Product Import Export for WooCommerce - Version 1.7.5

Version Description

  • [Improvement] Security
Download this release

Release Info

Developer webtoffee
Plugin Icon 128x128 Product Import Export for WooCommerce
Version 1.7.5
Comparing to
See all releases

Code changes from version 1.7.4 to 1.7.5

Files changed (4) hide show
  1. includes/class-wf-prodimpexpcsv-ajax-handler.php +3 -5
  2. includes/importer/class-wf-prodimpexpcsv-product-import.php +24 -11
  3. product-import-export-for-woo.php +8 -4
  4. readme.txt +4 -1
includes/class-wf-prodimpexpcsv-ajax-handler.php CHANGED
@@ -17,9 +17,6 @@ class WF_ProdImpExpCsv_AJAX_Handler {
17
  * Ajax event for importing a CSV
18
  */
19
  public function csv_import_request() {
20
- if (!wp_verify_nonce($_POST['wt_nonce'],WF_PROD_IMP_EXP_ID) && !WF_Product_Import_Export_CSV::hf_user_permission()) {
21
- wp_die(__('Access Denied', 'product-import-export-for-woo'));
22
- }
23
  define( 'WP_LOAD_IMPORTERS', true );
24
  WF_ProdImpExpCsv_Importer::product_importer();
25
  }
@@ -28,14 +25,15 @@ class WF_ProdImpExpCsv_AJAX_Handler {
28
  * From regenerate thumbnails plugin
29
  */
30
  public function regenerate_thumbnail() {
31
- if (!wp_verify_nonce($_POST['wt_nonce'], WF_PROD_IMP_EXP_ID) && !WF_Product_Import_Export_CSV::hf_user_permission() ) {
 
32
  wp_die(__('Access Denied', 'product-import-export-for-woo'));
33
  }
34
  @error_reporting( 0 ); // Don't break the JSON result
35
 
36
  header( 'Content-type: application/json' );
37
 
38
- $id = (int) $_REQUEST['id'];
39
  $image = get_post( $id );
40
 
41
  if ( ! $image || 'attachment' != $image->post_type || 'image/' != substr( $image->post_mime_type, 0, 6 ) )
17
  * Ajax event for importing a CSV
18
  */
19
  public function csv_import_request() {
 
 
 
20
  define( 'WP_LOAD_IMPORTERS', true );
21
  WF_ProdImpExpCsv_Importer::product_importer();
22
  }
25
  * From regenerate thumbnails plugin
26
  */
27
  public function regenerate_thumbnail() {
28
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
29
+ if (!wp_verify_nonce($nonce,WF_PROD_IMP_EXP_ID) || !WF_Product_Import_Export_CSV::hf_user_permission()) {
30
  wp_die(__('Access Denied', 'product-import-export-for-woo'));
31
  }
32
  @error_reporting( 0 ); // Don't break the JSON result
33
 
34
  header( 'Content-type: application/json' );
35
 
36
+ $id = absint($_REQUEST['id']);
37
  $image = get_post( $id );
38
 
39
  if ( ! $image || 'attachment' != $image->post_type || 'image/' != substr( $image->post_mime_type, 0, 6 ) )
includes/importer/class-wf-prodimpexpcsv-product-import.php CHANGED
@@ -67,7 +67,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
67
  if ( ! $this->delimiter )
68
  $this->delimiter = ',';
69
 
70
- if ( ! empty( $_POST['merge'] ) || ! empty( $_GET['merge'] ) ) {
71
  $this->merge = 1;
72
  } else{
73
  $this->merge = 0;
@@ -79,7 +79,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
79
  $this->merge_empty_cells = 0;
80
  }
81
 
82
- $step = empty( $_GET['step'] ) ? 0 : (int) $_GET['step'];
83
 
84
  switch ( $step ) {
85
  case 0 :
@@ -94,7 +94,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
94
  if(!empty($_GET['file_url']))
95
  $this->file_url = esc_attr( $_GET['file_url'] );
96
  if(!empty($_GET['file_id']))
97
- $this->id = (int)$_GET['file_id'] ;
98
 
