Order Export & Order Import for WooCommerce - Version 1.6.1

Version Description

  • [Improvement] Security
Download this release

Release Info

Developer webtoffee
Plugin Icon 128x128 Order Export & Order Import for WooCommerce
Version 1.6.1
Comparing to
See all releases

Code changes from version 1.6.0 to 1.6.1

Files changed (9) hide show
  1. includes/class-wf-cpnimpexpcsv-admin-screen.php +1 -7
  2. includes/exporter/class-wf-cpnimpexpcsv-exporter.php +5 -5
  3. includes/exporter/class-wf-orderimpexpcsv-exporter.php +6 -6
  4. includes/importer/class-wf-cpnimpexpcsv-coupon-import.php +27 -19
  5. includes/importer/class-wf-orderimpexpcsv-order-import.php +29 -19
  6. includes/importer/views/html-wf-import-options.php +1 -1
  7. includes/settings/class-wf-orderimpexpcsv-settings.php +0 -21
  8. order-import-export-for-woocommerce.php +16 -35
  9. readme.txt +3 -1
includes/class-wf-cpnimpexpcsv-admin-screen.php CHANGED
@@ -62,9 +62,7 @@ class WF_CpnImpExpCsv_Admin_Screen {
62
  if( $_GET['tab'] == 'export' ) {
63
  $tab = 'export';
64
  }
65
- else if ( $_GET['tab'] == 'settings' ) {
66
- $tab = 'settings';
67
- }
68
  else if ( $_GET['tab'] == 'coupon' ) {
69
  $tab = 'coupon';
70
  }
@@ -91,10 +89,6 @@ class WF_CpnImpExpCsv_Admin_Screen {
91
  include( 'views/export/html-wf-export-coupons.php' );
92
  }
93
 
94
- public function admin_settings_page()
95
- {
96
- include( 'views/settings/html-wf-all-settings.php' );
97
- }
98
  }
99
 
100
  new WF_CpnImpExpCsv_Admin_Screen();
62
  if( $_GET['tab'] == 'export' ) {
63
  $tab = 'export';
64
  }
65
+
 
 
66
  else if ( $_GET['tab'] == 'coupon' ) {
67
  $tab = 'coupon';
68
  }
89
  include( 'views/export/html-wf-export-coupons.php' );
90
  }
91
 
 
 
 
 
92
  }
93
 
94
  new WF_CpnImpExpCsv_Admin_Screen();
includes/exporter/class-wf-cpnimpexpcsv-exporter.php CHANGED
@@ -8,13 +8,13 @@ class WF_CpnImpExpCsv_Exporter {
8
 
9
  public static function do_export($post_type = 'shop_coupon') {
10
  global $wpdb;
11
-
12
- $export_limit = !empty($_POST['limit']) ? intval($_POST['limit']) : 999999999;
13
  $export_count = 0;
14
  $limit = 100;
15
- $current_offset = !empty($_POST['offset']) ? intval($_POST['offset']) : 0;
16
- $sortcolumn = !empty($_POST['sortcolumn']) ? $_POST['sortcolumn'] : 'ID';
17
- $delimiter = !empty($_POST['delimiter']) ? $_POST['delimiter'] : ',';
18
  $csv_columns = include( 'data/data-wf-post-columns-coupon.php' );
19
  if ($limit > $export_limit)
20
  $limit = $export_limit;
8
 
9
  public static function do_export($post_type = 'shop_coupon') {
10
  global $wpdb;
11
+ absint($maybeint);
12
+ $export_limit = !empty($_POST['limit']) ? absint($_POST['limit']) : 999999999;
13
  $export_count = 0;
14
  $limit = 100;
15
+ $current_offset = !empty($_POST['offset']) ? absint($_POST['offset']) : 0;
16
+ $sortcolumn = !empty($_POST['sortcolumn']) ? sanitize_text_field($_POST['sortcolumn']) : 'ID';
17
+ $delimiter = !empty($_POST['delimiter']) ? wc_clean( wp_unslash($_POST['delimiter'])): ',';
18
  $csv_columns = include( 'data/data-wf-post-columns-coupon.php' );
19
  if ($limit > $export_limit)
20
  $limit = $export_limit;
includes/exporter/class-wf-orderimpexpcsv-exporter.php CHANGED
@@ -12,13 +12,13 @@ class WF_OrderImpExpCsv_Exporter {
12
 
13
  public static function do_export($post_type = 'shop_order') {
14
  global $wpdb;
15
- $limit = !empty($_POST['limit']) ? intval($_POST['limit']) : 999999999;
16
- $export_offset = !empty($_POST['offset']) ? intval($_POST['offset']) : 0;
17
  $csv_columns = include( 'data/data-wf-post-columns.php' );
18
- $user_columns_name = ! empty( $_POST['columns_name'] ) ? $_POST['columns_name'] : $csv_columns;
19
- $export_columns = ! empty( $_POST['columns'] ) ? $_POST['columns'] : array();
20
- $export_order_statuses = !empty($_POST['order_status']) ? $_POST['order_status'] : 'any';
21
- $delimiter = !empty($_POST['delimiter']) ? $_POST['delimiter'] : ',';
22
 
23
  $wpdb->hide_errors();
24
  @set_time_limit(0);
12
 
13
  public static function do_export($post_type = 'shop_order') {
14
  global $wpdb;
15
+ $limit = !empty($_POST['limit']) ? absint($_POST['limit']) : 999999999;
16
+ $export_offset = !empty($_POST['offset']) ? absint($_POST['offset']) : 0;
17
  $csv_columns = include( 'data/data-wf-post-columns.php' );
18
+ $user_columns_name = ! empty( $_POST['columns_name'] ) ? wc_clean($_POST['columns_name']) : $csv_columns;
19
+ $export_columns = ! empty( $_POST['columns'] ) ? wc_clean($_POST['columns']) : array();
20
+ $export_order_statuses = !empty($_POST['order_status']) ? wc_clean($_POST['order_status']) : 'any';
21
+ $delimiter = !empty($_POST['delimiter']) ? wc_clean( wp_unslash($_POST['delimiter'])) : ',';
22
 
23
  $wpdb->hide_errors();
24
  @set_time_limit(0);
includes/importer/class-wf-cpnimpexpcsv-coupon-import.php CHANGED
@@ -51,7 +51,7 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
51
  // } else{
52
  // $this->merge_empty_cells = 0;
53
  // }
54
- $step = empty( $_GET['step'] ) ? 0 : (int) $_GET['step'];
55
  switch ( $step ) {
56
  case 0 :
57
  $this->header();
@@ -61,9 +61,9 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
61
  $this->header();
62
  check_admin_referer( 'import-upload' );
63
  if(!empty($_GET['file_url']))
64
- $this->file_url = esc_attr( $_GET['file_url'] );
65
  if(!empty($_GET['file_id']))
66
- $this->id = $_GET['file_id'] ;
67
  if ( !empty($_GET['clearmapping']) || $this->handle_upload() )
68
  $this->import_options();
69
  else
@@ -74,9 +74,9 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
74
  case 2 :
75
  $this->header();
76
  check_admin_referer( 'import-woocommerce' );
77
- $this->id = (int) $_POST['import_id'];
78
  if ( $this->file_url_import_enabled )
79
- $this->file_url = esc_attr( $_POST['import_url'] );
80
  if ( $this->id )
81
  $file = get_attached_file( $this->id );
82
  else if ( $this->file_url_import_enabled )
@@ -120,6 +120,7 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
120
  //merge_empty_cells: '<?php //echo $this->merge_empty_cells; ?>',
121
  start_pos: start_pos,
122
  end_pos: end_pos,
 
123
  };
124
  return $.ajax({
125
  url: '<?php echo add_query_arg( array( 'import_page' => $this->import_page, 'step' => '3', 'merge' => ! empty( $_GET['merge'] ) ? '1' : '0' ), admin_url( 'admin-ajax.php' ) ); ?>',
@@ -214,6 +215,7 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
214
  action: 'coupon_csv_import_request',
215
  file: '<?php echo $file; ?>',
216
  processed_posts: processed_posts,
 
217
  };
218
 
219
  $.ajax({
@@ -234,18 +236,22 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
234
  echo '<p class="error">' . __( 'Error finding uploaded file!', 'order-import-export-for-woocommerce' ) . '</p>';
235
  }
236
  break;
237
- case 3 :
238
- // Check access - cannot use nonce here as it will expire after multiple requests
239
- if ( ! current_user_can( 'manage_woocommerce' ) )
240
- die();
 
 
 
 
 
241
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
242
  if ( function_exists( 'gc_enable' ) )
243
  gc_enable();
244
  @set_time_limit(0);
245
  @ob_flush();
246
  @flush();
247
- $wpdb->hide_errors();
248
- $file = stripslashes( $_POST['file'] );
249
  $start_pos = isset( $_POST['start_pos'] ) ? absint( $_POST['start_pos'] ) : 0;
250
  $end_pos = isset( $_POST['end_pos'] ) ? absint( $_POST['end_pos'] ) : '';
251
  $position = $this->import_start( $file, $start_pos, $end_pos );
@@ -262,10 +268,10 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
262
  exit;
263
  break;
264
  case 4 :
265
- // Check access - cannot use nonce here as it will expire after multiple requests
266
- if ( ! current_user_can( 'manage_woocommerce' ) )
267
- die();
268
-
269
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
270
 
271
  if ( function_exists( 'gc_enable' ) )
@@ -276,7 +282,7 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
276
  @flush();
277
  $wpdb->hide_errors();
278
 
279
- $this->processed_posts = isset( $_POST['processed_posts']) ? $_POST['processed_posts'] : array();
280
  $file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
281
 
282
  _e( 'Step 1...', 'order-import-export-for-woocommerce' ) . ' ';
@@ -287,7 +293,9 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
287
  _e( 'Finalizing...', 'order-import-export-for-woocommerce' ) . ' ';
288
  // SUCCESS
289
  _e( 'Finished. Import complete.', 'order-import-export-for-woocommerce' );
290
- unlink($file);
 
