpos( $filename, str_replace( get_site_url(), '', $upload_dir['baseurl'] ) ) === false ) {

				$success = false;

				break;
			}

			$file = str_replace( '//', '/', ( ABSPATH . $filename ) );

			$wp_filetype = wp_check_filetype( basename( $file ), null );

			$attachment = array(
				'post_mime_type' => $wp_filetype['type'],
				'post_title'     => preg_replace( '/\.[^.]+$/', '', basename( $file ) ),
				'guid'           => str_replace( '//wp-content/', '/wp-content/', get_site_url() . $filename ),
				'post_content'   => '',
				'post_status'    => 'inherit',
			);

			$attach_id = wp_insert_attachment( $attachment, $file, 0 );

			if ( $attach_id > 0 ) {
				require_once ABSPATH . 'wp-admin' . '/includes/image.php';

				$attach_data = wp_generate_attachment_metadata( $attach_id, $file );

				wp_update_attachment_metadata( $attach_id, $attach_data );

				$sizes = array( 'thumb', 'medium', 'large' );

				foreach ( $sizes as $size ) {
					image_downsize( $attach_id, $size );
				}

				$rels[] = array(
					'pod_id'     => $item->pod_id,
					'tbl_row_id' => $item->tbl_row_id,
					'attach_id'  => $attach_id,
					'field_id'   => $row->field_id,
				);

				$success = true;
			}//end if
		}//end foreach
		if ( false !== $success ) {
			foreach ( $rels as $rel ) {
				pods_query( "INSERT INTO @wp_pod_rel (pod_id, field_id, tbl_row_id) VALUES({$rel['pod_id']}, {$rel['field_id']}, {$rel['attach_id']})" );
			}

			pods_query( "ALTER TABLE @wp_pod_tbl_{$row->datatype} DROP COLUMN {$row->field_name}" );
		} else {
			pods_query( "UPDATE @wp_pod_fields SET coltype = 'txt' WHERE id = {$row->field_id}" );
		}
	}//end foreach

	update_option( 'pods_version', '176' );
}//end if

if ( version_compare( $old_version, '1.8.1', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_rel ADD COLUMN weight SMALLINT unsigned AFTER tbl_row_id' );
	pods_query( 'ALTER TABLE @wp_pod_types CHANGE before_helpers pre_save_helpers TEXT' );
	pods_query( 'ALTER TABLE @wp_pod_types CHANGE after_helpers post_save_helpers TEXT' );
	pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN pre_drop_helpers TEXT AFTER pre_save_helpers' );
	pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN post_drop_helpers TEXT AFTER post_save_helpers' );
	pods_query( "UPDATE @wp_pod_helpers SET helper_type = 'pre_save' WHERE helper_type = 'before'" );
	pods_query( "UPDATE @wp_pod_helpers SET helper_type = 'post_save' WHERE helper_type = 'after'" );

	update_option( 'pods_version', '181' );
}

if ( version_compare( $old_version, '1.8.2', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod ADD COLUMN author_id INT unsigned AFTER modified' );
	pods_query( "UPDATE @wp_pod_fields SET pickval = 'wp_taxonomy' WHERE pickval REGEXP '^[0-9]+$'" );
	pods_query( "UPDATE @wp_pod_menu SET uri = '<root>' WHERE uri = '/' LIMIT 1" );

	// Remove beginning and trailing slashes
	$result = pods_query( 'SELECT id, uri FROM @wp_pod_menu' );

	foreach ( $result as $row ) {
		$uri = preg_replace( '@^([/]?)(.*?)([/]?)$@', '$2', $row->uri );
		$uri = pods_sanitize( $uri );
		pods_query( "UPDATE @wp_pod_menu SET uri = '$uri' WHERE id = {$row->id} LIMIT 1" );
	}

	update_option( 'pods_version', '182' );
}

if ( version_compare( $old_version, '1.9.0', '<' ) ) {
	pods_query( 'ALTER TABLE @wp_pod_templates CHANGE `name` `name` VARCHAR(255)' );
	pods_query( 'ALTER TABLE @wp_pod_helpers CHANGE `name` `name` VARCHAR(255)' );
	pods_query( 'ALTER TABLE @wp_pod_fields CHANGE `comment` `comment` VARCHAR(255)' );

