Import users from CSV with meta - Version 1.14.2.1

Version Description

  • Directory traversal attack prevented
Download this release

Release Info

Developer carazo
Plugin Icon 128x128 Import users from CSV with meta
Version 1.14.2.1
Comparing to
See all releases

Code changes from version 1.14.2 to 1.14.2.1

Files changed (12) hide show
  1. classes/columns.php +1 -0
  2. classes/cron.php +1 -0
  3. classes/doc.php +2 -2
  4. classes/email-options.php +2 -2
  5. classes/frontend.php +1 -0
  6. classes/homepage.php +5 -5
  7. email-repeated.php +0 -29
  8. import-users-from-csv-with-meta.php +130 -168
  9. importer.php +21 -43
  10. include/shortcode-frontend.php +3 -4
  11. readme.txt +8 -2
  12. smtp.php +0 -310
classes/columns.php CHANGED
@@ -16,6 +16,7 @@ class ACUI_Columns{
16
  <form method="POST" enctype="multipart/form-data" action="" accept-charset="utf-8">
17
  <input type="checkbox" name="show-profile-fields" value="yes" <?php if( $show_profile_fields == true ) echo "checked='checked'"; ?>>
18
  <input type="hidden" name="show-profile-fields-action" value="update"/>
 
19
  <input class="button-primary" type="submit" value="<?php _e( 'Save option', 'import-users-from-csv-with-meta'); ?>"/>
20
  </form>
21
  </td>
16
  <form method="POST" enctype="multipart/form-data" action="" accept-charset="utf-8">
17
  <input type="checkbox" name="show-profile-fields" value="yes" <?php if( $show_profile_fields == true ) echo "checked='checked'"; ?>>
18
  <input type="hidden" name="show-profile-fields-action" value="update"/>
19
+ <?php wp_nonce_field( 'codection-security', 'security' ); ?>
20
  <input class="button-primary" type="submit" value="<?php _e( 'Save option', 'import-users-from-csv-with-meta'); ?>"/>
21
  </form>
22
  </td>
classes/cron.php CHANGED
@@ -239,6 +239,7 @@ class ACUI_Cron{
239
 
240
  </tbody>
241
  </table>
 
242
  <input class="button-primary" type="submit" value="<?php _e( 'Save schedule options', 'import-users-from-csv-with-meta'); ?>"/>
243
  </form>
244
 
239
 
240
  </tbody>
241
  </table>
242
+ <?php wp_nonce_field( 'codection-security', 'security' ); ?>
243
  <input class="button-primary" type="submit" value="<?php _e( 'Save schedule options', 'import-users-from-csv-with-meta'); ?>"/>
244
  </form>
245
 
classes/doc.php CHANGED
@@ -144,12 +144,12 @@ class ACUI_Doc{
144
  </tr>
145
  <tr valign="top">
146
  <th scope="row"><?php _e( 'Example', 'import-users-from-csv-with-meta' ); ?></th>
147
- <td><?php _e( 'Download this', 'import-users-from-csv-with-meta' ); ?> <a href="<?php echo plugins_url() . "/import-users-from-csv-with-meta/test.csv"; ?>">.csv <?php _e('file','import-users-from-csv-with-meta'); ?></a> <?php _e( 'to test', 'import-users-from-csv-with-meta' ); ?></td>
148
  </tr>
149
  </tbody>
150
  </table>
151
  <br/>
152
- <div style="width:775px;margin:0 auto"><img src="<?php echo plugins_url() . "/import-users-from-csv-with-meta/csv_example.png"; ?>"/></div>
153
  <?php
154
  }
155
  }
144
  </tr>
145
  <tr valign="top">
146
  <th scope="row"><?php _e( 'Example', 'import-users-from-csv-with-meta' ); ?></th>
147
+ <td><?php _e( 'Download this', 'import-users-from-csv-with-meta' ); ?> <a href="<?php echo esc_url( plugins_url( 'test.csv', dirname( __FILE__ ) ) ); ?>">.csv <?php _e('file','import-users-from-csv-with-meta'); ?></a> <?php _e( 'to test', 'import-users-from-csv-with-meta' ); ?></td>
148
  </tr>
149
  </tbody>
150
  </table>
151
  <br/>
152
+ <div style="width:775px;margin:0 auto"><img src="<?php echo esc_url( plugins_url( 'csv_example.png', dirname( __FILE__ ) ) ); ?>"/></div>
153
  <?php
154
  }
155
  }
classes/email-options.php CHANGED
@@ -82,7 +82,7 @@ class ACUI_Email_Options{
82
  <br/>
83
  <input class="button-primary" type="submit" value="<?php _e( 'Save email template and options', 'import-users-from-csv-with-meta'); ?>" id="save_mail_template_options"/>
84
 
85
- <?php wp_nonce_field( 'codection-security', 'nonce' ); ?>
86
 
87
  <?php ACUI_Email_Template::email_templates_edit_form_after_editor(); ?>
88
 
@@ -100,7 +100,7 @@ class ACUI_Email_Options{
100
  array(
101
  'title' => __( 'Choose or upload file', 'import-users-from-csv-with-meta' ),
102
  'button' => __( 'Use this file', 'import-users-from-csv-with-meta' ),
103
- 'nonce' => wp_create_nonce( "codection-security" )
104
  )
105
  );
106
  wp_enqueue_script( 'email-template-attachment-admin' );
82
  <br/>
83
  <input class="button-primary" type="submit" value="<?php _e( 'Save email template and options', 'import-users-from-csv-with-meta'); ?>" id="save_mail_template_options"/>
84
 
85
+ <?php wp_nonce_field( 'codection-security', 'security' ); ?>
86
 
87
  <?php ACUI_Email_Template::email_templates_edit_form_after_editor(); ?>
88
 
100
  array(
101
  'title' => __( 'Choose or upload file', 'import-users-from-csv-with-meta' ),
102
  'button' => __( 'Use this file', 'import-users-from-csv-with-meta' ),
103
+ 'security' => wp_create_nonce( "codection-security" )
104
  )
105
  );
106
  wp_enqueue_script( 'email-template-attachment-admin' );
classes/frontend.php CHANGED
@@ -127,6 +127,7 @@ class ACUI_Frontend{
127
  </tbody>
128
  </table>
129
 
 
130
  <input class="button-primary" type="submit" value="<?php _e( 'Save frontend import options', 'import-users-from-csv-with-meta'); ?>"/>
131
  </form>
132
 
127
  </tbody>
128
  </table>
129
 
130
+ <?php wp_nonce_field( 'codection-security', 'security' ); ?>
131
  <input class="button-primary" type="submit" value="<?php _e( 'Save frontend import options', 'import-users-from-csv-with-meta'); ?>"/>
132
  </form>
133
 
classes/homepage.php CHANGED
@@ -59,7 +59,7 @@ class ACUI_Homepage{
59
  <th scope="row"><label><?php _e( 'CSV file <span class="description">(required)</span></label>', 'import-users-from-csv-with-meta' ); ?></th>
60
  <td>
61
  <div id="upload_file">
62
- <input type="file" name="uploadfiles[]" id="uploadfiles" size="35" class="uploadfiles" />
63
  <?php _e( '<em>or you can choose directly a file from your host,', 'import-users-from-csv-with-meta' ) ?> <a href="#" class="toggle_upload_path"><?php _e( 'click here', 'import-users-from-csv-with-meta' ) ?></a>.</em>
64
  </div>
65
  <div id="introduce_path" style="display:none;">
@@ -194,7 +194,7 @@ class ACUI_Homepage{
194
 