99
  if ( !empty($_GET['clearmapping']) || $this->handle_upload() )
100
  $this->import_options();
@@ -106,7 +106,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
106
 
107
  check_admin_referer( 'import-woocommerce' );
108
 
109
- $this->id = (int) $_POST['import_id'];
110
 
111
  if ( $this->file_url_import_enabled )
112
  $this->file_url = esc_attr( $_POST['import_url'] );
@@ -156,8 +156,8 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
156
  var data = {
157
  action: 'woocommerce_csv_import_request',
158
  file: '<?php echo addslashes( $file ); ?>',
159
- mapping: '<?php echo json_encode(wc_clean($_POST['map_from']),JSON_HEX_APOS); ?>',
160
- eval_field: '<?php echo stripslashes(json_encode(wc_clean($_POST['eval_field']),JSON_HEX_APOS)) ?>',
161
  delimiter: '<?php echo $this->delimiter; ?>',
162
  merge_empty_cells: '<?php echo $this->merge_empty_cells; ?>',
163
  merge: '<?php echo $this->merge; ?>',
@@ -388,7 +388,14 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
388
  }
389
  break;
390
  case 3 :
391
-
 
 
 
 
 
 
 
392
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
393
 
394
  if ( function_exists( 'gc_enable' ) )
@@ -399,7 +406,6 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
399
  @flush();
400
  $wpdb->hide_errors();
401
 
402
- $file = stripslashes( $_POST['file'] );
403
  $mapping = json_decode( stripslashes(wc_clean( $_POST['mapping'])), true );
404
  $eval_field = wc_clean( $_POST['eval_field']);
405
  $start_pos = isset( $_POST['start_pos'] ) ? absint( $_POST['start_pos'] ) : 0;
@@ -426,7 +432,10 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
426
  exit;
427
  break;
428
  case 4 :
429
-
 
 
 
430
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
431
 
432
  if ( function_exists( 'gc_enable' ) )
@@ -442,6 +451,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
442
  $this->post_orphans = isset( $_POST['post_orphans']) ? array_map('intval', $_POST['post_orphans']) : array();
443
  $this->crosssell_skus = isset( $_POST['crosssell_skus']) ? wc_clean( $_POST['crosssell_skus']) : array();
444
  $this->upsell_skus = isset( $_POST['upsell_skus']) ? wc_clean( $_POST['upsell_skus']) : array();
 
445
 
446
  _e( 'Step 1...', 'product-import-export-for-woo' ) . ' ';
447
 
@@ -487,10 +497,13 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
487
  // SUCCESS
488
  _e( 'Finished. Import complete.', 'product-import-export-for-woo' );
489
 
 
 
 
490
  $this->import_end();
491
  if (WC()->version >= '3.6' && !wc_update_product_lookup_tables_is_running()) {
492
- wc_update_product_lookup_tables();
493
- }
494
 
495
  exit;
496
  break;
67
  if ( ! $this->delimiter )
68
  $this->delimiter = ',';
69
 
70
+ if ( ! empty( $_POST['merge'] ) || ! empty( ($_GET['merge']) ) ) {
71
  $this->merge = 1;
72
  } else{
73
  $this->merge = 0;
79
  $this->merge_empty_cells = 0;
80
  }
81
 
82
+ $step = empty( $_GET['step'] ) ? 0 : absint($_GET['step']);
83
 
84
  switch ( $step ) {
85
  case 0 :
94
  if(!empty($_GET['file_url']))
95
  $this->file_url = esc_attr( $_GET['file_url'] );
96
  if(!empty($_GET['file_id']))
97
+ $this->id = absint($_GET['file_id']) ;
98
 
99
  if ( !empty($_GET['clearmapping']) || $this->handle_upload() )
100
  $this->import_options();
106
 
