$wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $field_value ); } } // 'post_status' and 'post_type' are handled separately, due to the specialized behavior of 'any'. foreach ( array( 'post_status', 'post_type' ) as $field_name ) { $q_values = array(); if ( ! empty( $this->query_vars[ $field_name ] ) ) { $q_values = $this->query_vars[ $field_name ]; if ( ! is_array( $q_values ) ) { $q_values = explode( ',', $q_values ); } // 'any' will cause the query var to be ignored. if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) { continue; } $join_posts_table = true; $esses = array_fill( 0, count( $q_values ), '%s' ); // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $q_values ); } } // Comment author IDs for an IN clause. if ( ! empty( $this->query_vars['author__in'] ) ) { $this->sql_clauses['where']['author__in'] = 'user_id IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__in'] ) ) . ' )'; } // Comment author IDs for a NOT IN clause. if ( ! empty( $this->query_vars['author__not_in'] ) ) { $this->sql_clauses['where']['author__not_in'] = 'user_id NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__not_in'] ) ) . ' )'; } // Post author IDs for an IN clause. if ( ! empty( $this->query_vars['post_author__in'] ) ) { $join_posts_table = true; $this->sql_clauses['where']['post_author__in'] = 'post_author IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__in'] ) ) . ' )'; } // Post author IDs for a NOT IN clause. if ( ! empty( $this->query_vars['post_author__not_in'] ) ) { $join_posts_table = true; $this->sql_clauses['where']['post_author__not_in'] = 'post_author NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__not_in'] ) ) . ' )'; } $join = ''; $groupby = ''; if ( $join_posts_table ) { $join .= "JOIN $wpdb->posts ON $wpdb->posts.ID = $wpdb->comments.comment_post_ID"; } if ( ! empty( $this->meta_query_clauses ) ) { $join .= $this->meta_query_clauses['join']; // Strip leading 'AND'. $this->sql_clauses['where']['meta_query'] = preg_replace( '/^\s*AND\s*/', '', $this->meta_query_clauses['where'] ); if ( ! $this->query_vars['count'] ) { $groupby = "{$wpdb->comments}.comment_ID"; } } if ( ! empty( $this->query_vars['date_query'] ) && is_array( $this->query_vars['date_query'] ) ) { $this->date_query = new WP_Date_Query( $this->query_vars['date_query'], 'comment_date' ); $this->sql_clauses['where']['date_query'] = preg_replace( '/^\s*AND\s*/', '', $this->date_query->get_sql() ); } $where = implode( ' AND ', $this->sql_clauses['where'] ); $pieces = array( 'fields', 'join', 'where', 'orderby', 'limits', 'groupby' ); /** * Filters the comment query clauses. * * @since 3.1.0 * * @param string[] $pieces An associative array of comment query clauses. * @param WP_Comment_Query $query Current instance of WP_Comment_Query (passed by reference). */ $clauses = apply_filters_ref_array( 'comments_clauses', array( compact( $pieces ), &$this ) ); $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; $groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : ''; $this->filtered_where_clause = $where; if ( $where ) { $where = 'WHERE ' . $where; } if ( $groupby ) { $groupby = 'GROUP BY ' . $groupby; } if ( $orderby ) { $orderby = "ORDER BY $orderby"; } $found_rows = ''; if ( ! $this->query_vars['no_found_rows'] ) { $found_rows = 'SQL_CALC_FOUND_ROWS'; } $this->sql_clauses['select'] = "SELECT $found_rows $fields"; $this->sql_clauses['from'] = "FROM $wpdb->comments $join"; $this->sql_clauses['groupby'] = $groupby; $this->sql_clauses['orderby'] = $orderby; $this->sql_clauses['limits'] = $limits; $this->request = "{$this->sql_clauses['select']} {$this->sql_clauses['from']} {$where} {$this->sql_clauses['groupby']} {$this->sql_clauses['orderby']} {$this->sql_clauses['limits']}"; if ( $this->query_vars['count'] ) { return (int) $wpdb->get_var( $this->request ); } else { $comment_ids = $wpdb->get_col( $this->request ); return array_map( 'intval', $comment_ids ); } } /** * Populates found_comments and max_num_pages properties for the current * query if the limit clause was used. * * @since 4.6.0 * * @global wpdb $wpdb WordPress database abstraction object. */ private function set_found_comments() { global $wpdb; if ( $this->query_vars['number'] && ! $this->query_vars['no_found_rows'] ) { /** * Filters the query used to retrieve found comment count. * * @since 4.4.0 * * @param string $found_comments_query SQL query. Default 'SELECT FOUND_ROWS()'. * @param WP_Comment_Query $comment_query The `WP_Comment_Query` instance. */ $found_comments_query = apply_filters( 'found_comments_query', 'SELECT FOUND_ROWS()', $this ); $this->found_comments = (int) $wpdb->get_var( $found_comments_query ); } } /** * Fetch descendants for located comments. * * Instead of calling `get_children()` separately on each child comment, we do a single set of queries to fetch * the descendant trees for all matched top-level comments. * * @since 4.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Comment[] $comments Array of top-level comments whose descendants should be filled in. * @return array */ protected function fill_descendants( $comments ) { global $wpdb; $levels = array( 0 => wp_list_pluck( $comments, 'comment_ID' ), ); $key = md5( serialize( wp_array_slice_assoc( $this->query_vars, array_keys( $this->query_var_defaults ) ) ) ); $last_changed = wp_cache_get_last_changed( 'comment' ); // Fetch an entire level of the descendant tree at a time. $level = 0; $exclude_keys = array( 'parent', 'parent__in', 'parent__not_in' ); do { // Parent-child relationships may be cached. Only query for those that are not. $child_ids = array(); $uncached_parent_ids = array(); $_parent_ids = $levels[ $level ]; foreach ( $_parent_ids as $parent_id ) { $cache_key = "get_comment_child_ids:$parent_id:$key:$last_changed"; $parent_child_ids = wp_cache_get( $cache_key, 'comment' ); if ( false !