 
291
  $this->import_end();
292
  exit;
293
  break;
@@ -396,11 +404,11 @@ class WF_CpnImpExpCsv_Coupon_Import extends WP_Importer {
396
  echo esc_html( $file['error'] ) . '</p>';
397
  return false;
398
  }
399
- $this->id = (int) $file['id'];
400
  return true;
401
  } else {
402
  if ( file_exists( ABSPATH . $_POST['file_url'] ) ){
403
- $this->file_url = esc_attr( $_POST['file_url'] );
404
  return true;
405
  } else {
406
  echo '<p><strong>' . __( 'Sorry, there has been an error.', 'order-import-export-for-woocommerce' ) . '</strong></p>';
51
  // } else{
52
  // $this->merge_empty_cells = 0;
53
  // }
54
+ $step = empty( $_GET['step'] ) ? 0 : absint($_GET['step']);
55
  switch ( $step ) {
56
  case 0 :
57
  $this->header();
61
  $this->header();
62
  check_admin_referer( 'import-upload' );
63
  if(!empty($_GET['file_url']))
64
+ $this->file_url = esc_url_raw( $_GET['file_url'] );
65
  if(!empty($_GET['file_id']))
66
+ $this->id = absint($_GET['file_id']) ;
67
  if ( !empty($_GET['clearmapping']) || $this->handle_upload() )
68
  $this->import_options();
69
  else
74
  case 2 :
75
  $this->header();
76
  check_admin_referer( 'import-woocommerce' );
77
+ $this->id = absint($_POST['import_id']);
78
  if ( $this->file_url_import_enabled )
79
+ $this->file_url = esc_url_raw( $_POST['import_url'] );
80
  if ( $this->id )
81
  $file = get_attached_file( $this->id );
82
  else if ( $this->file_url_import_enabled )
120
  //merge_empty_cells: '<?php //echo $this->merge_empty_cells; ?>',
121
  start_pos: start_pos,
122
  end_pos: end_pos,
123
+ wt_nonce : '<?php echo wp_create_nonce( WF_CPN_IMP_EXP_ID )?>',
124
  };
125
  return $.ajax({
126
  url: '<?php echo add_query_arg( array( 'import_page' => $this->import_page, 'step' => '3', 'merge' => ! empty( $_GET['merge'] ) ? '1' : '0' ), admin_url( 'admin-ajax.php' ) ); ?>',
215
  action: 'coupon_csv_import_request',
216
  file: '<?php echo $file; ?>',
217
  processed_posts: processed_posts,
218
+ wt_nonce : '<?php echo wp_create_nonce( WF_CPN_IMP_EXP_ID )?>',
219
  };
220
 
221
  $.ajax({
236
  echo '<p class="error">' . __( 'Error finding uploaded file!', 'order-import-export-for-woocommerce' ) . '</p>';
237
  }
238
  break;
239
+ case 3 :
240
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
241
+ if (!wp_verify_nonce($nonce, WF_CPN_IMP_EXP_ID) || !WF_Coupon_Import_Export_CSV::hf_user_permission()) {
242
+ wp_die(__('Access Denied', 'order-import-export-for-woocommerce'));
243
+ }
244
+ $file = stripslashes( $_POST['file'] );
245
+ if (filter_var($file, FILTER_VALIDATE_URL)){ // Validating given path is valid path, not a URL
246
+ die();
247
+ }
248
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
249
  if ( function_exists( 'gc_enable' ) )
250
  gc_enable();
251
  @set_time_limit(0);
252
  @ob_flush();
253
  @flush();
254
+ $wpdb->hide_errors();
 
255
  $start_pos = isset( $_POST['start_pos'] ) ? absint( $_POST['start_pos'] ) : 0;
256
  $end_pos = isset( $_POST['end_pos'] ) ? absint( $_POST['end_pos'] ) : '';
257
  $position = $this->import_start( $file, $start_pos, $end_pos );
268
  exit;
269
  break;
270
  case 4 :
271
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
272
+ if (!wp_verify_nonce($nonce, WF_CPN_IMP_EXP_ID) || !WF_Coupon_Import_Export_CSV::hf_user_permission()) {
273
+ wp_die(__('Access Denied', 'order-import-export-for-woocommerce'));
274
+ }
275
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
276
 
277
  if ( function_exists( 'gc_enable' ) )
282
  @flush();
283
  $wpdb->hide_errors();
284
 
285
+ $this->processed_posts = isset( $_POST['processed_posts']) ? array_map('intval', $_POST['processed_posts']) : array();
286
  $file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
287
 
288
  _e( 'Step 1...', 'order-import-export-for-woocommerce' ) . ' ';
293
  _e( 'Finalizing...', 'order-import-export-for-woocommerce' ) . ' ';
294
  // SUCCESS
295
  _e( 'Finished. Import complete.', 'order-import-export-for-woocommerce' );
296
+ if(in_array(pathinfo($file, PATHINFO_EXTENSION),array('txt','csv'))){
297
+ unlink($file);
298
+ }
299
  $this->import_end();
300
  exit;
301
  break;
404
  echo esc_html( $file['error'] ) . '</p>';
405
  return false;
406
  }
407
+ $this->id = absint($file['id']);
408
  return true;
409
  } else {
410
  if ( file_exists( ABSPATH . $_POST['file_url'] ) ){
411
+ $this->file_url = esc_url_raw( $_POST['file_url'] );
412
  return true;
413
  } else {
414
  echo '<p><strong>' . __( 'Sorry, there has been an error.', 'order-import-export-for-woocommerce' ) . '</strong></p>';
includes/importer/class-wf-orderimpexpcsv-order-import.php CHANGED
@@ -60,7 +60,7 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
60
  $this->merge_empty_cells = 0;
61
  }
62
 
