diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/class-wp-user-query.php --- a/wp/wp-includes/class-wp-user-query.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-includes/class-wp-user-query.php Mon Oct 14 18:28:13 2019 +0200 @@ -89,32 +89,32 @@ */ public static function fill_query_vars( $args ) { $defaults = array( - 'blog_id' => get_current_blog_id(), - 'role' => '', - 'role__in' => array(), - 'role__not_in' => array(), - 'meta_key' => '', - 'meta_value' => '', - 'meta_compare' => '', - 'include' => array(), - 'exclude' => array(), - 'search' => '', - 'search_columns' => array(), - 'orderby' => 'login', - 'order' => 'ASC', - 'offset' => '', - 'number' => '', - 'paged' => 1, - 'count_total' => true, - 'fields' => 'all', - 'who' => '', + 'blog_id' => get_current_blog_id(), + 'role' => '', + 'role__in' => array(), + 'role__not_in' => array(), + 'meta_key' => '', + 'meta_value' => '', + 'meta_compare' => '', + 'include' => array(), + 'exclude' => array(), + 'search' => '', + 'search_columns' => array(), + 'orderby' => 'login', + 'order' => 'ASC', + 'offset' => '', + 'number' => '', + 'paged' => 1, + 'count_total' => true, + 'fields' => 'all', + 'who' => '', 'has_published_posts' => null, - 'nicename' => '', - 'nicename__in' => array(), - 'nicename__not_in' => array(), - 'login' => '', - 'login__in' => array(), - 'login__not_in' => array() + 'nicename' => '', + 'nicename__in' => array(), + 'nicename__not_in' => array(), + 'login' => '', + 'login__in' => array(), + 'login__not_in' => array(), ); return wp_parse_args( $args, $defaults ); @@ -134,7 +134,6 @@ * @since 4.7.0 Added 'nicename', 'nicename__in', 'nicename__not_in', 'login', 'login__in', * and 'login__not_in' parameters. * - * * @global wpdb $wpdb WordPress database abstraction object. * @global int $blog_id * @@ -213,7 +212,7 @@ if ( empty( $this->query_vars ) || ! empty( $query ) ) { $this->query_limit = null; - $this->query_vars = $this->fill_query_vars( $query ); + $this->query_vars = $this->fill_query_vars( $query ); } /** @@ -231,14 +230,14 @@ // Ensure that query vars are filled after 'pre_get_users'. $qv =& $this->query_vars; - $qv = $this->fill_query_vars( $qv ); + $qv = $this->fill_query_vars( $qv ); if ( is_array( $qv['fields'] ) ) { $qv['fields'] = array_unique( $qv['fields'] ); $this->query_fields = array(); foreach ( $qv['fields'] as $field ) { - $field = 'ID' === $field ? 'ID' : sanitize_key( $field ); + $field = 'ID' === $field ? 'ID' : sanitize_key( $field ); $this->query_fields[] = "$wpdb->users.$field"; } $this->query_fields = implode( ',', $this->query_fields ); @@ -248,11 +247,12 @@ $this->query_fields = "$wpdb->users.ID"; } - if ( isset( $qv['count_total'] ) && $qv['count_total'] ) + if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { $this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields; + } - $this->query_from = "FROM $wpdb->users"; - $this->query_where = "WHERE 1=1"; + $this->query_from = "FROM $wpdb->users"; + $this->query_where = 'WHERE 1=1'; // Parse and sanitize 'include', for use by 'orderby' as well as 'include' below. if ( ! empty( $qv['include'] ) ) { @@ -277,42 +277,42 @@ $post_type = $wpdb->prepare( '%s', $post_type ); } - $posts_table = $wpdb->get_blog_prefix( $blog_id ) . 'posts'; - $this->query_where .= " AND $wpdb->users.ID IN ( SELECT DISTINCT $posts_table.post_author FROM $posts_table WHERE $posts_table.post_status = 'publish' AND $posts_table.post_type IN ( " . join( ", ", $post_types ) . " ) )"; + $posts_table = $wpdb->get_blog_prefix( $blog_id ) . 'posts'; + $this->query_where .= " AND $wpdb->users.ID IN ( SELECT DISTINCT $posts_table.post_author FROM $posts_table WHERE $posts_table.post_status = 'publish' AND $posts_table.post_type IN ( " . join( ', ', $post_types ) . ' ) )'; } // nicename - if ( '' !== $qv['nicename']) { + if ( '' !== $qv['nicename'] ) { $this->query_where .= $wpdb->prepare( ' AND user_nicename = %s', $qv['nicename'] ); } if ( ! empty( $qv['nicename__in'] ) ) { $sanitized_nicename__in = array_map( 'esc_sql', $qv['nicename__in'] ); - $nicename__in = implode( "','", $sanitized_nicename__in ); - $this->query_where .= " AND user_nicename IN ( '$nicename__in' )"; + $nicename__in = implode( "','", $sanitized_nicename__in ); + $this->query_where .= " AND user_nicename IN ( '$nicename__in' )"; } if ( ! empty( $qv['nicename__not_in'] ) ) { $sanitized_nicename__not_in = array_map( 'esc_sql', $qv['nicename__not_in'] ); - $nicename__not_in = implode( "','", $sanitized_nicename__not_in ); - $this->query_where .= " AND user_nicename NOT IN ( '$nicename__not_in' )"; + $nicename__not_in = implode( "','", $sanitized_nicename__not_in ); + $this->query_where .= " AND user_nicename NOT IN ( '$nicename__not_in' )"; } // login - if ( '' !== $qv['login']) { + if ( '' !== $qv['login'] ) { $this->query_where .= $wpdb->prepare( ' AND user_login = %s', $qv['login'] ); } if ( ! empty( $qv['login__in'] ) ) { $sanitized_login__in = array_map( 'esc_sql', $qv['login__in'] ); - $login__in = implode( "','", $sanitized_login__in ); - $this->query_where .= " AND user_login IN ( '$login__in' )"; + $login__in = implode( "','", $sanitized_login__in ); + $this->query_where .= " AND user_login IN ( '$login__in' )"; } if ( ! empty( $qv['login__not_in'] ) ) { $sanitized_login__not_in = array_map( 'esc_sql', $qv['login__not_in'] ); - $login__not_in = implode( "','", $sanitized_login__not_in ); - $this->query_where .= " AND user_login NOT IN ( '$login__not_in' )"; + $login__not_in = implode( "','", $sanitized_login__not_in ); + $this->query_where .= " AND user_login NOT IN ( '$login__not_in' )"; } // Meta query. @@ -321,8 +321,8 @@ if ( isset( $qv['who'] ) && 'authors' == $qv['who'] && $blog_id ) { $who_query = array( - 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'user_level', - 'value' => 0, + 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'user_level', + 'value' => 0, 'compare' => '!=', ); @@ -362,7 +362,7 @@ } if ( $blog_id && ( ! empty( $roles ) || ! empty( $role__in ) || ! empty( $role__not_in ) || is_multisite() ) ) { - $role_queries = array(); + $role_queries = array(); $roles_clauses = array( 'relation' => 'AND' ); if ( ! empty( $roles ) ) { @@ -406,7 +406,7 @@ // If there are no specific roles named, make sure the user is a member of the site. if ( empty( $role_queries ) ) { $role_queries[] = array( - 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', + 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'compare' => 'EXISTS', ); } @@ -428,8 +428,8 @@ } if ( ! empty( $this->meta_query->queries ) ) { - $clauses = $this->meta_query->get_sql( 'user', $wpdb->users, 'ID', $this ); - $this->query_from .= $clauses['join']; + $clauses = $this->meta_query->get_sql( 'user', $wpdb->users, 'ID', $this ); + $this->query_from .= $clauses['join']; $this->query_where .= $clauses['where']; if ( $this->meta_query->has_or_relation() ) { @@ -439,7 +439,7 @@ // sorting $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : ''; - $order = $this->parse_order( $qv['order'] ); + $order = $this->parse_order( $qv['order'] ); if ( empty( $qv['orderby'] ) ) { // Default order is by 'user_login'. @@ -460,11 +460,11 @@ if ( is_int( $_key ) ) { // Integer key means this is a flat array of 'orderby' fields. $_orderby = $_value; - $_order = $order; + $_order = $order; } else { // Non-integer key means this the key is the field and the value is ASC/DESC. $_orderby = $_key; - $_order = $_value; + $_order = $_value; } $parsed = $this->parse_orderby( $_orderby ); @@ -490,43 +490,47 @@ // limit if ( isset( $qv['number'] ) && $qv['number'] > 0 ) { if ( $qv['offset'] ) { - $this->query_limit = $wpdb->prepare("LIMIT %d, %d", $qv['offset'], $qv['number']); + $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['offset'], $qv['number'] ); } else { - $this->query_limit = $wpdb->prepare( "LIMIT %d, %d", $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] ); + $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] ); } } $search = ''; - if ( isset( $qv['search'] ) ) + if ( isset( $qv['search'] ) ) { $search = trim( $qv['search'] ); + } if ( $search ) { - $leading_wild = ( ltrim($search, '*') != $search ); - $trailing_wild = ( rtrim($search, '*') != $search ); - if ( $leading_wild && $trailing_wild ) + $leading_wild = ( ltrim( $search, '*' ) != $search ); + $trailing_wild = ( rtrim( $search, '*' ) != $search ); + if ( $leading_wild && $trailing_wild ) { $wild = 'both'; - elseif ( $leading_wild ) + } elseif ( $leading_wild ) { $wild = 'leading'; - elseif ( $trailing_wild ) + } elseif ( $trailing_wild ) { $wild = 'trailing'; - else + } else { $wild = false; - if ( $wild ) - $search = trim($search, '*'); + } + if ( $wild ) { + $search = trim( $search, '*' ); + } $search_columns = array(); if ( $qv['search_columns'] ) { $search_columns = array_intersect( $qv['search_columns'], array( 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', 'display_name' ) ); } if ( ! $search_columns ) { - if ( false !== strpos( $search, '@') ) - $search_columns = array('user_email'); - elseif ( is_numeric($search) ) - $search_columns = array('user_login', 'ID'); - elseif ( preg_match('|^https?://|', $search) && ! ( is_multisite() && wp_is_large_network( 'users' ) ) ) - $search_columns = array('user_url'); - else - $search_columns = array('user_login', 'user_url', 'user_email', 'user_nicename', 'display_name'); + if ( false !== strpos( $search, '@' ) ) { + $search_columns = array( 'user_email' ); + } elseif ( is_numeric( $search ) ) { + $search_columns = array( 'user_login', 'ID' ); + } elseif ( preg_match( '|^https?://|', $search ) && ! ( is_multisite() && wp_is_large_network( 'users' ) ) ) { + $search_columns = array( 'user_url' ); + } else { + $search_columns = array( 'user_login', 'user_url', 'user_email', 'user_nicename', 'display_name' ); + } } /** @@ -537,7 +541,7 @@ * * @since 3.6.0 * - * @param array $search_columns Array of column names to be searched. + * @param string[] $search_columns Array of column names to be searched. * @param string $search Text being searched. * @param WP_User_Query $this The current WP_User_Query instance. */ @@ -548,16 +552,16 @@ if ( ! empty( $include ) ) { // Sanitized earlier. - $ids = implode( ',', $include ); + $ids = implode( ',', $include ); $this->query_where .= " AND $wpdb->users.ID IN ($ids)"; } elseif ( ! empty( $qv['exclude'] ) ) { - $ids = implode( ',', wp_parse_id_list( $qv['exclude'] ) ); + $ids = implode( ',', wp_parse_id_list( $qv['exclude'] ) ); $this->query_where .= " AND $wpdb->users.ID NOT IN ($ids)"; } // Date queries are allowed for the user_registered field. if ( ! empty( $qv['date_query'] ) && is_array( $qv['date_query'] ) ) { - $date_query = new WP_Date_Query( $qv['date_query'], 'user_registered' ); + $date_query = new WP_Date_Query( $qv['date_query'], 'user_registered' ); $this->query_where .= $date_query->get_sql(); } @@ -588,35 +592,61 @@ $qv =& $this->query_vars; - $this->request = "SELECT $this->query_fields $this->query_from $this->query_where $this->query_orderby $this->query_limit"; + /** + * Filters the users array before the query takes place. + * + * Return a non-null value to bypass WordPress's default user queries. + * Filtering functions that require pagination information are encouraged to set + * the `total_users` property of the WP_User_Query object, passed to the filter + * by reference. If WP_User_Query does not perform a database query, it will not + * have enough information to generate these values itself. + * + * @since 5.1.0 + * + * @param array|null $results Return an array of user data to short-circuit WP's user query + * or null to allow WP to run its normal queries. + * @param WP_User_Query $this The WP_User_Query instance (passed by reference). + */ + $this->results = apply_filters_ref_array( 'users_pre_query', array( null, &$this ) ); + + if ( null === $this->results ) { + $this->request = "SELECT $this->query_fields $this->query_from $this->query_where $this->query_orderby $this->query_limit"; - if ( is_array( $qv['fields'] ) || 'all' == $qv['fields'] ) { - $this->results = $wpdb->get_results( $this->request ); - } else { - $this->results = $wpdb->get_col( $this->request ); + if ( is_array( $qv['fields'] ) || 'all' == $qv['fields'] ) { + $this->results = $wpdb->get_results( $this->request ); + } else { + $this->results = $wpdb->get_col( $this->request ); + } + + if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { + /** + * Filters SELECT FOUND_ROWS() query for the current WP_User_Query instance. + * + * @since 3.2.0 + * @since 5.1.0 Added the `$this` parameter. + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param string $sql The SELECT FOUND_ROWS() query for the current WP_User_Query. + * @param WP_User_Query $this The current WP_User_Query instance. + */ + $found_users_query = apply_filters( 'found_users_query', 'SELECT FOUND_ROWS()', $this ); + + $this->total_users = (int) $wpdb->get_var( $found_users_query ); + } } - /** - * Filters SELECT FOUND_ROWS() query for the current WP_User_Query instance. - * - * @since 3.2.0 - * - * @global wpdb $wpdb WordPress database abstraction object. - * - * @param string $sql The SELECT FOUND_ROWS() query for the current WP_User_Query. - */ - if ( isset( $qv['count_total'] ) && $qv['count_total'] ) - $this->total_users = (int) $wpdb->get_var( apply_filters( 'found_users_query', 'SELECT FOUND_ROWS()' ) ); - - if ( !$this->results ) + if ( ! $this->results ) { return; + } if ( 'all_with_meta' == $qv['fields'] ) { cache_users( $this->results ); $r = array(); - foreach ( $this->results as $userid ) + foreach ( $this->results as $userid ) { $r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] ); + } $this->results = $r; } elseif ( 'all' == $qv['fields'] ) { @@ -635,8 +665,9 @@ * @return mixed */ public function get( $query_var ) { - if ( isset( $this->query_vars[$query_var] ) ) - return $this->query_vars[$query_var]; + if ( isset( $this->query_vars[ $query_var ] ) ) { + return $this->query_vars[ $query_var ]; + } return null; } @@ -650,7 +681,7 @@ * @param mixed $value Query variable value. */ public function set( $query_var, $value ) { - $this->query_vars[$query_var] = $value; + $this->query_vars[ $query_var ] = $value; } /** @@ -669,10 +700,10 @@ protected function get_search_sql( $string, $cols, $wild = false ) { global $wpdb; - $searches = array(); - $leading_wild = ( 'leading' == $wild || 'both' == $wild ) ? '%' : ''; + $searches = array(); + $leading_wild = ( 'leading' == $wild || 'both' == $wild ) ? '%' : ''; $trailing_wild = ( 'trailing' == $wild || 'both' == $wild ) ? '%' : ''; - $like = $leading_wild . $wpdb->esc_like( $string ) . $trailing_wild; + $like = $leading_wild . $wpdb->esc_like( $string ) . $trailing_wild; foreach ( $cols as $col ) { if ( 'ID' == $col ) { @@ -682,7 +713,7 @@ } } - return ' AND (' . implode(' OR ', $searches) . ')'; + return ' AND (' . implode( ' OR ', $searches ) . ')'; } /** @@ -731,7 +762,7 @@ $_orderby = 'display_name'; } elseif ( 'post_count' == $orderby ) { // todo: avoid the JOIN - $where = get_posts_by_author_sql( 'post' ); + $where = get_posts_by_author_sql( 'post' ); $this->query_from .= " LEFT OUTER JOIN ( SELECT post_author, COUNT(*) as post_count FROM $wpdb->posts @@ -739,7 +770,7 @@ GROUP BY post_author ) p ON ({$wpdb->users}.ID = p.post_author) "; - $_orderby = 'post_count'; + $_orderby = 'post_count'; } elseif ( 'ID' == $orderby || 'id' == $orderby ) { $_orderby = 'ID'; } elseif ( 'meta_value' == $orderby || $this->get( 'meta_key' ) == $orderby ) { @@ -747,20 +778,20 @@ } elseif ( 'meta_value_num' == $orderby ) { $_orderby = "$wpdb->usermeta.meta_value+0"; } elseif ( 'include' === $orderby && ! empty( $this->query_vars['include'] ) ) { - $include = wp_parse_id_list( $this->query_vars['include'] ); + $include = wp_parse_id_list( $this->query_vars['include'] ); $include_sql = implode( ',', $include ); - $_orderby = "FIELD( $wpdb->users.ID, $include_sql )"; + $_orderby = "FIELD( $wpdb->users.ID, $include_sql )"; } elseif ( 'nicename__in' === $orderby ) { $sanitized_nicename__in = array_map( 'esc_sql', $this->query_vars['nicename__in'] ); - $nicename__in = implode( "','", $sanitized_nicename__in ); - $_orderby = "FIELD( user_nicename, '$nicename__in' )"; + $nicename__in = implode( "','", $sanitized_nicename__in ); + $_orderby = "FIELD( user_nicename, '$nicename__in' )"; } elseif ( 'login__in' === $orderby ) { $sanitized_login__in = array_map( 'esc_sql', $this->query_vars['login__in'] ); - $login__in = implode( "','", $sanitized_login__in ); - $_orderby = "FIELD( user_login, '$login__in' )"; + $login__in = implode( "','", $sanitized_login__in ); + $_orderby = "FIELD( user_login, '$login__in' )"; } elseif ( isset( $meta_query_clauses[ $orderby ] ) ) { $meta_clause = $meta_query_clauses[ $orderby ]; - $_orderby = sprintf( "CAST(%s.meta_value AS %s)", esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) ); + $_orderby = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) ); } return $_orderby; @@ -847,7 +878,7 @@ * * @since 4.0.0 * - * @param callable $name Method to call. + * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed Return value of the callback, false otherwise. */