Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3051393

Timestamp:

03/15/2024 01:08:14 AM (2 years ago)

Author:

kevon.adonis

Message:

Pushing v2.6.5 - see changelog

Location:

wp-abstracts-manuscripts-manager

Files:

: 760 added
: 10 edited

Legend:

: Unmodified
: Added
: Removed

wp-abstracts-manuscripts-manager/trunk/abstracts/abstracts.classes.php

-                      r2844958
+                      r3051393
         global $wpdb, $_wp_column_headers;
         $screen = get_current_screen();
+        $abs_tbl = $wpdb->prefix."wpabstracts_abstracts";
+        $events_tbl = $wpdb->prefix."wpabstracts_events";
+        $users_tbl = $wpdb->base_prefix."users";
+        $query = "SELECT abs.abstract_id, abs.title, abs.event, abs.topic, abs.author, abs.presenter_preference, abs.status as abs_status, abs.submit_date, abs.modified_date, abs.submit_by, abs.keywords, event.event_id, event.name, users.display_name, users.user_login, users.user_email ";
+        $query .= "FROM " . $abs_tbl . " as abs ";
+        $query .= "LEFT JOIN " . $users_tbl . " as users ";
+        $query .= "ON abs.submit_by = users.ID ";
+        $query .= "LEFT JOIN " . $events_tbl . " as event ";
+        $query .= "ON abs.event = event.event_id WHERE event.status = 1";
+        $abs_tbl = $wpdb->prefix . "wpabstracts_abstracts";
+        $events_tbl = $wpdb->prefix . "wpabstracts_events";
+        $users_tbl = $wpdb->base_prefix . "users";
+        $query = $wpdb->prepare(
+            "SELECT abs.abstract_id, abs.title, abs.event, abs.topic, abs.author, abs.presenter_preference, abs.status AS abs_status, abs.submit_date, abs.modified_date, abs.submit_by, abs.keywords, event.event_id, event.name, users.display_name, users.user_login, users.user_email
+            FROM {$abs_tbl} AS abs
+            LEFT JOIN {$users_tbl} AS users ON abs.submit_by = users.ID
+            LEFT JOIN {$events_tbl} AS event ON abs.event = event.event_id
+            WHERE event.status = %d",
+        );
         $searched = false;
         $statusFiltered = false;
+        $preferenceFiltered = false;
+        if(isset($_GET['s']) && $_GET['s']){
+        $preferenceFiltered = false;
+        if (isset($_GET['s']) && $_GET['s']) {
             $term = trim(sanitize_text_field($_GET['s']));
+            $query .= " WHERE (abs.abstract_id LIKE '%$term%' OR abs.title LIKE '%$term%' OR abs.topic LIKE '%$term%' OR abs.author LIKE '%$term%' OR users.user_login LIKE '%$term%' OR users.display_name LIKE '%$term%')";
+            $query .= $wpdb->prepare(
+                " AND (abs.abstract_id LIKE %s OR abs.title LIKE %s OR abs.topic LIKE %s OR abs.author LIKE %s OR users.user_login LIKE %s OR users.display_name LIKE %s)",
+                '%' . $wpdb->esc_like($term) . '%',
+                '%' . $wpdb->esc_like($term) . '%',
+                '%' . $wpdb->esc_like($term) . '%',
+                '%' . $wpdb->esc_like($term) . '%',
+                '%' . $wpdb->esc_like($term) . '%',
+                '%' . $wpdb->esc_like($term) . '%'
+            );
             $searched = true;
+        }
+        if(isset($_GET['status_filter']) && $_GET['status_filter']){
+        if (isset($_GET['status_filter']) && $_GET['status_filter']) {
             $status_filter = trim(sanitize_text_field($_GET['status_filter']));
             $statusFiltered = true;
+            if($searched || $preferenceFiltered){
+                $query .= " AND status = " . $status_filter;
+            }else{
+                $query .= " WHERE abs.status = " . $status_filter;
+            }
+        }
+        if(isset($_GET['preference_filter']) && $_GET['preference_filter']){
+            if ($searched || $preferenceFiltered) {
+                $query .= $wpdb->prepare(" AND abs.status = %d", $status_filter);
+            } else {
+                $query .= $wpdb->prepare(" AND abs.status = %d", $status_filter);
+            }
+        }
+        if (isset($_GET['preference_filter']) && $_GET['preference_filter']) {
             $preference_filter = trim(sanitize_text_field($_GET['preference_filter']));
+            if($searched || $statusFiltered){
+                $query .= " AND abs.presenter_preference = '$preference_filter'";
+            }else{
+                $query .= " WHERE abs.presenter_preference = '$preference_filter'";
+            }
+        }
+            if ($searched || $statusFiltered) {
+                $query .= $wpdb->prepare(" AND abs.presenter_preference = %s", $preference_filter);
+            } else {
+                $query .= $wpdb->prepare(" AND abs.presenter_preference = %s", $preference_filter);
+            }
+        }
         $orderby = !empty($_GET["orderby"]) ? sanitize_text_field($_GET["orderby"]) : 'abs.abstract_id';
         $order = !empty($_GET["order"]) ? sanitize_text_field($_GET["order"]) : 'desc';
+        if(!empty($orderby) & !empty($order)){ $query.=' ORDER BY '.$orderby.' '.$order; }
+        if (!empty($orderby) && !empty($order)) {
+            $query .= " ORDER BY {$orderby} {$order}";
+        }
         $this->process_bulk_action();
         $this->items = $wpdb->get_results($query);
         $columns = $this->get_columns();
         $_wp_column_headers[$screen->id]=$columns;

