* code cleanup

* proper wpdb->prepare statement

jarvis.php

@@ -32,22 +32,24 @@ private function __construct() {
 		$this->options['loadingimg'] = plugins_url($this->options['loadingimg'], __FILE__);
 		$this->options['dashicons'] = (version_compare($wp_version, '3.8', '>=')) ? true : false;
 
-		add_action('admin_init', array($this, 'get_user_keycode'));
-		add_action('wp_ajax_jarvis-search', array($this, 'get_search_results'), 1);
-		add_action('admin_enqueue_scripts', array($this, 'enqueue'));
-		add_action('admin_menu', array($this, 'admin_menu'));
-		add_action('admin_footer', array($this, 'init'));
 		add_action('admin_bar_menu', array($this, 'menubar_icon'), 100);
-
-		add_action( 'show_user_profile', array($this, 'add_user_fields') );
-		add_action( 'edit_user_profile', array($this, 'add_user_fields') );
-		add_action( 'personal_options_update', array($this, 'save_user_fields' ) );
-		add_action( 'edit_user_profile_update', array($this, 'save_user_fields' ) );
-
-		$this->site_url = get_site_url();
+		add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts'));
+		add_action('admin_footer', array($this, 'admin_footer'));
+		add_action('admin_init', array($this, 'admin_init'));
+		add_action('edit_user_profile', array($this, 'show_user_profile'));
+		add_action('edit_user_profile_update', array($this, 'edit_user_profile_update'));
+		add_action('personal_options_update', array($this, 'edit_user_profile_update'));
+		add_action('show_user_profile', array($this, 'show_user_profile'));
+		add_action('wp_ajax_jarvis-search', array($this, 'get_search_results'), 1);
 	}
 
-	public function get_user_keycode() {
+	/**
+	 * Grab the users keycode setting
+	 *
+	 * @access public
+	 * @action admin_init
+	 */
+	public function admin_init() {
 		if ($user_keycode = get_user_meta(get_current_user_id(), 'jarvis_keycode', true)) {
 			$this->options['keyCode'] = (int) $user_keycode;
 		}
@@ -56,7 +58,13 @@ public function get_user_keycode() {
 		}
 	}
 
-	public function add_user_fields( $user ) { ?>
+	/**
+	 * Add the field and script to customize the Jarvis keyCode
+	 *
+	 * @access public
+	 * @action show_user_profile, edit_user_profile
+	 */
+	public function show_user_profile( $user ) { ?>
 		<h3>Jarvis</h3>
 
 		<table class="form-table">
@@ -72,46 +80,69 @@ public function add_user_fields( $user ) { ?>
 
 		<script>
 			(function() {
-				var keys = ["0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",";","=",",","-",".","/","`","[","\\","]","'"];
-				var hotkey  = document.getElementById('jarvis_hotkey');
-				var keycode = document.getElementById('jarvis_keycode');
-				var keyup = function(e) {
-					if (keys.indexOf(e.key) > -1) {
+				var hotKey  = document.getElementById('jarvis_hotkey');
+				var keyCode = document.getElementById('jarvis_keycode');
+				var keys = {
+					"0":48,"1":49,"2":50,"3":51,"4":52,"5":53,"6":54,"7":55,"8":56,"9":57,"a":65,"b":66,"c":67,"d":68,"e":69,"f":70,
+					"g":71,"h":72,"i":73,"j":74,"k":75,"l":76,"m":77,"n":78,"o":79,"p":80,"q":81,"r":82,"s":83,"t":84,"u":85,"v":86,
+					"w":87,"x":88,"y":89,"z":90,";":186,"=":187,",":188,"-":189,".":190,"/":191,"`":192,"[":219,"\\":220,"]":221,"'":222
+				};
+				var keyCodes = [];
+				for(var key in keys) {
+					if (keys.hasOwnProperty(key)) {
+						keyCodes.push(keys[key]);
+					}
+				}
+
+				var keyUp = function(e) {
+					if (keyCodes.indexOf(e.which) > -1) {
 						this.value = this.value.charAt(0).toLowerCase();
-						keycode.value = e.keyCode;
+						keyCode.value = keys[this.value];
 					} else {
 						this.value = '';
-						keycode.value = '';
+						keyCode.value = '';
 					}
 				}
-				hotkey.addEventListener('keyup', keyup);
+				jQuery(hotKey).on('keyup', keyUp);
 			})();
 		</script>
 	<?php }
-	public function save_user_fields( $user_id ) {
+
+	/**
+	 * Save user fields
+	 *
+	 * @access public
+	 * @action personal_options_update, edit_user_profile_update
+	 */
+	public function edit_user_profile_update( $user_id ) {
 		if ( current_user_can( 'edit_user', $user_id ) ) {
 			update_user_meta( $user_id, 'jarvis_hotkey', $_POST['jarvis_hotkey'] );
 			update_user_meta( $user_id, 'jarvis_keycode', $_POST['jarvis_keycode'] );
 		}
 	}
 
