Changeset 3475342

appsero-helper/tags/1.3.5/appsero-helper.php

-                      r3253142
+                      r3475342
  * Author: Appsero
  * Author URI: https://appsero.com
  * Version: 1.3.4
+ * Version: 1.3.5
  * Text Domain: appsero-helper
  */
 …
      * @var string
      */
     public $version = '1.3.4';
+    public $version = '1.3.5';
     /**

appsero-helper/tags/1.3.5/includes/Edd/Activations.php

-                      r2022067
+                      r3475342
         // retrieve active sites count
         global $wpdb;
+        $query  = "SELECT COUNT(site_id) as `count` FROM {$wpdb->prefix}edd_license_activations WHERE license_id = {$license->id} ";
+        $query .= " AND activated = 1 AND is_local = 0 AND site_name <> '{$site_url}' ";
+        $query = $wpdb->prepare(
+            "SELECT COUNT(site_id) as `count` FROM {$wpdb->prefix}edd_license_activations WHERE license_id = %d AND activated = 1 AND is_local = 0 AND site_name <> %s",
+            intval( $license->id ),
+            $site_url
+        );
         $active_sites = $wpdb->get_row( $query, ARRAY_A );

appsero-helper/tags/1.3.5/includes/Edd/Licenses.php

-                      r2272800
+                      r3475342
         // `edd_software_licensing()->licenses_db->get_licenses()` not fulfill my need
         global $wpdb;
+        $query       = "SELECT SQL_CALC_FOUND_ROWS id FROM {$wpdb->prefix}edd_licenses WHERE download_id = {$download_id} ";
+        $query      .= " ORDER BY id ASC LIMIT {$per_page} OFFSET {$offset}";
+        $results     = $wpdb->get_col( $query, 0 );
+        $query   = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS id FROM {$wpdb->prefix}edd_licenses WHERE download_id = %d ORDER BY id ASC LIMIT %d OFFSET %d",
+            absint( $download_id ),
+            absint( $per_page ),
+            absint( $offset )
+        );
+        $results = $wpdb->get_col( $query, 0 );
         $total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' );

appsero-helper/tags/1.3.5/includes/Edd/Orders.php

-                      r2803348
+                      r3475342
         global $wpdb;
+        $query = "SELECT SQL_CALC_FOUND_ROWS `ID` FROM {$wpdb->posts}
+                  WHERE `post_type` = 'edd_payment' AND
+                  `ID` IN (
+                      SELECT `post_id` FROM {$wpdb->postmeta}
+                      WHERE `meta_value` LIKE '%{s:2:\"id\";i:%d;s:8:\"quantity\";i%'
+                  )
+                  AND `post_status` IN (
+                      'abandoned', 'edd_subscription', 'failed', 'pending', 'processing', 'publish', 'refunded', 'revoked'
+                  )
+                  AND `post_modified_gmt` >= '{$after}'
+                  ORDER BY `ID` ASC LIMIT %d OFFSET %d;";
+        return $wpdb->prepare( $query, $this->download_id, $per_page, $offset );
+        $query = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS `ID` FROM {$wpdb->posts}
+             WHERE `post_type` = 'edd_payment' AND
+             `ID` IN (
+                 SELECT `post_id` FROM {$wpdb->postmeta}
+                 WHERE `meta_value` LIKE %s
+             )
+             AND `post_status` IN (
+                 'abandoned', 'edd_subscription', 'failed', 'pending', 'processing', 'publish', 'refunded', 'revoked'
+             )
+             AND `post_modified_gmt` >= %s
+             ORDER BY `ID` ASC LIMIT %d OFFSET %d",
+            '%{s:2:\"id\";i:' . intval( $this->download_id ) . ';s:8:\"quantity\";i%',
+            $after,
+            intval( $per_page ),
+            intval( $offset )
+        );
+        return $query;
+    }
+}