wp-abstracts-manuscripts-manager/trunk/emails/emails.classes.php

-                      r2844959
+                      r3051393
         global $wpdb, $_wp_column_headers;
         $screen = get_current_screen();
+        $templates_tbl = $wpdb->prefix."wpabstracts_emailtemplates";
+        $query = "SELECT * FROM {$templates_tbl} WHERE `type` = 'abstract'";
+        $templates_tbl = $wpdb->prefix . "wpabstracts_emailtemplates";
+        $query = $wpdb->prepare(
+            "SELECT * FROM {$templates_tbl} WHERE `type` = %s",
+            'abstract'
+        );
         $orderby = !empty($_GET["orderby"]) ? sanitize_text_field($_GET["orderby"]) : 'ID';
         $order = !empty($_GET["order"]) ? sanitize_text_field($_GET["order"]) : 'desc';
+        if(!empty($orderby) & !empty($order)){ $query.=' ORDER BY '.$orderby.' '.$order; }
+        if (!empty($orderby) && !empty($order)) {
+            $query .= $wpdb->prepare(
+                " ORDER BY %s %s",
+                $orderby,
+                $order
+            );
+        }
         $this->process_bulk_action();
         $this->items = $wpdb->get_results($query);
-        /* -- Register the Columns -- */
         $columns = $this->get_columns();
         $_wp_column_headers[$screen->id]=$columns;

