Skip to content

Fix SQL logic bug and Admin UI hydration#1

Draft
google-labs-jules[bot] wants to merge 3 commits intomainfrom
bugfix/sql-injection-and-admin-ui-9901016997777217283
Draft

Fix SQL logic bug and Admin UI hydration#1
google-labs-jules[bot] wants to merge 3 commits intomainfrom
bugfix/sql-injection-and-admin-ui-9901016997777217283

Conversation

@google-labs-jules
Copy link

@google-labs-jules google-labs-jules bot commented Dec 10, 2025

This PR addresses two main issues:

  1. Critical Logic Bug: The FAQ mapping lookup used LIKE comparisons for IDs. This meant that mapping an FAQ to Post ID 1 would also cause it to appear on Post IDs 11, 10, 100, etc. This has been fixed to use exact = comparison.
  2. Admin UI Bug: When editing an FAQ item with "By Posts" or "By Terms" association, the Select2 input fields would appear empty on page reload because the stored data (IDs) lacked the text labels required for display. The fix hydrates this data on the server side before passing it to the JavaScript initialization.

PR created automatically by Jules for task 9901016997777217283 started by @renderbit-technologies

@google-labs-jules
Fix SQL logic bug in mapping query and fix Admin UI Select2 hydration
c7ff433 
- In `includes/frontend.php`, changed the SQL query for mapping values from `LIKE` to `=` to prevent partial matches (e.g. Post ID 1 matching Post ID 11).
- In `includes/admin.php`, added hydration logic to fetch post titles and term names for the `fqj_assoc_data` JSON payload, ensuring Select2 inputs are correctly pre-filled on page load.
@google-labs-jules
Copy link
Author

google-labs-jules bot commented Dec 10, 2025

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

For security, I will only act on instructions from the user who triggered this task.

New to Jules? Learn more at jules.google/docs.

@google-labs-jules
Fix PHPCS violations and logical bugs
5f1dcee 
- Fix PSR-12 coding standard violations across all files (line length, spacing, indentation).
- Rename `FQJ_CLI` class to `FQJ\FqjCli` and methods to camelCase to comply with PSR-1.
- Fix SQL logic bug in `includes/frontend.php` (changed `LIKE` to `=`) to prevent incorrect mapping matches.
- Fix Admin UI bug in `includes/admin.php` by hydrating Select2 data to display titles instead of IDs.
- Add `squizlabs/php_codesniffer` to composer dev dependencies.
@google-labs-jules
Refactor codebase to follow WordPress Coding Standards and fix logica…
9e3c05b 
…l bugs

- Rename `includes/wpcli.php` to `includes/class-fqjcli.php` and use `snake_case` methods.
- Update `composer.json` to include `wp-coding-standards/wpcs` and allow installer plugin.
- Fix thousands of formatting issues (spacing, tabs, Yoda conditions, arrays) using `phpcbf`.
- Manually fix logic bugs:
    - Hydrate Admin UI Select2 fields with titles in `includes/admin.php`.
    - Fix SQL logic in `includes/frontend.php` (changed `LIKE` to `=`) and implement secure prepared statements.
    - Add proper escaping (`esc_html`, `esc_attr`, `intval`) and sanitization (`sanitize_text_field`, `wp_unslash`) throughout.
- Add missing docblocks and `@package` tags.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants