wp-plugins · ChrisRAoW · Jul 30, 2015
diff --git a/custom/controls/cf.SR_redirect_cache.class.php b/custom/controls/cf.SR_redirect_cache.class.php
@@ -7,15 +7,31 @@ public function add_redirect($post_id,$is_redirected,$redirect_to,$redirect_type
         {
             global $wpdb,$table_prefix;
             $table_name = $table_prefix . 'WP_SEO_Cache';
-            $wpdb->query(" insert IGNORE into $table_name(ID,is_redirected,redirect_to,redirect_type) values('$post_id','$is_redirected','$redirect_to','$redirect_type'); ");
+
+            $wpdb->query($wpdb->prepare(
+                "
+                INSERT IGNORE INTO $table_name
+                (ID,is_redirected,redirect_to,redirect_type) 
+                VALUES
+                (%d, %s, %s, %s)
+                ", 
+                $post_id, $is_redirected, $redirect_to, $redirect_type
+
+            ));
         }
 
         /*- Fetch Redirect ----------------------------------------*/
         public function fetch_redirect($post_id)
         {
             global $wpdb,$table_prefix;
             $table_name = $table_prefix . 'WP_SEO_Cache';
-            return $wpdb->get_row("select *  from  $table_name where ID='$post_id'; ");
+
+            return $wpdb->get_row($wpdb->prepare(
+                "
+                SELECT * FROM $table_name WHERE ID = %d
+                ",
+                $post_id
+            ));
         }
 
         /*- Redirect Cache ----------------------------------------*/
@@ -44,23 +60,28 @@ public function del_redirect($post_id)
         {
             global $wpdb,$table_prefix;
             $table_name = $table_prefix . 'WP_SEO_Cache';
-            return $wpdb->get_var("delete from  $table_name where ID='$post_id'; ");
+            return $wpdb->get_var($wpdb->prepare(
+                "
+                DELETE FROM $table_name WHERE ID = %d
+                ",
+                $post_id
+            ));
         }
 
         /*- Free Cache ----------------------------------------*/
         public function free_cache()
         {
             global $wpdb,$table_prefix;
             $table_name = $table_prefix . 'WP_SEO_Cache';
-            $wpdb->query(" TRUNCATE TABLE  $table_name ");
+            $wpdb->query("TRUNCATE TABLE $table_name ");
         }
 
         /*- Cache Count ----------------------------------------*/
         public function count_cache()
         {
             global $wpdb,$table_prefix;
             $table_name = $table_prefix . 'WP_SEO_Cache';
-            return $wpdb->get_var("select count(*) as cnt from  $table_name where 1;  ");
+            return $wpdb->get_var("SELECT COUNT(*) AS cnt FROM $table_name WHERE 1");
         }
 
     }}
diff --git a/custom/functions.php b/custom/functions.php
@@ -72,7 +72,7 @@ function c_clear_redirection_history()
 {
 	global $wpdb,$table_prefix;
 	$table_name = $table_prefix . 'WP_SEO_Redirection_LOG'; 
-	$wpdb->query(" TRUNCATE TABLE  $table_name ");
+	$wpdb->query("TRUNCATE TABLE $table_name");
 
 }}
 
@@ -83,7 +83,7 @@ function c_clear_all_404()
 {
 	global $wpdb,$table_prefix;
 	$table_name = $table_prefix . 'WP_SEO_404_links'; 
-	$wpdb->query(" TRUNCATE TABLE  $table_name ");
+	$wpdb->query("TRUNCATE TABLE $table_name ");
 
 }}
 
@@ -106,6 +106,6 @@ function c_optimize_tables()
 	$table_name1 = $table_prefix . 'WP_SEO_404_links';
 	$table_name2 = $table_prefix . 'WP_SEO_Redirection';
 	$table_name3 = $table_prefix . 'WP_SEO_Redirection_LOG';
-	$wpdb->query(" OPTIMIZE TABLE  $table_name1,$table_name2,$table_name3 ");
+	$wpdb->query("OPTIMIZE TABLE $table_name1, $table_name2, $table_name3");
 }}
 
diff --git a/options/option_page_custome_redirection.php b/options/option_page_custome_redirection.php
@@ -76,7 +76,15 @@
 	if($util->post('add_new')!='')
 	{
 