appsero-helper/tags/1.3.5/includes/Edd/Subscriptions.php

-                      r2147728
+                      r3475342
         global $wpdb;
         $table_name  = $wpdb->prefix . 'edd_subscriptions';
+        $query = $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS `id` FROM {$table_name} WHERE
+                                `product_id` = {$product_id} ORDER BY `id` ASC LIMIT %d OFFSET %d;",
+                                absint( $per_page ), absint( $offset ) );
+        $query = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS `id` FROM {$table_name} WHERE `product_id` = %d ORDER BY `id` ASC LIMIT %d OFFSET %d",
+            absint( $product_id ),
+            absint( $per_page ),
+            absint( $offset )
+        );
         $items = $wpdb->get_col( $query );
 …
         global $wpdb;
+        $query = "SELECT post_date_gmt FROM {$wpdb->posts} WHERE `post_parent` = {$subscription->parent_payment_id}
+                  AND `ID` IN ( SELECT `post_id` FROM {$wpdb->postmeta} WHERE `meta_key` = 'subscription_id'
+                  AND meta_value = {$subscription->id} ) AND `post_type` = 'edd_payment'
+                  ORDER BY `ID` DESC LIMIT 1;";
+        $query = $wpdb->prepare(
+            "SELECT post_date_gmt FROM {$wpdb->posts} WHERE `post_parent` = %d
+             AND `ID` IN ( SELECT `post_id` FROM {$wpdb->postmeta} WHERE `meta_key` = 'subscription_id'
+             AND meta_value = %d ) AND `post_type` = 'edd_payment'
+             ORDER BY `ID` DESC LIMIT 1",
+            intval( $subscription->parent_payment_id ),
+            intval( $subscription->id )
+        );
         $last_renewal_date = $wpdb->get_var( $query );

appsero-helper/tags/1.3.5/includes/WooCommerce/Activations.php

-                      r2421271
+                      r3475342
         $meta_key = $wpdb->get_blog_prefix() . WC_AM_HELPERS()->user_meta_key_orders;
+        $query  = "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$meta_key}' ";
+        $query .= " AND meta_value LIKE '%{$license_key}%' ";
+        $query = $wpdb->prepare(
+            "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value LIKE %s",
+            $meta_key,
+            '%' . $wpdb->esc_like( $license_key ) . '%'
+        );
         $license_data = $wpdb->get_var( $query );
         $license_data = maybe_unserialize( $license_data );
 …
         // retrieve active sites count
         global $wpdb;
+        $query  = "SELECT COUNT(activation_id) FROM {$wpdb->wc_software_activations} WHERE key_id = %s ";
+        $query .= " AND activation_active = 1 AND activation_platform <> '%s' ";
+        $active_sites = $wpdb->get_var( $wpdb->prepare( $query, $license['key_id'], $site_url ) );
+        $query = $wpdb->prepare(
+            "SELECT COUNT(activation_id) FROM {$wpdb->wc_software_activations}
+             WHERE key_id = %s AND activation_active = 1 AND activation_platform <> %s",
+            $license['key_id'],
+            $site_url
+        );
+        $active_sites = $wpdb->get_var( $query );
         if ( $limit > 0 && $active_sites >= $limit ) {
 …
         global $wpdb;
+        $query  = "SELECT * FROM {$wpdb->wc_software_activations}  ";
+        $query .= " WHERE key_id = %s AND activation_platform = '%s' ";
+        return $wpdb->get_row( $wpdb->prepare( $query, $key_id, $site_url ), ARRAY_A );
+        $query = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->wc_software_activations} WHERE key_id = %s AND activation_platform = %s",
+            $key_id,
+            $site_url
+        );
+        return $wpdb->get_row( $query, ARRAY_A );
+    }

appsero-helper/tags/1.3.5/includes/WooCommerce/Licenses.php

-                      r2421271
+                      r3475342
         $table_order_items    = $wpdb->prefix . 'woocommerce_order_items';
+        $itemmetaQuery  = " SELECT `{$table_order_itemmeta}`.`order_item_id` FROM `{$table_order_itemmeta}` ";
+        $itemmetaQuery .= " WHERE `meta_key` = '_product_id' AND `meta_value` = {$product_id} ";
+        $itemsQuery   = " SELECT SQL_CALC_FOUND_ROWS postmeta.meta_value AS license_key from {$table_order_items} AS order_items ";
+        $itemsQuery  .= " LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID ";
+        $itemsQuery  .= " LEFT JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id ";
+        $itemsQuery  .= " WHERE `order_item_id` IN ( {$itemmetaQuery} ) ";
+        $itemsQuery  .= " AND posts.post_status = 'wc-completed' ";
+        $itemsQuery  .= " AND postmeta.meta_key LIKE '%_api_license_key_%' ";
+        $itemsQuery  .= " ORDER BY order_items.order_id ASC LIMIT {$per_page} OFFSET {$offset} ";
+        $itemmetaQuery = $wpdb->prepare(
+            "SELECT `{$table_order_itemmeta}`.`order_item_id` FROM `{$table_order_itemmeta}`
+             WHERE `meta_key` = '_product_id' AND `meta_value` = %d",
+            intval( $product_id )
+        );
+        $itemsQuery = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS postmeta.meta_value AS license_key
+             FROM {$table_order_items} AS order_items
+             LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID
+             LEFT JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id
+             WHERE `order_item_id` IN ( {$itemmetaQuery} )
+             AND posts.post_status = 'wc-completed'
+             AND postmeta.meta_key LIKE %s
+             ORDER BY order_items.order_id ASC LIMIT %d OFFSET %d",
+            '%_api_license_key_%',
+            intval( $per_page ),
+            intval( $offset )
+        );
         $results     = $wpdb->get_col( $itemsQuery, 0 );
 …
             $meta_key = $wpdb->get_blog_prefix() . WC_AM_HELPERS()->user_meta_key_orders;
+            $query = "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$meta_key}' ";
+            $query .= " AND meta_value LIKE '%{$license_key}%' ";
+            $query = $wpdb->prepare(
+                "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value LIKE %s",
+                $meta_key,
+                '%' . $wpdb->esc_like( $license_key ) . '%'
+            );
             $license_data = $wpdb->get_var( $query );
             $license_data = maybe_unserialize( $license_data );