195
  <?php do_action( 'acui_tab_import_before_import_button' ); ?>
196
 
197
- <?php wp_nonce_field( 'acui-import', 'acui-nonce' ); ?>
198
 
199
  <input class="button-primary" type="submit" name="uploadfile" id="uploadfile_btn" value="<?php _e( 'Start importing', 'import-users-from-csv-with-meta' ); ?>"/>
200
  </form>
@@ -214,13 +214,13 @@ class ACUI_Homepage{
214
  <li><label>Incluye experto técnico WordPress ilimitado.</label></li>
215
  </ul>
216
  <a href="https://www.iontics.com/hosting-wordpress/?utm_source=banner&utm_medium=CodectionPlugin&utm_campaign=pluginswp" target="_blank">
217
- <img src="<?php echo plugins_url(); ?>/import-users-from-csv-with-meta/assets/iontics_logo.svg">
218
  </a>
219
  </div>
220
  <?php else: ?>
221
  <div class="sidebar_section" style="padding:0 !important;border:none !important;background:none !important;">
222
  <a href="https://codection.com/how-to-transfer-your-website-to-inmotion-hosting/" target="_blank">
223
- <img src="<?php echo plugins_url(); ?>/import-users-from-csv-with-meta/assets/codection-inmotion.png">
224
  </a>
225
  </div>
226
  <?php endif; ?>
@@ -249,7 +249,7 @@ class ACUI_Homepage{
249
  </div>
250
  <script type="text/javascript">
251
  function check(){
252
- if(document.getElementById("uploadfiles").value == "" && jQuery( "#upload_file" ).is(":visible") ) {
253
  alert("<?php _e( 'Please choose a file', 'import-users-from-csv-with-meta' ); ?>");
254
  return false;
255
  }
59
  <th scope="row"><label><?php _e( 'CSV file <span class="description">(required)</span></label>', 'import-users-from-csv-with-meta' ); ?></th>
60
  <td>
61
  <div id="upload_file">
62
+ <input type="file" name="uploadfile" id="uploadfile" size="35" class="uploadfile" />
63
  <?php _e( '<em>or you can choose directly a file from your host,', 'import-users-from-csv-with-meta' ) ?> <a href="#" class="toggle_upload_path"><?php _e( 'click here', 'import-users-from-csv-with-meta' ) ?></a>.</em>
64
  </div>
65
  <div id="introduce_path" style="display:none;">
194
 
195
  <?php do_action( 'acui_tab_import_before_import_button' ); ?>
196
 
197
+ <?php wp_nonce_field( 'codection-security', 'security' ); ?>
198
 
199
  <input class="button-primary" type="submit" name="uploadfile" id="uploadfile_btn" value="<?php _e( 'Start importing', 'import-users-from-csv-with-meta' ); ?>"/>
200
  </form>
214
  <li><label>Incluye experto técnico WordPress ilimitado.</label></li>
215
  </ul>
216
  <a href="https://www.iontics.com/hosting-wordpress/?utm_source=banner&utm_medium=CodectionPlugin&utm_campaign=pluginswp" target="_blank">
217
+ <img src="<?php echo esc_url( plugins_url( 'assets/iontics_logo.svg', dirname( __FILE__ ) ) ); ?>">
218
  </a>
219
  </div>
220
  <?php else: ?>
221
  <div class="sidebar_section" style="padding:0 !important;border:none !important;background:none !important;">
222
  <a href="https://codection.com/how-to-transfer-your-website-to-inmotion-hosting/" target="_blank">
223
+ <img src="<?php echo esc_url( plugins_url( 'assets/codection-inmotion.png', dirname( __FILE__ ) ) ); ?>
224
  </a>
225
  </div>
226
  <?php endif; ?>
249
  </div>
250
  <script type="text/javascript">
251
  function check(){
252
+ if(document.getElementById("uploadfile").value == "" && jQuery( "#upload_file" ).is(":visible") ) {
253
  alert("<?php _e( 'Please choose a file', 'import-users-from-csv-with-meta' ); ?>");
254
  return false;
255
  }
email-repeated.php DELETED
@@ -1,29 +0,0 @@
1
- <?php
2
-
3
- if ( ! defined( 'ABSPATH' ) ) exit;
4
-
5
- function acui_hack_email( $email ) {
6
- if ( ! is_email( $email ) ) {
7
- return;
8
- }
9
-
10
- $old_email = $email;
11
-
12
- for ( $i = 0; ! $skip_remap && email_exists( $email ); $i++ ) {
13
- $email = str_replace( '@', "+ama{$i}@", $old_email );
14
- }
15
-
16
- return $email;
17
- }
18
-
19
- function acui_hack_restore_remapped_email_address( $user_id, $email ) {
20
- global $wpdb;
21
-
22
- $wpdb->update(
23
- $wpdb->users,
24
- array( 'user_email' => $email ),
25
- array( 'ID' => $user_id )
26
- );
27
-
28
- clean_user_cache( $user_id );
29
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
import-users-from-csv-with-meta.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Import users from CSV with meta
4
  Plugin URI: https://www.codection.com
5
  Description: This plugins allows to import users using CSV files to WP database automatically
6
- Version: 1.14.2
7
  Author: codection
8
  Author URI: https://codection.com
9
  License: GPL2
@@ -21,11 +21,7 @@ $acui_restricted_fields = array_merge( $wp_users_fields, $wp_min_fields, $acui_f
21
 
22
  include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
23
 
24
- require_once( "smtp.php" );
25
- require_once( "email-repeated.php" );
26
-
27
  require_once( "classes/email-templates.php" );
28
-
29
  require_once( "classes/homepage.php" );
30
  require_once( "classes/columns.php" );
31
  require_once( "classes/frontend.php" );
@@ -128,17 +124,11 @@ function acui_get_default_options_list(){
128
  }
129
 
130
  function acui_activate(){
131
- global $acui_smtp_options;
132
  $acui_default_options_list = acui_get_default_options_list();
133
 
134
  foreach ( $acui_default_options_list as $key => $value) {
135
  add_option( $key, $value );
136
  }
137
-
138
- // smtp
139
- foreach ( $acui_smtp_options as $key => $value ) {
140
- add_option( $key, $value );
141
- }
142
  }
143
 
144
  function acui_deactivate(){
@@ -146,20 +136,29 @@ function acui_deactivate(){
146
  }
147
 
148
  function acui_admin_enqueue_scripts() {
149
- wp_enqueue_style( 'acui_css', plugin_dir_url( __FILE__ ) . '/assets/style.css', false, '1.0.0' );
150
  }
151
 
152
  function acui_delete_options(){
153
- global $acui_smtp_options;
154
- $acui_default_options_list = acui_get_default_options_list();
 
 
 
 
 
 
 
 
 
 
 
 
 
155
 
156
  foreach ( $acui_default_options_list as $key => $value) {
157
  delete_option( $key );
158
  }
159
-
160
- foreach ( $acui_smtp_options as $key => $value ) {
161
- delete_option( $key );
162
- }
163
  }
164
 
165
  function acui_get_restricted_fields(){
@@ -293,7 +292,7 @@ function acui_admin_tabs( $current = 'homepage' ) {
293
  $class = ( $tab == $current ) ? ' nav-tab-active' : '';
294
 
295
  if( $tab == "shop" ){
296
- $href = "http://codection.com/tienda/";
297
  $target = "_blank";
298
  }
299
  else{
@@ -308,108 +307,43 @@ function acui_admin_tabs( $current = 'homepage' ) {
308
  }
309
 
310
  function acui_fileupload_process( $form_data, $is_cron = false, $is_frontend = false ) {
311
- if ( !( $is_cron || $is_frontend ) && ( ! isset( $_POST['acui-nonce'] ) || ! wp_verify_nonce( $_POST['acui-nonce'], 'acui-import' ) ) ){
312
- wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
313
- }
314
 
315
- $path_to_file = $form_data["path_to_file"];
316
- $uploadfiles = $_FILES['uploadfiles'];
 
317
 
318
- if( empty( $uploadfiles["name"][0] ) ):
319
-
320
- if( !file_exists ( $path_to_file ) )
321
- wp_die( __( 'Error, we cannot find the file', 'import-users-from-csv-with-meta' ) . ": $path_to_file" );
322
 
323
  acui_import_users( $path_to_file, $form_data, 0, $is_cron, $is_frontend );
324
-
325
  else:
326
-
327
- if ( is_array($uploadfiles) ) {
328
-
329
- foreach ( $uploadfiles['name'] as $key => $value ) {
330
-
331
- if ($uploadfiles['error'][$key] == 0) {
332
- $filetmp = $uploadfiles['tmp_name'][$key];
333
-
334
- $filename = $uploadfiles['name'][$key];
335
-
336
- $filetype = wp_check_filetype( basename( $filename ), array('csv' => 'text/csv') );
337
- $filetitle = preg_replace('/\.[^.]+$/', '', basename( $filename ) );
338
- $filename = $filetitle . '.' . $filetype['ext'];
339
- $upload_dir = wp_upload_dir();
340
-
341
- if ($filetype['ext'] != "csv") {
342
- wp_die('File must be a CSV');
343
- return;
344
- }
345
-
346
- $i = 0;
347
- while ( file_exists( $upload_dir['path'] .'/' . $filename ) ) {
348
- $filename = $filetitle . '_' . $i . '.' . $filetype['ext'];
349
- $i++;
350
- }
351
- $filedest = $upload_dir['path'] . '/' . $filename;
352
-
353
- if ( !is_writeable( $upload_dir['path'] ) ) {
354
- wp_die( __( 'Unable to write to directory. Is this directory writable by the server?', 'import-users-from-csv-with-meta' ));
355
- return;
356
- }
357
-
358
- if ( !@move_uploaded_file($filetmp, $filedest) ){
359
- wp_die( __( 'Error, the file', 'import-users-from-csv-with-meta' ) . " $filetmp " . __( 'could not moved to', 'import-users-from-csv-with-meta' ) . " : $filedest");
360
- continue;
361
- }
362
 