	// Remove beginning and trailing slashes
	$result = pods_query( 'SELECT id, uri FROM @wp_pod_pages' );

	foreach ( $result as $row ) {
		$uri = trim( $row->uri, '/' );
		$uri = pods_sanitize( $uri );
		pods_query( "UPDATE @wp_pod_pages SET uri = '$uri' WHERE id = {$row->id} LIMIT 1" );
	}

	update_option( 'pods_version', '190' );
}

if ( version_compare( $old_version, '1.9.6', '<' ) ) {
	add_option( 'pods_disable_file_browser', 0 );
	add_option( 'pods_files_require_login', 0 );
	add_option( 'pods_files_require_login_cap', 'upload_files' );
	add_option( 'pods_disable_file_upload', 0 );
	add_option( 'pods_upload_require_login', 0 );
	add_option( 'pods_upload_require_login_cap', 'upload_files' );

	update_option( 'pods_version', '196' );
}

if ( version_compare( $old_version, '1.9.7', '<' ) ) {
	pods_query( 'ALTER TABLE `@wp_pod` CHANGE `id` `id` BIGINT(15) UNSIGNED NOT NULL AUTO_INCREMENT' );
	pods_query( 'ALTER TABLE `@wp_pod` CHANGE `tbl_row_id` `tbl_row_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
	pods_query( 'ALTER TABLE `@wp_pod` CHANGE `author_id` `author_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
	pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `id` `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT' );
	pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `pod_id` `pod_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
	pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `sister_pod_id` `sister_pod_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
	pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `tbl_row_id` `tbl_row_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
	pods_query( "ALTER TABLE `@wp_pod_rel` CHANGE `weight` `weight` INT(10) UNSIGNED NULL DEFAULT '0'" );

	update_option( 'pods_version', '197' );
}

if ( version_compare( $old_version, '1.11', '<' ) ) {
	pods_query( 'ALTER TABLE `@wp_pod` CHANGE `datatype` `datatype` INT(10) UNSIGNED NULL DEFAULT NULL' );
	pods_query( 'ALTER TABLE `@wp_pod` DROP INDEX `datatype_idx`', false );
	pods_query( 'ALTER TABLE `@wp_pod` ADD INDEX `datatype_row_idx` (`datatype`, `tbl_row_id`)', false );
	pods_query( 'ALTER TABLE `@wp_pod_rel` DROP INDEX `field_id_idx`', false );
	pods_query( 'ALTER TABLE `@wp_pod_rel` ADD INDEX `field_pod_idx` (`field_id`, `pod_id`)', false );
	pods_query( 'ALTER TABLE `@wp_pod_fields` CHANGE `datatype` `datatype` INT(10) UNSIGNED NULL DEFAULT NULL' );
	$result = pods_query( 'SELECT id, name FROM @wp_pod_types' );
	foreach ( $result as $row ) {
		$pod = pods_sanitize( $row->name );
		pods_query( "ALTER TABLE `@wp_pod_tbl_{$pod}` CHANGE `id` `id` BIGINT(15) UNSIGNED NOT NULL AUTO_INCREMENT" );
	}
	update_option( 'pods_version', '001011000' );
}


Issues (2873)

