Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🎯 fix: DB related PHPCS security issues #2271

Open
wants to merge 24 commits into
base: develop
Choose a base branch
from
Open

🎯 fix: DB related PHPCS security issues #2271

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
c9c11a2
fix: PHPCS security issues on Commission class
devAsadNur May 10, 2024
b5e2c1e
fix: PHPCS security issues on Product function file
devAsadNur May 10, 2024
dff5003
fix: PHPCS security issues on Dummy Data Importer class
devAsadNur May 10, 2024
642a760
fix: PHPCS security issues on Tracker class
devAsadNur May 10, 2024
2364453
fix: PHPCS security issues on Withdraw Hooks class
devAsadNur May 10, 2024
467e91d
fix: PHPCS security issues on Withdraws class
devAsadNur May 10, 2024
21cd074
fix: PHPCS security issues on StoreController class
devAsadNur May 10, 2024
e1c9938
fix: PHPCS security issues on OrderControllerV2 class
devAsadNur May 10, 2024
711dab9
fix: PHPCS security issues on Uninstaller class
devAsadNur May 10, 2024
ee721bc
fix: PHPCS security issues on Withdraw class
devAsadNur May 10, 2024
e1637b0
fix: PHPCS security issues on Withdraw Manager class
devAsadNur May 10, 2024
3455369
Simplified some conditions in Product global functions file
devAsadNur May 13, 2024
7629ff0
fix: Some phpcs errors in Product global functions file
devAsadNur May 13, 2024
7b70269
Fixed some phpcs issues on OrderControllerV2 class
devAsadNur May 13, 2024
d344058
Fixed some phpcs issues on Tracker class
devAsadNur May 13, 2024
900c7be
Fixed minor phpcs issues on Tracker class
devAsadNur May 13, 2024
105d7dd
Fixed some phpcs issues on uninstaller class
devAsadNur May 13, 2024
cdb9839
Merge branch 'develop' into fix/phpcs-security-issues
devAsadNur Jun 26, 2024
9eb13a2
Merge branch 'develop' into fix/phpcs-security-issues
devAsadNur Jan 1, 2025
dcd5f2f
fix: PHPCS issues in StoreController REST class
devAsadNur Jan 2, 2025
86d81fb
fix: PHPCS issues in OrderControllerV2 REST class
devAsadNur Jan 2, 2025
2d57f2e
fix: PHPCS errors on functions.php file in Product directory
devAsadNur Jan 2, 2025
303eeb5
fix: PHPCS errors on Importer class under DuppyData directory
devAsadNur Jan 2, 2025
54dcc2e
Fix: Some code indentation
devAsadNur Jan 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions includes/Commission.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -361,12 +361,14 @@ public function get_earning_from_order_table( $order_id, $context = 'seller' ) {
return $earning;
}

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$result = $wpdb->get_row(
$wpdb->prepare(
"SELECT `net_amount`, `order_total` FROM {$wpdb->dokan_orders} WHERE `order_id` = %d",
$order_id
)
);
// phpcs:enable

if ( ! $result ) {
return null;
Expand Down
21 changes: 13 additions & 8 deletions includes/DummyData/Importer.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@

namespace WeDevs\Dokan\DummyData;

use \WP_Error;
use \WP_Query;
use WP_Error;
use WP_Query;

/**

Check failure on line 8 in includes/DummyData/Importer.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

The file-level docblock must follow the opening PHP tag in the file header
* Include dependencies.
*
* @since 3.6.2
Expand Down Expand Up @@ -166,7 +166,6 @@
* @return array
*/
public function import() {
$index = 0;
$update_existing = false;
$data = array(
'imported' => array(),
Expand Down Expand Up @@ -242,8 +241,6 @@
)
);
}

$index ++;
}

return $data;
Expand Down Expand Up @@ -273,8 +270,8 @@
'posts_per_page' => - 1,
'post_status' => 'any',
'fields' => 'ids',
'meta_key' => 'dokan_dummy_data',
'meta_value' => '1'
'meta_key' => 'dokan_dummy_data', // phpcs:ignore
'meta_value' => '1', // phpcs:ignore
];

$query = new WP_Query( $args );
Expand Down Expand Up @@ -324,14 +321,21 @@
return;
}

$orders = dokan()->order->all( [ 'seller_id' => $vendor_id, 'return' => 'objects' ] );
$orders = dokan()->order->all(
[
'seller_id' => $vendor_id,
'return' => 'objects',
]
);

// Deleting vendors orders.
foreach ( $orders as $order ) {
$order->delete( true );
}

global $wpdb;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove extra empty lines.