107
  check_admin_referer( 'import-woocommerce' );
108
 
109
+ $this->id = absint($_POST['import_id']) ;
110
 
111
  if ( $this->file_url_import_enabled )
112
  $this->file_url = esc_attr( $_POST['import_url'] );
156
  var data = {
157
  action: 'woocommerce_csv_import_request',
158
  file: '<?php echo addslashes( $file ); ?>',
159
+ mapping: '<?php echo json_encode(wc_clean(@$_POST['map_from']),JSON_HEX_APOS); ?>',
160
+ eval_field: '<?php echo stripslashes(json_encode(wc_clean(@$_POST['eval_field']),JSON_HEX_APOS)) ?>',
161
  delimiter: '<?php echo $this->delimiter; ?>',
162
  merge_empty_cells: '<?php echo $this->merge_empty_cells; ?>',
163
  merge: '<?php echo $this->merge; ?>',
388
  }
389
  break;
390
  case 3 :
391
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
392
+ if (!wp_verify_nonce($nonce,WF_PROD_IMP_EXP_ID) || !WF_Product_Import_Export_CSV::hf_user_permission()) {
393
+ wp_die(__('Access Denied', 'product-import-export-for-woo'));
394
+ }
395
+ $file = stripslashes( $_POST['file'] ); // Validating given path is valid path, not a URL
396
+ if (filter_var($file, FILTER_VALIDATE_URL)) {
397
+ die();
398
+ }
399
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
400
 
401
  if ( function_exists( 'gc_enable' ) )
406
  @flush();
407
  $wpdb->hide_errors();
408
 
 
409
  $mapping = json_decode( stripslashes(wc_clean( $_POST['mapping'])), true );
410
  $eval_field = wc_clean( $_POST['eval_field']);
411
  $start_pos = isset( $_POST['start_pos'] ) ? absint( $_POST['start_pos'] ) : 0;
432
  exit;
433
  break;
434
  case 4 :
435
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
436
+ if (!wp_verify_nonce($nonce,WF_PROD_IMP_EXP_ID) || !WF_Product_Import_Export_CSV::hf_user_permission()) {
437
+ wp_die(__('Access Denied', 'product-import-export-for-woo'));
438
+ }
439
  add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
440
 
441
  if ( function_exists( 'gc_enable' ) )
451
  $this->post_orphans = isset( $_POST['post_orphans']) ? array_map('intval', $_POST['post_orphans']) : array();
452
  $this->crosssell_skus = isset( $_POST['crosssell_skus']) ? wc_clean( $_POST['crosssell_skus']) : array();
453
  $this->upsell_skus = isset( $_POST['upsell_skus']) ? wc_clean( $_POST['upsell_skus']) : array();
454
+ $file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
455
 
456
  _e( 'Step 1...', 'product-import-export-for-woo' ) . ' ';
457
 
497
  // SUCCESS
498
  _e( 'Finished. Import complete.', 'product-import-export-for-woo' );
499
 
500
+ if(in_array(pathinfo($file, PATHINFO_EXTENSION),array('txt','csv'))){
501
+ unlink($file);
502
+ }
503
  $this->import_end();
504
  if (WC()->version >= '3.6' && !wc_update_product_lookup_tables_is_running()) {
505
+ wc_update_product_lookup_tables();
506
+ }
507
 
508
  exit;
509
  break;
product-import-export-for-woo.php CHANGED
@@ -5,7 +5,7 @@
5
  Description: Import and Export Products From and To your WooCommerce Store.
6
  Author: WebToffee
7
  Author URI: https://www.webtoffee.com/product/product-import-export-woocommerce/
8
- Version: 1.7.4
9
  WC tested up to: 3.9.2
10
  License: GPLv3
11
  License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -18,7 +18,7 @@ if (!defined('ABSPATH') || !is_admin()) {
18
 