363
- $attachment = array(
364
- 'post_mime_type' => $filetype['type'],
365
- 'post_title' => $filetitle,
366
- 'post_content' => '',
367
- 'post_status' => 'inherit'
368
- );
369
-
370
- $attach_id = wp_insert_attachment( $attachment, $filedest );
371
- require_once( ABSPATH . "wp-admin" . '/includes/image.php' );
372
- $attach_data = wp_generate_attachment_metadata( $attach_id, $filedest );
373
- wp_update_attachment_metadata( $attach_id, $attach_data );
374
-
375
- acui_import_users( $filedest, $form_data, $attach_id, $is_cron, $is_frontend );
376
- }
377
- }
378
- }
379
  endif;
380
  }
381
 
382
  function acui_manage_frontend_process( $form_data ){
383
- if( isset( $form_data["send-mail-frontend"] ) && $form_data["send-mail-frontend"] == "yes" )
384
- update_option( "acui_frontend_send_mail", true );
385
- else
386
- update_option( "acui_frontend_send_mail", false );
387
-
388
- if( isset( $form_data["send-mail-updated-frontend"] ) && $form_data["send-mail-updated-frontend"] == "yes" )
389
- update_option( "acui_frontend_send_mail_updated", true );
390
- else
391
- update_option( "acui_frontend_send_mail_updated", false );
392
-
393
- if( isset( $form_data["delete-users-frontend"] ) && $form_data["delete-users-frontend"] == "yes" )
394
- update_option( "acui_frontend_delete_users", true );
395
- else
396
- update_option( "acui_frontend_delete_users", false );
397
-
398
- update_option( "acui_frontend_delete_users_assign_posts", $form_data["delete-users-assign-posts-frontend"] );
399
-
400
- if( isset( $form_data["change-role-not-present-frontend"] ) && $form_data["change-role-not-present-frontend"] == "yes" )
401
- update_option( "acui_frontend_change_role_not_present", true );
402
- else
403
- update_option( "acui_frontend_change_role_not_present", false );
404
-
405
- update_option( "acui_frontend_change_role_not_present_role", $form_data["change-role-not-present-role-frontend"] );
406
 
407
  if( isset( $form_data["activate-users-wp-members-frontend"] ) )
408
- update_option( "acui_frontend_activate_users_wp_members", $form_data["activate-users-wp-members-frontend"] );
409
  else
410
  update_option( "acui_frontend_activate_users_wp_members", 'no_activate' );
411
 
412
- update_option( "acui_frontend_role", $form_data["role-frontend"] );
413
  ?>
414
  <div class="updated">
415
  <p><?php _e( 'Settings updated correctly', 'import-users-from-csv-with-meta' ) ?></p>
@@ -417,21 +351,11 @@ function acui_manage_frontend_process( $form_data ){
417
  <?php
418
  }
419
 
420
-
421
  function acui_manage_extra_profile_fields( $form_data ){
422
- if( isset( $form_data["show-profile-fields"] ) && $form_data["show-profile-fields"] == "yes" ){
423
- update_option( "acui_show_profile_fields", true );
424
- }
425
- else{
426
- update_option( "acui_show_profile_fields", false );
427
- }
428
  }
429
 
430
  function acui_save_mail_template( $form_data ){
431
- if ( !isset( $form_data['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'codection-security' ) ) {
432
- wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
433
- }
434
-
435
  $automattic_wordpress_email = sanitize_text_field( $form_data["automattic_wordpress_email"] );
436
  $subject_mail = sanitize_text_field( $form_data["subject_mail"] );
437
  $body_mail = wp_kses_post( stripslashes( $form_data["body_mail"] ) );
@@ -444,14 +368,16 @@ function acui_save_mail_template( $form_data ){
444
  update_option( "acui_mail_template_id", $template_id );
445
  update_option( "acui_mail_attachment_id", $email_template_attachment_id );
446
 
447
- if( !empty( $form_data["template_id"] ) ){
 
 
448
  wp_update_post( array(
449
  'ID' => $template_id,
450
  'post_title' => $subject_mail,
451
  'post_content' => $body_mail,
452
  ) );
453
 
454
- update_post_meta( $form_data["template_id"], 'email_template_attachment_id', $email_template_attachment_id );
455
  }
456
  ?>
457
  <div class="updated">
@@ -462,12 +388,13 @@ function acui_save_mail_template( $form_data ){
462
 
463
  function acui_manage_cron_process( $form_data ){
464
  $next_timestamp = wp_next_scheduled( 'acui_cron_process' );
 
465
 
466
  if( isset( $form_data["cron-activated"] ) && $form_data["cron-activated"] == "yes" ){
467
  update_option( "acui_cron_activated", true );
468
 
469
  if( !$next_timestamp ) {
470
- wp_schedule_event( time(), $form_data[ "period" ], 'acui_cron_process' );
471
  }
472
  }
473
  else{
@@ -475,54 +402,21 @@ function acui_manage_cron_process( $form_data ){
475
  wp_unschedule_event( $next_timestamp, 'acui_cron_process');
476
  }
477
 
478
- if( isset( $form_data["send-mail-cron"] ) && $form_data["send-mail-cron"] == "yes" )
479
- update_option( "acui_cron_send_mail", true );
480
- else
481
- update_option( "acui_cron_send_mail", false );
482
-
483
- if( isset( $form_data["send-mail-updated"] ) && $form_data["send-mail-updated"] == "yes" )
484
- update_option( "acui_cron_send_mail_updated", true );
485
- else
486
- update_option( "acui_cron_send_mail_updated", false );
487
-
488
- if( isset( $form_data["cron-delete-users"] ) && $form_data["cron-delete-users"] == "yes" )
489
- update_option( "acui_cron_delete_users", true );
490
- else
491
- update_option( "acui_cron_delete_users", false );
492
-
493
- if( isset( $form_data["move-file-cron"] ) && $form_data["move-file-cron"] == "yes" )
494
- update_option( "acui_move_file_cron", true );
495
- else
496
- update_option( "acui_move_file_cron", false );
497
-
498
- if( isset( $form_data["path_to_move_auto_rename"] ) && $form_data["path_to_move_auto_rename"] == "yes" )
499
- update_option( "acui_cron_path_to_move_auto_rename", true );
500
- else
501
- update_option( "acui_cron_path_to_move_auto_rename", false );
502
-
503
- if ( isset ( $form_data["allow_multiple_accounts"] ) && $form_data["allow_multiple_accounts"] == "yes" )
504
- update_option( "acui_cron_allow_multiple_accounts", "allowed" );
505
- else
506
- update_option( "acui_cron_allow_multiple_accounts", "not_allowed" );
507
-
508
- update_option( "acui_cron_path_to_file", $form_data["path_to_file"] );
509
- update_option( "acui_cron_path_to_move", $form_data["path_to_move"] );
510
- update_option( "acui_cron_period", $form_data["period"] );
511
- update_option( "acui_cron_role", $form_data["role"] );
512
- update_option( "acui_cron_update_roles_existing_users", $form_data["update-roles-existing-users"] );
513
-
514
- if( isset( $form_data["cron-delete-users"] ) && $form_data["cron-delete-users"] == "yes" )
515
- update_option( "acui_cron_delete_users", true );
516
- else
517
- update_option( "acui_cron_delete_users", false );
518
- update_option( "acui_cron_delete_users_assign_posts", $form_data["cron-delete-users-assign-posts"] );
519
-
520
- if( isset( $form_data["cron-change-role-not-present"] ) && $form_data["cron-change-role-not-present"] == "yes" )
521
- update_option( "acui_cron_change_role_not_present", true );
522
- else
523
- update_option( "acui_cron_change_role_not_present", false );
524
-
525
- update_option( "acui_cron_change_role_not_present_role", $form_data["cron-change-role-not-present-role"] );
526
  ?>
527
  <div class="updated">
528
  <p><?php _e( 'Settings updated correctly', 'import-users-from-csv-with-meta' ) ?></p>
@@ -743,10 +637,78 @@ function acui_bulk_delete_attachment(){
743
  }
744
 
