From 945fd67d7bc85137f33b0cfebe3de936cd985eda Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Sat, 7 Mar 2015 16:05:11 +0000 Subject: [PATCH] Improve 'orderby' syntax for `WP_User_Query`. This changeset ports a number of 'orderby' features from `WP_Query` and `WP_Comment_Query`: * Allow multiple 'orderby' values to be passed as a space-separated list. * Allow multiple 'orderby' values to be passed as a flat array. * Allow multi-dimensional 'orderby', with orderby fields as array keys and ASC/DESC as the corresponding values. See #31265. git-svn-id: https://develop.svn.wordpress.org/trunk@31663 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/user.php | 170 +++++++++++++++++++++-------- tests/phpunit/tests/user/query.php | 87 +++++++++++++++ 2 files changed, 210 insertions(+), 47 deletions(-) diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php index 030f6bdcab..4e12df6c1f 100644 --- a/src/wp-includes/user.php +++ b/src/wp-includes/user.php @@ -500,7 +500,8 @@ class WP_User_Query { * Prepare the query variables. * * @since 3.1.0 - * @since 4.2.0 Added 'meta_value_num' support for `$orderby` parameter. + * @since 4.2.0 Added 'meta_value_num' support for `$orderby` parameter. Added multi-dimensional array syntax + * for `$orderby` parameter. * @access public * * @param string|array $query { @@ -521,13 +522,18 @@ class WP_User_Query { * column to search in based on search string. Default empty. * @type array $search_columns Array of column names to be searched. Accepts 'ID', 'login', * 'nicename', 'email', 'url'. Default empty array. - * @type string $orderby Field to sort the retrieved users by. Accepts 'ID', 'display_name', - * 'login', 'nicename', 'email', 'url', 'registered', 'post_count', - * 'meta_value' or 'meta_value_num'. To use 'meta_value' or - * 'meta_value_num', `$meta_key` must be also be defined. - * Default 'user_login'. - * @type string $order Designates ascending or descending order of users. Accepts 'ASC', - * 'DESC'. Default 'ASC'. + * @type string|array $orderby Field to sort the retrieved users by. May be a single value, + * an array of values, or a multi-dimensional array with fields as keys + * and orders ('ASC' or 'DESC') as values. Accepted values are'ID', + * 'display_name' (or 'name'), 'user_login' (or 'login'), + * 'user_nicename' (or 'nicename'), 'user_email' (or 'email'), + * 'user_url' (or 'url'), 'user_registered' (or 'registered'), + * 'post_count', 'meta_value', or 'meta_value_num'. To use 'meta_value' + * or 'meta_value_num', `$meta_key` must be also be defined. + * Default 'user_login'. + * @type string $order Designates ascending or descending order of users. Order values + * passed as part of an `$orderby` array take precedence over this + * parameter. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type int $offset Number of users to offset in retrieved results. Can be used in * conjunction with pagination. Default 0. * @type int $number Number of users to limit the query for. Can be used in conjunction @@ -611,48 +617,50 @@ class WP_User_Query { } // sorting - if ( isset( $qv['orderby'] ) ) { - if ( in_array( $qv['orderby'], array('nicename', 'email', 'url', 'registered') ) ) { - $orderby = 'user_' . $qv['orderby']; - } elseif ( in_array( $qv['orderby'], array('user_nicename', 'user_email', 'user_url', 'user_registered') ) ) { - $orderby = $qv['orderby']; - } elseif ( 'name' == $qv['orderby'] || 'display_name' == $qv['orderby'] ) { - $orderby = 'display_name'; - } elseif ( 'post_count' == $qv['orderby'] ) { - // todo: avoid the JOIN - $where = get_posts_by_author_sql('post'); - $this->query_from .= " LEFT OUTER JOIN ( - SELECT post_author, COUNT(*) as post_count - FROM $wpdb->posts - $where - GROUP BY post_author - ) p ON ({$wpdb->users}.ID = p.post_author) - "; - $orderby = 'post_count'; - } elseif ( 'ID' == $qv['orderby'] || 'id' == $qv['orderby'] ) { - $orderby = 'ID'; - } elseif ( 'meta_value' == $qv['orderby'] ) { - $orderby = "$wpdb->usermeta.meta_value"; - } elseif ( 'meta_value_num' == $qv['orderby'] ) { - $orderby = "$wpdb->usermeta.meta_value+0"; - } elseif ( 'include' === $qv['orderby'] && ! empty( $include ) ) { - // Sanitized earlier. - $include_sql = implode( ',', $include ); - $orderby = "FIELD( $wpdb->users.ID, $include_sql )"; - } else { - $orderby = 'user_login'; - } + $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : ''; + $order = $this->parse_order( $qv['order'] ); + + if ( empty( $qv['orderby'] ) ) { + // Default order is by 'user_login'. + $ordersby = array( 'user_login' => $order ); + } else if ( is_array( $qv['orderby'] ) ) { + $ordersby = $qv['orderby']; + } else { + // 'orderby' values may be a comma- or space-separated list. + $ordersby = preg_split( '/[,\s]+/', $qv['orderby'] ); } - if ( empty( $orderby ) ) - $orderby = 'user_login'; + $orderby_array = array(); + foreach ( $ordersby as $_key => $_value ) { + if ( ! $_value ) { + continue; + } - $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : ''; - if ( 'ASC' == $qv['order'] ) - $order = 'ASC'; - else - $order = 'DESC'; - $this->query_orderby = "ORDER BY $orderby $order"; + if ( is_int( $_key ) ) { + // Integer key means this is a flat array of 'orderby' fields. + $_orderby = $_value; + $_order = $order; + } else { + // Non-integer key means this the key is the field and the value is ASC/DESC. + $_orderby = $_key; + $_order = $_value; + } + + $parsed = $this->parse_orderby( $_orderby ); + + if ( ! $parsed ) { + continue; + } + + $orderby_array[] = $parsed . ' ' . $this->parse_order( $_order ); + } + + // If no valid clauses were found, order by user_login. + if ( empty( $orderby_array ) ) { + $orderby_array[] = "user_login $order"; + } + + $this->query_orderby = 'ORDER BY ' . implode( ', ', $orderby_array ); // limit if ( isset( $qv['number'] ) && $qv['number'] ) { @@ -924,6 +932,74 @@ class WP_User_Query { return $this->total_users; } + /** + * Parse and sanitize 'orderby' keys passed to the user query. + * + * @since 4.2.0 + * @access protected + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param string $orderby Alias for the field to order by. + * @return string|bool Value to used in the ORDER clause, if `$orderby` is valid. False otherwise. + */ + protected function parse_orderby( $orderby ) { + global $wpdb; + + $_orderby = ''; + if ( in_array( $orderby, array( 'login', 'nicename', 'email', 'url', 'registered' ) ) ) { + $_orderby = 'user_' . $orderby; + } elseif ( in_array( $orderby, array( 'user_login', 'user_nicename', 'user_email', 'user_url', 'user_registered' ) ) ) { + $_orderby = $orderby; + } elseif ( 'name' == $orderby || 'display_name' == $orderby ) { + $_orderby = 'display_name'; + } elseif ( 'post_count' == $orderby ) { + // todo: avoid the JOIN + $where = get_posts_by_author_sql( 'post' ); + $this->query_from .= " LEFT OUTER JOIN ( + SELECT post_author, COUNT(*) as post_count + FROM $wpdb->posts + $where + GROUP BY post_author + ) p ON ({$wpdb->users}.ID = p.post_author) + "; + $_orderby = 'post_count'; + } elseif ( 'ID' == $orderby || 'id' == $orderby ) { + $_orderby = 'ID'; + } elseif ( 'meta_value' == $orderby ) { + $_orderby = "$wpdb->usermeta.meta_value"; + } elseif ( 'meta_value_num' == $orderby ) { + $_orderby = "$wpdb->usermeta.meta_value+0"; + } elseif ( 'include' === $orderby && ! empty( $this->query_vars['include'] ) ) { + $include = wp_parse_id_list( $this->query_vars['include'] ); + $include_sql = implode( ',', $include ); + $_orderby = "FIELD( $wpdb->users.ID, $include_sql )"; + } + + return $_orderby; + } + + /** + * Parse an 'order' query variable and cast it to ASC or DESC as necessary. + * + * @since 4.2.0 + * @access protected + * + * @param string $order The 'order' query variable. + * @return string The sanitized 'order' query variable. + */ + protected function parse_order( $order ) { + if ( ! is_string( $order ) || empty( $order ) ) { + return 'DESC'; + } + + if ( 'ASC' === strtoupper( $order ) ) { + return 'ASC'; + } else { + return 'DESC'; + } + } + /** * Make private properties readable for backwards compatibility. * diff --git a/tests/phpunit/tests/user/query.php b/tests/phpunit/tests/user/query.php index c2adee1e84..5738f4298f 100644 --- a/tests/phpunit/tests/user/query.php +++ b/tests/phpunit/tests/user/query.php @@ -230,6 +230,93 @@ class Tests_User_Query extends WP_UnitTestCase { $this->assertEquals( array( $users[1], $users[0], $users[3] ), $q->get_results() ); } + /** + * @ticket 31265 + */ + public function test_orderby_space_separated() { + global $wpdb; + + $q = new WP_User_Query( array( + 'orderby' => 'login nicename', + 'order' => 'ASC', + ) ); + + $this->assertContains( "ORDER BY user_login ASC, user_nicename ASC", $q->query_orderby ); + } + + /** + * @ticket 31265 + */ + public function test_orderby_flat_array() { + global $wpdb; + + $q = new WP_User_Query( array( + 'orderby' => array( 'login', 'nicename' ), + ) ); + + $this->assertContains( "ORDER BY user_login ASC, user_nicename ASC", $q->query_orderby ); + } + + /** + * @ticket 31265 + */ + public function test_orderby_array_contains_invalid_item() { + global $wpdb; + + $q = new WP_User_Query( array( + 'orderby' => array( 'login', 'foo', 'nicename' ), + ) ); + + $this->assertContains( "ORDER BY user_login ASC, user_nicename ASC", $q->query_orderby ); + } + + /** + * @ticket 31265 + */ + public function test_orderby_array_contains_all_invalid_items() { + global $wpdb; + + $q = new WP_User_Query( array( + 'orderby' => array( 'foo', 'bar', 'baz' ), + ) ); + + $this->assertContains( "ORDER BY user_login", $q->query_orderby ); + } + + /** + * @ticket 31265 + */ + public function test_orderby_array() { + global $wpdb; + + $q = new WP_User_Query( array( + 'orderby' => array( + 'login' => 'DESC', + 'nicename' => 'ASC', + 'email' => 'DESC', + ), + ) ); + + $this->assertContains( "ORDER BY user_login DESC, user_nicename ASC, user_email DESC", $q->query_orderby ); + } + + /** + * @ticket 31265 + */ + public function test_orderby_array_should_discard_invalid_columns() { + global $wpdb; + + $q = new WP_User_Query( array( + 'orderby' => array( + 'login' => 'DESC', + 'foo' => 'ASC', + 'email' => 'ASC', + ), + ) ); + + $this->assertContains( "ORDER BY user_login DESC, user_email ASC", $q->query_orderby ); + } + /** * @ticket 21119 */