Security Analysis not enabled

sql/update-1.x.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1			<?php
2			/**
3			* @package Pods\Upgrade
4			*/
5			global $wpdb;
			0 ignored issues – show Compatibility Best Practice introduced 2015-11-23 18:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
6
7			if ( version_compare( $old_version, '1.2.6', '<' ) ) {
8			// Add the "required" option
9			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN required BOOL default 0 AFTER sister_field_id' );
10
11			// Add the "label" option
12			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN label VARCHAR(32) AFTER name' );
13
14			// Fix table prefixes
15			if ( ! empty( $table_prefix ) ) {
16			$result = $wpdb->get_results( "SHOW TABLES LIKE 'tbl_%'", ARRAY_N );
			0 ignored issues – show introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
17
18			foreach ( $result as $row ) {
19			pods_query( "RENAME TABLE `{$row[0]}` TO `@wp_{$row[0]}`" );
20			}
21			}
22
23			// Change the "post_type" of all pod items
24			$result = pods_query( 'SELECT id, name FROM @wp_pod_types' );
25
26			foreach ( $result as $row ) {
27			$datatypes[ $row->id ] = $row->name;
28			}
29
30			$result = pods_query( 'SELECT post_id, datatype FROM @wp_pod' );
31
32			foreach ( $result as $row ) {
33			$datatype = $datatypes[ $row->datatype ];
34
35			pods_query( "UPDATE @wp_posts SET post_type = '$datatype' WHERE ID = $row[0] LIMIT 1" );
36			}
37
38			update_option( 'pods_version', '126' );
39			}//end if
40
41			if ( version_compare( $old_version, '1.2.7', '<' ) ) {
42			// Add the "comment" option
43			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN comment VARCHAR(128) AFTER label' );
44
45			update_option( 'pods_version', '127' );
46			}
47
48			if ( version_compare( $old_version, '1.3.1', '<' ) ) {
49			$result = $wpdb->get_results( "SHOW TABLES LIKE '{$wpdb->prefix}tbl_%'", ARRAY_N );
			0 ignored issues – show introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
50
51			foreach ( $result as $row ) {
52			$rename = explode( 'tbl_', $row[0] );
53			pods_query( "RENAME TABLE `{$row[0]}` TO `@wp_pod_tbl_{$rename[1]}`" );
54			}
55
56			update_option( 'pods_version', '131' );
57			}
58
59			if ( version_compare( $old_version, '1.3.2', '<' ) ) {
60			pods_query( "UPDATE @wp_pod_pages SET phpcode = CONCAT('<" . '?' . "php\n', phpcode) WHERE phpcode NOT LIKE '" . '?' . ">%'" );
61			pods_query( "UPDATE @wp_pod_pages SET phpcode = SUBSTR(phpcode, 3) WHERE phpcode LIKE '" . '?' . ">%'" );
62			pods_query( "UPDATE @wp_pod_widgets SET phpcode = CONCAT('<" . '?' . "php\n', phpcode) WHERE phpcode NOT LIKE '" . '?' . ">%'" );
63			pods_query( "UPDATE @wp_pod_widgets SET phpcode = SUBSTR(phpcode, 3) WHERE phpcode LIKE '" . '?' . ">%'" );
64
65			update_option( 'pods_version', '132' );
66			}
67
68			if ( version_compare( $old_version, '1.4.3', '<' ) ) {
69			$result = pods_query( "SHOW COLUMNS FROM @wp_pod_types LIKE 'description'" );
70
71			if ( 0 < count( $result ) ) {
72			pods_query( 'ALTER TABLE @wp_pod_types CHANGE description label VARCHAR(32)' );
73			}
74
75			pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN is_toplevel BOOL default 0 AFTER label' );
76
77			update_option( 'pods_version', '143' );
78			}
79
80			if ( version_compare( $old_version, '1.4.5', '<' ) ) {
81			pods_query( 'ALTER TABLE @wp_pod_pages ADD COLUMN title VARCHAR(128) AFTER uri' );
82
83			$sql = '
84			CREATE TABLE @wp_pod_menu (
85			id INT unsigned auto_increment primary key,
86			uri VARCHAR(128),
87			title VARCHAR(128),
88			lft INT unsigned,
89			rgt INT unsigned,
90			weight TINYINT unsigned default 0)';
91			pods_query( $sql );
92
93			pods_query( "INSERT INTO @wp_pod_menu (uri, title, lft, rgt) VALUES ('/', 'Home', 1, 2)" );
94
95			update_option( 'pods_version', '145' );
96			}
