Reviewed SQL sanitization

joeyblake · joeyblake · commit 0d0ed13971d1 · 2018-05-23T10:58:51.000-04:00
diff --git a/core/Datastore/Meta_Datastore.php b/core/Datastore/Meta_Datastore.php
@@ -71,12 +71,14 @@ public function delete( Field $field ) {
 		);
 		$storage_key_comparisons = $this->key_toolset->storage_key_patterns_to_sql( '`meta_key`', $storage_key_patterns );
 
+		// @codingStandardsIgnoreStart sanitized in `storage_key_patterns_to_sql`
 		$meta_keys = $wpdb->get_col( '
 			SELECT `meta_key`
 			FROM `' . $this->get_table_name() . '`
 			WHERE `' . $this->get_table_field_name() . '` = ' . intval( $this->get_object_id() ) . '
 				AND ' . $storage_key_comparisons . '
 		' );
+		// @codingStandardsIgnoreEnd
 
 		foreach ( $meta_keys as $meta_key ) {
 			delete_metadata( $this->get_meta_type(), $this->get_object_id(), $meta_key );
diff --git a/core/Datastore/Term_Meta_Datastore.php b/core/Datastore/Term_Meta_Datastore.php
@@ -49,6 +49,7 @@ public static function create_table() {
 			$charset_collate .= ' COLLATE ' . $wpdb->collate;
 		}
 
+		// @codingStandardsIgnoreStart sanitized above.
 		$wpdb->query( 'CREATE TABLE ' . $wpdb->prefix . 'termmeta (
 			meta_id bigint(20) unsigned NOT NULL auto_increment,
 			term_id bigint(20) unsigned NOT NULL default "0",
@@ -58,6 +59,7 @@ public static function create_table() {
 			KEY term_id (term_id),
 			KEY meta_key (meta_key)
 		) ' . $charset_collate . ';' );
+		// @codingStandardsIgnoreEnd
 	}
 
 	/**
diff --git a/core/Datastore/Theme_Options_Datastore.php b/core/Datastore/Theme_Options_Datastore.php
@@ -116,11 +116,13 @@ public function delete( Field $field ) {
 		);
 		$storage_key_comparisons = $this->key_toolset->storage_key_patterns_to_sql( '`option_name`', $storage_key_patterns );
 
+		// @codingStandardsIgnoreStart sanitized in `storage_key_patterns_to_sql`
 		$option_names = $wpdb->get_col( '
 			SELECT `option_name`
 			FROM `' . $wpdb->options . '`
 			WHERE ' . $storage_key_comparisons . '
 		' );
+		// @codingStandardsIgnoreEnd
 
 		foreach ( $option_names as $option_name ) {
 			delete_option( $option_name );
diff --git a/core/Libraries/Sidebar_Manager/Sidebar_Manager.php b/core/Libraries/Sidebar_Manager/Sidebar_Manager.php
@@ -38,7 +38,7 @@ public function action_handler() {
 			'data' => null,
 		);
 
-		$input = stripslashes_deep( $_POST );
+		$input = stripslashes_deep( $_POST ); // CSRF ok. verfied below.
 		$action = isset( $input['action'] ) ? $input['action'] : '';
 		$nonce = isset( $input['nonce'] ) ? $input['nonce'] : '';
 

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ public static function create_table() {`
`49`	`49`	`$charset_collate .= ' COLLATE ' . $wpdb->collate;`
`50`	`50`	`}`
`51`	`51`
	`52`	`+ // @codingStandardsIgnoreStart sanitized above.`
`52`	`53`	`$wpdb->query( 'CREATE TABLE ' . $wpdb->prefix . 'termmeta (`
`53`	`54`	`meta_id bigint(20) unsigned NOT NULL auto_increment,`
`54`	`55`	`term_id bigint(20) unsigned NOT NULL default "0",`
`@@ -58,6 +59,7 @@ public static function create_table() {`
`58`	`59`	`KEY term_id (term_id),`
`59`	`60`	`KEY meta_key (meta_key)`
`60`	`61`	`) ' . $charset_collate . ';' );`
	`62`	`+ // @codingStandardsIgnoreEnd`
`61`	`63`	`}`
`62`	`64`
`63`	`65`	`/**`