Product Import Export for WooCommerce - Version 1.7.5

Version Description

  • [Improvement] Security
Download this release

Release Info

Developer webtoffee
Plugin Icon 128x128 Product Import Export for WooCommerce
Version 1.7.5
Comparing to
See all releases

Code changes from version 1.7.4 to 1.7.5

includes/class-wf-prodimpexpcsv-ajax-handler.php CHANGED
@@ -17,9 +17,6 @@ class WF_ProdImpExpCsv_AJAX_Handler {
17
* Ajax event for importing a CSV
18
*/
19
public function csv_import_request() {
20
- if (!wp_verify_nonce($_POST['wt_nonce'],WF_PROD_IMP_EXP_ID) && !WF_Product_Import_Export_CSV::hf_user_permission()) {
21
- wp_die(__('Access Denied', 'product-import-export-for-woo'));
22
- }
23
define( 'WP_LOAD_IMPORTERS', true );
24
WF_ProdImpExpCsv_Importer::product_importer();
25
}
@@ -28,14 +25,15 @@ class WF_ProdImpExpCsv_AJAX_Handler {
28
* From regenerate thumbnails plugin
29
*/
30
public function regenerate_thumbnail() {
31
- if (!wp_verify_nonce($_POST['wt_nonce'], WF_PROD_IMP_EXP_ID) && !WF_Product_Import_Export_CSV::hf_user_permission() ) {
32
wp_die(__('Access Denied', 'product-import-export-for-woo'));
33
}
34
@error_reporting( 0 ); // Don't break the JSON result
35
36
header( 'Content-type: application/json' );
37
38
- $id = (int) $_REQUEST['id'];
39
$image = get_post( $id );
40
41
if ( ! $image || 'attachment' != $image->post_type || 'image/' != substr( $image->post_mime_type, 0, 6 ) )
17
* Ajax event for importing a CSV
18
*/
19
public function csv_import_request() {
20
define( 'WP_LOAD_IMPORTERS', true );
21
WF_ProdImpExpCsv_Importer::product_importer();
22
}
25
* From regenerate thumbnails plugin
26
*/
27
public function regenerate_thumbnail() {
28
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
29
+ if (!wp_verify_nonce($nonce,WF_PROD_IMP_EXP_ID) || !WF_Product_Import_Export_CSV::hf_user_permission()) {
30
wp_die(__('Access Denied', 'product-import-export-for-woo'));
31
}
32
@error_reporting( 0 ); // Don't break the JSON result
33
34
header( 'Content-type: application/json' );
35
36
+ $id = absint($_REQUEST['id']);
37
$image = get_post( $id );
38
39
if ( ! $image || 'attachment' != $image->post_type || 'image/' != substr( $image->post_mime_type, 0, 6 ) )
includes/importer/class-wf-prodimpexpcsv-product-import.php CHANGED
@@ -67,7 +67,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
67
if ( ! $this->delimiter )
68
$this->delimiter = ',';
69
70
- if ( ! empty( $_POST['merge'] ) || ! empty( $_GET['merge'] ) ) {
71
$this->merge = 1;
72
} else{
73
$this->merge = 0;
@@ -79,7 +79,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
79
$this->merge_empty_cells = 0;
80
}
81
82
- $step = empty( $_GET['step'] ) ? 0 : (int) $_GET['step'];
83
84
switch ( $step ) {
85
case 0 :
@@ -94,7 +94,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
94
if(!empty($_GET['file_url']))
95
$this->file_url = esc_attr( $_GET['file_url'] );
96
if(!empty($_GET['file_id']))
97
- $this->id = (int)$_GET['file_id'] ;
98
99
if ( !empty($_GET['clearmapping']) || $this->handle_upload() )
100
$this->import_options();
@@ -106,7 +106,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
106
107
check_admin_referer( 'import-woocommerce' );
108
109
- $this->id = (int) $_POST['import_id'];
110
111
if ( $this->file_url_import_enabled )
112
$this->file_url = esc_attr( $_POST['import_url'] );
@@ -156,8 +156,8 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
156
var data = {
157
action: 'woocommerce_csv_import_request',
158
file: '<?php echo addslashes( $file ); ?>',
159
- mapping: '<?php echo json_encode(wc_clean($_POST['map_from']),JSON_HEX_APOS); ?>',
160
- eval_field: '<?php echo stripslashes(json_encode(wc_clean($_POST['eval_field']),JSON_HEX_APOS)) ?>',
161
delimiter: '<?php echo $this->delimiter; ?>',
162
merge_empty_cells: '<?php echo $this->merge_empty_cells; ?>',
163
merge: '<?php echo $this->merge; ?>',
@@ -388,7 +388,14 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
388
}
389
break;
390
case 3 :
391
-
392
add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
393
394
if ( function_exists( 'gc_enable' ) )
@@ -399,7 +406,6 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
399
@flush();
400
$wpdb->hide_errors();
401
402