19
 
20
  if (!defined('WF_PIPE_CURRENT_VERSION')) {
21
- define("WF_PIPE_CURRENT_VERSION", "1.7.4");
22
  }
23
  if (!defined('WF_PROD_IMP_EXP_ID')) {
24
  define("WF_PROD_IMP_EXP_ID", "wf_prod_imp_exp");
@@ -29,6 +29,10 @@ if (!defined('WF_WOOCOMMERCE_CSV_IM_EX')) {
29
  /**
30
  * Check if WooCommerce is active
31
  */
 
 
 
 
32
  //if (in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) {
33
 
34
  if (!class_exists('WF_Product_Import_Export_CSV')) :
@@ -149,7 +153,7 @@ if (!defined('WF_WOOCOMMERCE_CSV_IM_EX')) {
149
  }
150
 
151
  function webtoffee_storefrog_admin_notices() {
152
- if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false)) {
153
  return;
154
  }
155
  $screen = get_current_screen();
@@ -177,7 +181,7 @@ if (!defined('WF_WOOCOMMERCE_CSV_IM_EX')) {
177
 
178
  public function webtoffee_storefrog_notice_dismiss() {
179
 
180
- if (!current_user_can('manage_woocommerce')) {
181
  wp_die(-1);
182
  }
183
  update_option('webtoffee_storefrog_admin_notices_dismissed', 1);
5
  Description: Import and Export Products From and To your WooCommerce Store.
6
  Author: WebToffee
7
  Author URI: https://www.webtoffee.com/product/product-import-export-woocommerce/
8
+ Version: 1.7.5
9
  WC tested up to: 3.9.2
10
  License: GPLv3
11
  License URI: https://www.gnu.org/licenses/gpl-3.0.html
18
 
19
 
20
  if (!defined('WF_PIPE_CURRENT_VERSION')) {
21
+ define("WF_PIPE_CURRENT_VERSION", "1.7.5");
22
  }
23
  if (!defined('WF_PROD_IMP_EXP_ID')) {
24
  define("WF_PROD_IMP_EXP_ID", "wf_prod_imp_exp");
29
  /**
30
  * Check if WooCommerce is active
31
  */
32
+ if ( ! in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) { // deactive if woocommerce in not active
33
+ require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
34
+ deactivate_plugins( plugin_basename(__FILE__) );
35
+ }
36
  //if (in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) {
37
 
38
  if (!class_exists('WF_Product_Import_Export_CSV')) :
153
  }
154
 
155
  function webtoffee_storefrog_admin_notices() {
156
+ if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false) || !self::hf_user_permission()) {
157
  return;
158
  }
159
  $screen = get_current_screen();
181
 
182
  public function webtoffee_storefrog_notice_dismiss() {
183
 
184
+ if (!self::hf_user_permission()) {
185
  wp_die(-1);
186
  }
187
  update_option('webtoffee_storefrog_admin_notices_dismissed', 1);
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.webtoffee.com/plugins/
4
  Tags: woocommerce product import, woocommerce import products, woocommerce export products, export woocommerce products, import products into woocommerce ,product, export, import, woocommerce ,csv
5
  Requires at least: 3.0.1
6
  Tested up to: 5.3.2
7
- Stable tag: 1.7.4
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
@@ -153,6 +153,9 @@ By default, admin and store manager are given access to export orders from your
153
 
154
  == Changelog ==
155
 
 
 
 
156
  = 1.7.4 =
157
  * Security fix.
158
 
4
  Tags: woocommerce product import, woocommerce import products, woocommerce export products, export woocommerce products, import products into woocommerce ,product, export, import, woocommerce ,csv
5
  Requires at least: 3.0.1
6
  Tested up to: 5.3.2
7
+ Stable tag: 1.7.5
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
153
 
154
  == Changelog ==
155
 
156
+ = 1.7.5 =
157
+ * [Improvement] Security
158
+
159
  = 1.7.4 =
160
  * Security fix.
161