-	$theurl = $wpdb->get_row(" select count(ID) as cnt from $table_name where redirect_from='$redirect_from' ");
+	$theurl = $wpdb->get_row($wpdb->prepare(
+		"
+		SELECT count(ID) as cnt 
+		FROM $table_name 
+		WHERE redirect_from = %s
+		",
+		$redirect_from
+	));
+
 	if($theurl->cnt >0)
 	{
 		$util->failure_option_msg("This URL <b>'$redirect_from'</b> is added previously!");
@@ -88,9 +96,23 @@
 			$util->failure_option_msg('Please input all required fields!');
 		}else
 		{
-			$wpdb->query(" insert into $table_name(redirect_from,redirect_to,redirect_type,url_type,redirect_from_type,redirect_from_folder_settings,redirect_from_subfolders,redirect_to_type,redirect_to_folder_settings,regex,enabled) values('$redirect_from','$redirect_to','$redirect_type',1,'$redirect_from_type','$redirect_from_folder_settings','$redirect_from_subfolders','$redirect_to_type','$redirect_to_folder_settings','$regex','$enabled') ");
-
-			$wpdb->query(" delete from $table_name_404 where link='$redirect_from' ");
+			$wpdb->query($wpdb->prepare(
+				"
+					INSERT INTO $table_name
+					(redirect_from,redirect_to,redirect_type,url_type,redirect_from_type,redirect_from_folder_settings,redirect_from_subfolders,redirect_to_type,redirect_to_folder_settings,regex,enabled) 
+					values
+					(%s, %s, %s, 1, %s, %s, %s, %s, %s, %s, %s)		
+				",
+				$redirect_from, $redirect_to, $redirect_type, $redirect_from_type, $redirect_from_folder_settings, $redirect_from_subfolders, $redirect_to_type, $redirect_to_folder_settings, $regex, $enabled
+			));
+
+			$wpdb->query($wpdb->prepare(
+				"
+					DELETE FROM $table_name_404 WHERE link = %s
+				", 
+				$redirect_from
+			));
+
 			$SR_redirect_cache = new clogica_SR_redirect_cache();
 			$SR_redirect_cache->free_cache();
 		}
@@ -105,7 +127,15 @@
 			$util->failure_option_msg('Please input all required fields!');
 		}else
 		{
-			$wpdb->query(" update $table_name set redirect_from='$redirect_from',redirect_to='$redirect_to',redirect_type='$redirect_type',redirect_from_type='$redirect_from_type' ,redirect_from_folder_settings='$redirect_from_folder_settings' ,redirect_from_subfolders='$redirect_from_subfolders' ,redirect_to_type='$redirect_to_type' ,redirect_to_folder_settings='$redirect_to_folder_settings' ,regex='$regex',enabled='$enabled'  where ID=" . $edit);
+			$wpdb->query($wpdb->prepare(
+				"
+				UPDATE $table_name 
+				SET redirect_from = %s, redirect_to = %s, redirect_type = %s, redirect_from_type = %s, redirect_from_folder_settings = %s, redirect_from_subfolders = %s, redirect_to_type = %s, redirect_to_folder_settings = %s, regex = %s, enabled = %s'
+				WHERE ID = %d
+				",
+				$redirect_from, $redirect_to, $redirect_type, $redirect_from_type, $redirect_from_folder_settings, $redirect_from_subfolders, $redirect_to_type, $redirect_to_folder_settings, $regex, $enabled, $edit
+			));
+
 			$SR_redirect_cache = new clogica_SR_redirect_cache();
 			$SR_redirect_cache->free_cache();
 		}

diff --git a/options/option_page_custome_redirection_add_update.php b/options/option_page_custome_redirection_add_update.php
@@ -17,7 +17,14 @@
 echo '<h3>Add New Custom Redirection<hr></h3>';
 else if(intval($util->get('edit'))>0){
 echo '<h3>Update Existing Redirection<hr></h3>';
-$item = $wpdb->get_row(" select * from $table_name where ID=". intval($util->get('edit')));
+$item = $wpdb->get_row($wpdb->prepare(
+		"
+		SELECT * FROM $table_name
+		WHERE ID = %d
+		",
+		intval($util->get('edit'))
+	));
+
     if($wpdb->num_rows==0)
     {
        $utilpro->info_option_msg("Sorry, this redirect rule is not found, it may deleted by the user!");
@@ -44,7 +51,13 @@
 if($util->get('page404')!='')
 {
 	$table_name_404 = $table_prefix . 'WP_SEO_404_links';
-	$i404 = $wpdb->get_row(" select link from $table_name_404 where ID=". intval($util->get('page404')));
+	$i404 = $wpdb->get_row($wpdb->prepare(
+		"
+		SELECT link FROM $table_name_404 where ID = %d
+		",
+		intval($util->get('page404'))
+	));
+
 	if($i404->link!='')
 	$redirect_from=$i404->link;
 	else

diff --git a/options/option_page_custome_redirection_list.php b/options/option_page_custome_redirection_list.php
@@ -6,8 +6,11 @@
 	if($util->get('del')!='')
 	{
 		$delid=intval($util->get('del'));
-		$wpdb->query(" delete from $table_name where ID='$delid' ");	
-
+		$wpdb->query($wpdb->prepare(
+			"DELETE FROM $table_name WHERE ID=%d",
+			$delid
+		));
+
 		if($util->there_is_cache()!='') 
 		$util->info_option_msg("You have a cache plugin installed <b>'" . $util->there_is_cache() . "'</b>, you have to clear cache after any changes to get the changes reflected immediately! ");
 

diff --git a/options/option_page_post_redirection_list.php b/options/option_page_post_redirection_list.php
@@ -6,7 +6,10 @@
 	if($util->get('del')!='')
 	{
 		$delid=intval($util->get('del'));
-		$wpdb->query(" delete from $table_name where ID='$delid' ");	
+		$wpdb->query($wpdb->prepare(
+			"DELETE FROM $table_name WHERE ID=%d",
+			$delid
+		));
 
 
 		if($util->there_is_cache()!='')