Version Description
- CSV Injection was fixed reported by one of our user (Javier Olmedo) CVE-2019-15092
Download this release
Release Info
Developer | webtoffee |
Plugin | Import Export WordPress Users and WooCommerce Customers |
Version | 1.3.2 |
Comparing to | |
See all releases |
Code changes from version 1.3.1 to 1.3.2
includes/exporter/class-wf-customerimpexpcsv-exporter.php
CHANGED
@@ -73,7 +73,22 @@ class WF_CustomerImpExpCsv_Exporter {
|
|
73 |
exit;
|
74 |
}
|
75 |
|
76 |
-
public static function format_data($data) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
77 |
//if (!is_array($data));
|
78 |
//$data = (string) urldecode($data);
|
79 |
$enc = mb_detect_encoding($data, 'UTF-8, ISO-8859-1', true);
|
@@ -101,7 +116,7 @@ class WF_CustomerImpExpCsv_Exporter {
|
|
101 |
$user = get_user_by('id', $id);
|
102 |
$customer_data = array();
|
103 |
foreach ($csv_columns as $key) {
|
104 |
-
$customer_data[$key] = !empty($user->{$key}) ? maybe_serialize($user->{$key}) : '';
|
105 |
}
|
106 |
$user_roles = (!empty($user->roles)) ? $user->roles : array();
|
107 |
$customer_data['roles'] = implode(',', $user_roles);
|
73 |
exit;
|
74 |
}
|
75 |
|
76 |
+
public static function format_data($data, $key) {
|
77 |
+
|
78 |
+
switch ($key) {
|
79 |
+
case "user_login":
|
80 |
+
case "user_pass":
|
81 |
+
case "roles":
|
82 |
+
break;
|
83 |
+
default:
|
84 |
+
if(is_string($data) && in_array($data[0], array('=','+','-','@')) ){ // for avoid vulnerable to Remote Command Execution
|
85 |
+
$data = ' '.$data;
|
86 |
+
}
|
87 |
+
|
88 |
+
}
|
89 |
+
return $data;
|
90 |
+
|
91 |
+
|
92 |
//if (!is_array($data));
|
93 |
//$data = (string) urldecode($data);
|
94 |
$enc = mb_detect_encoding($data, 'UTF-8, ISO-8859-1', true);
|
116 |
$user = get_user_by('id', $id);
|
117 |
$customer_data = array();
|
118 |
foreach ($csv_columns as $key) {
|
119 |
+
$customer_data[$key] = !empty($user->{$key}) ? self::format_data(maybe_serialize($user->{$key}),$key) : '';
|
120 |
}
|
121 |
$user_roles = (!empty($user->roles)) ? $user->roles : array();
|
122 |
$customer_data['roles'] = implode(',', $user_roles);
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.webtoffee.com/plugins/
|
|
4 |
Tags: Export Users to CSV, Import Users from CSV, woocommerce export customers, user export, export import users, woocommerce import customers, woocommerce export customer email
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.2.2
|
7 |
-
Stable tag: 1.3.
|
8 |
License: GPLv3
|
9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
10 |
|
@@ -152,6 +152,8 @@ By default, admin and store manager are given access to export users. Please vis
|
|
152 |
|
153 |
== Changelog ==
|
154 |
|
|
|
|
|
155 |
= 1.3.1 =
|
156 |
* Tested OK with WC 3.7.0
|
157 |
* Plugin update information hook added.
|
@@ -229,6 +231,5 @@ By default, admin and store manager are given access to export users. Please vis
|
|
229 |
|
230 |
== Upgrade Notice ==
|
231 |
|
232 |
-
= 1.3.
|
233 |
-
*
|
234 |
-
* Plugin update information hook added.
|
4 |
Tags: Export Users to CSV, Import Users from CSV, woocommerce export customers, user export, export import users, woocommerce import customers, woocommerce export customer email
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.2.2
|
7 |
+
Stable tag: 1.3.2
|
8 |
License: GPLv3
|
9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
10 |
|
152 |
|
153 |
== Changelog ==
|
154 |
|
155 |
+
= 1.3.2 =
|
156 |
+
* CSV Injection was fixed – reported by one of our user (Javier Olmedo) CVE-2019-15092
|
157 |
= 1.3.1 =
|
158 |
* Tested OK with WC 3.7.0
|
159 |
* Plugin update information hook added.
|
231 |
|
232 |
== Upgrade Notice ==
|
233 |
|
234 |
+
= 1.3.2 =
|
235 |
+
* CSV Injection was fixed – reported by one of our user (Javier Olmedo) CVE-2019-15092
|
|
users-customers-import-export-for-wp-woocommerce.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
7 |
Author: WebToffee
|
8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
9 |
-
Version: 1.3.
|
10 |
WC tested up to: 3.7.0
|
11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
12 |
License: GPLv3
|
@@ -36,7 +36,7 @@ if( !defined('WF_CUSTOMER_IMP_EXP_ID') )
|
|
36 |
|
37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
38 |
{
|
39 |
-
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.
|
40 |
}
|
41 |
|
42 |
|
6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
7 |
Author: WebToffee
|
8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
9 |
+
Version: 1.3.2
|
10 |
WC tested up to: 3.7.0
|
11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
12 |
License: GPLv3
|
36 |
|
37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
38 |
{
|
39 |
+
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.2");
|
40 |
}
|
41 |
|
42 |
|