From 311299c1d8e655d23016d7930320c187d0fb7b04 Mon Sep 17 00:00:00 2001
From: Tony Warwick <tony@eventespresso.com>
Date: Thu, 17 Sep 2020 21:32:03 +0100
Subject: [PATCH] Allow multiple categories to be used in ESPRESSO_EVENTS
 (#3125)

* Switch to sanitize_text_field() so that dashes aren't stripped from the categories passed.

* Build out $event_category_slugs_array from whatever is passed and trim each element in the array to remove whitespaces

Use $event_category_slugs_array to build out an placeholder string to be used with prepare. (Count the number of slugs and add N number of placeholders to a string)

Switch to use IN in the SQL query and pass both $event_category_slugs_prepare and $event_category_slugs_array to prepare.

* Add braces around $event_category_slugs_prepare

* Style fixes.
---
 core/helpers/EEH_Event_Query.helper.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/core/helpers/EEH_Event_Query.helper.php b/core/helpers/EEH_Event_Query.helper.php
index cda1efdd04a..6e58be15d41 100644
--- a/core/helpers/EEH_Event_Query.helper.php
+++ b/core/helpers/EEH_Event_Query.helper.php
@@ -156,7 +156,7 @@ private static function _display_month($month = '')
      */
     private static function _event_category_slug($category = '')
     {
-        return sanitize_title_with_dashes(EE_Registry::instance()->REQ->get('event_query_category', $category));
+        return sanitize_text_field(EE_Registry::instance()->REQ->get('event_query_category', $category));
     }
 
 
@@ -541,9 +541,12 @@ public static function posts_where_sql_for_show_expired($show_expired = false)
     public static function posts_where_sql_for_event_category_slug($event_category_slug = null)
     {
         global $wpdb;
-        return ! empty($event_category_slug)
-            ? $wpdb->prepare(" AND {$wpdb->terms}.slug = %s ", $event_category_slug)
-            : '';
+        if (! empty($event_category_slug)) {
+            $event_category_slugs_array = array_map('trim', explode(',', $event_category_slug));
+            $event_category_slugs_prepare = implode(', ', array_fill(0, count($event_category_slugs_array), '%s'));
+            return $wpdb->prepare(" AND {$wpdb->terms}.slug IN ({$event_category_slugs_prepare}) ", $event_category_slugs_array);
+        }
+        return '';
     }