63
- $step = empty($_GET['step']) ? 0 : (int) $_GET['step'];
64
 
65
  switch ($step) {
66
  case 0 :
@@ -73,9 +73,9 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
73
  check_admin_referer('import-upload');
74
 
75
  if (!empty($_GET['file_url']))
76
- $this->file_url = esc_attr($_GET['file_url']);
77
  if (!empty($_GET['file_id']))
78
- $this->id = $_GET['file_id'];
79
 
80
  if (!empty($_GET['clearmapping']) || $this->handle_upload())
81
  $this->import_options();
@@ -87,10 +87,10 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
87
 
88
  check_admin_referer('import-woocommerce');
89
 
90
- $this->id = (int) $_POST['import_id'];
91
 
92
  if ($this->file_url_import_enabled)
93
- $this->file_url = esc_attr($_POST['import_url']);
94
 
95
  if ($this->id)
96
  $file = get_attached_file($this->id);
@@ -138,6 +138,7 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
138
  merge_empty_cells: '<?php echo $this->merge_empty_cells; ?>',
139
  start_pos: start_pos,
140
  end_pos: end_pos,
 
141
  };
142
  return $.ajax({
143
  url: '<?php echo add_query_arg(array('import_page' => $this->import_page, 'step' => '3', 'merge' => !empty($_GET['merge']) ? '1' : '0'), admin_url('admin-ajax.php')); ?>',
@@ -232,6 +233,7 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
232
  file: '<?php echo $file; ?>',
233
  processed_terms: processed_terms,
234
  processed_posts: processed_posts,
 
235
  };
236
  $.ajax({
237
  url: '<?php echo add_query_arg(array('import_page' => $this->import_page, 'step' => '4', 'merge' => !empty($_GET['merge']) ? 1 : 0), admin_url('admin-ajax.php')); ?>',
@@ -251,17 +253,21 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
251
  }
252
  break;
253
  case 3 :
254
- // Check access - cannot use nonce here as it will expire after multiple requests
255
- if (!current_user_can('manage_woocommerce'))
 
 
 
 
256
  die();
 
257
  add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
258
  if (function_exists('gc_enable'))
259
  gc_enable();
260
  @set_time_limit(0);
261
  @ob_flush();
262
  @flush();
263
- $wpdb->hide_errors();
264
- $file = stripslashes($_POST['file']);
265
  $start_pos = isset($_POST['start_pos']) ? absint($_POST['start_pos']) : 0;
266
  $end_pos = isset($_POST['end_pos']) ? absint($_POST['end_pos']) : '';
267
  $position = $this->import_start($file, $start_pos, $end_pos);
@@ -277,9 +283,10 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
277
  exit;
278
  break;
279
  case 4 :
280
- // Check access - cannot use nonce here as it will expire after multiple requests
281
- if (!current_user_can('manage_woocommerce'))
282
- die();
 
283
  add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
284
  if (function_exists('gc_enable'))
285
  gc_enable();
@@ -287,9 +294,9 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
287
  @ob_flush();
288
  @flush();
289
  $wpdb->hide_errors();
290
- $this->processed_terms = isset($_POST['processed_terms']) ? $_POST['processed_terms'] : array();
291
- $this->processed_posts = isset($_POST['processed_posts']) ? $_POST['processed_posts'] : array();
292
- $file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
293
 
294
  _e('Step 1...', 'order-import-export-for-woocommerce') . ' ';
295
 
@@ -305,7 +312,10 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
305
  // SUCCESS
306
  _e('Finished. Import complete.', 'order-import-export-for-woocommerce');
307
 
308
- unlink($file);
 
 
 
309
  $this->import_end();
310
 
311
  exit;
@@ -428,11 +438,11 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
428
  echo esc_html($file['error']) . '</p>';
429
  return false;
430
  }
431
- $this->id = (int) $file['id'];
432
  return true;
433
  } else {
434
  if (file_exists(ABSPATH . $_POST['file_url'])) {
435
- $this->file_url = esc_attr($_POST['file_url']);
436
  return true;
437
  } else {
438
  echo '<p><strong>' . __('Sorry, there has been an error.', 'order-import-export-for-woocommerce') . '</strong></p>';
@@ -627,7 +637,7 @@ class WF_OrderImpExpCsv_Order_Import extends WP_Importer {
627
  }
628
  // standard order item meta
629
  $_order_item_meta = array(
630
- '_qty' => (int) $item['qty'],
631
  '_tax_class' => '', // Tax class (adjusted by filters)
632
  '_product_id' => $item['product_id'],
633
  '_variation_id' => $var_id,
60
  $this->merge_empty_cells = 0;
61
  }
62
 
