Version Description
- [Improvement] Security
Download this release
Release Info
| Developer | webtoffee |
| Plugin |  Import Export WordPress Users and WooCommerce Customers |
| Version | 1.3.9 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.8 to 1.3.9
includes/class-wf-customerimpexpcsv-ajax-handler.php
CHANGED
|
@@ -16,11 +16,6 @@ class WF_CustomerImpExpCsv_AJAX_Handler {
|
|
| 16 |
* Ajax event for importing a CSV
|
| 17 |
*/
|
| 18 |
public function csv_customer_import_request() {
|
| 19 |
-
|
| 20 |
-
if (!wp_verify_nonce($_POST['nonce'], WF_CUSTOMER_IMP_EXP_ID) && !WF_Customer_Import_Export_CSV::hf_user_permission()) {
|
| 21 |
-
wp_die(__('Access Denied', 'users-customers-import-export-for-wp-woocommerce'));
|
| 22 |
-
}
|
| 23 |
-
|
| 24 |
define( 'WP_LOAD_IMPORTERS', true );
|
| 25 |
WF_CustomerImpExpCsv_Importer::customer_importer();
|
| 26 |
}
|
| 16 |
* Ajax event for importing a CSV
|
| 17 |
*/
|
| 18 |
public function csv_customer_import_request() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 19 |
define( 'WP_LOAD_IMPORTERS', true );
|
| 20 |
WF_CustomerImpExpCsv_Importer::customer_importer();
|
| 21 |
}
|
includes/importer/class-wf-customerimpexpcsv-customer-import.php
CHANGED
|
@@ -254,7 +254,14 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
| 254 |
echo '<p class="error">' . __('Error finding uploaded file!', 'users-customers-import-export-for-wp-woocommerce') . '</p>';
|
| 255 |
}
|
| 256 |
break;
|
| 257 |
-
case 3 :
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 258 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
| 259 |
|
| 260 |
if (function_exists('gc_enable'))
|
|
@@ -265,7 +272,6 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
| 265 |
@flush();
|
| 266 |
$wpdb->hide_errors();
|
| 267 |
|
| 268 |
-
$file = stripslashes($_POST['file']);
|
| 269 |
$start_pos = isset($_POST['start_pos']) ? absint($_POST['start_pos']) : 0;
|
| 270 |
$end_pos = isset($_POST['end_pos']) ? absint($_POST['end_pos']) : '';
|
| 271 |
|
|
@@ -276,13 +282,15 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
| 276 |
$results = array();
|
| 277 |
$results['import_results'] = $this->import_results;
|
| 278 |
$results['processed_posts'] = $this->processed_posts;
|
| 279 |
-
|
| 280 |
echo "<!--WC_START-->";
|
| 281 |
echo json_encode($results);
|
| 282 |
echo "<!--WC_END-->";
|
| 283 |
exit;
|
| 284 |
break;
|
| 285 |
case 4 :
|
|
|
|
|
|
|
|
|
|
| 286 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
| 287 |
if (function_exists('gc_enable'))
|
| 288 |
gc_enable();
|
|
@@ -293,7 +301,8 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
| 293 |
$wpdb->hide_errors();
|
| 294 |
|
| 295 |
$this->processed_posts = isset($_POST['processed_posts']) ? Wt_WUWCIEP_Security_helper::sanitize_item($_POST['processed_posts'], 'int_arr') : array();
|
| 296 |
-
|
|
|
|
| 297 |
_e('Step 1...', 'users-customers-import-export-for-wp-woocommerce') . ' ';
|
| 298 |
|
| 299 |
wp_defer_term_counting(true);
|
|
@@ -308,7 +317,10 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
| 308 |
// SUCCESS
|
| 309 |
_e('Finished. Import complete.', 'users-customers-import-export-for-wp-woocommerce');
|
| 310 |
|
| 311 |
-
$
|
|
|
|
|
|
|
|
|
|
| 312 |
exit;
|
| 313 |
break;
|
| 314 |
}
|
| 254 |
echo '<p class="error">' . __('Error finding uploaded file!', 'users-customers-import-export-for-wp-woocommerce') . '</p>';
|
| 255 |
}
|
| 256 |
break;
|
| 257 |
+
case 3 :
|
| 258 |
+
if (!wp_verify_nonce($_POST['nonce'], WF_CUSTOMER_IMP_EXP_ID) || !WF_Customer_Import_Export_CSV::hf_user_permission()) {
|
| 259 |
+
wp_die(__('Access Denied', 'users-customers-import-export-for-wp-woocommerce'));
|
| 260 |
+
}
|
| 261 |
+
$file = stripslashes( $_POST['file'] ); // Validating given path is valid path, not a URL
|
| 262 |
+
if (filter_var($file, FILTER_VALIDATE_URL)) {
|
| 263 |
+
die();
|
| 264 |
+
}
|
| 265 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
| 266 |
|
| 267 |
if (function_exists('gc_enable'))
|
| 272 |
@flush();
|
| 273 |
$wpdb->hide_errors();
|
| 274 |
|
|
|
|
| 275 |
$start_pos = isset($_POST['start_pos']) ? absint($_POST['start_pos']) : 0;
|
| 276 |
$end_pos = isset($_POST['end_pos']) ? absint($_POST['end_pos']) : '';
|
| 277 |
|
| 282 |
$results = array();
|
| 283 |
$results['import_results'] = $this->import_results;
|
| 284 |
$results['processed_posts'] = $this->processed_posts;
|
|
|
|
| 285 |
echo "<!--WC_START-->";
|
| 286 |
echo json_encode($results);
|
| 287 |
echo "<!--WC_END-->";
|
| 288 |
exit;
|
| 289 |
break;
|
| 290 |
