SQL sanitization reviewed

Author: joeyblake

core/Datastore/Meta_Datastore.php

@@ -26,13 +26,15 @@ protected function get_storage_array( Field $field, $storage_key_patterns ) {
 
 		$storage_key_comparisons = $this->key_toolset->storage_key_patterns_to_sql( '`meta_key`', $storage_key_patterns );
 
+		// @codingStandardsIgnoreStart sanitized in `storage_key_patterns_to_sql`
 		$storage_array = $wpdb->get_results( '
 			SELECT `meta_key` AS `key`, `meta_value` AS `value`
 			FROM ' . $this->get_table_name() . '
 			WHERE `' . $this->get_table_field_name() . '` = ' . intval( $this->get_object_id() ) . '
 				AND ' . $storage_key_comparisons . '
 			ORDER BY `meta_key` ASC
 		' );
+		// @codingStandardsIgnoreEnd
 
 		$storage_array = apply_filters( 'carbon_fields_datastore_storage_array', $storage_array, $this, $storage_key_patterns );
 

core/Datastore/Theme_Options_Datastore.php

@@ -26,12 +26,14 @@ protected function get_storage_array( Field $field, $storage_key_patterns ) {
 
 		$storage_key_comparisons = $this->key_toolset->storage_key_patterns_to_sql( '`option_name`', $storage_key_patterns );
 
+		// @codingStandardsIgnoreStart sanitized in `storage_key_patterns_to_sql`
 		$storage_array = $wpdb->get_results( '
 			SELECT `option_name` AS `key`, `option_value` AS `value`
 			FROM ' . $wpdb->options . '
 			WHERE ' . $storage_key_comparisons . '
 			ORDER BY `option_name` ASC
 		' );
+		// @codingStandardsIgnoreEnd
 
 		$storage_array = apply_filters( 'carbon_fields_datastore_storage_array', $storage_array, $this, $storage_key_patterns );
 

core/Helper/Helper.php

@@ -625,7 +625,7 @@ public static function get_attachment_metadata( $id, $type ) {
 	 * @return array
 	 */
 	public static function input() {
-		$input = ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) ? $_POST : $_GET;
+		$input = ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) ? $_POST : $_GET; // CSRF ok. Nonce verfied elsewhere.
 		$input = stripslashes_deep( $input );
 
 		if ( \Carbon_Fields\COMPACT_INPUT ) {

core/Service/Legacy_Storage_Service_v_1_5.php

@@ -231,7 +231,9 @@ protected function get_legacy_storage_array_from_database( Container $container,
 			WHERE ' . $where_clause . '
 		';
 
+		// @codingStandardsIgnoreStart sanitized above
 		$raw_results = $wpdb->get_results( $query );
+		// @codingStandardsIgnoreEnd
 
 		$results = array();
 		foreach ( $raw_results as $result ) {