appsero-helper/tags/1.3.5/includes/WooCommerce/Orders.php

-                      r2695941
+                      r3475342
         global $wpdb;
         $orders_statuses = array_keys( wc_get_order_statuses() );
+        $orders_statuses = implode( "', '", $orders_statuses );
+        $query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT woi.order_id
+            FROM {$wpdb->prefix}woocommerce_order_itemmeta as woim,
+                 {$wpdb->prefix}woocommerce_order_items as woi,
+                 {$wpdb->prefix}posts as p
+            WHERE woi.order_item_id = woim.order_item_id
+            AND woi.order_id = p.ID
+            AND p.post_status IN ( '{$orders_statuses}' )
+            AND p.post_type = 'shop_order' ";
+        if ( !empty($after) ) {
+            $query .= " AND p.post_modified_gmt >= '{$after}' ";
+        }
+        $query .= " AND woim.meta_key = '_product_id'
+            AND woim.meta_value = '{$this->product_id}'
+            ORDER BY woi.order_item_id ASC LIMIT {$limit} OFFSET {$offset}";
+        $status_placeholders = implode( ', ', array_fill( 0, count( $orders_statuses ), '%s' ) );
+        $params = array_merge(
+            $orders_statuses,
+            [
+                intval( $this->product_id ),
+                intval( $limit ),
+                intval( $offset ),
+            ]
+        );
+        if ( ! empty( $after ) ) {
+            $query = $wpdb->prepare(
+                "SELECT SQL_CALC_FOUND_ROWS DISTINCT woi.order_id
+                 FROM {$wpdb->prefix}woocommerce_order_itemmeta as woim,
+                      {$wpdb->prefix}woocommerce_order_items as woi,
+                      {$wpdb->prefix}posts as p
+                 WHERE woi.order_item_id = woim.order_item_id
+                 AND woi.order_id = p.ID
+                 AND p.post_status IN ( {$status_placeholders} )
+                 AND p.post_type = 'shop_order'
+                 AND p.post_modified_gmt >= %s
+                 AND woim.meta_key = '_product_id'
+                 AND woim.meta_value = %d
+                 ORDER BY woi.order_item_id ASC LIMIT %d OFFSET %d",
+                array_merge(
+                $orders_statuses,
+                [
+                    $after,
+                    intval( $this->product_id ),
+                    intval( $limit ),
+                    intval( $offset ),
+                ]
+            )
+            );
+        } else {
+            $query = $wpdb->prepare(
+                "SELECT SQL_CALC_FOUND_ROWS DISTINCT woi.order_id
+                 FROM {$wpdb->prefix}woocommerce_order_itemmeta as woim,
+                      {$wpdb->prefix}woocommerce_order_items as woi,
+                      {$wpdb->prefix}posts as p
+                 WHERE woi.order_item_id = woim.order_item_id
+                 AND woi.order_id = p.ID
+                 AND p.post_status IN ( {$status_placeholders} )
+                 AND p.post_type = 'shop_order'
+                 AND woim.meta_key = '_product_id'
+                 AND woim.meta_value = %d
+                 ORDER BY woi.order_item_id ASC LIMIT %d OFFSET %d",
+                $params
+            );
+        }
         $orders_ids = $wpdb->get_col( $query );
 …
     private function get_order_type( $order_id, $subscription_id ) {
         global $wpdb;
+        $query = "SELECT * FROM $wpdb->postmeta WHERE post_id = {$order_id}
+                  AND (
+                    meta_key = '_subscription_renewal'
+                    OR meta_key = '_subscription_resubscribe'
+                    OR meta_key = '_subscription_switch'
+                  )
+                  AND meta_value = {$subscription_id}
+                  LIMIT 1";
+        $query = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->postmeta}
+             WHERE post_id = %d
+             AND (
+                 meta_key = '_subscription_renewal'
+                 OR meta_key = '_subscription_resubscribe'
+                 OR meta_key = '_subscription_switch'
+             )
+             AND meta_value = %d
+             LIMIT 1",
+            intval( $order_id ),
+            intval( $subscription_id )
+        );
         $result = $wpdb->get_row( $query, ARRAY_A );