97
98			if ( version_compare( $old_version, '1.4.8', '<' ) ) {
99			add_option( 'pods_roles' );
100
101			update_option( 'pods_version', '148' );
102			}
103
104			if ( version_compare( $old_version, '1.4.9', '<' ) ) {
105			pods_query( 'RENAME TABLE @wp_pod_widgets TO @wp_pod_helpers' );
106
107			update_option( 'pods_version', '149' );
108			}
109
110			if ( version_compare( $old_version, '1.5', '<' ) ) {
111			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN `unique` BOOL default 0 AFTER required' );
112			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN `multiple` BOOL default 0 AFTER `unique`' );
113			pods_query( 'ALTER TABLE @wp_pod_pages ADD COLUMN page_template VARCHAR(128) AFTER phpcode' );
114			pods_query( 'ALTER TABLE @wp_pod_helpers ADD COLUMN helper_type VARCHAR(16) AFTER name' );
115			pods_query( 'ALTER TABLE @wp_pod ADD COLUMN name VARCHAR(128) AFTER datatype' );
116			pods_query( 'ALTER TABLE @wp_pod ADD COLUMN created VARCHAR(128) AFTER name' );
117			pods_query( 'ALTER TABLE @wp_pod ADD COLUMN modified VARCHAR(128) AFTER created' );
118			pods_query( 'ALTER TABLE @wp_pod CHANGE row_id tbl_row_id INT unsigned' );
119			pods_query( 'ALTER TABLE @wp_pod_rel CHANGE term_id tbl_row_id INT unsigned' );
120			pods_query( 'ALTER TABLE @wp_pod_rel CHANGE post_id pod_id INT unsigned' );
121			pods_query( 'ALTER TABLE @wp_pod_rel CHANGE sister_post_id sister_pod_id INT unsigned' );
122
123			// Make all pick columns "multiple" for consistency
124			pods_query( "UPDATE @wp_pod_fields SET `multiple` = 1 WHERE coltype = 'pick'" );
125
126			// Use "display" as the default helper type
127			pods_query( "UPDATE @wp_pod_helpers SET helper_type = 'display'" );
128
129			// Replace all post_ids with its associated pod_id
130			$sql = '
131			SELECT
132			p.id, p.post_id, r.post_title AS name, r.post_date AS created, r.post_modified AS modified
133			FROM
134			@wp_pod p
135			INNER JOIN
136			@wp_posts r ON r.ID = p.post_id
137			';
138
139			$result = pods_query( $sql );
140
141			foreach ( $result as $row ) {
142			$row = get_object_vars( $row );
143
144			foreach ( $row as $key => $val ) {
145			${$key} = pods_sanitize( trim( $val ) );
146			}
147
148			$posts_to_delete[] = $post_id;
149			$all_pod_ids[ $post_id ] = $id;
150
151			pods_query( "UPDATE @wp_pod SET name = '$name', created = '$created', modified = '$modified' WHERE id = $id LIMIT 1" );
152			}
153
154			// Replace post_id with pod_id
155			$result = pods_query( 'SELECT id, pod_id, sister_pod_id FROM @wp_pod_rel' );
156
157			foreach ( $result as $row ) {
158			$id = $row->id;
159			$new_pod_id = $all_pod_ids[ $row->pod_id ];
160			$new_sister_pod_id = $all_pod_ids[ $row->sister_pod_id ];
161
162			pods_query( "UPDATE @wp_pod_rel SET pod_id = '$new_pod_id', sister_pod_id = '$new_sister_pod_id' WHERE id = '$id' LIMIT 1" );
163			}
164
165			$posts_to_delete = implode( ',', $posts_to_delete );
166
167			// Remove all traces from wp_posts
168			pods_query( 'ALTER TABLE @wp_pod DROP COLUMN post_id' );
169			pods_query( "DELETE FROM @wp_posts WHERE ID IN ($posts_to_delete)" );
170
171			update_option( 'pods_version', '150' );
172			}//end if
173
174			if ( version_compare( $old_version, '1.5.1', '<' ) ) {
175			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN helper VARCHAR(32) AFTER label' );
176			pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN before_helpers TEXT AFTER tpl_list' );
177			pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN after_helpers TEXT AFTER before_helpers' );
178
179			update_option( 'pods_version', '151' );
180			}
181
182			if ( version_compare( $old_version, '1.6.0', '<' ) ) {
183			// Add the "templates" table
184			$sql = '
185			CREATE TABLE IF NOT EXISTS @wp_pod_templates (
186			id INT unsigned auto_increment primary key,
187			name VARCHAR(32),