745
  // misc
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
746
  function cod_set_html_content_type() {
747
  return 'text/html';
748
  }
749
 
750
  function acui_return_false(){
751
  return false;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
752
  }
3
  Plugin Name: Import users from CSV with meta
4
  Plugin URI: https://www.codection.com
5
  Description: This plugins allows to import users using CSV files to WP database automatically
6
+ Version: 1.14.2.1
7
  Author: codection
8
  Author URI: https://codection.com
9
  License: GPL2
21
 
22
  include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
23
 
 
 
 
24
  require_once( "classes/email-templates.php" );
 
25
  require_once( "classes/homepage.php" );
26
  require_once( "classes/columns.php" );
27
  require_once( "classes/frontend.php" );
124
  }
125
 
126
  function acui_activate(){
 
127
  $acui_default_options_list = acui_get_default_options_list();
128
 
129
  foreach ( $acui_default_options_list as $key => $value) {
130
  add_option( $key, $value );
131
  }
 
 
 
 
 
132
  }
133
 
134
  function acui_deactivate(){
136
  }
137
 
138
  function acui_admin_enqueue_scripts() {
139
+ wp_enqueue_style( 'acui_css', plugins_url( 'assets/style.css', __FILE__ ), false, '1.0.0' );
140
  }
141
 
142
  function acui_delete_options(){
143
+ $acui_smtp_options = array (
144
+ 'acui_settings' => 'wordpress',
145
+ 'acui_mail_from' => '',
146
+ 'acui_mail_from_name' => '',
147
+ 'acui_mailer' => 'smtp',
148
+ 'acui_mail_set_return_path' => 'false',
149
+ 'acui_smtp_host' => 'localhost',
150
+ 'acui_smtp_port' => '25',
151
+ 'acui_smtp_ssl' => 'none',
152
+ 'acui_smtp_auth' => false,
153
+ 'acui_smtp_user' => '',
154
+ 'acui_smtp_pass' => ''
155
+ );
156
+
157
+ $acui_default_options_list = array_merge( acui_get_default_options_list(), $acui_smtp_options );
158
 
159
  foreach ( $acui_default_options_list as $key => $value) {
160
  delete_option( $key );
161
  }
 
 
 
 
162
  }
163
 
164
  function acui_get_restricted_fields(){
292
  $class = ( $tab == $current ) ? ' nav-tab-active' : '';
293
 
294
  if( $tab == "shop" ){
295
+ $href = "https://codection.com/tienda/";
296
  $target = "_blank";
297
  }
298
  else{
307
  }
308
 
309
  function acui_fileupload_process( $form_data, $is_cron = false, $is_frontend = false ) {
310
+ if( empty( $_FILES['uploadfile']['name'] ) ):
311
+ $path_to_file = sanitize_file_name( $form_data["path_to_file"] );
 
312
 
313
+ if( !validate_file( $path_to_file ) ){
314
+ wp_die( __( 'Error, path to file is not well written', 'import-users-from-csv-with-meta' ) . ": $path_to_file" );
315
+ }
316
 
317
+ if( !file_exists ( $path_to_file ) ){
318
+ wp_die( __( 'Error, we cannot find the file', 'import-users-from-csv-with-meta' ) . ": $path_to_file" );
319
+ }
 
320
 
321
  acui_import_users( $path_to_file, $form_data, 0, $is_cron, $is_frontend );
 
322
  else:
323
+ $uploadfile = wp_handle_upload( $_FILES['uploadfile'], array( 'test_form' => false, 'mimes' => array('csv' => 'text/csv') ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
324
 
325
+ if ( !$uploadfile || isset( $uploadfile['error'] ) ) {
326
+ wp_die( __( 'Problem uploading file to import' . var_export( $uploadfile['error'], true ), 'import-users-from-csv-with-meta' ));
327
+ } else {
328
+ acui_import_users( $uploadfile['file'], $form_data, acui_get_attachment_id_by_url( $uploadfile['url'] ), $is_cron, $is_frontend );
329
+ }
 
 
 
 
 
 
 
 
 
 
 
330
  endif;
331
  }
332
 
333
  function acui_manage_frontend_process( $form_data ){
334
+ update_option( "acui_frontend_send_mail", isset( $form_data["send-mail-frontend"] ) && $form_data["send-mail-frontend"] == "yes" );
335
+ update_option( "acui_frontend_send_mail_updated", isset( $form_data["send-mail-updated-frontend"] ) && $form_data["send-mail-updated-frontend"] == "yes" );
336
+ update_option( "acui_frontend_delete_users", isset( $form_data["delete-users-frontend"] ) && $form_data["delete-users-frontend"] == "yes" );
337
+ update_option( "acui_frontend_delete_users_assign_posts", sanitize_text_field( $form_data["delete-users-assign-posts-frontend"] ) );
338
+ update_option( "acui_frontend_change_role_not_present", isset( $form_data["change-role-not-present-frontend"] ) && $form_data["change-role-not-present-frontend"] == "yes" );
339
+ update_option( "acui_frontend_change_role_not_present_role", sanitize_text_field( $form_data["change-role-not-present-role-frontend"] ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
340
 
341
  if( isset( $form_data["activate-users-wp-members-frontend"] ) )
342
+ update_option( "acui_frontend_activate_users_wp_members", sanitize_text_field( $form_data["activate-users-wp-members-frontend"] ) );
343
  else
344
  update_option( "acui_frontend_activate_users_wp_members", 'no_activate' );
345
 
346
+ update_option( "acui_frontend_role", sanitize_text_field( $form_data["role-frontend"] ) );
347
  ?>
348
  <div class="updated">
349
  <p><?php _e( 'Settings updated correctly', 'import-users-from-csv-with-meta' ) ?></p>
351
  <?php
352
  }
353
 
 
354
  function acui_manage_extra_profile_fields( $form_data ){
355
+ update_option( "acui_show_profile_fields", isset( $form_data["show-profile-fields"] ) && $form_data["show-profile-fields"] == "yes" );
 
 
 
 
 
356
  }
357
 
358
  function acui_save_mail_template( $form_data ){
 
 
 
 
359
  $automattic_wordpress_email = sanitize_text_field( $form_data["automattic_wordpress_email"] );
360
  $subject_mail = sanitize_text_field( $form_data["subject_mail"] );
361
  $body_mail = wp_kses_post( stripslashes( $form_data["body_mail"] ) );
368
  update_option( "acui_mail_template_id", $template_id );
369
  update_option( "acui_mail_attachment_id", $email_template_attachment_id );
370
 
371
+ $template_id = absint( $form_data["template_id"] );
372
+
373
+ if( !empty( $template_id ) ){
374
  wp_update_post( array(
375
  'ID' => $template_id,
376
  'post_title' => $subject_mail,
377
  'post_content' => $body_mail,
378
  ) );
379
 
380
+ update_post_meta( $template_id, 'email_template_attachment_id', $email_template_attachment_id );
381
  }
382
  ?>
383
  <div class="updated">
388
 
389
  function acui_manage_cron_process( $form_data ){
390
  $next_timestamp = wp_next_scheduled( 'acui_cron_process' );
391
+ $period = sanitize_text_field( $form_data[ "period" ] );
392
 
393
  if( isset( $form_data["cron-activated"] ) && $form_data["cron-activated"] == "yes" ){
394
  update_option( "acui_cron_activated", true );
395
 
396
  if( !$next_timestamp ) {
397
+ wp_schedule_event( time(), $period, 'acui_cron_process' );
398
  }
399
  }
400
  else{
402
  wp_unschedule_event( $next_timestamp, 'acui_cron_process');
403
  }
404
 