wp-abstracts-manuscripts-manager/trunk/events/events.manage.php

-                      r2355706
+                      r3051393
             $abs_ids = wpabstracts_get_abstracts('event_id', $id);
             if($abs_ids) {
+                $wpdb->query("DELETE FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `abstract_id` IN($abs_ids)");
+                $wpdb->query("DELETE FROM {$wpdb->prefix}wpabstracts_attachments WHERE `abstracts_id` IN($abs_ids)");
+            }
+            $wpdb->query("DELETE FROM {$wpdb->prefix}wpabstracts_events WHERE `event_id` = " . intval($id));
+                $wpdb->query(
+                    $wpdb->prepare(
+                        "DELETE FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `abstract_id` IN (%s)",
+                        $abs_ids
+                    )
+                );
+                $wpdb->query(
+                    $wpdb->prepare(
+                        "DELETE FROM {$wpdb->prefix}wpabstracts_attachments WHERE `abstracts_id` IN (%s)",
+                        $abs_ids
+                    )
+                );
+            }
+            $wpdb->query(
+                $wpdb->prepare(
+                    "DELETE FROM {$wpdb->prefix}wpabstracts_events WHERE `event_id` = %d",
+                    $id
+                )
+            );
             wpabstracts_show_message("Event ID ". intval($id) . " was successfully deleted", 'alert-success');
         }else {
 …
     if($_POST['event_id']){
         $event_id = intval($_POST['event_id']);
+        $event = $wpdb->get_row("SELECT topics FROM {$wpdb->prefix}wpabstracts_events Where event_id =" . $event_id);
+        $event = $wpdb->get_row(
+            $wpdb->prepare(
+                "SELECT topics FROM {$wpdb->prefix}wpabstracts_events WHERE event_id = %d",
+                $event_id
+            )
+        );
         $topics = explode('|',$event->topics);
         foreach($topics as $topic){ ?>

wp-abstracts-manuscripts-manager/trunk/inc/wpabstracts_classes.php

-                      r2844958
+                      r3051393
         global $wpdb, $_wp_column_headers;
         $screen = get_current_screen();
+        $attachments_tbl = $wpdb->prefix."wpabstracts_attachments";
+        $abstracts_tbl = $wpdb->prefix."wpabstracts_abstracts";
+        $events_tbl = $wpdb->prefix."wpabstracts_events";
+        $query = "SELECT atts.attachment_id, atts.abstracts_id, atts.filename, atts.filesize, abs.abstract_id, abs.title, abs.event, abs.topic, abs.submit_by, event.name as event_name FROM " . $attachments_tbl . " AS atts ";
+        $query .="LEFT JOIN " . $abstracts_tbl . " AS abs ";
+        $query .="ON atts.abstracts_id = abs.abstract_id ";
+        $query .="LEFT JOIN " . $events_tbl . " AS event ";
+        $query .="ON event.event_id = abs.event WHERE event.status = 1";
+        $orderby = !empty($_GET["orderby"]) ? sanitize_text_field($_GET["orderby"]) : 'attachment_id';
+        $order = !empty($_GET["order"]) ? sanitize_text_field($_GET["order"]) : 'desc';
+        if(!empty($orderby) & !empty($order)){ $query.=' ORDER BY '.$orderby.' '.$order; }
+        $attachments_tbl = $wpdb->prefix . "wpabstracts_attachments";
+        $abstracts_tbl = $wpdb->prefix . "wpabstracts_abstracts";
+        $events_tbl = $wpdb->prefix . "wpabstracts_events";
+        $query = "SELECT atts.attachment_id, atts.abstracts_id, atts.filename, atts.filesize, abs.abstract_id, abs.title, abs.event, abs.topic, abs.submit_by, event.name AS event_name
+        FROM {$attachments_tbl} AS atts
+        LEFT JOIN {$abstracts_tbl} AS abs ON atts.abstracts_id = abs.abstract_id
+        LEFT JOIN {$events_tbl} AS event ON event.event_id = abs.event
+        WHERE event.status = %d";
+        $query .= $wpdb->prepare(
+            " ORDER BY %s %s",
+            !empty($_GET["orderby"]) ? sanitize_text_field($_GET["orderby"]) : 'attachment_id',
+            !empty($_GET["order"]) ? sanitize_text_field($_GET["order"]) : 'desc'
+        );
         $this->process_bulk_action();
         $this->items = $wpdb->get_results($query);
+        $this->items = $wpdb->get_results($wpdb->prepare($query, 1));
         $columns = $this->get_columns();
         $_wp_column_headers[$screen->id]=$columns;
 …
     function column_count($item){
         global $wpdb;
+        $count = $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `event` = " . $item->event_id);
+        $count = $wpdb->get_var(
+            $wpdb->prepare(
+                "SELECT COUNT(*) FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `event` = %d",
+                $item->event_id
+            )
+        );
         echo apply_filters('wpabstracts_event_submissions', $count, $item);
+    }
 …
     function prepare_items() {
         global $wpdb, $_wp_column_headers;
         $screen = get_current_screen();
         $events_tbl = $wpdb->prefix."wpabstracts_events";
         $query = "SELECT * FROM " . $events_tbl;
+        $screen = get_current_screen();
+        $events_tbl = $wpdb->prefix . "wpabstracts_events";
+        $query = "SELECT * FROM {$events_tbl}";
         $orderby = !empty($_GET["orderby"]) ? sanitize_text_field($_GET["orderby"]) : 'event_id';
         $order = !empty($_GET["order"]) ? sanitize_text_field($_GET["order"]) : 'desc';
+        if(!empty($orderby) & !empty($order)){ $query.=' ORDER BY '.$orderby.' '.$order; }
+        if (!empty($orderby) && !empty($order)) {
+            $query .= " ORDER BY {$orderby} {$order}";
+        }
         $this->process_bulk_action();
         $this->items = $wpdb->get_results($query);

