diff --git a/custom/controls/cf.SR_redirect_cache.class.php b/custom/controls/cf.SR_redirect_cache.class.php
index 10871f7..01a0c75 100644
--- a/custom/controls/cf.SR_redirect_cache.class.php
+++ b/custom/controls/cf.SR_redirect_cache.class.php
@@ -7,7 +7,17 @@ public function add_redirect($post_id,$is_redirected,$redirect_to,$redirect_type
{
global $wpdb,$table_prefix;
$table_name = $table_prefix . 'WP_SEO_Cache';
- $wpdb->query(" insert IGNORE into $table_name(ID,is_redirected,redirect_to,redirect_type) values('$post_id','$is_redirected','$redirect_to','$redirect_type'); ");
+
+ $wpdb->query($wpdb->prepare(
+ "
+ INSERT IGNORE INTO $table_name
+ (ID,is_redirected,redirect_to,redirect_type)
+ VALUES
+ (%d, %s, %s, %s)
+ ",
+ $post_id, $is_redirected, $redirect_to, $redirect_type
+
+ ));
}
/*- Fetch Redirect ----------------------------------------*/
@@ -15,7 +25,13 @@ public function fetch_redirect($post_id)
{
global $wpdb,$table_prefix;
$table_name = $table_prefix . 'WP_SEO_Cache';
- return $wpdb->get_row("select * from $table_name where ID='$post_id'; ");
+
+ return $wpdb->get_row($wpdb->prepare(
+ "
+ SELECT * FROM $table_name WHERE ID = %d
+ ",
+ $post_id
+ ));
}
/*- Redirect Cache ----------------------------------------*/
@@ -44,7 +60,12 @@ public function del_redirect($post_id)
{
global $wpdb,$table_prefix;
$table_name = $table_prefix . 'WP_SEO_Cache';
- return $wpdb->get_var("delete from $table_name where ID='$post_id'; ");
+ return $wpdb->get_var($wpdb->prepare(
+ "
+ DELETE FROM $table_name WHERE ID = %d
+ ",
+ $post_id
+ ));
}
/*- Free Cache ----------------------------------------*/
@@ -52,7 +73,7 @@ public function free_cache()
{
global $wpdb,$table_prefix;
$table_name = $table_prefix . 'WP_SEO_Cache';
- $wpdb->query(" TRUNCATE TABLE $table_name ");
+ $wpdb->query("TRUNCATE TABLE $table_name ");
}
/*- Cache Count ----------------------------------------*/
@@ -60,7 +81,7 @@ public function count_cache()
{
global $wpdb,$table_prefix;
$table_name = $table_prefix . 'WP_SEO_Cache';
- return $wpdb->get_var("select count(*) as cnt from $table_name where 1; ");
+ return $wpdb->get_var("SELECT COUNT(*) AS cnt FROM $table_name WHERE 1");
}
}}
\ No newline at end of file
diff --git a/custom/functions.php b/custom/functions.php
index 0d5ae2d..407ca70 100644
--- a/custom/functions.php
+++ b/custom/functions.php
@@ -72,7 +72,7 @@ function c_clear_redirection_history()
{
global $wpdb,$table_prefix;
$table_name = $table_prefix . 'WP_SEO_Redirection_LOG';
- $wpdb->query(" TRUNCATE TABLE $table_name ");
+ $wpdb->query("TRUNCATE TABLE $table_name");
}}
@@ -83,7 +83,7 @@ function c_clear_all_404()
{
global $wpdb,$table_prefix;
$table_name = $table_prefix . 'WP_SEO_404_links';
- $wpdb->query(" TRUNCATE TABLE $table_name ");
+ $wpdb->query("TRUNCATE TABLE $table_name ");
}}
@@ -106,6 +106,6 @@ function c_optimize_tables()
$table_name1 = $table_prefix . 'WP_SEO_404_links';
$table_name2 = $table_prefix . 'WP_SEO_Redirection';
$table_name3 = $table_prefix . 'WP_SEO_Redirection_LOG';
- $wpdb->query(" OPTIMIZE TABLE $table_name1,$table_name2,$table_name3 ");
+ $wpdb->query("OPTIMIZE TABLE $table_name1, $table_name2, $table_name3");
}}
diff --git a/options/option_page_custome_redirection.php b/options/option_page_custome_redirection.php
index b4c8a26..9ff2724 100644
--- a/options/option_page_custome_redirection.php
+++ b/options/option_page_custome_redirection.php
@@ -76,7 +76,15 @@
if($util->post('add_new')!='')
{
- $theurl = $wpdb->get_row(" select count(ID) as cnt from $table_name where redirect_from='$redirect_from' ");
+ $theurl = $wpdb->get_row($wpdb->prepare(
+ "
+ SELECT count(ID) as cnt
+ FROM $table_name
+ WHERE redirect_from = %s
+ ",
+ $redirect_from
+ ));
+
if($theurl->cnt >0)
{
$util->failure_option_msg("This URL '$redirect_from' is added previously!");
@@ -88,9 +96,23 @@
$util->failure_option_msg('Please input all required fields!');
}else
{
- $wpdb->query(" insert into $table_name(redirect_from,redirect_to,redirect_type,url_type,redirect_from_type,redirect_from_folder_settings,redirect_from_subfolders,redirect_to_type,redirect_to_folder_settings,regex,enabled) values('$redirect_from','$redirect_to','$redirect_type',1,'$redirect_from_type','$redirect_from_folder_settings','$redirect_from_subfolders','$redirect_to_type','$redirect_to_folder_settings','$regex','$enabled') ");
-
- $wpdb->query(" delete from $table_name_404 where link='$redirect_from' ");
+ $wpdb->query($wpdb->prepare(
+ "
+ INSERT INTO $table_name
+ (redirect_from,redirect_to,redirect_type,url_type,redirect_from_type,redirect_from_folder_settings,redirect_from_subfolders,redirect_to_type,redirect_to_folder_settings,regex,enabled)
+ values
+ (%s, %s, %s, 1, %s, %s, %s, %s, %s, %s, %s)
+ ",
+ $redirect_from, $redirect_to, $redirect_type, $redirect_from_type, $redirect_from_folder_settings, $redirect_from_subfolders, $redirect_to_type, $redirect_to_folder_settings, $regex, $enabled
+ ));
+
+ $wpdb->query($wpdb->prepare(
+ "
+ DELETE FROM $table_name_404 WHERE link = %s
+ ",
+ $redirect_from
+ ));
+
$SR_redirect_cache = new clogica_SR_redirect_cache();
$SR_redirect_cache->free_cache();
}
@@ -105,7 +127,15 @@
$util->failure_option_msg('Please input all required fields!');
}else
{
- $wpdb->query(" update $table_name set redirect_from='$redirect_from',redirect_to='$redirect_to',redirect_type='$redirect_type',redirect_from_type='$redirect_from_type' ,redirect_from_folder_settings='$redirect_from_folder_settings' ,redirect_from_subfolders='$redirect_from_subfolders' ,redirect_to_type='$redirect_to_type' ,redirect_to_folder_settings='$redirect_to_folder_settings' ,regex='$regex',enabled='$enabled' where ID=" . $edit);
+ $wpdb->query($wpdb->prepare(
+ "
+ UPDATE $table_name
+ SET redirect_from = %s, redirect_to = %s, redirect_type = %s, redirect_from_type = %s, redirect_from_folder_settings = %s, redirect_from_subfolders = %s, redirect_to_type = %s, redirect_to_folder_settings = %s, regex = %s, enabled = %s'
+ WHERE ID = %d
+ ",
+ $redirect_from, $redirect_to, $redirect_type, $redirect_from_type, $redirect_from_folder_settings, $redirect_from_subfolders, $redirect_to_type, $redirect_to_folder_settings, $regex, $enabled, $edit
+ ));
+
$SR_redirect_cache = new clogica_SR_redirect_cache();
$SR_redirect_cache->free_cache();
}