405
+ update_option( "acui_cron_send_mail", isset( $form_data["send-mail-cron"] ) && $form_data["send-mail-cron"] == "yes" );
406
+ update_option( "acui_cron_send_mail_updated", isset( $form_data["send-mail-updated"] ) && $form_data["send-mail-updated"] == "yes" );
407
+ update_option( "acui_cron_delete_users", isset( $form_data["cron-delete-users"] ) && $form_data["cron-delete-users"] == "yes" );
408
+ update_option( "acui_move_file_cron", isset( $form_data["move-file-cron"] ) && $form_data["move-file-cron"] == "yes" );
409
+ update_option( "acui_cron_path_to_move_auto_rename", isset( $form_data["path_to_move_auto_rename"] ) && $form_data["path_to_move_auto_rename"] == "yes" );
410
+ update_option( "acui_cron_allow_multiple_accounts", ( isset( $form_data["allow_multiple_accounts"] ) && $form_data["allow_multiple_accounts"] == "yes" ) ? "allowed" : "not_allowed" );
411
+ update_option( "acui_cron_path_to_file", sanitize_text_field( $form_data["path_to_file"] ) );
412
+ update_option( "acui_cron_path_to_move", sanitize_text_field( $form_data["path_to_move"] ) );
413
+ update_option( "acui_cron_period", sanitize_text_field( $form_data["period"] ) );
414
+ update_option( "acui_cron_role", sanitize_text_field( $form_data["role"] ) );
415
+ update_option( "acui_cron_update_roles_existing_users", sanitize_text_field( $form_data["update-roles-existing-users"] ) );
416
+ update_option( "acui_cron_delete_users", isset( $form_data["cron-delete-users"] ) && $form_data["cron-delete-users"] == "yes" );
417
+ update_option( "acui_cron_delete_users_assign_posts", sanitize_text_field( $form_data["cron-delete-users-assign-posts"] ) );
418
+ update_option( "acui_cron_change_role_not_present", isset( $form_data["cron-change-role-not-present"] ) && $form_data["cron-change-role-not-present"] == "yes" );
419
+ update_option( "acui_cron_change_role_not_present_role", sanitize_text_field( $form_data["cron-change-role-not-present-role"] ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
420
  ?>
421
  <div class="updated">
422
  <p><?php _e( 'Settings updated correctly', 'import-users-from-csv-with-meta' ) ?></p>
637
  }
638
 
639
  // misc
640
+ function acui_get_attachment_id_by_url( $url ) {
641
+ $wp_upload_dir = wp_upload_dir();
642
+ // Strip out protocols, so it doesn't fail because searching for http: in https: dir.
643
+ $dir = set_url_scheme( trailingslashit( $wp_upload_dir['baseurl'] ), 'relative' );
644
+
645
+ // Is URL in uploads directory?
646
+ if ( false !== strpos( $url, $dir ) ) {
647
+
648
+ $file = basename( $url );
649
+
650
+ $query_args = array(
651
+ 'post_type' => 'attachment',
652
+ 'post_status' => 'inherit',
653
+ 'fields' => 'ids',
654
+ 'meta_query' => array(
655
+ array(
656
+ 'key' => '_wp_attachment_metadata',
657
+ 'compare' => 'LIKE',
658
+ 'value' => $file,
659
+ ),
660
+ ),
661
+ );
662
+
663
+ $query = new WP_Query( $query_args );
664
+
665
+ if ( $query->have_posts() ) {
666
+ foreach ( $query->posts as $attachment_id ) {
667
+ $meta = wp_get_attachment_metadata( $attachment_id );
668
+ $original_file = basename( $meta['file'] );
669
+ $cropped_files = wp_list_pluck( $meta['sizes'], 'file' );
670
+
671
+ if ( $original_file === $file || in_array( $file, $cropped_files ) ) {
672
+ return (int) $attachment_id;
673
+ }
674
+ }
675
+ }
676
+ }
677
+
678
+ return false;
679
+ }
680
+
681
  function cod_set_html_content_type() {
682
  return 'text/html';
683
  }
684
 
685
  function acui_return_false(){
686
  return false;
687
+ }
688
+
689
+ // email repeated
690
+ function acui_hack_email( $email ) {
691
+ if ( ! is_email( $email ) ) {
692
+ return;
693
+ }
694
+
695
+ $old_email = $email;
696
+
697
+ for ( $i = 0; ! $skip_remap && email_exists( $email ); $i++ ) {
698
+ $email = str_replace( '@', "+ama{$i}@", $old_email );
699
+ }
700
+
701
+ return $email;
702
+ }
703
+
704
+ function acui_hack_restore_remapped_email_address( $user_id, $email ) {
705
+ global $wpdb;
706
+
707
+ $wpdb->update(
708
+ $wpdb->users,
709
+ array( 'user_email' => $email ),
710
+ array( 'ID' => $user_id )
711
+ );
712
+
713
+ clean_user_cache( $user_id );
714
  }
importer.php CHANGED
@@ -39,56 +39,33 @@ function acui_import_users( $file, $form_data, $attach_id = 0, $is_cron = false,
39
  $users_registered = array();
40
  $headers = array();
41
  $headers_filtered = array();
42
- $update_existing_users = isset( $form_data["update_existing_users"] ) ? $form_data["update_existing_users"] : '';
43
- $role_default = isset( $form_data["role"] ) ? $form_data["role"] : '';
44
- $update_roles_existing_users = isset( $form_data["update_roles_existing_users"] ) ? $form_data["update_roles_existing_users"] : '';
45
- $empty_cell_action = isset( $form_data["empty_cell_action"] ) ? $form_data["empty_cell_action"] : '';
46
- $delete_users = isset( $form_data["delete_users"] ) ? $form_data["delete_users"] : '';
47
- $delete_users_assign_posts = isset( $form_data["delete_users_assign_posts"] ) ? $form_data["delete_users_assign_posts"] : '';
48
- $change_role_not_present = isset( $form_data["change_role_not_present"] ) ? $form_data["change_role_not_present"] : '';
49
- $change_role_not_present_role = isset( $form_data["change_role_not_present_role"] ) ? $form_data["change_role_not_present_role"] : '';
50
 
51
  if( $is_frontend ){
52
  $activate_users_wp_members = get_option( "acui_frontend_activate_users_wp_members" );
53
  }
54
  else{
55
- if( !isset( $form_data["activate_users_wp_members"] ) || empty( $form_data["activate_users_wp_members"] ) )
56
- $activate_users_wp_members = "no_activate";
57
- else
58
- $activate_users_wp_members = $form_data["activate_users_wp_members"];
59
  }
60
 
61
-
62
  if( $is_cron ){
63
- if( get_option( "acui_cron_allow_multiple_accounts" ) == "allowed" ){
64
- $allow_multiple_accounts = "allowed";
65
- }
66
- else {
67
- $allow_multiple_accounts = "not_allowed";
68
- }
69
  }
70
  else {
71
- if( empty( $form_data["allow_multiple_accounts"] ) )
72
- $allow_multiple_accounts = "not_allowed";
73
- else
74
- $allow_multiple_accounts = $form_data["allow_multiple_accounts"];
75
  }
76
 
77
- if( empty( $form_data["approve_users_new_user_appove"] ) )
78
- $approve_users_new_user_appove = "no_approve";
79
- else
80
- $approve_users_new_user_appove = $form_data["approve_users_new_user_appove"];
81
-
82
- // save mail sending preferences
83
- if( isset( $form_data["sends_email"] ) && $form_data["sends_email"] == 'yes' )
84
- update_option( "acui_manually_send_mail", true );
85
- else
86
- update_option( "acui_manually_send_mail", false );
87
-
88
- if( isset( $form_data["send_email_updated"] ) && $form_data["send_email_updated"] == 'yes' )
89
- update_option( "acui_manually_send_mail_updated", true );
90
- else
91
- update_option( "acui_manually_send_mail_updated", false );
92
 
93
  // disable WordPress default emails if this must be disabled
94
  if( !get_option('acui_automatic_wordpress_email') ){
@@ -407,7 +384,7 @@ function acui_import_users( $file, $form_data, $attach_id = 0, $is_cron = false,
407
  update_user_meta( $user_id, "active", true );
408
 
409
  // New User Approve
410
- if( $approve_users_new_user_appove == "approve" )
411
  update_user_meta( $user_id, "pw_user_status", "approved" );
412
  else
413
  update_user_meta( $user_id, "pending", true );
@@ -729,7 +706,7 @@ function acui_import_users( $file, $form_data, $attach_id = 0, $is_cron = false,
729
  function acui_options(){
730
  global $acui_url_plugin;
731
 
732
- if ( !current_user_can('create_users') ) {
733
  wp_die( __( 'You are not allowed to see this content.', 'import-users-from-csv-with-meta' ));
734
  }
735
 
@@ -738,8 +715,11 @@ function acui_options(){
738
  else
739
  $tab = 'homepage';
740
 
741
-
742
  if( isset( $_POST ) && !empty( $_POST ) ):
 
 
 
 
743
  switch ( $tab ){
744
  case 'homepage':
745
  acui_fileupload_process( $_POST, false );
@@ -761,9 +741,7 @@ function acui_options(){
761
  case 'cron':
762
  acui_manage_cron_process( $_POST );
763
  break;
764
-
765
  }
766
-
767
  endif;
768
 