63
+ $step = empty($_GET['step']) ? 0 : absint( $_GET['step']);
64
 
65
  switch ($step) {
66
  case 0 :
73
  check_admin_referer('import-upload');
74
 
75
  if (!empty($_GET['file_url']))
76
+ $this->file_url = esc_url_raw($_GET['file_url']);
77
  if (!empty($_GET['file_id']))
78
+ $this->id = absint ($_GET['file_id']);
79
 
80
  if (!empty($_GET['clearmapping']) || $this->handle_upload())
81
  $this->import_options();
87
 
88
  check_admin_referer('import-woocommerce');
89
 
90
+ $this->id = absint( $_POST['import_id']);
91
 
92
  if ($this->file_url_import_enabled)
93
+ $this->file_url = esc_url_raw($_POST['import_url']);
94
 
95
  if ($this->id)
96
  $file = get_attached_file($this->id);
138
  merge_empty_cells: '<?php echo $this->merge_empty_cells; ?>',
139
  start_pos: start_pos,
140
  end_pos: end_pos,
141
+ wt_nonce : '<?php echo wp_create_nonce( WF_ORDER_IMP_EXP_ID )?>',
142
  };
143
  return $.ajax({
144
  url: '<?php echo add_query_arg(array('import_page' => $this->import_page, 'step' => '3', 'merge' => !empty($_GET['merge']) ? '1' : '0'), admin_url('admin-ajax.php')); ?>',
233
  file: '<?php echo $file; ?>',
234
  processed_terms: processed_terms,
235
  processed_posts: processed_posts,
236
+ wt_nonce : '<?php echo wp_create_nonce( WF_ORDER_IMP_EXP_ID )?>',
237
  };
238
  $.ajax({
239
  url: '<?php echo add_query_arg(array('import_page' => $this->import_page, 'step' => '4', 'merge' => !empty($_GET['merge']) ? 1 : 0), admin_url('admin-ajax.php')); ?>',
253
  }
254
  break;
255
  case 3 :
256
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
257
+ if (!wp_verify_nonce($nonce, WF_ORDER_IMP_EXP_ID) || !WF_Order_Import_Export_CSV::hf_user_permission()) {
258
+ wp_die(__('Access Denied', 'order-import-export-for-woocommerce'));
259
+ }
260
+ $file = stripslashes( $_POST['file'] ); // Validating given path is valid path, not a URL
261
+ if (filter_var($file, FILTER_VALIDATE_URL)) {
262
  die();
263
+ }
264
  add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
265
  if (function_exists('gc_enable'))
266
  gc_enable();
267
  @set_time_limit(0);
268
  @ob_flush();
269
  @flush();
270
+ $wpdb->hide_errors();
 
271
  $start_pos = isset($_POST['start_pos']) ? absint($_POST['start_pos']) : 0;
272
  $end_pos = isset($_POST['end_pos']) ? absint($_POST['end_pos']) : '';
273
  $position = $this->import_start($file, $start_pos, $end_pos);
283
  exit;
284
  break;
285
  case 4 :
286
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
287
+ if (!wp_verify_nonce($nonce, WF_ORDER_IMP_EXP_ID) || !WF_Order_Import_Export_CSV::hf_user_permission()) {
288
+ wp_die(__('Access Denied', 'order-import-export-for-woocommerce'));
289
+ }
290
  add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
291
  if (function_exists('gc_enable'))
292
  gc_enable();
294
  @ob_flush();
295
  @flush();
296
  $wpdb->hide_errors();
297
+ $this->processed_terms = isset($_POST['processed_terms']) ? wc_clean($_POST['processed_terms']) : array();
298
+ $this->processed_posts = isset($_POST['processed_posts']) ? array_map('intval', $_POST['processed_posts']) : array();
299
+ $file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
300
 
301
  _e('Step 1...', 'order-import-export-for-woocommerce') . ' ';
302
 
312
  // SUCCESS
313
  _e('Finished. Import complete.', 'order-import-export-for-woocommerce');
314
 
315
+
316
+ if(in_array(pathinfo($file, PATHINFO_EXTENSION),array('txt','csv'))){
317
+ unlink($file);
318
+ }
319
  $this->import_end();
320
 