appsero-helper/tags/1.3.5/includes/WooCommerce/UseCases/SendRequestsHelper.php

-                      r2364757
+                      r3475342
         $software_id = get_post_meta( $product_id, '_software_product_id', true);
+        $query = "SELECT * FROM {$wpdb->wc_software_licenses} WHERE `order_id` = {$order_id} AND `software_product_id` = '{$software_id}' ";
+        $query = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->wc_software_licenses} WHERE `order_id` = %d AND `software_product_id` = %s",
+            intval( $order_id ),
+            $software_id
+        );
         $licenses = $wpdb->get_results( $query, ARRAY_A );

appsero-helper/tags/1.3.5/readme.txt

-                      r3253142
+                      r3475342
 Tags: licensing, release, analytics, deactivation
 Requires at least: 4.0
 Tested up to: 6.7
 Stable tag: 1.3.4
+Tested up to: 6.9
+Stable tag: 1.3.5
 Requires PHP: 5.4
 License: GPLv2 or later
 …
 == Changelog ==
+= 1.3.5 - (5th March, 2026) =
+- **Fix:** Improve SQL query preparation for better security and performance.
 = 1.3.4 - (10th March, 2025) =
 - **Fix:** Updated changelog for version 1.3.4 to correct version name and details.

appsero-helper/tags/1.3.5/vendor/autoload.php

r3253142	r3475342
5	5	require_once __DIR__ . '/composer/autoload_real.php';
6	6
7		return ComposerAutoloaderInit~~03b5eb5f7842abfa606205e8065b89c4~~::getLoader();
	7	return ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3::getLoader();

appsero-helper/tags/1.3.5/vendor/composer/autoload_real.php

-                      r3253142
+                      r3475342
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit03b5eb5f7842abfa606205e8065b89c4
+class ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3
+{
     private static $loader;
 …
+        }
         spl_autoload_register(array('ComposerAutoloaderInit03b5eb5f7842abfa606205e8065b89c4', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
         spl_autoload_unregister(array('ComposerAutoloaderInit03b5eb5f7842abfa606205e8065b89c4', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3', 'loadClassLoader'));
         $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
 …
             require __DIR__ . '/autoload_static.php';
             call_user_func(\Composer\Autoload\ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::getInitializer($loader));
+            call_user_func(\Composer\Autoload\ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::getInitializer($loader));
         } else {
             $map = require __DIR__ . '/autoload_namespaces.php';

appsero-helper/tags/1.3.5/vendor/composer/autoload_static.php

-                      r3253142
+                      r3475342
 namespace Composer\Autoload;
 class ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4
+class ComposerStaticInitf450d401a59fb00d11d99977c268f7f3
+{
     public static $prefixLengthsPsr4 = array (
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::$prefixDirsPsr4;
             $loader->classMap = ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::$classMap;
         }, null, ClassLoader::class);

appsero-helper/trunk/appsero-helper.php

-                      r3253142
+                      r3475342
  * Author: Appsero
  * Author URI: https://appsero.com
  * Version: 1.3.4
+ * Version: 1.3.5
  * Text Domain: appsero-helper
  */
 …
      * @var string
      */
     public $version = '1.3.4';
+    public $version = '1.3.5';
     /**

appsero-helper/trunk/includes/Edd/Activations.php

-                      r2022067
+                      r3475342
         // retrieve active sites count
         global $wpdb;
+        $query  = "SELECT COUNT(site_id) as `count` FROM {$wpdb->prefix}edd_license_activations WHERE license_id = {$license->id} ";
+        $query .= " AND activated = 1 AND is_local = 0 AND site_name <> '{$site_url}' ";
+        $query = $wpdb->prepare(
+            "SELECT COUNT(site_id) as `count` FROM {$wpdb->prefix}edd_license_activations WHERE license_id = %d AND activated = 1 AND is_local = 0 AND site_name <> %s",
+            intval( $license->id ),
+            $site_url
+        );
         $active_sites = $wpdb->get_row( $query, ARRAY_A );

appsero-helper/trunk/includes/Edd/Licenses.php

-                      r2272800
+                      r3475342
         // `edd_software_licensing()->licenses_db->get_licenses()` not fulfill my need
         global $wpdb;
+        $query       = "SELECT SQL_CALC_FOUND_ROWS id FROM {$wpdb->prefix}edd_licenses WHERE download_id = {$download_id} ";
+        $query      .= " ORDER BY id ASC LIMIT {$per_page} OFFSET {$offset}";
+        $results     = $wpdb->get_col( $query, 0 );
+        $query   = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS id FROM {$wpdb->prefix}edd_licenses WHERE download_id = %d ORDER BY id ASC LIMIT %d OFFSET %d",
+            absint( $download_id ),
+            absint( $per_page ),
+            absint( $offset )
+        );
+        $results = $wpdb->get_col( $query, 0 );
         $total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' );

appsero-helper/trunk/includes/Edd/Orders.php

-                      r2803348
+                      r3475342
         global $wpdb;
+        $query = "SELECT SQL_CALC_FOUND_ROWS `ID` FROM {$wpdb->posts}
+                  WHERE `post_type` = 'edd_payment' AND
+                  `ID` IN (
+                      SELECT `post_id` FROM {$wpdb->postmeta}
+                      WHERE `meta_value` LIKE '%{s:2:\"id\";i:%d;s:8:\"quantity\";i%'
+                  )
+                  AND `post_status` IN (
+                      'abandoned', 'edd_subscription', 'failed', 'pending', 'processing', 'publish', 'refunded', 'revoked'
+                  )
+                  AND `post_modified_gmt` >= '{$after}'
+                  ORDER BY `ID` ASC LIMIT %d OFFSET %d;";
+        return $wpdb->prepare( $query, $this->download_id, $per_page, $offset );
+        $query = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS `ID` FROM {$wpdb->posts}
+             WHERE `post_type` = 'edd_payment' AND
+             `ID` IN (
+                 SELECT `post_id` FROM {$wpdb->postmeta}
+                 WHERE `meta_value` LIKE %s
+             )
+             AND `post_status` IN (
+                 'abandoned', 'edd_subscription', 'failed', 'pending', 'processing', 'publish', 'refunded', 'revoked'
+             )
+             AND `post_modified_gmt` >= %s
+             ORDER BY `ID` ASC LIMIT %d OFFSET %d",
+            '%{s:2:\"id\";i:' . intval( $this->download_id ) . ';s:8:\"quantity\";i%',
+            $after,
+            intval( $per_page ),
+            intval( $offset )
+        );
+        return $query;
+    }
+}

appsero-helper/trunk/includes/Edd/Subscriptions.php

-                      r2147728
+                      r3475342
         global $wpdb;
         $table_name  = $wpdb->prefix . 'edd_subscriptions';
+        $query = $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS `id` FROM {$table_name} WHERE
+                                `product_id` = {$product_id} ORDER BY `id` ASC LIMIT %d OFFSET %d;",
+                                absint( $per_page ), absint( $offset ) );
+        $query = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS `id` FROM {$table_name} WHERE `product_id` = %d ORDER BY `id` ASC LIMIT %d OFFSET %d",
+            absint( $product_id ),
+            absint( $per_page ),
+            absint( $offset )
+        );
         $items = $wpdb->get_col( $query );
 …
         global $wpdb;
+        $query = "SELECT post_date_gmt FROM {$wpdb->posts} WHERE `post_parent` = {$subscription->parent_payment_id}
+                  AND `ID` IN ( SELECT `post_id` FROM {$wpdb->postmeta} WHERE `meta_key` = 'subscription_id'
+                  AND meta_value = {$subscription->id} ) AND `post_type` = 'edd_payment'
+                  ORDER BY `ID` DESC LIMIT 1;";
+        $query = $wpdb->prepare(
+            "SELECT post_date_gmt FROM {$wpdb->posts} WHERE `post_parent` = %d
+             AND `ID` IN ( SELECT `post_id` FROM {$wpdb->postmeta} WHERE `meta_key` = 'subscription_id'
+             AND meta_value = %d ) AND `post_type` = 'edd_payment'
+             ORDER BY `ID` DESC LIMIT 1",
+            intval( $subscription->parent_payment_id ),
+            intval( $subscription->id )
+        );
         $last_renewal_date = $wpdb->get_var( $query );