188			code TEXT)';
189			pods_query( $sql );
190
191			// Add list and detail template presets
192			$tpl_list = '<p><a href="{@detail_url}">{@name}</a></p>';
193			$tpl_detail = "<h2>{@name}</h2>\n{@body}";
194			pods_query( "INSERT INTO @wp_pod_templates (name, code) VALUES ('detail', '$tpl_detail'),('list', '$tpl_list')" );
195
196			// Try to route old templates as best as possible
197			$result = pods_query( 'SELECT name, tpl_detail, tpl_list FROM @wp_pod_types' );
198
199			foreach ( $result as $row ) {
200			// Create the new template, e.g. "dtname_list" or "dtname_detail"
201			$row = pods_sanitize( $row );
202
203			pods_query( "INSERT INTO @wp_pod_templates (name, code) VALUES ('{$row->name}_detail', '{$row->tpl_detail}'),('{$row->name}_list', '{$row->tpl_list}')" );
204			}
205
206			// Drop the "tpl_detail" and "tpl_list" columns
207			pods_query( 'ALTER TABLE @wp_pod_types DROP COLUMN tpl_detail, DROP COLUMN tpl_list' );
208
209			// Add the "pick_filter" column
210			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN pick_filter VARCHAR(128) AFTER pickval' );
211
212			update_option( 'pods_version', '160' );
213			}//end if
214
215			if ( version_compare( $old_version, '1.6.2', '<' ) ) {
216			// Remove all beginning and ending slashes from Pod Pages
217			pods_query( "UPDATE @wp_pod_pages SET uri = TRIM(BOTH '/' FROM uri)" );
218
219			update_option( 'pods_version', '162' );
220			}
221
222			if ( version_compare( $old_version, '1.6.4', '<' ) ) {
223			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN pick_orderby TEXT AFTER pick_filter' );
224			pods_query( 'ALTER TABLE @wp_pod_fields CHANGE helper display_helper TEXT' );
225			pods_query( 'ALTER TABLE @wp_pod_fields ADD COLUMN input_helper TEXT AFTER display_helper' );
226
227			update_option( 'pods_version', '164' );
228			}
229
230			if ( version_compare( $old_version, '1.6.7', '<' ) ) {
231			pods_query( 'ALTER TABLE @wp_pod_pages ADD COLUMN precode LONGTEXT AFTER phpcode' );
232
233			update_option( 'pods_version', '167' );
234			}
235
236			if ( version_compare( $old_version, '1.7.3', '<' ) ) {
237			pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN detail_page VARCHAR(128) AFTER is_toplevel' );
238
239			update_option( 'pods_version', '173' );
240			}
241
242			if ( version_compare( $old_version, '1.7.5', '<' ) ) {
243			if ( empty( $pods_roles ) && ! is_array( $pods_roles ) ) {
244			$pods_roles = @unserialize( get_option( 'pods_roles' ) );
			0 ignored issues – show Coding Style introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Silencing errors is discouraged Loading history...
245
246			if ( ! is_array( $pods_roles ) ) {
247			$pods_roles = array();
248			}
249			}
250
251			if ( is_array( $pods_roles ) ) {
252			foreach ( $pods_roles as $role => $privs ) {
253			if ( in_array( 'manage_podpages', $privs, true ) ) {
254			$pods_roles[ $role ][] = 'manage_pod_pages';
255
256			unset( $pods_roles[ $role ]['manage_podpages'] );
257			}
258			}
259			}
260
261			delete_option( 'pods_roles' );
262			add_option( 'pods_roles', serialize( $pods_roles ) );
263
264			update_option( 'pods_version', '175' );
265			}//end if
266
267			if ( version_compare( $old_version, '1.7.6', '<' ) ) {
268			pods_query( 'ALTER TABLE @wp_pod_types CHANGE label label VARCHAR(128)' );
269			pods_query( 'ALTER TABLE @wp_pod_fields CHANGE label label VARCHAR(128)' );
270
271			$result = pods_query( "SELECT f.id AS field_id, f.name AS field_name, f.datatype AS datatype_id, dt.name AS datatype FROM @wp_pod_fields AS f LEFT JOIN @wp_pod_types AS dt ON dt.id = f.datatype WHERE f.coltype='file'" );
272
273			foreach ( $result as $row ) {
274			$items = pods_query( "SELECT t.id AS tbl_row_id, t.{$row->field_name} AS file, p.id AS pod_id FROM @wp_pod_tbl_{$row->datatype} AS t LEFT JOIN @wp_pod AS p ON p.tbl_row_id = t.id AND p.datatype = {$row->datatype_id} WHERE t.{$row->field_name} != '' AND t.{$row->field_name} IS NOT NULL" );
