Merge pull request #7739 from Automattic/release/4.24.5

Release 4.24.5
Automattic · Jan 16, 2025 · c9a608c · c9a608c
2 parents cd43d10 + 6baabda
commit c9a608c
Show file tree

Hide file tree

Showing 30 changed files with 701 additions and 471 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -1,5 +1,33 @@
 *** Changelog ***
 
+## 4.24.5 - 2025-01-16
+### Security
+- Fix unprepared SQL
+- Remove feed content if the user doesn't have access to the lesson
+
+### Added
+- Wrap question numbers in `<span>` tags [#7738](https://github.com/Automattic/sensei/pull/7738)
+
+### Changed
+- Replace `date` with `gmdate` [#7735](https://github.com/Automattic/sensei/pull/7735)
+- Replace `unlink` with `wp_delete_file` [#7732](https://github.com/Automattic/sensei/pull/7732)
+- Replace `wp_json_encode` with `json_encode` [#7730](https://github.com/Automattic/sensei/pull/7730)
+- Update the placeholder to use an internal image [#7728](https://github.com/Automattic/sensei/pull/7728)
+- Replace `strip_tags` with `wp_strip_all_tags` [#7731](https://github.com/Automattic/sensei/pull/7731)
+
+### Deprecated
+- Deprecate `load_localisation` and `load_plugin_textdomain` functions [#7713](https://github.com/Automattic/sensei/pull/7713)
+
+### Removed
+- Remove manual loading of translations [#7713](https://github.com/Automattic/sensei/pull/7713)
+- Remove fallback code for Sensei Pro update reminder [#7729](https://github.com/Automattic/sensei/pull/7729)
+- Remove files that are already included in WordPress Core [#7727](https://github.com/Automattic/sensei/pull/7727)
+- Remove obsolete code from Students area [#7726](https://github.com/Automattic/sensei/pull/7726)
+
+### Fixed
+- Initialize Sensei blocks for posts [#7736](https://github.com/Automattic/sensei/pull/7736)
+- Remove usage of deprecated parameters in WordPress Core functions [#7724](https://github.com/Automattic/sensei/pull/7724)
+
 ## 4.24.4 - 2024-11-12
 ### Security
 - Messages and emails accessible using the search REST API

diff --git a/changelog/deprecate-ptranslation-load-functions b/changelog/deprecate-ptranslation-load-functions
diff --git a/changelog/fix-no-sensei-blocks-for-posts b/changelog/fix-no-sensei-blocks-for-posts
diff --git a/changelog/fix-use-wp-strip-all-tags b/changelog/fix-use-wp-strip-all-tags
diff --git a/changelog/fix-wordpress-core-deprecations b/changelog/fix-wordpress-core-deprecations
diff --git a/changelog/remove-loading-translations-code b/changelog/remove-loading-translations-code
diff --git a/changelog/remove-obsolete-javascript b/changelog/remove-obsolete-javascript
diff --git a/changelog/remove-obsolete-learner-management-code b/changelog/remove-obsolete-learner-management-code
diff --git a/changelog/remove-plugin-updater-code b/changelog/remove-plugin-updater-code
diff --git a/changelog/update-json_encode-to-wp_json_encode b/changelog/update-json_encode-to-wp_json_encode
diff --git a/changelog/update-placeholder-image b/changelog/update-placeholder-image
diff --git a/changelog/update-replace-date-with-gmdate b/changelog/update-replace-date-with-gmdate
diff --git a/changelog/update-replace-unlink-with-wp_delete_file b/changelog/update-replace-unlink-with-wp_delete_file
diff --git a/changelog/update-wrap-question-title-in-span b/changelog/update-wrap-question-title-in-span
diff --git a/config/psalm/psalm-baseline.xml b/config/psalm/psalm-baseline.xml
@@ -107,10 +107,9 @@
     <DocblockTypeContradiction occurrences="1">
       <code>false === $mysql_date</code>
     </DocblockTypeContradiction>
-    <InvalidScalarArgument occurrences="5">
+    <InvalidScalarArgument occurrences="4">
       <code>$_POST['data']['comment_id']</code>
       <code>$_POST['data']['post_id']</code>
-      <code>$lesson_id</code>
       <code>wp_unslash( $_GET['course_id'] ?? 0 )</code>
       <code>wp_unslash( $_GET['lesson_id'] ?? 0 )</code>
     </InvalidScalarArgument>
@@ -530,12 +529,6 @@
       <code>! self::$instance</code>
       <code>self::$instance</code>
     </DocblockTypeContradiction>
-    <InvalidArgument occurrences="1">
-      <code>true</code>
-    </InvalidArgument>
-    <MissingClosureParamType occurrences="1">
-      <code>$attributes</code>
-    </MissingClosureParamType>
     <UnresolvableInclude occurrences="1">
       <code>require __DIR__ . "/{$post_type}/{$block_pattern}.php"</code>
     </UnresolvableInclude>
@@ -903,13 +896,12 @@
       <code>$course-&gt;ID</code>
       <code>$post-&gt;ID</code>
     </PossiblyInvalidPropertyFetch>
-    <PossiblyNullArgument occurrences="6">
+    <PossiblyNullArgument occurrences="5">
       <code>$course_structure</code>
       <code>$event_name</code>
       <code>$post_id</code>
       <code>$post_id</code>
       <code>$post_type-&gt;cap-&gt;edit_posts</code>
-      <code>$screen</code>
     </PossiblyNullArgument>
     <PossiblyNullPropertyFetch occurrences="3">
       <code>$post_type-&gt;cap</code>
@@ -1736,10 +1728,6 @@
     <PossiblyFalseArgument occurrences="1">
       <code>wp_json_encode( $args )</code>
     </PossiblyFalseArgument>
-    <PossiblyInvalidCast occurrences="2">
-      <code>$clean_lesson_id</code>
-      <code>$clean_user_id</code>
-    </PossiblyInvalidCast>
     <PossiblyNullArgument occurrences="3">
       <code>get_post_type_object( 'course' )-&gt;cap-&gt;edit_post</code>
       <code>get_post_type_object( 'lesson' )-&gt;cap-&gt;edit_post</code>
@@ -2866,6 +2854,10 @@
     <DocblockTypeContradiction occurrences="1">
       <code>0</code>
     </DocblockTypeContradiction>
+    <DuplicateArrayKey occurrences="2">
+      <code>$published_quiz_ids</code>
+      <code>$published_quiz_ids</code>
+    </DuplicateArrayKey>
     <InvalidArgument occurrences="11">
       <code>$key</code>
       <code>$published_quiz_ids</code>
@@ -3126,7 +3118,8 @@
     <MissingPropertyType occurrences="1">
       <code>$this-&gt;post_types-&gt;role_caps</code>
     </MissingPropertyType>
-    <PossiblyFalseArgument occurrences="2">
+    <PossiblyFalseArgument occurrences="3">
+      <code>get_the_ID()</code>
       <code>get_the_ID()</code>
       <code>get_the_ID()</code>
     </PossiblyFalseArgument>

diff --git a/includes/admin/class-sensei-learner-management.php b/includes/admin/class-sensei-learner-management.php
@@ -106,7 +106,7 @@ public function __construct( $file ) {
 	 */
 	public function __get( $key ) {
 		if ( 'name' === $key ) {
-			_doing_it_wrong( __CLASS__ . '->name', 'The "name" property is deprecated. Use get_name() instead.', '$$next-version$$' );
+			_doing_it_wrong( __CLASS__ . '->name', 'The "name" property is deprecated. Use get_name() instead.', '4.24.5' );
 
 			return $this->get_name();
 		}

diff --git a/includes/class-sensei-analysis.php b/includes/class-sensei-analysis.php
@@ -68,7 +68,7 @@ public function __get( $key ) {
 		}
 
 		if ( 'name' === $key ) {
-			_doing_it_wrong( __CLASS__ . '->name', 'The "name" property is deprecated. Use get_name() instead.', '$$next-version$$' );
+			_doing_it_wrong( __CLASS__ . '->name', 'The "name" property is deprecated. Use get_name() instead.', '4.24.5' );
 
 			return $this->get_name();
 		}

diff --git a/includes/class-sensei-grading.php b/includes/class-sensei-grading.php
@@ -60,7 +60,7 @@ public function __construct( $file ) {
 	 */
 	public function __get( $key ) {
 		if ( 'name' === $key ) {
-			_doing_it_wrong( __CLASS__ . '->name', 'The "name" property is deprecated. Use get_name() instead.', '$$next-version$$' );
+			_doing_it_wrong( __CLASS__ . '->name', 'The "name" property is deprecated. Use get_name() instead.', '4.24.5' );
 
 			return $this->get_name();
 		}
@@ -567,17 +567,21 @@ public function count_statuses( $args = array() ) {
 
 		$cache_key = 'sensei-statuses-' . md5( wp_json_encode( $args ) );
 