appsero-helper/trunk/includes/WooCommerce/Activations.php

-                      r2421271
+                      r3475342
         $meta_key = $wpdb->get_blog_prefix() . WC_AM_HELPERS()->user_meta_key_orders;
+        $query  = "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$meta_key}' ";
+        $query .= " AND meta_value LIKE '%{$license_key}%' ";
+        $query = $wpdb->prepare(
+            "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value LIKE %s",
+            $meta_key,
+            '%' . $wpdb->esc_like( $license_key ) . '%'
+        );
         $license_data = $wpdb->get_var( $query );
         $license_data = maybe_unserialize( $license_data );
 …
         // retrieve active sites count
         global $wpdb;
+        $query  = "SELECT COUNT(activation_id) FROM {$wpdb->wc_software_activations} WHERE key_id = %s ";
+        $query .= " AND activation_active = 1 AND activation_platform <> '%s' ";
+        $active_sites = $wpdb->get_var( $wpdb->prepare( $query, $license['key_id'], $site_url ) );
+        $query = $wpdb->prepare(
+            "SELECT COUNT(activation_id) FROM {$wpdb->wc_software_activations}
+             WHERE key_id = %s AND activation_active = 1 AND activation_platform <> %s",
+            $license['key_id'],
+            $site_url
+        );
+        $active_sites = $wpdb->get_var( $query );
         if ( $limit > 0 && $active_sites >= $limit ) {
 …
         global $wpdb;
+        $query  = "SELECT * FROM {$wpdb->wc_software_activations}  ";
+        $query .= " WHERE key_id = %s AND activation_platform = '%s' ";
+        return $wpdb->get_row( $wpdb->prepare( $query, $key_id, $site_url ), ARRAY_A );
+        $query = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->wc_software_activations} WHERE key_id = %s AND activation_platform = %s",
+            $key_id,
+            $site_url
+        );
+        return $wpdb->get_row( $query, ARRAY_A );
+    }

appsero-helper/trunk/includes/WooCommerce/Licenses.php

-                      r2421271
+                      r3475342
         $table_order_items    = $wpdb->prefix . 'woocommerce_order_items';
+        $itemmetaQuery  = " SELECT `{$table_order_itemmeta}`.`order_item_id` FROM `{$table_order_itemmeta}` ";
+        $itemmetaQuery .= " WHERE `meta_key` = '_product_id' AND `meta_value` = {$product_id} ";
+        $itemsQuery   = " SELECT SQL_CALC_FOUND_ROWS postmeta.meta_value AS license_key from {$table_order_items} AS order_items ";
+        $itemsQuery  .= " LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID ";
+        $itemsQuery  .= " LEFT JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id ";
+        $itemsQuery  .= " WHERE `order_item_id` IN ( {$itemmetaQuery} ) ";
+        $itemsQuery  .= " AND posts.post_status = 'wc-completed' ";
+        $itemsQuery  .= " AND postmeta.meta_key LIKE '%_api_license_key_%' ";
+        $itemsQuery  .= " ORDER BY order_items.order_id ASC LIMIT {$per_page} OFFSET {$offset} ";
+        $itemmetaQuery = $wpdb->prepare(
+            "SELECT `{$table_order_itemmeta}`.`order_item_id` FROM `{$table_order_itemmeta}`
+             WHERE `meta_key` = '_product_id' AND `meta_value` = %d",
+            intval( $product_id )
+        );
+        $itemsQuery = $wpdb->prepare(
+            "SELECT SQL_CALC_FOUND_ROWS postmeta.meta_value AS license_key
+             FROM {$table_order_items} AS order_items
+             LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID
+             LEFT JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id
+             WHERE `order_item_id` IN ( {$itemmetaQuery} )
+             AND posts.post_status = 'wc-completed'
+             AND postmeta.meta_key LIKE %s
+             ORDER BY order_items.order_id ASC LIMIT %d OFFSET %d",
+            '%_api_license_key_%',
+            intval( $per_page ),
+            intval( $offset )
+        );
         $results     = $wpdb->get_col( $itemsQuery, 0 );
 …
             $meta_key = $wpdb->get_blog_prefix() . WC_AM_HELPERS()->user_meta_key_orders;
+            $query = "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$meta_key}' ";
+            $query .= " AND meta_value LIKE '%{$license_key}%' ";
+            $query = $wpdb->prepare(
+                "SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value LIKE %s",
+                $meta_key,
+                '%' . $wpdb->esc_like( $license_key ) . '%'
+            );
             $license_data = $wpdb->get_var( $query );
             $license_data = maybe_unserialize( $license_data );

appsero-helper/trunk/includes/WooCommerce/Orders.php

-                      r2695941
+                      r3475342
         global $wpdb;
         $orders_statuses = array_keys( wc_get_order_statuses() );
+        $orders_statuses = implode( "', '", $orders_statuses );
+        $query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT woi.order_id
+            FROM {$wpdb->prefix}woocommerce_order_itemmeta as woim,
+                 {$wpdb->prefix}woocommerce_order_items as woi,
+                 {$wpdb->prefix}posts as p
+            WHERE woi.order_item_id = woim.order_item_id
+            AND woi.order_id = p.ID
+            AND p.post_status IN ( '{$orders_statuses}' )
+            AND p.post_type = 'shop_order' ";
+        if ( !empty($after) ) {
+            $query .= " AND p.post_modified_gmt >= '{$after}' ";
+        }
+        $query .= " AND woim.meta_key = '_product_id'
+            AND woim.meta_value = '{$this->product_id}'
+            ORDER BY woi.order_item_id ASC LIMIT {$limit} OFFSET {$offset}";
+        $status_placeholders = implode( ', ', array_fill( 0, count( $orders_statuses ), '%s' ) );
+        $params = array_merge(
+            $orders_statuses,
+            [
+                intval( $this->product_id ),
+                intval( $limit ),
+                intval( $offset ),
+            ]
+        );
+        if ( ! empty( $after ) ) {
+            $query = $wpdb->prepare(
+                "SELECT SQL_CALC_FOUND_ROWS DISTINCT woi.order_id
+                 FROM {$wpdb->prefix}woocommerce_order_itemmeta as woim,
+                      {$wpdb->prefix}woocommerce_order_items as woi,
+                      {$wpdb->prefix}posts as p
+                 WHERE woi.order_item_id = woim.order_item_id
+                 AND woi.order_id = p.ID
+                 AND p.post_status IN ( {$status_placeholders} )
+                 AND p.post_type = 'shop_order'
+                 AND p.post_modified_gmt >= %s
+                 AND woim.meta_key = '_product_id'
+                 AND woim.meta_value = %d
+                 ORDER BY woi.order_item_id ASC LIMIT %d OFFSET %d",
+                array_merge(
+                $orders_statuses,
+                [
+                    $after,
+                    intval( $this->product_id ),
+                    intval( $limit ),
+                    intval( $offset ),
+                ]
+            )
+            );
+        } else {
+            $query = $wpdb->prepare(
+                "SELECT SQL_CALC_FOUND_ROWS DISTINCT woi.order_id
+                 FROM {$wpdb->prefix}woocommerce_order_itemmeta as woim,
+                      {$wpdb->prefix}woocommerce_order_items as woi,
+                      {$wpdb->prefix}posts as p
+                 WHERE woi.order_item_id = woim.order_item_id
+                 AND woi.order_id = p.ID
+                 AND p.post_status IN ( {$status_placeholders} )
+                 AND p.post_type = 'shop_order'
+                 AND woim.meta_key = '_product_id'
+                 AND woim.meta_value = %d
+                 ORDER BY woi.order_item_id ASC LIMIT %d OFFSET %d",
+                $params
+            );
+        }
         $orders_ids = $wpdb->get_col( $query );
 …
     private function get_order_type( $order_id, $subscription_id ) {
         global $wpdb;
+        $query = "SELECT * FROM $wpdb->postmeta WHERE post_id = {$order_id}
+                  AND (
+                    meta_key = '_subscription_renewal'
+                    OR meta_key = '_subscription_resubscribe'
+                    OR meta_key = '_subscription_switch'
+                  )
+                  AND meta_value = {$subscription_id}
+                  LIMIT 1";
+        $query = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->postmeta}
+             WHERE post_id = %d
+             AND (
+                 meta_key = '_subscription_renewal'
+                 OR meta_key = '_subscription_resubscribe'
+                 OR meta_key = '_subscription_switch'
+             )
+             AND meta_value = %d
+             LIMIT 1",
+            intval( $order_id ),
+            intval( $subscription_id )
+        );
         $result = $wpdb->get_row( $query, ARRAY_A );

appsero-helper/trunk/includes/WooCommerce/UseCases/SendRequestsHelper.php

-                      r2364757
+                      r3475342
         $software_id = get_post_meta( $product_id, '_software_product_id', true);
+        $query = "SELECT * FROM {$wpdb->wc_software_licenses} WHERE `order_id` = {$order_id} AND `software_product_id` = '{$software_id}' ";
+        $query = $wpdb->prepare(
+            "SELECT * FROM {$wpdb->wc_software_licenses} WHERE `order_id` = %d AND `software_product_id` = %s",
+            intval( $order_id ),
+            $software_id
+        );
         $licenses = $wpdb->get_results( $query, ARRAY_A );