Ensure there are no multiple consecutive empty lines within functions.

        global $wpdb;
-
-
        // phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
global $wpdb;
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
Tools
GitHub Check: Run PHPCS inspection

[failure] 334-334:
Functions must not contain multiple empty lines in a row; found 2 empty lines

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
// Deleting orders from dokan orders table.
$wpdb->delete(
$wpdb->prefix . 'dokan_orders',
Expand All @@ -352,5 +356,6 @@
[ 'user_id' => $vendor_id ],
[ '%d' ]
);
// phpcs:enable
}
}
26 changes: 10 additions & 16 deletions includes/Product/functions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,8 @@ function dokan_save_product( $args ) {
if ( absint( $data['product_cat'] ) < 0 ) {
return new WP_Error( 'no-category', __( 'Please select a category', 'dokan-lite' ) );
}
} else {
if ( ! isset( $data['product_cat'] ) && empty( $data['product_cat'] ) ) {
return new WP_Error( 'no-category', __( 'Please select at least one category', 'dokan-lite' ) );
}
} elseif ( ! isset( $data['product_cat'] ) && empty( $data['product_cat'] ) ) {
return new WP_Error( 'no-category', __( 'Please select at least one category', 'dokan-lite' ) );
}
} elseif ( empty( $data['chosen_product_cat'] ) ) {
return new WP_Error( 'no-category', __( 'Please select a category', 'dokan-lite' ) );
Expand Down Expand Up @@ -89,10 +87,8 @@ function dokan_save_product( $args ) {
if ( ! isset( $data['chosen_product_cat'] ) ) {
if ( Helper::product_category_selection_is_single() ) {
$cat_ids[] = $data['product_cat'];
} else {
if ( ! empty( $data['product_cat'] ) ) {
$cat_ids = array_map( 'absint', (array) $data['product_cat'] );
}
} elseif ( ! empty( $data['product_cat'] ) ) {
$cat_ids = array_map( 'absint', (array) $data['product_cat'] );
}
$post_data['categories'] = $cat_ids;
}
Expand Down Expand Up @@ -189,7 +185,7 @@ function dokan_product_output_variations() {
}
}

$variations_count = absint( $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'product_variation' AND post_status IN ('publish', 'private', 'pending')", $post->ID ) ) );
$variations_count = absint( $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'product_variation' AND post_status IN ('publish', 'private', 'pending')", $post->ID ) ) ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optimize the retrieval of product variations.

The method dokan_product_output_variations uses a direct database query to count product variations. While necessary, consider optimizing this query or using caching to improve performance, especially for products with a large number of variations.

+ $variations_count = wp_cache_get('variations_count_' . $post->ID);
+ if (false === $variations_count) {
+     $variations_count = $wpdb->get_var(...);
+     wp_cache_set('variations_count_' . $post->ID, $variations_count);
+ }

Committable suggestion was skipped due to low confidence.

$variations_per_page = absint( apply_filters( 'woocommerce_admin_meta_boxes_variations_per_page', 15 ) );
$variations_total_pages = ceil( $variations_count / $variations_per_page ); ?>
<div id="dokan-variable-product-options" class="">
Expand Down Expand Up @@ -403,11 +399,10 @@ function dokan_search_seller_products( $term, $user_ids = false, $type = '', $in
$query_args[] = $user_ids;
}
}
// phpcs:ignore WordPress.DB.PreparedSQL
// phpcs:disable WordPress.DB.PreparedSQL, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber, WordPress.DB.DirectDatabaseQuery.NoCaching
$product_ids = $wpdb->get_col(
// phpcs:disable
$wpdb->prepare( "
SELECT DISTINCT posts.ID FROM {$wpdb->posts} posts
$wpdb->prepare(
"SELECT DISTINCT posts.ID FROM {$wpdb->posts} posts
LEFT JOIN {$wpdb->postmeta} postmeta ON posts.ID = postmeta.post_id
$type_join
WHERE (
Expand All @@ -421,12 +416,11 @@ function dokan_search_seller_products( $term, $user_ids = false, $type = '', $in
AND posts.post_status IN ('" . implode( "','", $post_statuses ) . "')
$type_where
$users_where
ORDER BY posts.post_parent ASC, posts.post_title ASC
",
ORDER BY posts.post_parent ASC, posts.post_title ASC",
$query_args
)
// phpcs:enable
);
// phpcs:enable