diff --git a/options/option_page_custome_redirection_add_update.php b/options/option_page_custome_redirection_add_update.php
index c47baca..da3dda3 100644
--- a/options/option_page_custome_redirection_add_update.php
+++ b/options/option_page_custome_redirection_add_update.php
@@ -17,7 +17,14 @@
echo 'Add New Custom Redirection
';
else if(intval($util->get('edit'))>0){
echo 'Update Existing Redirection
';
-$item = $wpdb->get_row(" select * from $table_name where ID=". intval($util->get('edit')));
+$item = $wpdb->get_row($wpdb->prepare(
+ "
+ SELECT * FROM $table_name
+ WHERE ID = %d
+ ",
+ intval($util->get('edit'))
+ ));
+
if($wpdb->num_rows==0)
{
$utilpro->info_option_msg("Sorry, this redirect rule is not found, it may deleted by the user!");
@@ -44,7 +51,13 @@
if($util->get('page404')!='')
{
$table_name_404 = $table_prefix . 'WP_SEO_404_links';
- $i404 = $wpdb->get_row(" select link from $table_name_404 where ID=". intval($util->get('page404')));
+ $i404 = $wpdb->get_row($wpdb->prepare(
+ "
+ SELECT link FROM $table_name_404 where ID = %d
+ ",
+ intval($util->get('page404'))
+ ));
+
if($i404->link!='')
$redirect_from=$i404->link;
else
diff --git a/options/option_page_custome_redirection_list.php b/options/option_page_custome_redirection_list.php
index 5d0d70c..bb829c6 100644
--- a/options/option_page_custome_redirection_list.php
+++ b/options/option_page_custome_redirection_list.php
@@ -6,8 +6,11 @@
if($util->get('del')!='')
{
$delid=intval($util->get('del'));
- $wpdb->query(" delete from $table_name where ID='$delid' ");
-
+ $wpdb->query($wpdb->prepare(
+ "DELETE FROM $table_name WHERE ID=%d",
+ $delid
+ ));
+
if($util->there_is_cache()!='')
$util->info_option_msg("You have a cache plugin installed '" . $util->there_is_cache() . "', you have to clear cache after any changes to get the changes reflected immediately! ");
diff --git a/options/option_page_post_redirection_list.php b/options/option_page_post_redirection_list.php
index e04b676..f5cd4ce 100644
--- a/options/option_page_post_redirection_list.php
+++ b/options/option_page_post_redirection_list.php
@@ -6,7 +6,10 @@
if($util->get('del')!='')
{
$delid=intval($util->get('del'));
- $wpdb->query(" delete from $table_name where ID='$delid' ");
+ $wpdb->query($wpdb->prepare(
+ "DELETE FROM $table_name WHERE ID=%d",
+ $delid
+ ));
if($util->there_is_cache()!='')
diff --git a/seo-redirection.php b/seo-redirection.php
index 0215188..586d80d 100644
--- a/seo-redirection.php
+++ b/seo-redirection.php
@@ -4,7 +4,7 @@
Plugin URI: http://www.clogica.com
Description: By this plugin you can manage all your website redirection types easily.
Author: Fakhri Alsadi
-Version: 2.8
+Version: 9999
Author URI: http://www.clogica.com
*/
@@ -82,7 +82,14 @@ function WPSR_render_meta_box($post)
-$theurl = $wpdb->get_row(" select redirect_to,redirect_from from $table_name where postID='$postID' ");
+$theurl = $wpdb->get_row($wpdb->prepare(
+ "
+ SELECT redirect_to,redirect_from
+ FROM $table_name
+ WHERE postID = %d
+ ",
+ $postID
+));
$urlredirect_to='';
if($wpdb->num_rows>0)
@@ -91,9 +98,26 @@ function WPSR_render_meta_box($post)
if($urlredirect_to !='' && $theurl->redirect_from != $permalink )
{
// the post_name field changed!