-		$query = "SELECT comment_approved, COUNT( * ) AS total FROM {$wpdb->comments} WHERE comment_type = %s ";
+		$query = $wpdb->prepare( "SELECT comment_approved, COUNT( * ) AS total FROM {$wpdb->comments} WHERE comment_type = %s ", $type );
 
 		// Restrict to specific posts.
 		if ( isset( $args['post__in'] ) && ! empty( $args['post__in'] ) && is_array( $args['post__in'] ) ) {
-			$query .= ' AND comment_post_ID IN (' . implode( ',', array_map( 'absint', $args['post__in'] ) ) . ')';
+			$post__in_placeholder = implode( ', ', array_fill( 0, count( $args['post__in'] ), '%d' ) );
+			// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare -- Placeholders created dynamically.
+			$query .= $wpdb->prepare( " AND comment_post_ID IN ( $post__in_placeholder )", $args['post__in'] );
 		} elseif ( ! empty( $args['post_id'] ) ) {
 			$query .= $wpdb->prepare( ' AND comment_post_ID = %d', $args['post_id'] );
 		}
 		// Restrict to specific users.
 		if ( isset( $args['user_id'] ) && is_array( $args['user_id'] ) ) {
-			$query .= ' AND user_id IN (' . implode( ',', array_map( 'absint', $args['user_id'] ) ) . ')';
+			$user_id_placeholder = implode( ', ', array_fill( 0, count( $args['user_id'] ), '%d' ) );
+			// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare -- Placeholders created dynamically.
+			$query .= $wpdb->prepare( " AND user_id IN ( $user_id_placeholder )", $args['user_id'] );
 		} elseif ( ! empty( $args['user_id'] ) ) {
 			$query .= $wpdb->prepare( ' AND user_id = %d', $args['user_id'] );
 		}
@@ -589,8 +593,8 @@ public function count_statuses( $args = array() ) {
 
 		$counts = wp_cache_get( $cache_key, 'counts' );
 		if ( false === $counts ) {
-			$sql     = $wpdb->prepare( $query, $type );
-			$results = (array) $wpdb->get_results( $sql, ARRAY_A );
+			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- SQL prepared in advance.
+			$results = (array) $wpdb->get_results( $query, ARRAY_A );
 			$counts  = array_fill_keys( $this->get_stati( $type ), 0 );
 
 			foreach ( $results as $row ) {
@@ -1273,16 +1277,13 @@ public static function grade_gap_fill_question( $question_id, $user_answer ) {
 	 * @return int $number_of_graded_lessons
 	 */
 	public static function get_graded_lessons_count() {
-
 		global $wpdb;
 
-		$comment_query_piece           = [];
-		$comment_query_piece['select'] = 'SELECT   COUNT(*) AS total';
-		$comment_query_piece['from']   = " FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id ) ";
-		$comment_query_piece['where']  = " WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade')";
-
-		$comment_query            = $comment_query_piece['select'] . $comment_query_piece['from'] . $comment_query_piece['where'];
-		$number_of_graded_lessons = intval( $wpdb->get_var( $comment_query, 0, 0 ) );
+		$number_of_graded_lessons = (int) $wpdb->get_var(
+			"SELECT COUNT(*) AS total
+			FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id )
+			WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade')"
+		);
 
 		return $number_of_graded_lessons;
 	}
@@ -1291,22 +1292,18 @@ public static function get_graded_lessons_count() {
 	 * Add together all the graded lesson grades
 	 *
 	 * @since 1.9.0
-	 * @return double $sum_of_all_grades
+	 * @return int $sum_of_all_grades
 	 */
 	public static function get_graded_lessons_sum() {
-
 		global $wpdb;
 
-		$comment_query_piece           = [];
-		$comment_query_piece['select'] = "SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum";
-		$comment_query_piece['from']   = " FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id ) ";
-		$comment_query_piece['where']  = " WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade')";
-
-		$comment_query     = $comment_query_piece['select'] . $comment_query_piece['from'] . $comment_query_piece['where'];
-		$sum_of_all_grades = intval( $wpdb->get_var( $comment_query, 0, 0 ) );
+		$sum_of_all_grades = (int) $wpdb->get_var(
+			"SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum
+			FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id )
+			WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade')"
+		);
 
 		return $sum_of_all_grades;
-
 	}
 
 	/**
@@ -1339,19 +1336,19 @@ public function get_graded_lessons_average_grade() {
 	 *
 	 * @since 1.9.0
 	 * @param $user_id
-	 * @return double
+	 * @return int
 	 */
 	public static function get_user_graded_lessons_sum( $user_id ) {
 		global $wpdb;
 