769
  if ( isset ( $_GET['tab'] ) )
39
  $users_registered = array();
40
  $headers = array();
41
  $headers_filtered = array();
42
+ $update_existing_users = isset( $form_data["update_existing_users"] ) ? sanitize_text_field( $form_data["update_existing_users"] ) : '';
43
+ $role_default = isset( $form_data["role"] ) ? sanitize_text_field( $form_data["role"] ) : '';
44
+ $update_roles_existing_users = isset( $form_data["update_roles_existing_users"] ) ? sanitize_text_field( $form_data["update_roles_existing_users"] ) : '';
45
+ $empty_cell_action = isset( $form_data["empty_cell_action"] ) ? sanitize_text_field( $form_data["empty_cell_action"] ) : '';
46
+ $delete_users = isset( $form_data["delete_users"] ) ? sanitize_text_field( $form_data["delete_users"] ) : '';
47
+ $delete_users_assign_posts = isset( $form_data["delete_users_assign_posts"] ) ? sanitize_text_field( $form_data["delete_users_assign_posts"] ) : '';
48
+ $change_role_not_present = isset( $form_data["change_role_not_present"] ) ? sanitize_text_field( $form_data["change_role_not_present"] ) : '';
49
+ $change_role_not_present_role = isset( $form_data["change_role_not_present_role"] ) ? sanitize_text_field( $form_data["change_role_not_present_role"] ) : '';
50
 
51
  if( $is_frontend ){
52
  $activate_users_wp_members = get_option( "acui_frontend_activate_users_wp_members" );
53
  }
54
  else{
55
+ $activate_users_wp_members = ( !isset( $form_data["activate_users_wp_members"] ) || empty( $form_data["activate_users_wp_members"] ) ) ? "no_activate" : sanitize_text_field( $form_data["activate_users_wp_members"] );
 
 
 
56
  }
57
 
 
58
  if( $is_cron ){
59
+ $allow_multiple_accounts = ( get_option( "acui_cron_allow_multiple_accounts" ) == "allowed" ) ? "allowed" : "not_allowed";
 
 
 
 
 
60
  }
61
  else {
62
+ $allow_multiple_accounts = ( empty( $form_data["allow_multiple_accounts"] ) ) ? "not_allowed" : sanitize_text_field( $form_data["allow_multiple_accounts"] );
 
 
 
63
  }
64
 
65
+ $approve_users_new_user_approve = ( empty( $form_data["approve_users_new_user_appove"] ) ) ? "no_approve" : sanitize_text_field( $form_data["approve_users_new_user_appove"] );
66
+
67
+ update_option( "acui_manually_send_mail", isset( $form_data["sends_email"] ) && $form_data["sends_email"] == 'yes' );
68
+ update_option( "acui_manually_send_mail_updated", isset( $form_data["send_email_updated"] ) && $form_data["send_email_updated"] == 'yes' );
 
 
 
 
 
 
 
 
 
 
 
69
 
70
  // disable WordPress default emails if this must be disabled
71
  if( !get_option('acui_automatic_wordpress_email') ){
384
  update_user_meta( $user_id, "active", true );
385
 
386
  // New User Approve
387
+ if( $approve_users_new_user_approve == "approve" )
388
  update_user_meta( $user_id, "pw_user_status", "approved" );
389
  else
390
  update_user_meta( $user_id, "pending", true );
706
  function acui_options(){
707
  global $acui_url_plugin;
708
 
709
+ if ( !current_user_can( 'create_users' ) ) {
710
  wp_die( __( 'You are not allowed to see this content.', 'import-users-from-csv-with-meta' ));
711
  }
712
 
715
  else
716
  $tab = 'homepage';
717
 
 
718
  if( isset( $_POST ) && !empty( $_POST ) ):
719
+ if ( !wp_verify_nonce( $_POST['security'], 'codection-security' ) ) {
720
+ wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
721
+ }
722
+
723
  switch ( $tab ){
724
  case 'homepage':
725
  acui_fileupload_process( $_POST, false );
741
  case 'cron':
742
  acui_manage_cron_process( $_POST );
743
  break;
 
744
  }
 
745
  endif;
746
 
747
  if ( isset ( $_GET['tab'] ) )
include/shortcode-frontend.php CHANGED
@@ -7,8 +7,7 @@ function acui_frontend() {
7
  die( __( 'Only users who are able to create users can manage this form.', 'import-users-from-csv-with-meta' ) );
8
 
9
  if ( $_FILES && !empty( $_POST ) ) {
10
- $nonce = $_POST['acui_nonce'];
11
- if ( !isset( $nonce ) || !wp_verify_nonce( $nonce, 'codection-security' ) ){
12
  wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
13
  }
14
 
@@ -30,10 +29,10 @@ function acui_frontend() {
30
  ?>
31
  <form method="POST" enctype="multipart/form-data" action="" accept-charset="utf-8" class="acui_frontend_form">
32
  <label><?php _e( 'CSV file <span class="description">(required)</span>', 'import-users-from-csv-with-meta' ); ?></label></th>
33
- <input class="acui_frontend_file" type="file" name="uploadfiles[]" id="uploadfiles" size="35" class="uploadfiles" />
34
  <input class="acui_frontend_submit" type="submit" value="<?php _e( 'Upload and process', 'import-users-from-csv-with-meta' ); ?>"/>
35
 
36
- <?php wp_nonce_field( 'codection-security', 'acui_nonce' ); ?>
37
  </form>
38
  <?php
39
  return ob_get_clean();
7
  die( __( 'Only users who are able to create users can manage this form.', 'import-users-from-csv-with-meta' ) );
8
 
9
  if ( $_FILES && !empty( $_POST ) ) {
10
+ if ( !wp_verify_nonce( $_POST['security'], 'codection-security' ) ){
 
11
  wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
12
  }
13
 
29
  ?>
30
  <form method="POST" enctype="multipart/form-data" action="" accept-charset="utf-8" class="acui_frontend_form">
31
  <label><?php _e( 'CSV file <span class="description">(required)</span>', 'import-users-from-csv-with-meta' ); ?></label></th>
32
+ <input class="acui_frontend_file" type="file" name="uploadfile" id="uploadfile" size="35" class="uploadfile" />
33
  <input class="acui_frontend_submit" type="submit" value="<?php _e( 'Upload and process', 'import-users-from-csv-with-meta' ); ?>"/>
34
 
35
+ <?php wp_nonce_field( 'codection-security', 'security' ); ?>
36
  </form>
37
  <?php
38
  return ob_get_clean();
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://codection.com/go/donate-import-users-from-csv-with-meta/
4
  Tags: csv, import, importer, meta data, meta, user, users, user meta, editor, profile, custom, fields, delimiter, update, insert
5
  Requires at least: 3.4
6
  Tested up to: 5.2.1
7
- Stable tag: 1.14.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -91,10 +91,16 @@ Plugin will automatically detect:
91
 
92
  == Changelog ==
93
 
 
 
 
94
  = 1.14.2 =
95
  * Authenticated Media Deletion Vulnerability fixed in acui_bulk_delete_attachment
96
- * Nonces incorporated in different AJAX to improve security
97
  * Media type of media deleted check to avoid problems deleting files
 
 
 
98
 
99
  = 1.14.1.3 =
100
  * XSS problem fixed when displaying data imported
4
  Tags: csv, import, importer, meta data, meta, user, users, user meta, editor, profile, custom, fields, delimiter, update, insert
5
  Requires at least: 3.4
6
  Tested up to: 5.2.1
7
+ Stable tag: 1.14.2.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
91
 
92
  == Changelog ==
93
 
94
+ = 1.14.2.1 =
95
+ * Directory traversal attack prevented
96
+
97
  = 1.14.2 =
98
  * Authenticated Media Deletion Vulnerability fixed in acui_bulk_delete_attachment
99
+ * Nonces incorporated in different AJAX and forms to improve security
100
  * Media type of media deleted check to avoid problems deleting files
101
+ * SMTP configuration removed completely, we recommend to use a SMTP plugin if you need it in the future, this part was deprecated some versions ago
102
+ * plugins_url() now is well called so images, files and other assets will be shown properly in all cases
103
+ * Data is sanitized always to prevent security and user problems
104
 