321
  exit;
438
  echo esc_html($file['error']) . '</p>';
439
  return false;
440
  }
441
+ $this->id = absint($file['id']) ;
442
  return true;
443
  } else {
444
  if (file_exists(ABSPATH . $_POST['file_url'])) {
445
+ $this->file_url = esc_url_raw($_POST['file_url']);
446
  return true;
447
  } else {
448
  echo '<p><strong>' . __('Sorry, there has been an error.', 'order-import-export-for-woocommerce') . '</strong></p>';
637
  }
638
  // standard order item meta
639
  $_order_item_meta = array(
640
+ '_qty' => absint($item['qty']) ,
641
  '_tax_class' => '', // Tax class (adjusted by filters)
642
  '_product_id' => $item['product_id'],
643
  '_variation_id' => $var_id,
includes/importer/views/html-wf-import-options.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php $tab = (isset($_GET['tab'])?$_GET['tab']:'import'); ?>
2
  <div class="woocommerce">
3
  <div class="icon32" id="icon-woocommerce-importer"><br></div>
4
  <h2 class="nav-tab-wrapper woo-nav-tab-wrapper">
1
+ <?php $tab = (isset($_GET['tab'])?sanitize_text_field($_GET['tab']):'import'); ?>
2
  <div class="woocommerce">
3
  <div class="icon32" id="icon-woocommerce-importer"><br></div>
4
  <h2 class="nav-tab-wrapper woo-nav-tab-wrapper">
includes/settings/class-wf-orderimpexpcsv-settings.php DELETED
@@ -1,21 +0,0 @@
1
- <?php
2
- if ( ! defined( 'ABSPATH' ) ) {
3
- exit;
4
- }
5
-
6
- class WF_OrderImpExpCsv_Settings {
7
-
8
- /**
9
- * Order Exporter Tool
10
- */
11
- public static function save_settings( ) {
12
- global $wpdb;
13
-
14
- $settings = array();
15
-
16
- update_option( 'woocommerce_'.WF_ORDER_IMP_EXP_ID.'_settings', $settings );
17
-
18
- wp_redirect( admin_url( '/admin.php?page='.WF_WOOCOMMERCE_ORDER_IM_EX.'&tab=settings' ) );
19
- exit;
20
- }
21
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
order-import-export-for-woocommerce.php CHANGED
@@ -6,7 +6,7 @@ Plugin URI: https://wordpress.org/plugins/order-import-export-for-woocommerce/
6
  Description: Export and Import Order detail including line items, From and To your WooCommerce Store.
7
  Author: WebToffee
8
  Author URI: https://www.webtoffee.com/product/woocommerce-order-coupon-subscription-export-import/
9
- Version: 1.6.0
10
  Text Domain: order-import-export-for-woocommerce
11
  WC tested up to: 3.9.2
12
  License: GPLv3
@@ -24,12 +24,16 @@ define("WF_CPN_IMP_EXP_ID", "wf_cpn_imp_exp");
24
  define("wf_coupon_csv_im_ex", "wf_coupon_csv_im_ex");
25
 
26
  if (!defined('WF_ORDERIMPEXP_CURRENT_VERSION')) {
27
- define("WF_ORDERIMPEXP_CURRENT_VERSION", "1.6.0");
28
  }
29
 
30
  /**
31
  * Check if WooCommerce is active
32
  */
 
 
 
 
33
  register_activation_hook(__FILE__, 'wt_order_basic_register_activation_hook_callback');
34
 
35
  function wt_order_basic_register_activation_hook_callback() {
@@ -68,7 +72,6 @@ function wt_order_basic_register_activation_hook_callback() {
68
  add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'wf_plugin_action_links' ) );
69
  add_action( 'init', array( $this, 'load_plugin_textdomain' ) );
70
  add_action( 'init', array( $this, 'catch_export_request' ), 20 );
71
- add_action( 'init', array( $this, 'catch_save_settings' ), 20 );
72
  add_action( 'admin_init', array( $this, 'register_importers' ) );
73
 
74
  include_once( 'includes/class-wf-orderimpexpcsv-system-status-tools.php' );
@@ -119,7 +122,7 @@ function wt_order_basic_register_activation_hook_callback() {
119
  if ( ! empty( $_GET['action'] ) && ! empty( $_GET['page'] ) && $_GET['page'] == 'wf_woocommerce_order_im_ex' ) {
120
  switch ( $_GET['action'] ) {
121
  case "export" :
122
- $user_ok = $this->hf_user_permission();
123
  if ($user_ok) {
124
  include_once( 'includes/exporter/class-wf-orderimpexpcsv-exporter.php' );
125
  WF_OrderImpExpCsv_Exporter::do_export( 'shop_order' );
@@ -130,17 +133,7 @@ function wt_order_basic_register_activation_hook_callback() {
130
  }
131
  }
132
  }
133
-
134
- public function catch_save_settings() {
135
- if ( ! empty( $_GET['action'] ) && ! empty( $_GET['page'] ) && $_GET['page'] == 'wf_woocommerce_order_im_ex' ) {
136
- switch ( $_GET['action'] ) {
137
- case "settings" :
138
- include_once( 'includes/settings/class-wf-orderimpexpcsv-settings.php' );
139
- WF_OrderImpExpCsv_Settings::save_settings( );
140
- break;
141
- }
142
- }
143
- }
144
 
145
  /**
146
  * Register importers for use
@@ -149,7 +142,7 @@ function wt_order_basic_register_activation_hook_callback() {
149
  register_importer( 'woocommerce_wf_order_csv', 'WooCommerce Order (CSV)', __('Import <strong>Orders</strong> to your store via a csv file.', 'order-import-export-for-woocommerce'), 'WF_OrderImpExpCsv_Importer::order_importer' );
150
  }
151
 
152
- private function hf_user_permission() {
153
  // Check if user has rights to export
154
  $current_user = wp_get_current_user();
155
  $current_user->roles = apply_filters('hf_add_user_roles', $current_user->roles);
@@ -193,7 +186,6 @@ function wt_order_basic_register_activation_hook_callback() {
193
  add_filter('woocommerce_screen_ids', array($this, 'woocommerce_screen_ids'));
194
  add_action('init', array($this, 'load_plugin_textdomain'));
195
  add_action('init', array($this, 'catch_export_request'), 20);
196
- add_action('init', array($this, 'catch_save_settings'), 20);
197
  add_action('admin_init', array($this, 'register_importers'));
198
 
