Version Description
- CSV Injection was fixed reported by one of our user (Javier Olmedo) CVE-2019-15092
Download this release
Release Info
| Developer | webtoffee |
| Plugin |  Import Export WordPress Users and WooCommerce Customers |
| Version | 1.3.2 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.1 to 1.3.2
includes/exporter/class-wf-customerimpexpcsv-exporter.php
CHANGED
|
@@ -73,7 +73,22 @@ class WF_CustomerImpExpCsv_Exporter {
|
|
| 73 |
exit;
|
| 74 |
}
|
| 75 |
|
| 76 |
-
public static function format_data($data) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 77 |
//if (!is_array($data));
|
| 78 |
//$data = (string) urldecode($data);
|
| 79 |
$enc = mb_detect_encoding($data, 'UTF-8, ISO-8859-1', true);
|
|
@@ -101,7 +116,7 @@ class WF_CustomerImpExpCsv_Exporter {
|
|
| 101 |
$user = get_user_by('id', $id);
|
| 102 |
$customer_data = array();
|
| 103 |
foreach ($csv_columns as $key) {
|
| 104 |
-
$customer_data[$key] = !empty($user->{$key}) ? maybe_serialize($user->{$key}) : '';
|
| 105 |
}
|
| 106 |
$user_roles = (!empty($user->roles)) ? $user->roles : array();
|
| 107 |
$customer_data['roles'] = implode(',', $user_roles);
|
| 73 |
exit;
|
| 74 |
}
|
| 75 |
|
| 76 |
+
public static function format_data($data, $key) {
|
| 77 |
+
|
| 78 |
+
switch ($key) {
|
| 79 |
+
case "user_login":
|
| 80 |
+
case "user_pass":
|
| 81 |
+
case "roles":
|
| 82 |
+
break;
|
| 83 |
+
default:
|
| 84 |
+
if(is_string($data) && in_array($data[0], array('=','+','-','@')) ){ // for avoid vulnerable to Remote Command Execution
|
| 85 |
+
$data = ' '.$data;
|
| 86 |
+
}
|
| 87 |
+
|
| 88 |
+
}
|
| 89 |
+
return $data;
|
| 90 |
+
|
| 91 |
+
|
| 92 |
//if (!is_array($data));
|
| 93 |
//$data = (string) urldecode($data);
|
| 94 |
$enc = mb_detect_encoding($data, 'UTF-8, ISO-8859-1', true);
|
| 116 |
$user = get_user_by('id', $id);
|
| 117 |
$customer_data = array();
|
| 118 |
foreach ($csv_columns as $key) {
|
| 119 |
+
$customer_data[$key] = !empty($user->{$key}) ? self::format_data(maybe_serialize($user->{$key}),$key) : '';
|
| 120 |
}
|
| 121 |
$user_roles = (!empty($user->roles)) ? $user->roles : array();
|
| 122 |
$customer_data['roles'] = implode(',', $user_roles);
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://www.webtoffee.com/plugins/
|
|
| 4 |
Tags: Export Users to CSV, Import Users from CSV, woocommerce export customers, user export, export import users, woocommerce import customers, woocommerce export customer email
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Tested up to: 5.2.2
|
| 7 |
-
Stable tag: 1.3.
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
|
@@ -152,6 +152,8 @@ By default, admin and store manager are given access to export users. Please vis
|
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
|
|
|
|
|
|
| 155 |
= 1.3.1 =
|
| 156 |
* Tested OK with WC 3.7.0
|
| 157 |
* Plugin update information hook added.
|
|
@@ -229,6 +231,5 @@ By default, admin and store manager are given access to export users. Please vis
|
|
| 229 |
|
| 230 |
== Upgrade Notice ==
|
| 231 |
|
| 232 |
-
= 1.3.
|
| 233 |
-
*
|
| 234 |
-
* Plugin update information hook added.
|
| 4 |
Tags: Export Users to CSV, Import Users from CSV, woocommerce export customers, user export, export import users, woocommerce import customers, woocommerce export customer email
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Tested up to: 5.2.2
|
| 7 |
+
Stable tag: 1.3.2
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
| 155 |
+
= 1.3.2 =
|
| 156 |
+
* CSV Injection was fixed – reported by one of our user (Javier Olmedo) CVE-2019-15092
|
| 157 |
= 1.3.1 =
|
| 158 |
* Tested OK with WC 3.7.0
|
| 159 |
* Plugin update information hook added.
|
| 231 |
|
| 232 |
== Upgrade Notice ==
|
| 233 |
|
| 234 |
+
= 1.3.2 =
|
| 235 |
+
* CSV Injection was fixed – reported by one of our user (Javier Olmedo) CVE-2019-15092
|
|
|
users-customers-import-export-for-wp-woocommerce.php
CHANGED
|
@@ -6,7 +6,7 @@
|
|
| 6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
| 7 |
Author: WebToffee
|
| 8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
| 9 |
-
Version: 1.3.
|
| 10 |
WC tested up to: 3.7.0
|
| 11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
| 12 |
License: GPLv3
|
|
@@ -36,7 +36,7 @@ if( !defined('WF_CUSTOMER_IMP_EXP_ID') )
|
|
| 36 |
|
| 37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
| 38 |
{
|
| 39 |
-
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.
|
| 40 |
}
|
| 41 |
|
| 42 |
|
| 6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
| 7 |
Author: WebToffee
|
| 8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
| 9 |
+
Version: 1.3.2
|
| 10 |
WC tested up to: 3.7.0
|
| 11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
| 12 |
License: GPLv3
|
| 36 |
|
| 37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
| 38 |
{
|
| 39 |
+
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.2");
|
| 40 |
}
|
| 41 |
|
| 42 |
|