105
  = 1.14.1.3 =
106
  * XSS problem fixed when displaying data imported
smtp.php DELETED
@@ -1,310 +0,0 @@
1
- <?php
2
-
3
- if ( ! defined( 'ABSPATH' ) ) exit;
4
-
5
- /* Most part of this file is based in the original one wp_mail_smtp.php from the plugin WP Mail SMTP that you can find here https://wordpress.org/plugins/wp-mail-smtp/ */
6
-
7
- global $acui_smtp_options;
8
- $acui_smtp_options = array (
9
- 'acui_settings' => 'wordpress',
10
- 'acui_mail_from' => '',
11
- 'acui_mail_from_name' => '',
12
- 'acui_mailer' => 'smtp',
13
- 'acui_mail_set_return_path' => 'false',
14
- 'acui_smtp_host' => 'localhost',
15
- 'acui_smtp_port' => '25',
16
- 'acui_smtp_ssl' => 'none',
17
- 'acui_smtp_auth' => false,
18
- 'acui_smtp_user' => '',
19
- 'acui_smtp_pass' => ''
20
- );
21
-
22
- function acui_smtp() {
23
- global $acui_smtp_options, $phpmailer;
24
-
25
- // Send a test mail if necessary
26
- if( isset( $_POST['acui_smpt_action'] ) && $_POST['acui_smpt_action'] == __('Send Test', 'acui') && isset( $_POST['to'] ) ){
27
- check_admin_referer('test-email');
28
-
29
- if ( !is_object( $phpmailer ) || !is_a( $phpmailer, 'PHPMailer' ) ) {
30
- require_once ABSPATH . WPINC . '/class-phpmailer.php';
31
- require_once ABSPATH . WPINC . '/class-smtp.php';
32
- $phpmailer = new PHPMailer( true );
33
- }
34
-
35
- add_action( 'phpmailer_init', 'acui_mailer_init' );
36
-
37
- // Set up the mail variables
38
- $to = $_POST['to'];
39
- $subject = 'Import Users From CSV With Meta - Mail SMTP: ' . __('Test mail to ', 'acui') . $to;
40
- $message = __('This is a test email generated by the Import User From CSV With Meta WordPress plugin.', 'acui');
41
-
42
- // Set SMTPDebug to true
43
- $phpmailer->SMTPDebug = true;
44
-
45
- // Start output buffering to grab smtp debugging output
46
- ob_start();
47
-
48
- if( !get_option('acui_automatic_wordpress_email') ){
49
- add_filter( 'send_email_change_email', '__return_false' );
50
- add_filter( 'send_password_change_email', '__return_false' );
51
- }
52
-
53
- add_filter( 'wp_mail_from', 'acui_mail_from' );
54
- add_filter( 'wp_mail_from_name', 'acui_mail_from_name' );
55
- add_filter( 'wp_mail_content_type', 'cod_set_html_content_type' );
56
-
57
- $result = wp_mail( $to, $subject , $message );
58
-
59
- remove_filter( 'wp_mail_from', 'acui_mail_from' );
60
- remove_filter( 'wp_mail_from_name', 'acui_mail_from_name' );
61
- remove_filter( 'wp_mail_content_type', 'cod_set_html_content_type' );
62
-
63
- if( !get_option('acui_automatic_wordpress_email') ){
64
- remove_filter( 'send_email_change_email', '__return_false' );
65
- remove_filter( 'send_password_change_email', '__return_false' );
66
- }
67
-
68
- // Strip out the language strings which confuse users
69
- //unset($phpmailer->language);
70
- // This property became protected in WP 3.2
71
-
72
- // Grab the smtp debugging output
73
- $smtp_debug = ob_get_clean();
74
- ?>
75
- <div id="message" class="updated fade">
76
- <?php if( $result ): ?>
77
-
78
- <p><strong><?php _e('Message sent successfully', 'acui'); ?></strong></p>
79
-
80
- <?php else: ?>
81
-
82
- <p><strong><?php _e('Test Message Sent', 'acui'); ?></strong></p>
83
- <p><?php _e('The result was:', 'acui'); ?></p>
84
- <pre><?php var_dump( $result ); ?></pre>
85
- <p><?php _e('The full debugging output is shown below:', 'acui'); ?></p>
86
- <pre><?php var_dump( $phpmailer ); ?></pre>
87
- <p><?php _e('The SMTP debugging output is shown below:', 'acui'); ?></p>
88
- <pre><?php echo $smtp_debug ?></pre>
89
-
90
- <?php endif; ?>
91
- </div>
92
-
93
- <?php
94
- // Destroy $phpmailer so it doesn't cause issues later
95
- unset($phpmailer);
96
- remove_action( 'phpmailer_init', 'acui_mailer_init' );
97
- }
98
-
99
- if( isset( $_POST['acui_settings'] ) && !empty( $_POST['acui_settings'] ) ) {
100
- check_admin_referer('email-config');
101
-
102
- foreach ($acui_smtp_options as $name => $val) {
103
- update_option( $name, $_POST[ $name ] );
104
- }
105
- }
106
-
107
- // in version 1.8.7 we include this new option, we fill it in a smart way
108
- if( get_option( "acui_settings" ) == "" ){
109
- if( get_option( "acui_mail_from" ) == "" )
110
- update_option( "acui_settings", "wordpress" );
111
- else
112
- update_option( "acui_settings", "plugin" );
113
- }
114
-
115
- ?>
116
-
117
- <div class="wrap">
118
- <h2><?php _e('Import User From CSV With Meta - SMTP server options', 'acui'); ?></h2>
119
- <div style="background-color: red; color: white;">This feature is deprecated. Please use better a SMTP plugin from the repository specialized in this kind of configurations.</div>
120
- <form method="post" action="" id="acui_smtp_options">
121
- <?php wp_nonce_field('email-config'); ?>
122
-
123
- <h3><?php _e('Global options', 'acui'); ?></h3>
124
- <p><?php _e('Do you want to use your own SMTP settings for this plugin or the WordPress settings.', 'acui'); ?></p>
125
-
126
- <table class="optiontable form-table">
127
- <tr valign="top">
128
- <th scope="row"><?php _e('Settings', 'acui'); ?> </th>
129
- <td>
130
- <fieldset>
131
- <legend class="screen-reader-text"><span><?php _e('Use plugin SMTP settings', 'acui'); ?></span></legend>
132
- <p><input id="acui_settings_plugin" type="radio" name="acui_settings" value="plugin" <?php checked('plugin', get_option('acui_settings')); ?> />
133
- <label for="acui_settings"><?php _e('Use this settings to send mail.', 'acui'); ?></label></p>
134
- <p><input id="acui_settings_wordpress" type="radio" name="acui_settings" value="wordpress" <?php checked('wordpress', get_option('acui_settings')); ?> />
135
- <label for="acui_settings"><?php _e('Use WordPress general settings to send mail.', 'acui'); ?></label></p>
136
- </fieldset>
137
- </td>
138
- </tr>
139
- </table>
140
-
141
- <table class="optiontable form-table">
142
- <tr valign="top">
143
- <th scope="row"><label for="mail_from"><?php _e('From Email', 'acui'); ?></label></th>
144
- <td><input name="acui_mail_from" type="text" id="acui_mail_from" value="<?php print(get_option('acui_mail_from')); ?>" size="40" class="regular-text" />
145
- <span class="description"><?php _e('You can specify the email address that emails should be sent from. If you leave this blank, the default email will be used.', 'acui'); if(get_option('db_version') < 6124) { print('<br /><span style="color: red;">'); _e('<strong>Please Note:</strong> You appear to be using a version of WordPress prior to 2.3. Please ignore the From Name field and instead enter Name&lt;email@domain.com&gt; in this field.', 'acui'); print('</span>'); } ?></span></td>
146
- </tr>
147
- <tr valign="top">
148
- <th scope="row"><label for="mail_from_name"><?php _e('From Name', 'acui'); ?></label></th>
149
- <td><input name="acui_mail_from_name" type="text" id="acui_mail_from_name" value="<?php print(get_option('acui_mail_from_name')); ?>" size="40" class="regular-text" />
150
- <span class="description"><?php _e('You can specify the name that emails should be sent from. If you leave this blank, the emails will be sent from WordPress.', 'acui'); ?></span></td>
151
- </tr>
152
- </table>
153
-
154
- <table class="optiontable form-table">
155
- <tr valign="top">
156
- <th scope="row"><?php _e('Mailer', 'acui'); ?> </th>
157
- <td>
158
- <fieldset>
159
- <legend class="screen-reader-text"><span><?php _e('Mailer', 'acui'); ?></span></legend>
160
- <p><input id="acui_mailer_smtp" type="radio" name="acui_mailer" value="smtp" <?php checked('smtp', get_option('acui_mailer')); ?> />
161
- <label for="mailer_smtp"><?php _e('Send emails of this plugin via SMTP.', 'acui'); ?></label></p>
162
- <p><input id="acui_mailer_mail" type="radio" name="acui_mailer" value="mail" <?php checked('mail', get_option('acui_mailer')); ?> />
163
- <label for="mailer_mail"><?php _e('Use the PHP mail() function to send emails.', 'acui'); ?></label></p>
164
- </fieldset>
165
- </td>
166
- </tr>
167
- </table>
168
-
169
- <table class="optiontable form-table">
170
- <tr valign="top">
171
- <th scope="row"><?php _e('Return Path', 'acui'); ?> </th>
172
- <td>
173
- <fieldset>
174
- <legend class="screen-reader-text"><span><?php _e('Return Path', 'acui'); ?></span></legend><label for="mail_set_return_path">
175
- <input name="acui_mail_set_return_path" type="checkbox" id="acui_mail_set_return_path" value="true" <?php checked('true', get_option('acui_mail_set_return_path')); ?> />
176
- <?php _e('Set the return-path to match the From Email'); ?></label>
177
- </fieldset>
178
- </td>
179
- </tr>
180
- </table>
181
-
182
- <h3><?php _e('SMTP Options', 'acui'); ?></h3>
183
- <p><?php _e('These options only apply if you have chosen to send mail by SMTP above.', 'acui'); ?></p>
184
-
185
- <table class="optiontable form-table">
186
- <tr valign="top">
187
- <th scope="row"><label for="smtp_host"><?php _e('SMTP Host', 'acui'); ?></label></th>
188
- <td><input name="acui_smtp_host" type="text" id="acui_smtp_host" value="<?php print(get_option('acui_smtp_host')); ?>" size="40" class="regular-text" /></td>
189
- </tr>
190
- <tr valign="top">
191
- <th scope="row"><label for="smtp_port"><?php _e('SMTP Port', 'acui'); ?></label></th>
192
- <td><input name="acui_smtp_port" type="text" id="acui_smtp_port" value="<?php print(get_option('acui_smtp_port')); ?>" size="6" class="regular-text" /></td>
193
- </tr>
194
- <tr valign="top">
195
- <th scope="row"><?php _e('Encryption', 'acui'); ?> </th>
196
- <td>
197
- <fieldset>
198
- <legend class="screen-reader-text"><span><?php _e('Encryption', 'acui'); ?></span></legend>
199
- <input id="acui_smtp_ssl_none" type="radio" name="acui_smtp_ssl" value="none" <?php checked('none', get_option('acui_smtp_ssl')); ?> />
200
- <label for="smtp_ssl_none"><span><?php _e('No encryption.', 'acui'); ?></span></label><br />
201
- <input id="acui_smtp_ssl_ssl" type="radio" name="acui_smtp_ssl" value="ssl" <?php checked('ssl', get_option('acui_smtp_ssl')); ?> />
202
- <label for="smtp_ssl_ssl"><span><?php _e('Use SSL encryption.', 'acui'); ?></span></label><br />
203
- <input id="acui_smtp_ssl_tls" type="radio" name="acui_smtp_ssl" value="tls" <?php checked('tls', get_option('acui_smtp_ssl')); ?> />
204
- <label for="smtp_ssl_tls"><span><?php _e('Use TLS encryption. This is not the same as STARTTLS. For most servers SSL is the recommended option.', 'acui'); ?></span></label>
205
- </td>
206
- </tr>
207
- <tr valign="top">
208
- <th scope="row"><?php _e('Authentication', 'acui'); ?> </th>
209
- <td>
210
- <input id="acui_smtp_auth_false" type="radio" name="acui_smtp_auth" value="false" <?php checked('false', get_option('acui_smtp_auth')); ?> />
211
- <label for="smtp_auth_false"><span><?php _e('No: Do not use SMTP authentication.', 'acui'); ?></span></label><br />
212
- <input id="acui_smtp_auth_true" type="radio" name="acui_smtp_auth" value="true" <?php checked('true', get_option('acui_smtp_auth')); ?> />
213
- <label for="smtp_auth_true"><span><?php _e('Yes: Use SMTP authentication.', 'acui'); ?></span></label><br />
214
- <span class="description"><?php _e('If this is set to no, the values below are ignored.', 'acui'); ?></span>
215
- </td>
216
- </tr>
217
- <tr valign="top">
218
- <th scope="row"><label for="smtp_user"><?php _e('Username', 'acui'); ?></label></th>
219
- <td><input name="acui_smtp_user" type="text" id="acui_smtp_user" value="<?php print(get_option('acui_smtp_user')); ?>" size="40" class="code" /></td>
220
- </tr>
221
- <tr valign="top">
222
- <th scope="row"><label for="smtp_pass"><?php _e('Password', 'acui'); ?></label></th>
223
- <td><input name="acui_smtp_pass" type="password" id="acui_smtp_pass" value="<?php print(get_option('acui_smtp_pass')); ?>" size="40" class="code" /></td>
224
- </tr>
225
- </table>
226
-
227
- <p class="submit"><input type="submit" name="submit" id="submit" class="button-primary" value="<?php _e('Save Changes'); ?>" /></p>
228
- </form>
229
-
230
- <h3><?php _e('Send a Test Email', 'acui'); ?></h3>
231
-
232
- <form method="POST" action="">
233
- <?php wp_nonce_field('test-email'); ?>
234
- <table class="optiontable form-table">
235
- <tr valign="top">
236
- <th scope="row"><label for="to"><?php _e('To:', 'acui'); ?></label></th>
237
- <td><input name="to" type="text" id="to" value="" size="40" class="code" />
238
- <span class="description"><?php _e('Type an email address here and then click Send Test to generate a test email.', 'acui'); ?></span></td>
239
- </tr>
240
- </table>
241
- <p class="submit"><input type="submit" name="acui_smpt_action" id="acui_smpt_action" class="button-primary" value="<?php _e('Send Test', 'acui'); ?>" /></p>
242
- </form>
243
- </div>
244
-
245
- <script>
246
- jQuery( document ).ready( function( $ ){
247
- $( "[name='acui_settings']" ).on('change', function() {
248
- var selected = $( 'input[name=acui_settings]:checked' ).val();
249
-
250
- if( selected == "wordpress" )
251
- disableControls();
252
- else
253
- enableControls();
254
- });
255
-
256
- function disableControls(){
257
- $("#acui_smtp_options :input").not(":input[type=submit],:input[type=hidden]").prop("disabled", true);
258
- $("[name='acui_settings']").prop("disabled", false);
259
- }
260
-
261
- function enableControls(){
262
- $("#acui_smtp_options :input").not(":input[type=submit],:input[type=hidden]").prop("disabled", false);
263
- }
264
-
265
- <?php if( get_option( "acui_settings" ) == "wordpress" ): ?>
266
- disableControls();
267
- <?php else: ?>
268
- enableControls();
269
- <?php endif; ?>
270
- })
271
- </script>
272
-
273
- <?php
274
- }
275
-
276
- function acui_mailer_init( PHPMailer $phpmailer ){
277
- if ( ! get_option('acui_mailer') || ( get_option('acui_mailer') == 'smtp' && ! get_option('acui_smtp_host') ) ) {
278
- return;
279
- }
280
-
281
- // Set the mailer type as per config above, this overrides the already called isMail method
282
- $phpmailer->Mailer = get_option('acui_mailer');
283
-
284
- // Set the Sender (return-path) if required
285
- if (get_option('acui_mail_set_return_path'))
286
- $phpmailer->Sender = $phpmailer->From;
287
-
288
- // Set the SMTPSecure value, if set to none, leave this blank
289
- $phpmailer->SMTPSecure = get_option('acui_smtp_ssl') == 'none' ? '' : get_option('acui_smtp_ssl');
290
-
291
- // If we're sending via SMTP, set the host
292
- if (get_option('acui_mailer') == "smtp") {
293
-
294
- // Set the SMTPSecure value, if set to none, leave this blank
295
- $phpmailer->SMTPSecure = get_option('acui_smtp_ssl') == 'none' ? '' : get_option('acui_smtp_ssl');
296
-
297
- // Set the other options
298
- $phpmailer->Host = get_option('acui_smtp_host');
299
- $phpmailer->Port = get_option('acui_smtp_port');
300
-
301
- // If we're using smtp auth, set the username & password
302
- if (get_option('acui_smtp_auth') == "true") {
303
- $phpmailer->SMTPAuth = TRUE;
304
- $phpmailer->Username = get_option('acui_smtp_user');
305
- $phpmailer->Password = get_option('acui_smtp_pass');
306
- }
307
- }
308
-
309
- $phpmailer = apply_filters('acui_smtp_custom_options', $phpmailer);
310
- }