199
  include_once( 'includes/class-wf-cpnimpexpcsv-admin-screen.php' );
@@ -251,7 +243,7 @@ function wt_order_basic_register_activation_hook_callback() {
251
  if (!empty($_GET['action']) && !empty($_GET['page']) && $_GET['page'] == 'wf_coupon_csv_im_ex') {
252
  switch ($_GET['action']) {
253
  case "export" :
254
- $user_ok = $this->hf_user_permission();
255
  if ($user_ok) {
256
  include_once( 'includes/exporter/class-wf-cpnimpexpcsv-exporter.php' );
257
  WF_CpnImpExpCsv_Exporter::do_export('shop_coupon');
@@ -261,18 +253,7 @@ function wt_order_basic_register_activation_hook_callback() {
261
  break;
262
  }
263
  }
264
- }
265
-
266
- public function catch_save_settings() {
267
- if (!empty($_GET['action']) && !empty($_GET['page']) && $_GET['page'] == 'wf_coupon_csv_im_ex') {
268
- switch ($_GET['action']) {
269
- case "settings" :
270
- include_once( 'includes/settings/class-wf-allimpexpcsv-settings.php' );
271
- wf_allImpExpCsv_Settings::save_settings();
272
- break;
273
- }
274
- }
275
- }
276
 
277
  /**
278
  * Register importers for use
@@ -281,7 +262,7 @@ function wt_order_basic_register_activation_hook_callback() {
281
  register_importer('coupon_csv', 'WooCommerce Coupons (CSV)', __('Import <strong>coupon</strong> to your store via a csv file.', 'order-import-export-for-woocommerce'), 'WF_CpnImpExpCsv_Importer::coupon_importer');
282
  }
283
 
284
- private function hf_user_permission() {
285
  // Check if user has rights to export
286
  $current_user = wp_get_current_user();
287
  $current_user->roles = apply_filters('hf_add_user_roles', $current_user->roles);
@@ -314,7 +295,7 @@ function wt_order_basic_register_activation_hook_callback() {
314
  // }
315
  function webtoffee_storefrog_admin_notices() {
316
 
317
- if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false)) {
318
  return;
319
  }
320
  $screen = get_current_screen();
@@ -340,7 +321,7 @@ function webtoffee_storefrog_admin_notices() {
340
 
341
  function webtoffee_storefrog_notice_dismiss() {
342
 
343
- if (!current_user_can('manage_woocommerce')) {
344
  wp_die(-1);
345
  }
346
  update_option('OCSEIPF_Webtoffee_storefrog_admin_notices_dismissed', 1);
@@ -354,7 +335,7 @@ add_filter('admin_footer_text', 'WT_admin_footer_text', 100);
354
  add_action('wp_ajax_ocsie_wt_review_plugin', "review_plugin");
355
 
356
  function WT_admin_footer_text($footer_text) {
357
- if (!current_user_can('manage_woocommerce') || !function_exists('wc_get_screen_ids')) {
358
  return $footer_text;
359
  }
360
  $screen = get_current_screen();
@@ -379,7 +360,7 @@ function WT_admin_footer_text($footer_text) {
379
  }
380
 
381
  function review_plugin() {
382
- if (!current_user_can('manage_woocommerce')) {
383
  wp_die(-1);
384
  }
385
  update_option('ocsie_wt_plugin_reviewed', 1);
6
  Description: Export and Import Order detail including line items, From and To your WooCommerce Store.
7
  Author: WebToffee
8
  Author URI: https://www.webtoffee.com/product/woocommerce-order-coupon-subscription-export-import/
9
+ Version: 1.6.1
10
  Text Domain: order-import-export-for-woocommerce
11
  WC tested up to: 3.9.2
12
  License: GPLv3
24
  define("wf_coupon_csv_im_ex", "wf_coupon_csv_im_ex");
25
 
26
  if (!defined('WF_ORDERIMPEXP_CURRENT_VERSION')) {
27
+ define("WF_ORDERIMPEXP_CURRENT_VERSION", "1.6.1");
28
  }
29
 
30
  /**
31
  * Check if WooCommerce is active
32
  */
33
+ if ( ! in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) { // deactive if woocommerce in not active
34
+ require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
35
+ deactivate_plugins( plugin_basename(__FILE__) );
36
+ }
37
  register_activation_hook(__FILE__, 'wt_order_basic_register_activation_hook_callback');
38
 
39
  function wt_order_basic_register_activation_hook_callback() {
72
  add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'wf_plugin_action_links' ) );
73
  add_action( 'init', array( $this, 'load_plugin_textdomain' ) );
74
  add_action( 'init', array( $this, 'catch_export_request' ), 20 );
 