275			$success = false;
276			$rels = array();
277
278			foreach ( (array) $items as $item ) {
279			$filename = $item->file;
280
281			if ( strpos( $filename, get_site_url() ) !== false && 0 === strpos( $filename, get_site_url() ) ) {
			0 ignored issues – show introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Found "!== false". Use Yoda Condition checks, you must Loading history...
282			$filename = ltrim( $filename, get_site_url() );
283			}
284
285			$upload_dir = wp_upload_dir();
286
287			if ( strpos( $filename, str_replace( get_site_url(), '', $upload_dir['baseurl'] ) ) === false ) {
			0 ignored issues – show introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Found "=== false". Use Yoda Condition checks, you must Loading history...
288			$success = false;
289
290			break;
291			}
292
293			$file = str_replace( '//', '/', ( ABSPATH . $filename ) );
294
295			$wp_filetype = wp_check_filetype( basename( $file ), null );
296
297			$attachment = array(
298			'post_mime_type' => $wp_filetype['type'],
299			'post_title' => preg_replace( '/\.[^.]+$/', '', basename( $file ) ),
300			'guid' => str_replace( '//wp-content/', '/wp-content/', get_site_url() . $filename ),
301			'post_content' => '',
302			'post_status' => 'inherit',
303			);
304
305			$attach_id = wp_insert_attachment( $attachment, $file, 0 );
306
307			if ( $attach_id > 0 ) {
308			require_once ABSPATH . 'wp-admin' . '/includes/image.php';
309
310			$attach_data = wp_generate_attachment_metadata( $attach_id, $file );
311
312			wp_update_attachment_metadata( $attach_id, $attach_data );
313
314			$sizes = array( 'thumb', 'medium', 'large' );
315
316			foreach ( $sizes as $size ) {
317			image_downsize( $attach_id, $size );
318			}
319
320			$rels[] = array(
321			'pod_id' => $item->pod_id,
322			'tbl_row_id' => $item->tbl_row_id,
323			'attach_id' => $attach_id,
324			'field_id' => $row->field_id,
325			);
326
327			$success = true;
328			}//end if
329			}//end foreach
330			if ( false !== $success ) {
331			foreach ( $rels as $rel ) {
332			pods_query( "INSERT INTO @wp_pod_rel (pod_id, field_id, tbl_row_id) VALUES({$rel['pod_id']}, {$rel['field_id']}, {$rel['attach_id']})" );
333			}
334
335			pods_query( "ALTER TABLE @wp_pod_tbl_{$row->datatype} DROP COLUMN {$row->field_name}" );
336			} else {
337			pods_query( "UPDATE @wp_pod_fields SET coltype = 'txt' WHERE id = {$row->field_id}" );
338			}
339			}//end foreach
340
341			update_option( 'pods_version', '176' );
342			}//end if
343
344			if ( version_compare( $old_version, '1.8.1', '<' ) ) {
345			pods_query( 'ALTER TABLE @wp_pod_rel ADD COLUMN weight SMALLINT unsigned AFTER tbl_row_id' );
346			pods_query( 'ALTER TABLE @wp_pod_types CHANGE before_helpers pre_save_helpers TEXT' );
347			pods_query( 'ALTER TABLE @wp_pod_types CHANGE after_helpers post_save_helpers TEXT' );
348			pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN pre_drop_helpers TEXT AFTER pre_save_helpers' );
349			pods_query( 'ALTER TABLE @wp_pod_types ADD COLUMN post_drop_helpers TEXT AFTER post_save_helpers' );
350			pods_query( "UPDATE @wp_pod_helpers SET helper_type = 'pre_save' WHERE helper_type = 'before'" );
351			pods_query( "UPDATE @wp_pod_helpers SET helper_type = 'post_save' WHERE helper_type = 'after'" );
352
353			update_option( 'pods_version', '181' );
354			}
355
356			if ( version_compare( $old_version, '1.8.2', '<' ) ) {
357			pods_query( 'ALTER TABLE @wp_pod ADD COLUMN author_id INT unsigned AFTER modified' );
358			pods_query( "UPDATE @wp_pod_fields SET pickval = 'wp_taxonomy' WHERE pickval REGEXP '^[0-9]+$'" );
359			pods_query( "UPDATE @wp_pod_menu SET uri = '<root>' WHERE uri = '/' LIMIT 1" );
360