if ( is_numeric( $term ) ) {
$post_id = absint( $term );
Expand Down
4 changes: 3 additions & 1 deletion includes/REST/OrderControllerV2.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ public function get_order_downloads( $requests ) {
$downloads = [];

// TODO: Need to move this into a separate function.
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$download_permissions = $wpdb->get_results(
$wpdb->prepare(
"
Expand All @@ -138,6 +139,7 @@ public function get_order_downloads( $requests ) {
", $requests->get_param( 'id' )
)
);
// phpcs:enable

foreach ( $download_permissions as $download ) {
$product = wc_get_product( absint( $download->product_id ) );
Expand Down Expand Up @@ -211,7 +213,7 @@ public function grant_order_downloads( $requests ) {
$inserted_id = wc_downloadable_file_permission( $download_id, $product_id, $order );

if ( $inserted_id ) {
$file_counter ++;
++$file_counter;
if ( $file->get_name() ) {
$file_count = $file->get_name();
} else {
Expand Down
8 changes: 5 additions & 3 deletions includes/REST/StoreController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -433,15 +433,15 @@ public function permission_check_for_manageable_part() {
/**
* Prepare links for the request.
*
* @param \WC_Data $object Object data.
* @param \WC_Data $store Store object.
* @param WP_REST_Request $request Request object.
*
* @return array Links for the given post.
*/
protected function prepare_links( $object, $request ) {
protected function prepare_links( $store, $request ) {
$links = [
'self' => [
'href' => rest_url( sprintf( '/%s/%s/%d', $this->namespace, $this->base, $object['id'] ) ),
'href' => rest_url( sprintf( '/%s/%s/%d', $this->namespace, $this->base, $store['id'] ) ),
],
'collection' => [
'href' => rest_url( sprintf( '/%s/%s', $this->namespace, $this->base ) ),
Expand Down Expand Up @@ -605,6 +605,7 @@ public function get_store_reviews( $request ) {
public function get_total_review_count( $id, $post_type, $status ) {
global $wpdb;

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$total = $wpdb->get_var(
$wpdb->prepare(
"SELECT COUNT(*)
Expand All @@ -616,6 +617,7 @@ public function get_total_review_count( $id, $post_type, $status ) {
$wpdb->posts.post_type=%s", $id, $status, $post_type
)
);
// phpcs:enable

return intval( $total );
}
Expand Down
10 changes: 5 additions & 5 deletions includes/Tracker.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ class Tracker {
/**
* Class constructor
*
* @return void
* @since 2.8.7
*
* @return void
*/
public function __construct() {
$this->appsero_init_tracker_dokan();
Expand All @@ -31,9 +31,9 @@ public function __construct() {
/**
* Initialize the plugin tracker
*
* @return void
* @since 2.8.7
*
* @return void
*/
public function appsero_init_tracker_dokan() {
$client = new \Appsero\Client( '559bcc0d-21b4-4b34-8317-3e072badf46d', 'Dokan Multivendor Marketplace', DOKAN_FILE );
Expand Down Expand Up @@ -65,18 +65,18 @@ function () {
protected function get_order_count() {
global $wpdb;

return (int) $wpdb->get_var( "SELECT count(id) FROM {$wpdb->prefix}dokan_orders WHERE order_status IN ('wc-completed', 'wc-processing', 'wc-on-hold', 'wc-refunded');" );
return (int) $wpdb->get_var( "SELECT count(id) FROM {$wpdb->prefix}dokan_orders WHERE order_status IN ('wc-completed', 'wc-processing', 'wc-on-hold', 'wc-refunded');" ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Use of raw SQL and ignoring PHPCS checks

While the comment clarifies why PHPCS checks are disabled, consider using $wpdb->prepare() to defend against potential SQL injection vulnerabilities, even if the risk appears minimal. Prepared statements also align with best practices and WordPress coding standards.

- return (int) $wpdb->get_var( "SELECT count(id) FROM {$wpdb->prefix}dokan_orders WHERE order_status IN ('wc-completed', 'wc-processing', 'wc-on-hold', 'wc-refunded');" ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
+ $statuses = [ 'wc-completed', 'wc-processing', 'wc-on-hold', 'wc-refunded' ];
+ $placeholders = implode( ', ', array_fill(0, count($statuses), '%s') );
+ $query = $wpdb->prepare(
+     "SELECT COUNT(id) FROM {$wpdb->prefix}dokan_orders WHERE order_status IN ($placeholders)",
+     $statuses
+ );
+ return (int) $wpdb->get_var( $query ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.NoCaching
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
return (int) $wpdb->get_var( "SELECT count(id) FROM {$wpdb->prefix}dokan_orders WHERE order_status IN ('wc-completed', 'wc-processing', 'wc-on-hold', 'wc-refunded');" ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$statuses = [ 'wc-completed', 'wc-processing', 'wc-on-hold', 'wc-refunded' ];
$placeholders = implode( ', ', array_fill(0, count($statuses), '%s') );
$query = $wpdb->prepare(
"SELECT COUNT(id) FROM {$wpdb->prefix}dokan_orders WHERE order_status IN ($placeholders)",
$statuses
);
return (int) $wpdb->get_var( $query ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.NoCaching

}

/**
* Gets custom deactivation reasons
*
* @since 3.0.15
*
* @param string[] $reasons
* @param null|\AppSero\Client $client
*
* @return \array
* @since 3.0.15
*
*/
public function get_custom_deactivation_reasons( $reasons, $client = null ) {
// return if old version of appsero client is loaded, where corresponding hooks provides only one argument
Expand Down
2 changes: 2 additions & 0 deletions includes/Withdraw/Hooks.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ public function update_vendor_balance( $withdraw ) {
return;
}

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$balance_result = $wpdb->get_row(
$wpdb->prepare(
"select * from {$wpdb->dokan_vendor_balance} where trn_id = %d and trn_type = %s",
Expand Down Expand Up @@ -129,6 +130,7 @@ public function update_vendor_balance( $withdraw ) {
]
);
}
// phpcs:enable
}

/**
Expand Down
14 changes: 13 additions & 1 deletion includes/Withdraw/Manager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,13 +97,15 @@ public function is_valid_approval_request( $args ) {
public function is_valid_cancellation_request( $args ) {
global $wpdb;

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$result = $wpdb->get_row(
$wpdb->prepare(
"select * from {$wpdb->dokan_withdraw} where id = %d and status = %d",
$args['id'],
$this->get_status_code( 'pending' )
)
);
// phpcs:enable

if ( ! empty( $result ) ) {
// permission: vendor -> only own && shop_manager
Expand Down Expand Up @@ -135,6 +137,7 @@ public function update_status( $id, $user_id, $status ) {
// 1 -> active
// 2 -> cancelled

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$updated = $wpdb->update(
$wpdb->dokan_withdraw,
[
Expand All @@ -152,6 +155,7 @@ public function update_status( $id, $user_id, $status ) {
'%d',
]
);
// phpcs:enable

if ( $updated !== 1 ) {
return new WP_Error( 'dokan_withdraw_unable_to_update', __( 'Could not update withdraw status', 'dokan-lite' ) );
Expand Down Expand Up @@ -185,7 +189,7 @@ public function insert_withdraw( $args = [] ) {

$format = [ '%d', '%f', '%s', '%d', '%s', '%s', '%s', '%s' ];

$inserted = $wpdb->insert( $wpdb->dokan_withdraw, $data, $format );
$inserted = $wpdb->insert( $wpdb->dokan_withdraw, $data, $format ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Codebase Verification

Potential Issue with Direct Database Insertion and Lack of Data Sanitization

The insert_withdraw method directly inserts data into the database using $wpdb->insert without apparent sanitization of the input data. This can lead to SQL injection and other security vulnerabilities.