-	public function jarvis_hotkey_field() { ?>
-		<p><label for="jarvis_hotkey">HotKey</label> <input type="text" id="jarvis_hotkey" name="jarvis_hotkey" maxlength="1" size="1" style="text-align:center"></p>
-		<input type="hidden" id="jarvis_keycode" name="jarvis_keycode">
-	<?php }
-
-	public function enqueue() {
+	/**
+	 * Enqueue jarvis style and scripts
+	 *
+	 * @access public
+	 * @action admin_enqueue_scripts
+	 */
+	public function admin_enqueue_scripts() {
 		if (is_user_logged_in()) {
 			wp_enqueue_style('wp-jarvis', plugins_url('css/jarvis.css', __FILE__));
 			wp_register_script('typeahead', plugins_url('js/typeahead.min.js', __FILE__), array('jquery'), '0.9.3');
 			wp_register_script('hogan', plugins_url('js/hogan.min.js', __FILE__), null, '2.0.0');
-			wp_enqueue_script('wp-jarvis', plugins_url('js/jarvis.js', __FILE__), array('typeahead', 'hogan'), '.1');
+			wp_enqueue_script('wp-jarvis', plugins_url('js/jarvis.js', __FILE__), array('jquery', 'typeahead', 'hogan'), '.1');
 		}
 	}
 
-	public function init() {
-		global $wp_version;
-		?>
+	/**
+	 * Initialize Jarvis in wp-footer
+	 *
+	 * @access public
+	 * @action admin_footer
+	 */
+	public function admin_footer() { ?>
 		<script>
 			var wp = wp || {};
 			wp.jarvis = new Jarvis(<?php echo json_encode($this->options); ?>);
@@ -121,10 +152,12 @@ public function init() {
 		</script>
 	<?php }
 
-	public function admin_menu() {
-		add_options_page('Jarvis Options', 'Jarvis', 'administrator', 'jarvis_settings', array($this, 'wp_ajax_jarvis_settings'));
-	}
-
+	/**
+	 * Add Jarvis to the menu bar as a search icon
+	 *
+	 * @access public
+	 * @action admin_footer
+	 */
 	public function menubar_icon($admin_bar) {
 		$className = ($this->options['dashicons'] === true) ? 'dashicon' : 'image';
 
@@ -140,6 +173,11 @@ public function menubar_icon($admin_bar) {
 		));
 	}
 
+	/**
+	 * Prepend post_id search to main search query
+	 *
+	 * @access private
+	 */
 	private function search_post_id($id = null) {
 		if (!empty((int) $id)) {
 			$post = get_post($id);
@@ -159,9 +197,20 @@ private function search_post_id($id = null) {
 		}
 	}
 
+	/**
+	 * Grab the item edit url's and thumbnails
+	 *
+	 * @access private
+	 */
 	private function normalize($result) {
-		$editUrl = (isset($this->arrTypeEditPaths[$result->kind])) ? $this->arrTypeEditPaths[$result->kind] : $this->arrTypeEditPaths['_default_'];
-		$result->href = $this->site_url . '/wp-admin/' . sprintf($editUrl, $result->id, $result->type);
+		$typeEditPaths = array(
+			'_default_' => 'post.php?post=%s&action=edit',
+			'term'      => 'edit-tags.php?action=edit&tag_ID=%s&taxonomy=%s',
+			'post'      => 'post.php?post=%s&action=edit'
+		);
+		$editUrl = (isset($typeEditPaths[$result->kind])) ? $typeEditPaths[$result->kind] : $typeEditPaths['_default_'];
+
+		$result->href = admin_url(sprintf($editUrl, $result->id, $result->type));
 
 		switch($result->type) {
 			case 'attachment':
@@ -177,11 +226,12 @@ private function normalize($result) {
 		return $result;
 	}
 
-	private $arrTypeEditPaths = array(
-		'_default_' => 'post.php?post=%s&action=edit',
-		'term'      => 'edit-tags.php?action=edit&tag_ID=%s&taxonomy=%s',
-		'post'      => 'post.php?post=%s&action=edit'
-	);
+	/**
+	 * Grab the item edit url's and thumbnails
+	 *
+	 * @access public
+	 * @action wp_ajax_jarvis-search
+	 */
 
 	public function get_search_results() {
 	    global $wpdb;
@@ -194,51 +244,58 @@ public function get_search_results() {
 		$_REQUEST['q'] = isset($_REQUEST['q']) ? $_REQUEST['q'] : '';
 
 		$srch_qry = $wpdb->esc_like($_REQUEST['q']);
-		$srch_escaped_spaces = str_replace(' ', '%', $srch_qry);
+		$srch_escaped_spaces = '%'.str_replace(' ', '%', $srch_qry).'%';
 
 		$strQry = "SELECT
 				$wpdb->terms.term_id as 'id',
 				$wpdb->terms.`name` as 'title',
 				$wpdb->term_taxonomy.taxonomy as 'type',
 				'term' as 'kind',
 				$wpdb->terms.slug as 'slug',
-				FLOOR( (LENGTH($wpdb->terms.term_id) - LENGTH(REPLACE(LOWER($wpdb->terms.term_id), LOWER('$srch_qry'), '')) / LENGTH('$srch_qry')) ) as 'relv_id',
-				FLOOR( (LENGTH($wpdb->term_taxonomy.taxonomy) - LENGTH(REPLACE(LOWER($wpdb->term_taxonomy.taxonomy), LOWER('$srch_qry'), '')) / LENGTH('$srch_qry')) ) as 'relv_title',
-				FLOOR( (LENGTH($wpdb->terms.`name`) - LENGTH(REPLACE(LOWER($wpdb->terms.`name`), LOWER('$srch_qry'), '')) / LENGTH('$srch_qry')) ) as 'relv_type',
-				FLOOR( LENGTH($wpdb->terms.slug) / LENGTH(REPLACE(LOWER($wpdb->terms.slug), LOWER('$srch_qry'), '')) ) as 'relv_slug'
+				FLOOR( (LENGTH($wpdb->terms.term_id) - LENGTH(REPLACE(LOWER($wpdb->terms.term_id), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_id',
+				FLOOR( (LENGTH($wpdb->term_taxonomy.taxonomy) - LENGTH(REPLACE(LOWER($wpdb->term_taxonomy.taxonomy), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_title',
+				FLOOR( (LENGTH($wpdb->terms.`name`) - LENGTH(REPLACE(LOWER($wpdb->terms.`name`), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_type',
+				FLOOR( LENGTH($wpdb->terms.slug) / LENGTH(REPLACE(LOWER($wpdb->terms.slug), LOWER(%s), '')) ) as 'relv_slug'
 			FROM
 				$wpdb->terms
 			INNER JOIN
 				$wpdb->term_taxonomy ON $wpdb->term_taxonomy.term_id = $wpdb->terms.term_id
 			WHERE
-				$wpdb->terms.`name` LIKE '%$srch_escaped_spaces%'
+				$wpdb->terms.`name` LIKE %s
 			OR
-				$wpdb->terms.slug LIKE '%$srch_escaped_spaces%'
+				$wpdb->terms.slug LIKE %s
 		UNION
 			SELECT
 				$wpdb->posts.ID as 'id',
 				$wpdb->posts.post_title as 'title',
 				$wpdb->posts.post_type as 'type',
 				'post' as 'kind',
 				$wpdb->posts.post_name as 'slug',
-				FLOOR( (LENGTH($wpdb->posts.ID) - LENGTH(REPLACE(LOWER($wpdb->posts.ID), LOWER('$srch_qry'), '')) / LENGTH('$srch_qry')) ) as 'relv_id',
-				FLOOR( (LENGTH($wpdb->posts.post_title) - LENGTH(REPLACE(LOWER($wpdb->posts.post_title), LOWER('$srch_qry'), '')) / LENGTH('$srch_qry')) ) as 'relv_title',
-				FLOOR( (LENGTH($wpdb->posts.post_type) - LENGTH(REPLACE(LOWER($wpdb->posts.post_type), LOWER('$srch_qry'), '')) / LENGTH('$srch_qry')) ) as 'relv_type',
-				FLOOR( (LENGTH($wpdb->posts.post_name) / LENGTH(REPLACE(LOWER($wpdb->posts.post_name), LOWER('$srch_qry'), '')) ) ) as 'relv_slug'
+				FLOOR( (LENGTH($wpdb->posts.ID) - LENGTH(REPLACE(LOWER($wpdb->posts.ID), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_id',
+				FLOOR( (LENGTH($wpdb->posts.post_title) - LENGTH(REPLACE(LOWER($wpdb->posts.post_title), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_title',
+				FLOOR( (LENGTH($wpdb->posts.post_type) - LENGTH(REPLACE(LOWER($wpdb->posts.post_type), LOWER(%s), '')) / LENGTH(%s)) ) as 'relv_type',
+				FLOOR( (LENGTH($wpdb->posts.post_name) / LENGTH(REPLACE(LOWER($wpdb->posts.post_name), LOWER(%s), '')) ) ) as 'relv_slug'
 			FROM
 				$wpdb->posts
 			WHERE
 				$wpdb->posts.post_status NOT IN ('revision', 'auto-draft') AND $wpdb->posts.post_type <> 'revision'
 			AND (
-				$wpdb->posts.post_title LIKE '%$srch_escaped_spaces%'
+				$wpdb->posts.post_title LIKE %s
 				OR
-				$wpdb->posts.post_name LIKE '%$srch_escaped_spaces%'
+				$wpdb->posts.post_name LIKE %s
 			)
-			ORDER BY relv_id, relv_slug, relv_type, relv_title DESC
-			LIMIT 20
+		ORDER BY relv_id, relv_slug, relv_type, relv_title DESC
+		LIMIT 20
 		";
 
-		$this->results = $wpdb->get_results( $strQry );
+		$sql_prepared = array(
+			$srch_qry, $srch_qry, $srch_qry, $srch_qry, $srch_qry, $srch_qry, $srch_qry,
+			$srch_escaped_spaces, $srch_escaped_spaces,
+			$srch_qry, $srch_qry, $srch_qry, $srch_qry, $srch_qry, $srch_qry, $srch_qry,
+			$srch_escaped_spaces, $srch_escaped_spaces
+		);
+
+		$this->results = $wpdb->get_results( $wpdb->prepare($strQry, $sql_prepared) );
 
 		$this->search_post_id($_REQUEST['q']);
 		$this->results = array_map(array($this, 'normalize'), $this->results);