wp-abstracts-manuscripts-manager/trunk/inc/wpabstracts_downloads.php

-                      r2844958
+                      r3051393
         abs.author_affiliation, abs.presenter, abs.presenter_email, abs.presenter_preference, user.ID, user.display_name,
         user.user_email, GROUP_CONCAT(reviewers.user_id), GROUP_CONCAT(reviewer.display_name), abs.submit_date
         FROM " . $wpdb->prefix . "wpabstracts_abstracts as abs
         LEFT JOIN ". $wpdb->prefix . "wpabstracts_events as event ON abs.event = event.event_id
         LEFT JOIN ". $wpdb->base_prefix . "users as user ON user.ID = abs.submit_by
         LEFT JOIN ". $wpdb->prefix . "wpabstracts_reviewers as reviewers ON reviewers.abs_id = abs.abstract_id
         LEFT JOIN ". $wpdb->base_prefix . "users as reviewer ON reviewer.ID = reviewers.user_id";
         if($reportID > 0){
+        FROM {$wpdb->prefix}wpabstracts_abstracts AS abs
+        LEFT JOIN {$wpdb->prefix}wpabstracts_events AS event ON abs.event = event.event_id
+        LEFT JOIN {$wpdb->base_prefix}users AS user ON user.ID = abs.submit_by
+        LEFT JOIN {$wpdb->prefix}wpabstracts_reviewers AS reviewers ON reviewers.abs_id = abs.abstract_id
+        LEFT JOIN {$wpdb->base_prefix}users AS reviewer ON reviewer.ID = reviewers.user_id";
+        if ($reportID > 0) {
             $reportName = __("Abstracts", 'wpabstracts') . "-" . wpabstracts_map_status_name($statuses, $reportID);
+            $reportData = $wpdb->get_results($selectSQL . " WHERE abs.status = " . intval($reportID) . " group by abs.abstract_id", ARRAY_N);
+        } else{
+            $reportData = $wpdb->get_results(
+                $wpdb->prepare(
+                    $selectSQL . " WHERE abs.status = %d GROUP BY abs.abstract_id",
+                    $reportID
+                ),
+                ARRAY_N
+            );
+        } else {
             $reportName = __("Abstracts-All", 'wpabstracts');
+            $reportData = $wpdb->get_results($selectSQL . " group by abs.abstract_id", ARRAY_N);
+            $reportData = $wpdb->get_results(
+                $selectSQL . " GROUP BY abs.abstract_id",
+                ARRAY_N
+            );
+        }
 …
     foreach($attachments as $attachments_id){
+        $sql = $wpdb->prepare("SELECT * FROM {$wpdb->prefix}wpabstracts_attachments WHERE `attachment_id`=%d", $attachments_id);
+        $attachment = $wpdb->get_row($sql);
+        $sql = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->prefix}wpabstracts_attachments WHERE `attachment_id` = %d",
+            $attachments_id
+        );
+        $attachment = $wpdb->get_row($sql);
         $content = $attachment->format ? $attachment->filecontent : rawurldecode($attachment->filecontent);
         $filename = "ID_". $attachment->abstracts_id . "_" . $attachment->attachment_id . "_" . $attachment->filename;
 …
 function wpabstracts_download_attachment($id) {
     global $wpdb;
+    $file = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix . "wpabstracts_attachments WHERE attachment_id=" . $id);
+    $file = $wpdb->get_row(
+        $wpdb->prepare(
+            "SELECT * FROM {$wpdb->prefix}wpabstracts_attachments WHERE attachment_id = %d",
+            $id
+        )
+    );
     $content = $file->format ? $file->filecontent : rawurldecode($file->filecontent);
     header("Cache-Control: no-cache, must-revalidate");
 …
 function wpabstracts_download_attachments($atts){
     global $wpdb;
+    if(is_array($atts)){
+        $sql = esc_sql("SELECT * FROM {$wpdb->prefix}wpabstracts_attachments WHERE attachment_id IN (" . implode(',', $atts) . ")");
+    if (is_array($atts)) {
+        $placeholders = array_fill(0, count($atts), '%d');
+        $sql = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->prefix}wpabstracts_attachments WHERE attachment_id IN (" . implode(',', $placeholders) . ")",
+            $atts
+        );
         $attachments = $wpdb->get_results($sql);
+    }

wp-abstracts-manuscripts-manager/trunk/inc/wpabstracts_functions.php

-                      r2844958
+                      r3051393
     global $wpdb;
     $wpdb->show_errors();
     $abs_tbl = $wpdb->prefix."wpabstracts_abstracts";
     $evt_tbl = $wpdb->prefix."wpabstracts_events";
     $query = "SELECT abs.*, evt.status as evt_status FROM {$abs_tbl} as abs";
     $query .=" LEFT JOIN {$evt_tbl} AS evt";
     $query .=" ON evt.event_id = abs.event WHERE evt.status = 1";
     if(is_array($key_value)) {
+    $abs_tbl = $wpdb->prefix . "wpabstracts_abstracts";
+    $evt_tbl = $wpdb->prefix . "wpabstracts_events";
+    $query = "SELECT abs.*, evt.status AS evt_status FROM {$abs_tbl} AS abs";
+    $query .= " LEFT JOIN {$evt_tbl} AS evt";
+    $query .= " ON evt.event_id = abs.event WHERE evt.status = 1";
+    if (is_array($key_value)) {
         foreach ($key_value as $key => $value) {
+            $query .=" AND abs.{$key} = $value";
+            // Use prepare for each key-value pair
+            $query .= $wpdb->prepare(" AND abs.{$key} = %s", $value);
+        }
+    }
 …
 function wpabstracts_get_abstract($absId){
     global $wpdb;
+    return $wpdb->get_row("SELECT * FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `abstract_id`=" . $absId);
+    return $wpdb->get_row(
+        $wpdb->prepare(
+            "SELECT * FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `abstract_id` = %d",
+            $absId
+        )
+    );
+}
 function wpabstracts_get_review($id) {
     global $wpdb;
+    $sql = $wpdb->prepare("SELECT * FROM {$wpdb->prefix}wpabstracts_reviews WHERE `review_id` = %d", $id);
+    return $wpdb->get_row($sql);
+    return $wpdb->get_row(
+        $wpdb->prepare(
+            "SELECT * FROM {$wpdb->prefix}wpabstracts_reviews WHERE `review_id` = %d",
+            $id
+        )
+    );
+}
 …
+}
+function wpabstracts_get_attachments($field, $value){
+    global $wpdb;
+    $ret_val = null;
+    switch ($field){
+        case 'abstracts_id':
+        $attachments = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}wpabstracts_attachments WHERE `abstracts_id`=".$value);
+        $ret_val = $attachments;
+        break;
+    }
+    return $ret_val;
+}
+function wpabstracts_delete_attachment($id, $message){
+    global $wpdb;
+    $wpdb->query("DELETE FROM {$wpdb->prefix}wpabstracts_attachments WHERE `attachment_id` = " . $id);
+    if($message){
+        wpabstracts_show_message("Attachment ID ". $id . " was successfully deleted", 'alert-success');
+    }
+function wpabstracts_get_attachments($field, $value) {
+    global $wpdb;
+    $ret_val = null;
+    switch ($field) {
+        case 'abstracts_id':
+            $attachments = $wpdb->get_results(
+                $wpdb->prepare(
+                    "SELECT * FROM {$wpdb->prefix}wpabstracts_attachments WHERE `abstracts_id` = %d",
+                    $value
+                )
+            );
+            $ret_val = $attachments;
+            break;
+    }
+    return $ret_val;
+}
+function wpabstracts_delete_attachment($id, $message) {
+    global $wpdb;
+    $wpdb->query(
+        $wpdb->prepare(
+            "DELETE FROM {$wpdb->prefix}wpabstracts_attachments WHERE `attachment_id` = %d",
+            $id
+        )
+    );
+    if ($message) {
+        wpabstracts_show_message("Attachment ID " . $id . " was successfully deleted", 'alert-success');
+    }
+}
 …
             $attachmentsIDs = (array) $_POST["abs_remove_attachments"];
             foreach($attachmentsIDs AS $attachID){
+                $wpdb->query("DELETE FROM {$wpdb->prefix}wpabstracts_attachments WHERE attachment_id=".intval($attachID));
+                $wpdb->query(
+                    $wpdb->prepare(
+                        "DELETE FROM {$wpdb->prefix}wpabstracts_attachments WHERE attachment_id = %d",
+                        intval($attachID)
+                    )
+                );
+            }
+        }
 …
 function wpabstracts_user_submission_count() {
+    global $wpdb;
+    return $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `submit_by` = " . get_current_user_id());
+    global $wpdb;
+    return $wpdb->get_var(
+        $wpdb->prepare(
+            "SELECT COUNT(*) FROM {$wpdb->prefix}wpabstracts_abstracts WHERE `submit_by` = %d",
+            get_current_user_id()
+        )
+    );
+}
 …
+}
+function wpabstracts_get_user($user_id){
+    global $wpdb;
+    $user = $wpdb->get_row("SELECT * FROM " . $wpdb->prefix."wpabstracts_users WHERE user_id = " . $user_id);
+    return $user;
+}
+function wpabstracts_user_sync(){
+    global $wpdb;
+    $users = get_users();
+    foreach($users as $user){
+        $userExist = $wpdb->get_var('SELECT COUNT(*) FROM ' . $wpdb->prefix.'wpabstracts_users WHERE user_id = ' . $user->ID);
+        if(!$userExist){
+            $data = array('user_id' => $user->ID, 'status' => 1);
+            $wpdb->insert($wpdb->prefix.'wpabstracts_users', $data);
+        }
+    }
+function wpabstracts_get_user($user_id) {
+    global $wpdb;
+    $user = $wpdb->get_row(
+        $wpdb->prepare(
+            "SELECT * FROM {$wpdb->prefix}wpabstracts_users WHERE user_id = %d",
+            $user_id
+        )
+    );
+    return $user;
+}
+function wpabstracts_user_sync() {
+    global $wpdb;
+    $users = get_users();
+    foreach ($users as $user) {
+        $userExist = $wpdb->get_var(
+            $wpdb->prepare(
+                'SELECT COUNT(*) FROM ' . $wpdb->prefix . 'wpabstracts_users WHERE user_id = %d',
+                $user->ID
+            )
+        );
+        if (!$userExist) {
+            $data = array('user_id' => $user->ID, 'status' => 1);
+            $wpdb->insert($wpdb->prefix . 'wpabstracts_users', $data);
+        }
+    }
+}

