jibbius · January 5, 2021 00:38
diff --git a/helpers.php b/helpers.php
 <?php
 /**
 * This file is part of the NameDirectory plugin for WordPress
 */

 // I have only updated the name_directory_get_directory_names() function.

 /**
 * Get the names of given directory, maybe only with the char?
 * @param $directory
 * @param array $name_filter
 * @return mixed
 */
 function name_directory_get_directory_names($directory, $name_filter = array())
 {
    if($directory === null)
    {
        return array();
    }

    global $wpdb;
    global $name_directory_table_directory_name;

    // Init var
    $use_regex = false;
    $sql_query = "";
    $sql_prepared_values = array();

    // Begin SQL Query
    $sql_query  = " SELECT * FROM `$name_directory_table_directory_name` ";
    $sql_query .= " WHERE `directory` = %d ";
    $sql_query .= " AND `published`   = %d ";
    $sql_prepared_values[] = $directory['id'];
    $sql_prepared_values[] = '1';


    if(! empty($name_filter['containing']))
    {
        if(name_directory_is_multibyte_supported())
        {
            $first_chars = mb_substr($name_filter['containing'], 0, 7);
        }
        else
        {
            $first_chars = substr($name_filter['containing'], 0, 7);
        }

        /* This means: perform an exact search */
        if(in_array($first_chars, array("\&quot;", '\"')))
        {
            $name_filter['containing'] = str_replace(array("\&quot;", '\"'), array('', ''), $name_filter['containing']);
            $use_regex = true;
        }
    }

    if(! empty($name_filter['character']))
    {
        $sql_query .= " AND `letter`= %s ";
        $sql_prepared_values[] = $name_filter['character'];
    }

    if(! empty($name_filter['containing']))
    {
        $sql_query .= " AND ( ";

        if(!$use_regex){
            $sql_query .= " `name` LIKE %s";
            $sql_prepared_values[] = $wpdb->esc_like('%'.$name_filter['containing'].'%');
        } else {
            // Unsure if there is a better way to SQL prepare this REGEX parameter...
            $sql_query .= " `name` REGEXP '^.*[^a-zA-Z0-9]*(" . esc_sql($name_filter['containing']) . ")[^a-zA-Z0-9]'";

            $sql_query .= " OR `name` = %s";
            $sql_prepared_values[] = $name_filter['containing'];
        }


        if(! empty($directory['search_in_description']) && ! empty($directory['show_description']))
        {
            $sql_query .= " OR ";

            if(!$use_regex){
                $sql_query .= " `description` LIKE %s";
                $sql_prepared_values[] = $wpdb->esc_like('%'.$name_filter['containing'].'%');
            } else {
                // Unsure if there is a better way to SQL prepare this REGEX parameter...
                $sql_query .= " `description` REGEXP '^.*[^a-zA-Z0-9]*(" . esc_sql($name_filter['containing']) . ")[^a-zA-Z0-9]'";

                $sql_query .= " OR `description` = %s";
                $sql_prepared_values[] = $name_filter['containing'];
            }
        }
        $sql_query .= " ) ";
    }

    if(! empty($name_filter['character']) && $name_filter['character'] == 'latest')
    {
        $sql_query .= "ORDER BY `id` DESC";
        $sql_query .= "LIMIT %d";
        $sql_prepared_values[] = $directory['nr_most_recent'];
    } else {
        $order_by = "ORDER BY `letter`, `name` ASC";
    }

    $names = $wpdb->get_results( $wpdb->prepare(
            $sql_query,
            $sql_prepared_values
        ),
        ARRAY_A
    );

    return $names;
 }
	<?php
	/**
	* This file is part of the NameDirectory plugin for WordPress
	*/

	// I have only updated the name_directory_get_directory_names() function.

	/**
	* Get the names of given directory, maybe only with the char?
	* @param $directory
	* @param array $name_filter
	* @return mixed
	*/
	function name_directory_get_directory_names($directory, $name_filter = array())
	{
	if($directory === null)
	{
	return array();
	}

	global $wpdb;
	global $name_directory_table_directory_name;

	// Init var
	$use_regex = false;
	$sql_query = "";
	$sql_prepared_values = array();

	// Begin SQL Query
	$sql_query = " SELECT * FROM `$name_directory_table_directory_name` ";
	$sql_query .= " WHERE `directory` = %d ";
	$sql_query .= " AND `published` = %d ";
	$sql_prepared_values[] = $directory['id'];
	$sql_prepared_values[] = '1';


	if(! empty($name_filter['containing']))
	{
	if(name_directory_is_multibyte_supported())
	{
	$first_chars = mb_substr($name_filter['containing'], 0, 7);
	}
	else
	{
	$first_chars = substr($name_filter['containing'], 0, 7);
	}

	/* This means: perform an exact search */
	if(in_array($first_chars, array("\"", '\"')))
	{
	$name_filter['containing'] = str_replace(array("\"", '\"'), array('', ''), $name_filter['containing']);
	$use_regex = true;
	}
	}

	if(! empty($name_filter['character']))
	{
	$sql_query .= " AND `letter`= %s ";
	$sql_prepared_values[] = $name_filter['character'];
	}

	if(! empty($name_filter['containing']))
	{
	$sql_query .= " AND ( ";

	if(!$use_regex){
	$sql_query .= " `name` LIKE %s";
	$sql_prepared_values[] = $wpdb->esc_like('%'.$name_filter['containing'].'%');
	} else {
	// Unsure if there is a better way to SQL prepare this REGEX parameter...
	$sql_query .= " `name` REGEXP '^.[^a-zA-Z0-9](" . esc_sql($name_filter['containing']) . ")[^a-zA-Z0-9]'";

	$sql_query .= " OR `name` = %s";
	$sql_prepared_values[] = $name_filter['containing'];
	}


	if(! empty($directory['search_in_description']) && ! empty($directory['show_description']))
	{
	$sql_query .= " OR ";

	if(!$use_regex){
	$sql_query .= " `description` LIKE %s";
	$sql_prepared_values[] = $wpdb->esc_like('%'.$name_filter['containing'].'%');
	} else {
	// Unsure if there is a better way to SQL prepare this REGEX parameter...
	$sql_query .= " `description` REGEXP '^.[^a-zA-Z0-9](" . esc_sql($name_filter['containing']) . ")[^a-zA-Z0-9]'";

	$sql_query .= " OR `description` = %s";
	$sql_prepared_values[] = $name_filter['containing'];
	}
	}
	$sql_query .= " ) ";
	}

	if(! empty($name_filter['character']) && $name_filter['character'] == 'latest')
	{
	$sql_query .= "ORDER BY `id` DESC";
	$sql_query .= "LIMIT %d";
	$sql_prepared_values[] = $directory['nr_most_recent'];
	} else {
	$order_by = "ORDER BY `letter`, `name` ASC";
	}

	$names = $wpdb->get_results( $wpdb->prepare(
	$sql_query,
	$sql_prepared_values
	),
	ARRAY_A
	);

	return $names;
	}