== $parent_child_ids ) { $child_ids = array_merge( $child_ids, $parent_child_ids ); } else { $uncached_parent_ids[] = $parent_id; } } if ( $uncached_parent_ids ) { // Fetch this level of comments. $parent_query_args = $this->query_vars; foreach ( $exclude_keys as $exclude_key ) { $parent_query_args[ $exclude_key ] = ''; } $parent_query_args['parent__in'] = $uncached_parent_ids; $parent_query_args['no_found_rows'] = true; $parent_query_args['hierarchical'] = false; $parent_query_args['offset'] = 0; $parent_query_args['number'] = 0; $level_comments = get_comments( $parent_query_args ); // Cache parent-child relationships. $parent_map = array_fill_keys( $uncached_parent_ids, array() ); foreach ( $level_comments as $level_comment ) { $parent_map[ $level_comment->comment_parent ][] = $level_comment->comment_ID; $child_ids[] = $level_comment->comment_ID; } foreach ( $parent_map as $parent_id => $children ) { $cache_key = "get_comment_child_ids:$parent_id:$key:$last_changed"; wp_cache_set( $cache_key, $children, 'comment' ); } } $level++; $levels[ $level ] = $child_ids; } while ( $child_ids ); // Prime comment caches for non-top-level comments. $descendant_ids = array(); for ( $i = 1, $c = count( $levels ); $i < $c; $i++ ) { $descendant_ids = array_merge( $descendant_ids, $levels[ $i ] ); } _prime_comment_caches( $descendant_ids, $this->query_vars['update_comment_meta_cache'] ); // Assemble a flat array of all comments + descendants. $all_comments = $comments; foreach ( $descendant_ids as $descendant_id ) { $all_comments[] = get_comment( $descendant_id ); } // If a threaded representation was requested, build the tree. if ( 'threaded' === $this->query_vars['hierarchical'] ) { $threaded_comments = array(); $ref = array(); foreach ( $all_comments as $k => $c ) { $_c = get_comment( $c->comment_ID ); // If the comment isn't in the reference array, it goes in the top level of the thread. if ( ! isset( $ref[ $c->comment_parent ] ) ) { $threaded_comments[ $_c->comment_ID ] = $_c; $ref[ $_c->comment_ID ] = $threaded_comments[ $_c->comment_ID ]; // Otherwise, set it as a child of its parent. } else { $ref[ $_c->comment_parent ]->add_child( $_c ); $ref[ $_c->comment_ID ] = $ref[ $_c->comment_parent ]->get_child( $_c->comment_ID ); } } // Set the 'populated_children' flag, to ensure additional database queries aren't run. foreach ( $ref as $_ref ) { $_ref->populated_children( true ); } $comments = $threaded_comments; } else { $comments = $all_comments; } return $comments; } /** * Used internally to generate an SQL string for searching across multiple columns * * @since 3.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $string * @param array $cols * @return string */ protected function get_search_sql( $string, $cols ) { global $wpdb; $like = '%' . $wpdb->esc_like( $string ) . '%'; $searches = array(); foreach ( $cols as $col ) { $searches[] = $wpdb->prepare( "$col LIKE %s", $like ); } return ' AND (' . implode( ' OR ', $searches ) . ')'; } /** * Parse and sanitize 'orderby' keys passed to the comment query. * * @since 4.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $orderby Alias for the field to order by. * @return string|false Value to used in the ORDER clause. False otherwise. */ protected function parse_orderby( $orderby ) { global $wpdb; $allowed_keys = array( 'comment_agent', 'comment_approved', 'comment_author', 'comment_author_email', 'comment_author_IP', 'comment_author_url', 'comment_content', 'comment_date', 'comment_date_gmt', 'comment_ID', 'comment_karma', 'comment_parent', 'comment_post_ID', 'comment_type', 'user_id', ); if ( ! empty( $this->query_vars['meta_key'] ) ) { $allowed_keys[] = $this->query_vars['meta_key']; $allowed_keys[] = 'meta_value'; $allowed_keys[] = 'meta_value_num'; } $meta_query_clauses = $this->meta_query->get_clauses(); if ( $meta_query_clauses ) { $allowed_keys = array_merge( $allowed_keys, array_keys( $meta_query_clauses ) ); } $parsed = false; if ( $this->query_vars['meta_key'] === $orderby || 'meta_value' === $orderby ) { $parsed = "$wpdb->commentmeta.meta_value"; } elseif ( 'meta_value_num' === $orderby ) { $parsed = "$wpdb->commentmeta.meta_value+0"; } elseif ( 'comment__in' === $orderby ) { $comment__in = implode( ',', array_map( 'absint', $this->query_vars['comment__in'] ) ); $parsed = "FIELD( {$wpdb->comments}.comment_ID, $comment__in )"; } elseif ( in_array( $orderby, $allowed_keys, true ) ) { if ( isset( $meta_query_clauses[ $orderby ] ) ) { $meta_clause = $meta_query_clauses[ $orderby ]; $parsed = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) ); } else { $parsed = "$wpdb->comments.$orderby"; } } return $parsed; } /** * Parse an 'order' query variable and cast it to ASC or DESC as necessary. * * @since 4.2.0 * * @param string $order The 'order' query variable. * @return string The sanitized 'order' query variable. */ protected function parse_order( $order ) { if ( ! is_string( $order ) || empty( $order ) ) { return 'DESC'; } if ( 'ASC' === strtoupper( $order ) ) { return 'ASC'; } else { return 'DESC'; } } }