wp-abstracts-manuscripts-manager/trunk/readme.txt

-                      r3048640
+                      r3051393
 === WP Abstracts  ===
 Contributors: kevon.adonis
 Tags: abstracts, conference plugin, peer reviews, abstract review, submission, reviewers, abstracts submission, manuscripts, abstracts manager, wordpress abstracts submission, abstracts management, conference plugin
+Tags: abstracts manager, conference plugin, peer reviews, submission review, manuscript manager
 Requires at least: 5.0
 Requires PHP: >=5.6
 Tested up to: 6.4.3
 Stable tag: 2.6.4
+Stable tag: 2.6.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 2.6.5 - 03/14/2024 =
+* Security - Implement Wordpress best practices for unsafe SQL calls using wpdb->prepare()
+* Compatibility testing up to WP 6.4.3
 = 2.6.4 - 03/10/2024 =
 * Security - Resolved insufficient input sanitization on events settings and reset password page.

wp-abstracts-manuscripts-manager/trunk/users/users.classes.php

-                      r2355706
+                      r3051393
         global $wpdb, $_wp_column_headers;
         $screen = get_current_screen();
+        $wpausers = $wpdb->prefix."wpabstracts_users";
+        $wpusers = $wpdb->base_prefix."users";
+        $wpusermeta = $wpdb->base_prefix."usermeta";
+        $query = "SELECT wpausers.*, wpusers.ID as wpid, wpusers.user_email, wpusers.user_login, wpusermeta.meta_value as user_role FROM $wpausers AS wpausers " .
+        "LEFT JOIN $wpusers AS wpusers ON wpausers.user_id = wpusers.ID " .
+        "LEFT JOIN $wpusermeta AS wpusermeta ON wpusers.ID = wpusermeta.user_id WHERE wpusermeta.meta_key = '" . $wpdb->base_prefix . "capabilities'";
+        if(isset($_GET['s']) && $_GET['s']){
+        $wpausers = $wpdb->prefix . "wpabstracts_users";
+        $wpusers = $wpdb->base_prefix . "users";
+        $wpusermeta = $wpdb->base_prefix . "usermeta";
+        $query = $wpdb->prepare(
+            "SELECT wpausers.*, wpusers.ID AS wpid, wpusers.user_email, wpusers.user_login, wpusermeta.meta_value AS user_role
+            FROM {$wpausers} AS wpausers
+            LEFT JOIN {$wpusers} AS wpusers ON wpausers.user_id = wpusers.ID
+            LEFT JOIN {$wpusermeta} AS wpusermeta ON wpusers.ID = wpusermeta.user_id
+            WHERE wpusermeta.meta_key = %s",
+            $wpdb->base_prefix . "capabilities"
+        );
+        if (isset($_GET['s']) && $_GET['s']) {
             $search = trim(sanitize_text_field($_GET['s']));
+            $query .= " and ($wpusers.user_login LIKE '%" . $search . "%' OR $wpusers.user_email LIKE '%" . $search . "%')";
+        }
+        if(isset($_GET['status_filter']) && $_GET['status_filter']){
+            $query .= $wpdb->prepare(
+                " AND (wpusers.user_login LIKE %s OR wpusers.user_email LIKE %s)",
+                '%' . $wpdb->esc_like($search) . '%',
+                '%' . $wpdb->esc_like($search) . '%'
+            );
+        }
+        if (isset($_GET['status_filter']) && $_GET['status_filter']) {
             $status_filter = trim(sanitize_text_field($_GET['status_filter']));
+            $query .= " and wpusermeta.meta_value LIKE '%" . $status_filter . "%'";
+        }
+            $query .= $wpdb->prepare(" AND wpusermeta.meta_value LIKE %s", '%' . $wpdb->esc_like($status_filter) . '%');
+        }
         $orderby = !empty($_GET["orderby"]) ? sanitize_text_field($_GET["orderby"]) : 'wpausers.user_id';
         $order = !empty($_GET["order"]) ? sanitize_text_field($_GET["order"]) : 'desc';
+        if(!empty($orderby) & !empty($order)){ $query.=' ORDER BY '.$orderby.' '.$order; }
+        if (!empty($orderby) && !empty($order)) {
+            $query .= " ORDER BY {$orderby} {$order}";
+        }
         $this->process_bulk_action();
         $this->items = $wpdb->get_results($query);
         $columns = $this->get_columns();
         $_wp_column_headers[$screen->id]=$columns;

wp-abstracts-manuscripts-manager/trunk/users/users.downloads.php

-                      r2355706
+                      r3051393
 function wpabstracts_useraddon_export_users() {
+    global $wpdb;
+    $wpa_users = $wpdb->prefix . "wpabstracts_users";
+    $wp_users = $wpdb->prefix . "users";
+    global $wpdb;
+    $wpa_users = $wpdb->prefix."wpabstracts_users";
+    $wp_users = $wpdb->prefix."users";
+    $query = "SELECT wpusers.ID, wpusers.user_email, wpausers.data, wpausers.status FROM $wpa_users AS wpausers LEFT JOIN $wp_users AS wpusers ON wpausers.user_id = wpusers.ID";
+    $query = $wpdb->prepare(
+        "SELECT wpusers.ID, wpusers.user_email, wpausers.data, wpausers.status
+        FROM {$wpa_users} AS wpausers
+        LEFT JOIN {$wp_users} AS wpusers ON wpausers.user_id = wpusers.ID"
+    );
     $users = $wpdb->get_results($query);

wp-abstracts-manuscripts-manager/trunk/wpabstracts.php

-                      r3048640
+                      r3051393
 Plugin URI: http://www.wpabstracts.com
 Description: Allow abstracts submissions on your site. Manage everything from events, abstracts, authors, reviews, attachments, notifications and more.
 Version: 2.6.4
+Version: 2.6.5
 Author: Kevon Adonis
 Author URI: http://www.kevonadonis.com
 …
 define('WPABSTRACTS_ACCESS_LEVEL', 'manage_options');
 define('WPABSTRACTS_PLUGIN_DIR', dirname(__FILE__) . '/');
 define('WPABSTRACTS_VERSION', '2.6.4');
+define('WPABSTRACTS_VERSION', '2.6.5');
 define('WPABSTRACTS_SECRET_KEY', '5a22d6e80bf870.68089106');
 register_activation_hook(__FILE__,'wpabstracts_install');
 …
     $users = get_users();
     foreach($users as $user){
+        $userExist = $wpdb->get_var("SELECT COUNT(*) FROM " . $user_tbl . " WHERE user_id = " . $user->ID);
+        $userExist = $wpdb->get_var(
+            $wpdb->prepare(
+                "SELECT COUNT(*) FROM {$user_tbl} WHERE user_id = %d",
+                $user->ID
+            )
+        );
         if(!$userExist){
             $data = array('user_id' => $user->ID, 'status' => 1);
 …
     global $wpdb;
     if($_POST['event_id']){
+        $event_id = intval($_POST['event_id']);
+        $event = $wpdb->get_row("SELECT topics FROM {$wpdb->prefix}wpabstracts_events Where event_id =" . $event_id);
+        $event_id = intval($_POST['event_id']);
+        $event = $wpdb->get_row(
+            $wpdb->prepare(
+                "SELECT topics FROM {$wpdb->prefix}wpabstracts_events WHERE event_id = %d",
+                $event_id
+            )
+        );
         $topics = explode('|', $event->topics);
         foreach($topics as $topic){ ?>

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory