Import users from CSV with meta - Version 1.14.2.2

Version Description

  • More nonces included
Download this release

Release Info

Developer carazo
Plugin Icon 128x128 Import users from CSV with meta
Version 1.14.2.2
Comparing to
See all releases

Code changes from version 1.14.2.1 to 1.14.2.2

Files changed (3) hide show
  1. import-users-from-csv-with-meta.php +39 -18
  2. include/shortcode-frontend.php +1 -0
  3. readme.txt +3 -0
import-users-from-csv-with-meta.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Import users from CSV with meta
4
  Plugin URI: https://www.codection.com
5
  Description: This plugins allows to import users using CSV files to WP database automatically
6
- Version: 1.14.2.1
7
  Author: codection
8
  Author URI: https://codection.com
9
  License: GPL2
@@ -307,30 +307,38 @@ function acui_admin_tabs( $current = 'homepage' ) {
307
  }
308
 
309
  function acui_fileupload_process( $form_data, $is_cron = false, $is_frontend = false ) {
310
- if( empty( $_FILES['uploadfile']['name'] ) ):
311
- $path_to_file = sanitize_file_name( $form_data["path_to_file"] );
 
 
 
 
312
 
313
- if( !validate_file( $path_to_file ) ){
314
- wp_die( __( 'Error, path to file is not well written', 'import-users-from-csv-with-meta' ) . ": $path_to_file" );
315
- }
316
 
317
- if( !file_exists ( $path_to_file ) ){
318
- wp_die( __( 'Error, we cannot find the file', 'import-users-from-csv-with-meta' ) . ": $path_to_file" );
319
- }
320
 
321
- acui_import_users( $path_to_file, $form_data, 0, $is_cron, $is_frontend );
322
- else:
323
- $uploadfile = wp_handle_upload( $_FILES['uploadfile'], array( 'test_form' => false, 'mimes' => array('csv' => 'text/csv') ) );
324
 
325
- if ( !$uploadfile || isset( $uploadfile['error'] ) ) {
326
- wp_die( __( 'Problem uploading file to import' . var_export( $uploadfile['error'], true ), 'import-users-from-csv-with-meta' ));
327
- } else {
328
- acui_import_users( $uploadfile['file'], $form_data, acui_get_attachment_id_by_url( $uploadfile['url'] ), $is_cron, $is_frontend );
329
- }
330
- endif;
331
  }
332
 
333
  function acui_manage_frontend_process( $form_data ){
 
 
 
 
334
  update_option( "acui_frontend_send_mail", isset( $form_data["send-mail-frontend"] ) && $form_data["send-mail-frontend"] == "yes" );
335
  update_option( "acui_frontend_send_mail_updated", isset( $form_data["send-mail-updated-frontend"] ) && $form_data["send-mail-updated-frontend"] == "yes" );
336
  update_option( "acui_frontend_delete_users", isset( $form_data["delete-users-frontend"] ) && $form_data["delete-users-frontend"] == "yes" );
@@ -352,10 +360,18 @@ function acui_manage_frontend_process( $form_data ){
352
  }
353
 
354
  function acui_manage_extra_profile_fields( $form_data ){
 
 
 
 
355
  update_option( "acui_show_profile_fields", isset( $form_data["show-profile-fields"] ) && $form_data["show-profile-fields"] == "yes" );
356
  }
357
 
358
  function acui_save_mail_template( $form_data ){
 
 
 
 
359
  $automattic_wordpress_email = sanitize_text_field( $form_data["automattic_wordpress_email"] );
360
  $subject_mail = sanitize_text_field( $form_data["subject_mail"] );
361
  $body_mail = wp_kses_post( stripslashes( $form_data["body_mail"] ) );
@@ -387,6 +403,10 @@ function acui_save_mail_template( $form_data ){
387
  }
388
 
389
  function acui_manage_cron_process( $form_data ){
 
 
 
 
390
  $next_timestamp = wp_next_scheduled( 'acui_cron_process' );
391
  $period = sanitize_text_field( $form_data[ "period" ] );
392
 
@@ -432,6 +452,7 @@ function acui_cron_process(){
432
  $form_data[ "role" ] = get_option( "acui_cron_role");
433
  $form_data[ "update_roles_existing_users" ] = get_option( "acui_cron_update_roles_existing_users");
434
  $form_data[ "empty_cell_action" ] = "leave";
 
435
 
436
  ob_start();
437
  acui_fileupload_process( $form_data, true );
3
  Plugin Name: Import users from CSV with meta
4
  Plugin URI: https://www.codection.com
5
  Description: This plugins allows to import users using CSV files to WP database automatically
6
+ Version: 1.14.2.2
7
  Author: codection
8
  Author URI: https://codection.com
9
  License: GPL2
307
  }
308
 
309
  function acui_fileupload_process( $form_data, $is_cron = false, $is_frontend = false ) {
310
+ if ( !isset( $form_data['security'] ) || !wp_verify_nonce( $form_data['security'], 'codection-security' ) ) {
311
+ wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
312
+ }
313
+
314
+ if( empty( $_FILES['uploadfile']['name'] ) ):
315
+ $path_to_file = sanitize_file_name( $form_data["path_to_file"] );
316
 
317
+ if( !validate_file( $path_to_file ) ){
318
+ wp_die( __( 'Error, path to file is not well written', 'import-users-from-csv-with-meta' ) . ": $path_to_file" );
319
+ }
320
 
321
+ if( !file_exists ( $path_to_file ) ){
322
+ wp_die( __( 'Error, we cannot find the file', 'import-users-from-csv-with-meta' ) . ": $path_to_file" );
323
+ }
324
 
325
+ acui_import_users( $path_to_file, $form_data, 0, $is_cron, $is_frontend );
326
+ else:
327
+ $uploadfile = wp_handle_upload( $_FILES['uploadfile'], array( 'test_form' => false, 'mimes' => array('csv' => 'text/csv') ) );
328
 
329
+ if ( !$uploadfile || isset( $uploadfile['error'] ) ) {
330
+ wp_die( __( 'Problem uploading file to import' . var_export( $uploadfile['error'], true ), 'import-users-from-csv-with-meta' ));
331
+ } else {
332
+ acui_import_users( $uploadfile['file'], $form_data, acui_get_attachment_id_by_url( $uploadfile['url'] ), $is_cron, $is_frontend );
333
+ }
334
+ endif;
335
  }
336
 
337
  function acui_manage_frontend_process( $form_data ){
338
+ if ( !isset( $form_data['security'] ) || !wp_verify_nonce( $form_data['security'], 'codection-security' ) ) {
339
+ wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
340
+ }
341
+
342
  update_option( "acui_frontend_send_mail", isset( $form_data["send-mail-frontend"] ) && $form_data["send-mail-frontend"] == "yes" );
343
  update_option( "acui_frontend_send_mail_updated", isset( $form_data["send-mail-updated-frontend"] ) && $form_data["send-mail-updated-frontend"] == "yes" );
344
  update_option( "acui_frontend_delete_users", isset( $form_data["delete-users-frontend"] ) && $form_data["delete-users-frontend"] == "yes" );
360
  }
361
 
362
  function acui_manage_extra_profile_fields( $form_data ){
363
+ if ( !isset( $form_data['security'] ) || !wp_verify_nonce( $form_data['security'], 'codection-security' ) ) {
364
+ wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
365
+ }
366
+
367
  update_option( "acui_show_profile_fields", isset( $form_data["show-profile-fields"] ) && $form_data["show-profile-fields"] == "yes" );
368
  }
369
 
370
  function acui_save_mail_template( $form_data ){
371
+ if ( !isset( $form_data['security'] ) || !wp_verify_nonce( $form_data['security'], 'codection-security' ) ) {
372
+ wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
373
+ }
374
+
375
  $automattic_wordpress_email = sanitize_text_field( $form_data["automattic_wordpress_email"] );
376
  $subject_mail = sanitize_text_field( $form_data["subject_mail"] );
377
  $body_mail = wp_kses_post( stripslashes( $form_data["body_mail"] ) );
403
  }
404
 
405
  function acui_manage_cron_process( $form_data ){
406
+ if ( !isset( $form_data['security'] ) || !wp_verify_nonce( $form_data['security'], 'codection-security' ) ) {
407
+ wp_die( __( 'Nonce check failed', 'import-users-from-csv-with-meta' ) );
408
+ }
409
+
410
  $next_timestamp = wp_next_scheduled( 'acui_cron_process' );
411
  $period = sanitize_text_field( $form_data[ "period" ] );
412
 
452
  $form_data[ "role" ] = get_option( "acui_cron_role");
453
  $form_data[ "update_roles_existing_users" ] = get_option( "acui_cron_update_roles_existing_users");
454
  $form_data[ "empty_cell_action" ] = "leave";
455
+ $form_data[ "security" ] = wp_create_nonce( "codection-security" );
456
 
457
  ob_start();
458
  acui_fileupload_process( $form_data, true );
include/shortcode-frontend.php CHANGED
@@ -18,6 +18,7 @@ function acui_frontend() {
18
  $form_data[ "path_to_file" ] = get_attached_file( $csv_file_id );
19
  $form_data[ "role" ] = get_option( "acui_frontend_role");
20
  $form_data[ "empty_cell_action" ] = "leave";
 
21
 
22
  acui_fileupload_process( $form_data, false, true );
23
 
18
  $form_data[ "path_to_file" ] = get_attached_file( $csv_file_id );
19
  $form_data[ "role" ] = get_option( "acui_frontend_role");
20
  $form_data[ "empty_cell_action" ] = "leave";
21
+ $form_data[ "security" ] = wp_create_nonce( "codection-security" );
22
 
23
  acui_fileupload_process( $form_data, false, true );
24
 
readme.txt CHANGED
@@ -91,6 +91,9 @@ Plugin will automatically detect:
91
 
92
  == Changelog ==
93
 
 
 
 
94
  = 1.14.2.1 =
95
  * Directory traversal attack prevented
96
 
91
 
92
  == Changelog ==
93
 
94
+ = 1.14.2.2 =
95
+ * More nonces included
96
+
97
  = 1.14.2.1 =
98
  * Directory traversal attack prevented
99