- $wpdb->query(" update $table_name set redirect_from='$permalink' where postID='$postID' ");
+
+ $wpdb->query($wpdb->prepare(
+ "
+ UPDATE $table_name
+ SET redirect_from = %s
+ WHERE postID = %d
+ ",
+ $permalink, $postID
+ ));
+
if($util->get_option_value('reflect_modifications')=='1'){
- $wpdb->query(" update $table_name set redirect_to='$permalink' where redirect_to='" . $theurl->redirect_from . "' ");
+ $wpdb->query($wpdb->prepare(
+ "
+ UPDATE $table_name
+ SET redirect_to = %s
+ WHERE redirect_to = %s
+ ",
+ $permalink, $theurl->redirect_from
+ ));
+
$util->info_option_msg('SEO Redirection has detected a change in Permalink, this will be reflected to the redirection records!');
}
//-------------------------------------------
@@ -254,25 +278,65 @@ function WPSR_get_post_redirection($post_id)
if($redirect_to!=''){
-
- $wpdb->get_results("select ID from $table_name where postID='$post_id' ");
+ $wpdb->get_results($wpdb->prepare(
+ "
+ SELECT ID FROM $table_name
+ WHERE postID = %d
+ ",
+ $post_id
+ ));
if ($wpdb->num_rows > 0) {
- $sql = "update $table_name set redirect_to='$redirect_to',redirect_from='$redirect_from',redirect_type='301',url_type=2 where postID='$post_id'";
- $wpdb->query($sql);
+ $wpdb->query($wpdb->prepare(
+ "
+ UPDATE $table_name
+ SET redirect_to = %s, redirect_from = %s, redirect_type = '301', url_type = 2
+ WHE
+ RE postID = %d
+ ",
+ $redirect_to, $redirect_from, $post_id
+ ));
}else
{
- $wpdb->query("delete from $table_name where redirect_from='$redirect_from'");
- $sql = "insert into $table_name(redirect_from,redirect_to,redirect_type,url_type,postID) values ('$redirect_from','$redirect_to','301',2,'$post_id') ";
- $wpdb->query($sql);
+ $wpdb->query($wpdb->prepare(
+ "
+ DELETE FROM $table_name
+ WHERE redirect_from = %s
+ ",
+ $redirect_from
+ ));
+
+ $wpdb->query($wpdb->prepare(
+ "
+ INSERT INTO $table_name
+ (redirect_from,redirect_to,redirect_type,url_type,postID)
+ VALUES
+ (%s, %s, '301', 2, %d)
+ ",
+ $redirect_from, $redirect_to, $post_id
+ ));
}
- }else
- {
- $wpdb->query("delete from $table_name where postID='$post_id'");
+ } else {
+ $wpdb->query($wpdb->prepare(
+ "
+ DELETE FROM $table_name
+ WHERE postID = %d
+ ",
+ $post_id
+ ));
+
+
+ $wpdb->query($wpdb->prepare(
+ "
+ DELETE FROM $table_name
+ where postID = %d
+ ",
+ $post_id
+ ));
}
$SR_redirect_cache = new clogica_SR_redirect_cache();
@@ -295,7 +359,17 @@ function WPSR_log_404_redirection($link)
$browser=$util->get_visitor_Browser();
if($os!='Unknown' || $browser!='Unknown'){
- $wpdb->query(" insert IGNORE into $table_name(ctime,link,referrer,ip,country,os,browser) values(NOW(),'$link','$referrer','$ip','$country','$os','$browser') ");
+
+ $wpdb->query($wpdb->prepare(
+ "
+ INSERT IGNORE INTO $table_name
+ (ctime,link,referrer,ip,country,os,browser)
+ VALUES
+ (NOW(), %s, %s, %s, %s, %s, %s)
+ ",
+ $link, $referrer, $ip, $country, $os, $browser
+ ));
+
}
}
@@ -312,13 +386,21 @@ function WPSR_log_redirection_history($rID,$postID, $rfrom, $rto, $rtype,$rsrc)
$country=$util->get_visitor_country();
$os=$util->get_visitor_OS();
$browser=$util->get_visitor_Browser();
+
+ $wpdb->query($wpdb->prepare(
+ "
+ INSERT INTO $table_name
+ (rID,postID,rfrom,rto,rtype,rsrc,ctime,referrer,ip,country,os,browser)
+ VALUES
+ (%d, %d, %s, %s, %s, %s, NOW(), %s, %s, %s, %s, %s)
+ ",
+ $rID, $postID, $rfrom, $rto, $rtype, $rsrc, $referrer, $ip, $country, $os, $browser
+ ));
- $wpdb->query(" insert into $table_name(rID,postID,rfrom,rto,rtype,rsrc,ctime,referrer,ip,country,os,browser) values('$rID','$postID','$rfrom','$rto','$rtype','$rsrc',NOW(),'$referrer','$ip','$country','$os','$browser') ");
-
$limit= $util->get_option_value('history_limit');
$expdate = date('Y-n-j', time() - (intval($limit) * 24 * 60 * 60));
- $wpdb->query("delete FROM $table_name WHERE date_format(date(ctime),'%Y-%m-%d') < date_format(date('$expdate'),'%Y-%m-%d')");
+ $wpdb->query("DELETE FROM $table_name WHERE date_format(date(ctime),'%Y-%m-%d') < date_format(date('$expdate'),'%Y-%m-%d')");
}
@@ -438,20 +520,34 @@ function WPSR_redirect()
$permalink_alternative = $permalink . '/';
}
- $permalink_options = "(redirect_from='$permalink' or redirect_from='$permalink_alternative' )";
- $permalink_regex_options = "('$permalink' regexp regex or '$permalink_alternative' regexp regex )";
-
-
if (($util->get_option_value('redirect_control_panel')!='1') || ($util->get_option_value('redirect_control_panel')=='1' && !preg_match('/^' . str_replace('/','\/', get_admin_url()) . '/i', $permalink) && !preg_match('/^' . str_replace('/','\/', site_url()) . '\/wp-login.php/i', $permalink))){
- $theurl = $wpdb->get_row(" select * from $table_name where enabled=1 and regex='' and $permalink_options ");
+ $theurl = $wpdb->get_row($wpdb->prepare(
+ "
+ SELECT * FROM $table_name
+ WHERE enabled=1
+ AND regex=''
+ AND (redirect_from = %s or redirect_from = %s )
+ ",
+ $permalink, $permalink_alternative
+ ));
if($wpdb->num_rows>0 && $theurl->redirect_to!=''){
WPSR_make_redirect($theurl->redirect_to,$theurl->redirect_type,$permalink,$theurl);
}
- $theurl = $wpdb->get_row(" select * from $table_name where enabled=1 and regex<>'' and $permalink_regex_options order by LENGTH(regex) desc ");
+ $theurl = $wpdb->get_row($wpdb->prepare(
+ "
+ SELECT * FROM $table_name
+ WHERE enabled=1
+ AND regex<>''
+ AND (%s regexp regex OR %s regexp regex )
+ ORDER BY LENGTH(regex) DESC
+ ",
+ $permalink, $permalink_alternative
+ ));
+
if($wpdb->num_rows>0 && $theurl->redirect_to!=''){
WPSR_make_redirect($theurl->redirect_to,$theurl->redirect_type,$permalink,$theurl);
}
@@ -626,7 +722,15 @@ function WPSR_install(){
$redirect_from=$util->make_relative_url($redirect->redirect_from);
$redirect_to=$util->make_relative_url($redirect->redirect_to);
$ID=$redirect->ID;
- $wpdb->query(" update $table_name set redirect_from='$redirect_from',redirect_to='$redirect_to' where ID=$ID ");
+
+ $wpdb->query($wpdb->prepare(
+ "
+ UPDATE $table_name
+ SET redirect_from = %s,redirect_to = %s
+ WHERE ID = %d
+ ",
+ $redirect_from, $redirect_to, $ID
+ ));
}
}