appsero-helper/trunk/readme.txt

-                      r3253142
+                      r3475342
 Tags: licensing, release, analytics, deactivation
 Requires at least: 4.0
 Tested up to: 6.7
 Stable tag: 1.3.4
+Tested up to: 6.9
+Stable tag: 1.3.5
 Requires PHP: 5.4
 License: GPLv2 or later
 …
 == Changelog ==
+= 1.3.5 - (5th March, 2026) =
+- **Fix:** Improve SQL query preparation for better security and performance.
 = 1.3.4 - (10th March, 2025) =
 - **Fix:** Updated changelog for version 1.3.4 to correct version name and details.

appsero-helper/trunk/vendor/autoload.php

r3253142	r3475342
5	5	require_once __DIR__ . '/composer/autoload_real.php';
6	6
7		return ComposerAutoloaderInit~~03b5eb5f7842abfa606205e8065b89c4~~::getLoader();
	7	return ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3::getLoader();

appsero-helper/trunk/vendor/composer/autoload_real.php

-                      r3253142
+                      r3475342
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit03b5eb5f7842abfa606205e8065b89c4
+class ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3
+{
     private static $loader;
 …
+        }
         spl_autoload_register(array('ComposerAutoloaderInit03b5eb5f7842abfa606205e8065b89c4', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
         spl_autoload_unregister(array('ComposerAutoloaderInit03b5eb5f7842abfa606205e8065b89c4', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInitf450d401a59fb00d11d99977c268f7f3', 'loadClassLoader'));
         $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
 …
             require __DIR__ . '/autoload_static.php';
             call_user_func(\Composer\Autoload\ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::getInitializer($loader));
+            call_user_func(\Composer\Autoload\ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::getInitializer($loader));
         } else {
             $map = require __DIR__ . '/autoload_namespaces.php';

appsero-helper/trunk/vendor/composer/autoload_static.php

-                      r3253142
+                      r3475342
 namespace Composer\Autoload;
 class ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4
+class ComposerStaticInitf450d401a59fb00d11d99977c268f7f3
+{
     public static $prefixLengthsPsr4 = array (
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::$prefixDirsPsr4;
             $loader->classMap = ComposerStaticInit03b5eb5f7842abfa606205e8065b89c4::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInitf450d401a59fb00d11d99977c268f7f3::$classMap;
         }, null, ClassLoader::class);

Plugin Directory

Context Navigation

Legend:

appsero-helper/tags/1.3.5/appsero-helper.php

appsero-helper/tags/1.3.5/includes/Edd/Activations.php

appsero-helper/tags/1.3.5/includes/Edd/Licenses.php

appsero-helper/tags/1.3.5/includes/Edd/Orders.php

appsero-helper/tags/1.3.5/includes/Edd/Subscriptions.php

appsero-helper/tags/1.3.5/includes/WooCommerce/Activations.php

appsero-helper/tags/1.3.5/includes/WooCommerce/Licenses.php

appsero-helper/tags/1.3.5/includes/WooCommerce/Orders.php

appsero-helper/tags/1.3.5/includes/WooCommerce/UseCases/SendRequestsHelper.php

appsero-helper/tags/1.3.5/readme.txt

appsero-helper/tags/1.3.5/vendor/autoload.php

appsero-helper/tags/1.3.5/vendor/composer/autoload_real.php

appsero-helper/tags/1.3.5/vendor/composer/autoload_static.php

appsero-helper/trunk/appsero-helper.php

appsero-helper/trunk/includes/Edd/Activations.php

appsero-helper/trunk/includes/Edd/Licenses.php

appsero-helper/trunk/includes/Edd/Orders.php

appsero-helper/trunk/includes/Edd/Subscriptions.php

appsero-helper/trunk/includes/WooCommerce/Activations.php

appsero-helper/trunk/includes/WooCommerce/Licenses.php

appsero-helper/trunk/includes/WooCommerce/Orders.php

appsero-helper/trunk/includes/WooCommerce/UseCases/SendRequestsHelper.php

appsero-helper/trunk/readme.txt

appsero-helper/trunk/vendor/autoload.php

appsero-helper/trunk/vendor/composer/autoload_real.php

appsero-helper/trunk/vendor/composer/autoload_static.php

Download in other formats: