phpcs fixes for wpdb queries and TODO removal

classes/abstracts/ActionScheduler_Abstract_ListTable.php

@@ -387,9 +387,6 @@ protected function get_table_columns() {
 	 * If the current request does not have any search or if this list table does not support
 	 * that feature it will return an empty string.
 	 *
-	 * TODO:
-	 *   - Improve search doing LIKE by word rather than by phrases.
-	 *
 	 * @return string
 	 */
 	protected function get_items_query_search() {
@@ -399,11 +396,13 @@ protected function get_items_query_search() {
 			return '';
 		}
 
-		$search_string = sanitize_text_field( wp_unslash( $_GET['s'] ) ); //phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		$search_string = $wpdb->esc_like( sanitize_text_field( wp_unslash( $_GET['s'] ) ) ); //phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
 		$filter = array();
 		foreach ( $this->search_by as $column ) {
-			$filter[] = $wpdb->prepare( '`' . $column . '` like "%%s%"', $wpdb->esc_like( $search_string ) );
+			$wild     = '%';
+			$sql_like = $wild . $wpdb->esc_like( $search_string ) . $wild;
+			$filter[] = $wpdb->prepare( '`%s` LIKE %s', array( $column, $sql_like ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		}
 		return implode( ' OR ', $filter );
 	}
@@ -426,7 +425,7 @@ protected function get_items_query_filters() {
 				continue;
 			}
 
-			$filter[] = $wpdb->prepare( "`$column` = %s", sanitize_text_field( wp_unslash( $_GET['filter_by'][ $column ] ) ) ); //phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$filter[] = $wpdb->prepare( "`$column` = %s", sanitize_text_field( wp_unslash( $_GET['filter_by'][ $column ] ) ) ); //phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
 		}
 
 		return implode( ' AND ', $filter );
@@ -449,7 +448,7 @@ public function prepare_items() {
 
 		$this->process_row_actions();
 
-		if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) { //phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( ! empty( $_REQUEST['_wp_http_referer'] && ! empty( $_SERVER['REQUEST_URI'] ) ) ) { //phpcs:ignore WordPress.Security.NonceVerification.Recommended
 			// _wp_http_referer is used only on bulk actions, we remove it to keep the $_GET shorter
 			wp_safe_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
 			exit;
@@ -476,10 +475,10 @@ public function prepare_items() {
 
 		$sql = "SELECT $columns FROM {$this->table_name} {$where} {$order} {$limit} {$offset}";
 
-		$this->set_items( $wpdb->get_results( $sql, ARRAY_A ) );
+		$this->set_items( $wpdb->get_results( $sql, ARRAY_A ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 
 		$query_count = "SELECT COUNT({$this->ID}) FROM {$this->table_name} {$where}";
-		$total_items = $wpdb->get_var( $query_count );
+		$total_items = $wpdb->get_var( $query_count ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 		$per_page    = $this->get_items_per_page( $this->package . '_items_per_page', $this->items_per_page );
 		$this->set_pagination_args(
 			array(

phpcs.xml

@@ -36,4 +36,11 @@
 	<rule ref="Generic.Commenting">
 		<exclude-pattern>tests/</exclude-pattern>
 	</rule>
+
+	<rule ref="Squiz.Commenting.FileComment.Missing">
+		<exclude-pattern>classes/*</exclude-pattern>
+		<exclude-pattern>deprecated/*</exclude-pattern>
+		<exclude-pattern>lib/*</exclude-pattern>
+		<exclude-pattern>tests/*</exclude-pattern>
+	</rule>
 </ruleset>