361			// Remove beginning and trailing slashes
362			$result = pods_query( 'SELECT id, uri FROM @wp_pod_menu' );
363
364			foreach ( $result as $row ) {
365			$uri = preg_replace( '@^([/]?)(.*?)([/]?)$@', '$2', $row->uri );
366			$uri = pods_sanitize( $uri );
367			pods_query( "UPDATE @wp_pod_menu SET uri = '$uri' WHERE id = {$row->id} LIMIT 1" );
368			}
369
370			update_option( 'pods_version', '182' );
371			}
372
373			if ( version_compare( $old_version, '1.9.0', '<' ) ) {
374			pods_query( 'ALTER TABLE @wp_pod_templates CHANGE `name` `name` VARCHAR(255)' );
375			pods_query( 'ALTER TABLE @wp_pod_helpers CHANGE `name` `name` VARCHAR(255)' );
376			pods_query( 'ALTER TABLE @wp_pod_fields CHANGE `comment` `comment` VARCHAR(255)' );
377
378			// Remove beginning and trailing slashes
379			$result = pods_query( 'SELECT id, uri FROM @wp_pod_pages' );
380
381			foreach ( $result as $row ) {
382			$uri = trim( $row->uri, '/' );
383			$uri = pods_sanitize( $uri );
384			pods_query( "UPDATE @wp_pod_pages SET uri = '$uri' WHERE id = {$row->id} LIMIT 1" );
385			}
386
387			update_option( 'pods_version', '190' );
388			}
389
390			if ( version_compare( $old_version, '1.9.6', '<' ) ) {
391			add_option( 'pods_disable_file_browser', 0 );
392			add_option( 'pods_files_require_login', 0 );
393			add_option( 'pods_files_require_login_cap', 'upload_files' );
394			add_option( 'pods_disable_file_upload', 0 );
395			add_option( 'pods_upload_require_login', 0 );
396			add_option( 'pods_upload_require_login_cap', 'upload_files' );
397
398			update_option( 'pods_version', '196' );
399			}
400
401			if ( version_compare( $old_version, '1.9.7', '<' ) ) {
402			pods_query( 'ALTER TABLE `@wp_pod` CHANGE `id` `id` BIGINT(15) UNSIGNED NOT NULL AUTO_INCREMENT' );
403			pods_query( 'ALTER TABLE `@wp_pod` CHANGE `tbl_row_id` `tbl_row_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
404			pods_query( 'ALTER TABLE `@wp_pod` CHANGE `author_id` `author_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
405			pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `id` `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT' );
406			pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `pod_id` `pod_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
407			pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `sister_pod_id` `sister_pod_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
408			pods_query( 'ALTER TABLE `@wp_pod_rel` CHANGE `tbl_row_id` `tbl_row_id` BIGINT(15) UNSIGNED NULL DEFAULT NULL' );
409			pods_query( "ALTER TABLE `@wp_pod_rel` CHANGE `weight` `weight` INT(10) UNSIGNED NULL DEFAULT '0'" );
410
411			update_option( 'pods_version', '197' );
412			}
413
414			if ( version_compare( $old_version, '1.11', '<' ) ) {
415			pods_query( 'ALTER TABLE `@wp_pod` CHANGE `datatype` `datatype` INT(10) UNSIGNED NULL DEFAULT NULL' );
416			pods_query( 'ALTER TABLE `@wp_pod` DROP INDEX `datatype_idx`', false );
417			pods_query( 'ALTER TABLE `@wp_pod` ADD INDEX `datatype_row_idx` (`datatype`, `tbl_row_id`)', false );
418			pods_query( 'ALTER TABLE `@wp_pod_rel` DROP INDEX `field_id_idx`', false );
419			pods_query( 'ALTER TABLE `@wp_pod_rel` ADD INDEX `field_pod_idx` (`field_id`, `pod_id`)', false );
420			pods_query( 'ALTER TABLE `@wp_pod_fields` CHANGE `datatype` `datatype` INT(10) UNSIGNED NULL DEFAULT NULL' );
421			$result = pods_query( 'SELECT id, name FROM @wp_pod_types' );
422			foreach ( $result as $row ) {
423			$pod = pods_sanitize( $row->name );
424			pods_query( "ALTER TABLE `@wp_pod_tbl_{$pod}` CHANGE `id` `id` BIGINT(15) UNSIGNED NOT NULL AUTO_INCREMENT" );
425			}
426			update_option( 'pods_version', '001011000' );
427			}
428

pods-framework / pods

Issues (2873)

Security Analysis not enabled

sql/update-1.x.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like