- $file = stripslashes( $_POST['file'] );
403
$mapping = json_decode( stripslashes(wc_clean( $_POST['mapping'])), true );
404
$eval_field = wc_clean( $_POST['eval_field']);
405
$start_pos = isset( $_POST['start_pos'] ) ? absint( $_POST['start_pos'] ) : 0;
@@ -426,7 +432,10 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
426
exit;
427
break;
428
case 4 :
429
-
430
add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
431
432
if ( function_exists( 'gc_enable' ) )
@@ -442,6 +451,7 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
442
$this->post_orphans = isset( $_POST['post_orphans']) ? array_map('intval', $_POST['post_orphans']) : array();
443
$this->crosssell_skus = isset( $_POST['crosssell_skus']) ? wc_clean( $_POST['crosssell_skus']) : array();
444
$this->upsell_skus = isset( $_POST['upsell_skus']) ? wc_clean( $_POST['upsell_skus']) : array();
445
446
_e( 'Step 1...', 'product-import-export-for-woo' ) . ' ';
447
@@ -487,10 +497,13 @@ class WF_ProdImpExpCsv_Product_Import extends WP_Importer {
487
// SUCCESS
488
_e( 'Finished. Import complete.', 'product-import-export-for-woo' );
489
490
$this->import_end();
491
if (WC()->version >= '3.6' && !wc_update_product_lookup_tables_is_running()) {
492
- wc_update_product_lookup_tables();
493
- }
494
495
exit;
496
break;
67
if ( ! $this->delimiter )
68
$this->delimiter = ',';
69
70
+ if ( ! empty( $_POST['merge'] ) || ! empty( ($_GET['merge']) ) ) {
71
$this->merge = 1;
72
} else{
73
$this->merge = 0;
79
$this->merge_empty_cells = 0;
80
}
81
82
+ $step = empty( $_GET['step'] ) ? 0 : absint($_GET['step']);
83
84
switch ( $step ) {
85
case 0 :
94
if(!empty($_GET['file_url']))
95
$this->file_url = esc_attr( $_GET['file_url'] );
96
if(!empty($_GET['file_id']))
97
+ $this->id = absint($_GET['file_id']) ;
98
99
if ( !empty($_GET['clearmapping']) || $this->handle_upload() )
100
$this->import_options();
106
107
check_admin_referer( 'import-woocommerce' );
108
109
+ $this->id = absint($_POST['import_id']) ;
110
111
if ( $this->file_url_import_enabled )
112
$this->file_url = esc_attr( $_POST['import_url'] );
156
var data = {
157
action: 'woocommerce_csv_import_request',
158
file: '<?php echo addslashes( $file ); ?>',
159
+ mapping: '<?php echo json_encode(wc_clean(@$_POST['map_from']),JSON_HEX_APOS); ?>',
160
+ eval_field: '<?php echo stripslashes(json_encode(wc_clean(@$_POST['eval_field']),JSON_HEX_APOS)) ?>',
161
delimiter: '<?php echo $this->delimiter; ?>',
162
merge_empty_cells: '<?php echo $this->merge_empty_cells; ?>',
163
merge: '<?php echo $this->merge; ?>',
388
}
389
break;
390
case 3 :
391
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
392
+ if (!wp_verify_nonce($nonce,WF_PROD_IMP_EXP_ID) || !WF_Product_Import_Export_CSV::hf_user_permission()) {
393
+ wp_die(__('Access Denied', 'product-import-export-for-woo'));
394
+ }
395
+ $file = stripslashes( $_POST['file'] ); // Validating given path is valid path, not a URL
396
+ if (filter_var($file, FILTER_VALIDATE_URL)) {
397
+ die();
398
+ }
399
add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
400
401
if ( function_exists( 'gc_enable' ) )
406
@flush();
407
$wpdb->hide_errors();
408
409
$mapping = json_decode( stripslashes(wc_clean( $_POST['mapping'])), true );
410
$eval_field = wc_clean( $_POST['eval_field']);
411
$start_pos = isset( $_POST['start_pos'] ) ? absint( $_POST['start_pos'] ) : 0;
432
exit;
433
break;
434
case 4 :
435
+ $nonce = (isset($_POST['wt_nonce']) ? sanitize_text_field($_POST['wt_nonce']) : '');
436
+ if (!wp_verify_nonce($nonce,WF_PROD_IMP_EXP_ID) || !WF_Product_Import_Export_CSV::hf_user_permission()) {
437
+ wp_die(__('Access Denied', 'product-import-export-for-woo'));
438
+ }
439
add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );
440
441
if ( function_exists( 'gc_enable' ) )
451
$this->post_orphans = isset( $_POST['post_orphans']) ? array_map('intval', $_POST['post_orphans']) : array();
452
$this->crosssell_skus = isset( $_POST['crosssell_skus']) ? wc_clean( $_POST['crosssell_skus']) : array();
453
$this->upsell_skus = isset( $_POST['upsell_skus']) ? wc_clean( $_POST['upsell_skus']) : array();
454
+ $file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
455
456
_e( 'Step 1...', 'product-import-export-for-woo' ) . ' ';
457
497
// SUCCESS
498
_e( 'Finished. Import complete.', 'product-import-export-for-woo' );
499
500
+ if(in_array(pathinfo($file, PATHINFO_EXTENSION),array('txt','csv'))){
501
+ unlink($file);
502
+ }
503
$this->import_end();
504
if (WC()->version >= '3.6' && !wc_update_product_lookup_tables_is_running()) {
505
+ wc_update_product_lookup_tables();
506
+ }
507
508
exit;
509
break;
product-import-export-for-woo.php CHANGED
@@ -5,7 +5,7 @@
5
Description: Import and Export Products From and To your WooCommerce Store.
6
Author: WebToffee
7
Author URI: https://www.webtoffee.com/product/product-import-export-woocommerce/
8
- Version: 1.7.4
9
WC tested up to: 3.9.2
10
License: GPLv3
11
License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -18,7 +18,7 @@ if (!defined('ABSPATH') || !is_admin()) {
18
19
20
if (!defined('WF_PIPE_CURRENT_VERSION')) {
21
- define("WF_PIPE_CURRENT_VERSION", "1.7.4");
22
}
23
if (!defined('WF_PROD_IMP_EXP_ID')) {
24
define("WF_PROD_IMP_EXP_ID", "wf_prod_imp_exp");
@@ -29,6 +29,10 @@ if (!defined('WF_WOOCOMMERCE_CSV_IM_EX')) {
29
/**
30
* Check if WooCommerce is active
31
*/
32
//if (in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) {
33
34
if (!class_exists('WF_Product_Import_Export_CSV')) :
@@ -149,7 +153,7 @@ if (!defined('WF_WOOCOMMERCE_CSV_IM_EX')) {
149
}
150
151
function webtoffee_storefrog_admin_notices() {
152
- if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false)) {
153
return;
154
}
155
$screen = get_current_screen();
@@ -177,7 +181,7 @@ if (!defined('WF_WOOCOMMERCE_CSV_IM_EX')) {
177
178
public function webtoffee_storefrog_notice_dismiss() {
179
180
- if (!current_user_can('manage_woocommerce')) {
181
wp_die(-1);
182
}
183
update_option('webtoffee_storefrog_admin_notices_dismissed', 1);
5
Description: Import and Export Products From and To your WooCommerce Store.
6
Author: WebToffee
7
Author URI: https://www.webtoffee.com/product/product-import-export-woocommerce/
8
+ Version: 1.7.5
9
WC tested up to: 3.9.2
10
License: GPLv3
11
License URI: https://www.gnu.org/licenses/gpl-3.0.html
18
19
20
if (!defined('WF_PIPE_CURRENT_VERSION')) {
21
+ define("WF_PIPE_CURRENT_VERSION", "1.7.5");
22
}
23
if (!defined('WF_PROD_IMP_EXP_ID')) {
24
define("WF_PROD_IMP_EXP_ID", "wf_prod_imp_exp");
29
/**
30
* Check if WooCommerce is active
31
*/
32
+ if ( ! in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) { // deactive if woocommerce in not active
33
+ require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
34
+ deactivate_plugins( plugin_basename(__FILE__) );
35
+ }
36
//if (in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) {
37
38
if (!class_exists('WF_Product_Import_Export_CSV')) :
153
}
154
155
function webtoffee_storefrog_admin_notices() {
156
+ if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false) || !self::hf_user_permission()) {
157
return;
158
}
159
$screen = get_current_screen();
181
182
public function webtoffee_storefrog_notice_dismiss() {
183
184
+ if (!self::hf_user_permission()) {
185
wp_die(-1);
186
}
187
update_option('webtoffee_storefrog_admin_notices_dismissed', 1);
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.webtoffee.com/plugins/
4
Tags: woocommerce product import, woocommerce import products, woocommerce export products, export woocommerce products, import products into woocommerce ,product, export, import, woocommerce ,csv
5
Requires at least: 3.0.1
6
Tested up to: 5.3.2
7
- Stable tag: 1.7.4
8
License: GPLv3 or later
9
License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
@@ -153,6 +153,9 @@ By default, admin and store manager are given access to export orders from your
153
154
== Changelog ==
155
156
= 1.7.4 =
157
* Security fix.
158
4
Tags: woocommerce product import, woocommerce import products, woocommerce export products, export woocommerce products, import products into woocommerce ,product, export, import, woocommerce ,csv
5
Requires at least: 3.0.1
6
Tested up to: 5.3.2
7
+ Stable tag: 1.7.5
8
License: GPLv3 or later
9
License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
153
154
== Changelog ==
155
156
+ = 1.7.5 =
157
+ * [Improvement] Security
158
+
159
= 1.7.4 =
160
* Security fix.
161