75
  add_action( 'admin_init', array( $this, 'register_importers' ) );
76
 
77
  include_once( 'includes/class-wf-orderimpexpcsv-system-status-tools.php' );
122
  if ( ! empty( $_GET['action'] ) && ! empty( $_GET['page'] ) && $_GET['page'] == 'wf_woocommerce_order_im_ex' ) {
123
  switch ( $_GET['action'] ) {
124
  case "export" :
125
+ $user_ok = self::hf_user_permission();
126
  if ($user_ok) {
127
  include_once( 'includes/exporter/class-wf-orderimpexpcsv-exporter.php' );
128
  WF_OrderImpExpCsv_Exporter::do_export( 'shop_order' );
133
  }
134
  }
135
  }
136
+
 
 
 
 
 
 
 
 
 
 
137
 
138
  /**
139
  * Register importers for use
142
  register_importer( 'woocommerce_wf_order_csv', 'WooCommerce Order (CSV)', __('Import <strong>Orders</strong> to your store via a csv file.', 'order-import-export-for-woocommerce'), 'WF_OrderImpExpCsv_Importer::order_importer' );
143
  }
144
 
145
+ public static function hf_user_permission() {
146
  // Check if user has rights to export
147
  $current_user = wp_get_current_user();
148
  $current_user->roles = apply_filters('hf_add_user_roles', $current_user->roles);
186
  add_filter('woocommerce_screen_ids', array($this, 'woocommerce_screen_ids'));
187
  add_action('init', array($this, 'load_plugin_textdomain'));
188
  add_action('init', array($this, 'catch_export_request'), 20);
 
189
  add_action('admin_init', array($this, 'register_importers'));
190
 
191
  include_once( 'includes/class-wf-cpnimpexpcsv-admin-screen.php' );
243
  if (!empty($_GET['action']) && !empty($_GET['page']) && $_GET['page'] == 'wf_coupon_csv_im_ex') {
244
  switch ($_GET['action']) {
245
  case "export" :
246
+ $user_ok = self::hf_user_permission();
247
  if ($user_ok) {
248
  include_once( 'includes/exporter/class-wf-cpnimpexpcsv-exporter.php' );
249
  WF_CpnImpExpCsv_Exporter::do_export('shop_coupon');
253
  break;
254
  }
255
  }
256
+ }
 
 
 
 
 
 
 
 
 
 
 
257
 
258
  /**
259
  * Register importers for use
262
  register_importer('coupon_csv', 'WooCommerce Coupons (CSV)', __('Import <strong>coupon</strong> to your store via a csv file.', 'order-import-export-for-woocommerce'), 'WF_CpnImpExpCsv_Importer::coupon_importer');
263
  }
264
 
265
+ public static function hf_user_permission() {
266
  // Check if user has rights to export
267
  $current_user = wp_get_current_user();
268
  $current_user->roles = apply_filters('hf_add_user_roles', $current_user->roles);
295
  // }
296
  function webtoffee_storefrog_admin_notices() {
297
 
298
+ if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false) || !WF_Order_Import_Export_CSV::hf_user_permission()) {
299
  return;
300
  }
301
  $screen = get_current_screen();
321
 
322
  function webtoffee_storefrog_notice_dismiss() {
323
 
324
+ if (!WF_Order_Import_Export_CSV::hf_user_permission()) {
325
  wp_die(-1);
326
  }
327
  update_option('OCSEIPF_Webtoffee_storefrog_admin_notices_dismissed', 1);
335
  add_action('wp_ajax_ocsie_wt_review_plugin', "review_plugin");
336
 
337
  function WT_admin_footer_text($footer_text) {
338
+ if (!WF_Order_Import_Export_CSV::hf_user_permission()) {
339
  return $footer_text;
340
  }
341
  $screen = get_current_screen();
360
  }
361
 
362
  function review_plugin() {
363
+ if (!WF_Order_Import_Export_CSV::hf_user_permission()) {
364
  wp_die(-1);
365
  }
366
  update_option('ocsie_wt_plugin_reviewed', 1);
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.webtoffee.com/plugins/
4
  Tags: order export, order import, woocommerce export orders, woocommerce import orders, export orders, import orders, order, export, import, woocommerce, csv, coupon, coupon export, coupon import, woocommerce export coupon , woocommerce import coupon , export coupons, import coupons, woocommerce coupon generator
5
  Requires at least: 3.0.1
6
  Tested up to: 5.3.2
7
- Stable tag: 1.6.0
8
  License: GPLv3
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
@@ -115,6 +115,8 @@ By default, admin and store manager are given access to export orders from your
115
 
116
  == Changelog ==
117
 
 
 
118
  = 1.6.0 =
119
  * Bug Fix:- Delete uploaded CSV temp file after import.
120
  = 1.5.9 =
4
  Tags: order export, order import, woocommerce export orders, woocommerce import orders, export orders, import orders, order, export, import, woocommerce, csv, coupon, coupon export, coupon import, woocommerce export coupon , woocommerce import coupon , export coupons, import coupons, woocommerce coupon generator
5
  Requires at least: 3.0.1
6
  Tested up to: 5.3.2
7
+ Stable tag: 1.6.1
8
  License: GPLv3
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
115
 
116
  == Changelog ==
117
 
118
+ = 1.6.1 =
119
+ * [Improvement] Security
120
  = 1.6.0 =
121
  * Bug Fix:- Delete uploaded CSV temp file after import.
122
  = 1.5.9 =