  • File: includes/Withdraw/Manager.php
  • Line: 192

Please ensure that all data passed to the database is properly sanitized and validated.

Analysis chain

Check for potential issues with direct database insertions.

The method insert_withdraw uses a direct database query without any PHPCS checks. This is indicated by the phpcs:ignore directive. Ensure that all data passed to the database is properly sanitized and validated to prevent SQL injection and other security vulnerabilities.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify data sanitization in `insert_withdraw` method.

# Test: Search for the method usage. Expect: Proper sanitization before data is passed.
rg --type php $'insert_withdraw'

Length of output: 113

Script:

#!/bin/bash
# Description: Extract the full implementation of the `insert_withdraw` method to verify data sanitization.

# Searching for the full implementation of the `insert_withdraw` method in the PHP file.
ast-grep --lang php --pattern 'public function insert_withdraw($_) { $$$ }' includes/Withdraw/Manager.php

Length of output: 214

Script:

#!/bin/bash
# Description: Extract the full implementation of the `insert_withdraw` method to verify data sanitization.

# Using ripgrep to search for the full implementation of the `insert_withdraw` method.
rg --context 20 'public function insert_withdraw' includes/Withdraw/Manager.php

Length of output: 1407

Script:

#!/bin/bash
# Description: Search for all instances where `insert_withdraw` is called to verify data sanitization.

# Using ripgrep to find all invocations of the `insert_withdraw` method.
rg 'insert_withdraw\('

Length of output: 106


if ( $inserted !== 1 ) {
return new WP_Error( 'dokan_withdraw_unable_to_insert', __( 'Could not add new withdraw approval request.', 'dokan-lite' ) );
Expand Down Expand Up @@ -219,6 +223,7 @@ public function has_pending_request( $user_id ) {

$wpdb->dokan_withdraw = $wpdb->prefix . 'dokan_withdraw';

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$status = $wpdb->get_results(
$wpdb->prepare(
"SELECT id
Expand All @@ -227,6 +232,7 @@ public function has_pending_request( $user_id ) {
$user_id
)
);
// phpcs:enable

if ( $status ) {
return true;
Expand Down Expand Up @@ -256,9 +262,11 @@ public function get_withdraw_requests( $user_id = '', $status = 0, $limit = 10,
if ( false === $result ) {
global $wpdb;
if ( empty( $user_id ) ) {
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$result = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE status = %d LIMIT %d, %d", $status, $offset, $limit ) );
} else {
$result = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE user_id = %d AND status = %d ORDER BY id DESC LIMIT %d, %d", $user_id, $status, $offset, $limit ) );
//phpcs:enable
Comment on lines +265 to +269
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optimize the retrieval of withdrawal requests.

The method get_withdraw_requests uses direct database queries to fetch data. The use of phpcs:disable is appropriate here to bypass the PHPCS checks. Consider caching the results of these queries to improve performance, especially if this method is called frequently.

+ $cache_result = wp_cache_get($cache_key, $cache_group);
+ if (false !== $cache_result) {
+     return $cache_result;
+ }
- $result = $wpdb->get_results(...);
+ wp_cache_set($cache_key, $result, $cache_group);

Committable suggestion was skipped due to low confidence.

}

$result = array_map(
Expand Down Expand Up @@ -398,12 +406,14 @@ public function get( $id ) {
global $wpdb;

if ( ! is_array( $id ) ) {
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$result = $wpdb->get_row(
$wpdb->prepare(
"select * from {$wpdb->dokan_withdraw} where id = %d",
$id
), ARRAY_A
);
// phpcs:enable
} else {
$attributes = [
'id' => '%d',
Expand Down Expand Up @@ -522,6 +532,7 @@ public function get_user_withdraw_summary( $user_id = '' ) {
$user_id = dokan_get_current_user_id();
}

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$results = $wpdb->get_row(
$wpdb->prepare(
"SELECT
Expand All @@ -535,6 +546,7 @@ public function get_user_withdraw_summary( $user_id = '' ) {
),
ARRAY_A
);
// phpcs:enable

$summary = [
'total' => ! empty( $results['total'] ) ? absint( $results['total'] ) : 0,
Expand Down
Loading
Loading