-		$clean_user_id                 = esc_sql( $user_id );
-		$comment_query_piece           = [];
-		$comment_query_piece['select'] = "SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum";
-		$comment_query_piece['from']   = " FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id ) ";
-		$comment_query_piece['where']  = " WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade') AND {$wpdb->comments}.user_id = {$clean_user_id} ";
-
-		$comment_query     = $comment_query_piece['select'] . $comment_query_piece['from'] . $comment_query_piece['where'];
-		$sum_of_all_grades = intval( $wpdb->get_var( $comment_query, 0, 0 ) );
+		$sum_of_all_grades = (int) $wpdb->get_var(
+			$wpdb->prepare(
+				"SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum
+				FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id )
+				WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade') AND {$wpdb->comments}.user_id = %d ",
+				$user_id
+			)
+		);
 
 		return $sum_of_all_grades;
 	}
@@ -1362,23 +1359,21 @@ public static function get_user_graded_lessons_sum( $user_id ) {
 	 * @since 1.9.0
 	 *
 	 * @param int lesson_id
-	 * @return double
+	 * @return int
 	 */
 	public static function get_lessons_users_grades_sum( $lesson_id ) {
-
 		global $wpdb;
 
-		$clean_lesson_id               = esc_sql( $lesson_id );
-		$comment_query_piece           = [];
-		$comment_query_piece['select'] = "SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum";
-		$comment_query_piece['from']   = " FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id ) ";
-		$comment_query_piece['where']  = " WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade') AND {$wpdb->comments}.comment_post_ID = {$clean_lesson_id} ";
-
-		$comment_query     = $comment_query_piece['select'] . $comment_query_piece['from'] . $comment_query_piece['where'];
-		$sum_of_all_grades = intval( $wpdb->get_var( $comment_query, 0, 0 ) );
+		$sum_of_all_grades = (int) $wpdb->get_var(
+			$wpdb->prepare(
+				"SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum
+				FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id )
+				WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND ( {$wpdb->commentmeta}.meta_key = 'grade') AND {$wpdb->comments}.comment_post_ID = %d ",
+				$lesson_id
+			)
+		);
 
 		return $sum_of_all_grades;
-
 	}
 
 	/**
@@ -1387,29 +1382,31 @@ public static function get_lessons_users_grades_sum( $lesson_id ) {
 	 * @since 1.9.0
 	 *
 	 * @param int $course_id
-	 * @return double
+	 * @return int
 	 */
 	public static function get_course_users_grades_sum( $course_id ) {
 		global $wpdb;
 
 		$lesson_ids = Sensei()->course->course_lessons( $course_id, 'any', 'ids' );
-
 		if ( ! $lesson_ids ) {
 			return 0;
 		}
 
-		$comment_query_piece           = [];
-		$clean_lesson_ids              = implode( ',', esc_sql( $lesson_ids ) );
-		$comment_query_piece['select'] = "SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum";
-		$comment_query_piece['from']   = " FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id ) ";
-		$comment_query_piece['where']  = " WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND {$wpdb->comments}.comment_approved IN ('graded', 'passed', 'failed') AND ( {$wpdb->commentmeta}.meta_key = 'grade')
-			AND {$wpdb->comments}.comment_post_ID IN ({$clean_lesson_ids}) ";
+		$lesson_ids_placeholder = implode( ', ', array_fill( 0, count( $lesson_ids ), '%d' ) );
 
-		$comment_query     = $comment_query_piece['select'] . $comment_query_piece['from'] . $comment_query_piece['where'];
-		$sum_of_all_grades = intval( $wpdb->get_var( $comment_query, 0, 0 ) );
+		// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare -- Placeholders created dynamically.
+		$sum_of_all_grades = (int) $wpdb->get_var(
+			$wpdb->prepare(
+				"SELECT SUM({$wpdb->commentmeta}.meta_value) AS meta_sum
+				FROM {$wpdb->comments}  INNER JOIN {$wpdb->commentmeta}  ON ( {$wpdb->comments}.comment_ID = {$wpdb->commentmeta}.comment_id )
+				WHERE {$wpdb->comments}.comment_type IN ('sensei_lesson_status') AND {$wpdb->comments}.comment_approved IN ('graded', 'passed', 'failed') AND ( {$wpdb->commentmeta}.meta_key = 'grade')
+				AND {$wpdb->comments}.comment_post_ID IN ({$lesson_ids_placeholder}) ",
+				$lesson_ids
+			)
+		);
+		// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
 
 		return $sum_of_all_grades;
-
 	}
 
 	/**