case 4 :
|
| 291 |
+
if (!wp_verify_nonce($_POST['nonce'], WF_CUSTOMER_IMP_EXP_ID) || !WF_Customer_Import_Export_CSV::hf_user_permission()) {
|
| 292 |
+
wp_die(__('Access Denied', 'users-customers-import-export-for-wp-woocommerce'));
|
| 293 |
+
}
|
| 294 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
| 295 |
if (function_exists('gc_enable'))
|
| 296 |
gc_enable();
|
| 301 |
$wpdb->hide_errors();
|
| 302 |
|
| 303 |
$this->processed_posts = isset($_POST['processed_posts']) ? Wt_WUWCIEP_Security_helper::sanitize_item($_POST['processed_posts'], 'int_arr') : array();
|
| 304 |
+
$file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
|
| 305 |
+
|
| 306 |
_e('Step 1...', 'users-customers-import-export-for-wp-woocommerce') . ' ';
|
| 307 |
|
| 308 |
wp_defer_term_counting(true);
|
| 317 |
// SUCCESS
|
| 318 |
_e('Finished. Import complete.', 'users-customers-import-export-for-wp-woocommerce');
|
| 319 |
|
| 320 |
+
if(in_array(pathinfo($file, PATHINFO_EXTENSION),array('txt','csv'))){
|
| 321 |
+
unlink($file);
|
| 322 |
+
}
|
| 323 |
+
$this->import_end();
|
| 324 |
exit;
|
| 325 |
break;
|
| 326 |
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://www.webtoffee.com/plugins/
|
|
| 4 |
Tags: user import, user export, export customers, import customers, export users to csv, import users from csv, woocommerce export customers, export import users, woocommerce import customers, woocommerce export customer email
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Tested up to: 5.3.2
|
| 7 |
-
Stable tag: 1.3.
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
|
@@ -158,6 +158,8 @@ By default, admin and store manager are given access to export users. Please vis
|
|
| 158 |
|
| 159 |
== Changelog ==
|
| 160 |
|
|
|
|
|
|
|
| 161 |
= 1.3.8 =
|
| 162 |
* Security fix.
|
| 163 |
= 1.3.7 =
|
| 4 |
Tags: user import, user export, export customers, import customers, export users to csv, import users from csv, woocommerce export customers, export import users, woocommerce import customers, woocommerce export customer email
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Tested up to: 5.3.2
|
| 7 |
+
Stable tag: 1.3.9
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
| 158 |
|
| 159 |
== Changelog ==
|
| 160 |
|
| 161 |
+
= 1.3.9 =
|
| 162 |
+
* [Improvement] Security
|
| 163 |
= 1.3.8 =
|
| 164 |
* Security fix.
|
| 165 |
= 1.3.7 =
|
users-customers-import-export-for-wp-woocommerce.php
CHANGED
|
@@ -6,7 +6,7 @@
|
|
| 6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
| 7 |
Author: WebToffee
|
| 8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
| 9 |
-
Version: 1.3.
|
| 10 |
WC tested up to: 3.9.2
|
| 11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
| 12 |
License: GPLv3
|
|
@@ -36,7 +36,7 @@ if( !defined('WF_CUSTOMER_IMP_EXP_ID') )
|
|
| 36 |
|
| 37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
| 38 |
{
|
| 39 |
-
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.
|
| 40 |
}
|
| 41 |
|
| 42 |
|
|
@@ -172,7 +172,7 @@ if (!class_exists('WF_Customer_Import_Export_CSV')) :
|
|
| 172 |
|
| 173 |
function webtoffee_storefrog_admin_notices() {
|
| 174 |
|
| 175 |
-
if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false)) {
|
| 176 |
return;
|
| 177 |
}
|
| 178 |
$screen = get_current_screen();
|
|
@@ -200,7 +200,7 @@ if (!class_exists('WF_Customer_Import_Export_CSV')) :
|
|
| 200 |
|
| 201 |
function webtoffee_storefrog_notice_dismiss() {
|
| 202 |
|
| 203 |
-
if (
|
| 204 |
update_option('UEIPF_Webtoffee_storefrog_admin_notices_dismissed', 1);
|
| 205 |
wp_die();
|
| 206 |
}
|
| 6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
| 7 |
Author: WebToffee
|
| 8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
| 9 |
+
Version: 1.3.9
|
| 10 |
WC tested up to: 3.9.2
|
| 11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
| 12 |
License: GPLv3
|
| 36 |
|
| 37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
| 38 |
{
|
| 39 |
+
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.9");
|
| 40 |
}
|
| 41 |
|
| 42 |
|
| 172 |
|
| 173 |
function webtoffee_storefrog_admin_notices() {
|
| 174 |
|
| 175 |
+
if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false) || !self::hf_user_permission() ) {
|
| 176 |
return;
|
| 177 |
}
|
| 178 |
$screen = get_current_screen();
|
| 200 |
|
| 201 |
function webtoffee_storefrog_notice_dismiss() {
|
| 202 |
|
| 203 |
+
if (!self::hf_user_permission()) {
|
| 204 |
update_option('UEIPF_Webtoffee_storefrog_admin_notices_dismissed', 1);
|
| 205 |
wp_die();
|
| 206 |
}
|
