Version Description
- [Improvement] Security
Download this release
Release Info
Developer | webtoffee |
Plugin | Import Export WordPress Users and WooCommerce Customers |
Version | 1.3.9 |
Comparing to | |
See all releases |
Code changes from version 1.3.8 to 1.3.9
includes/class-wf-customerimpexpcsv-ajax-handler.php
CHANGED
@@ -16,11 +16,6 @@ class WF_CustomerImpExpCsv_AJAX_Handler {
|
|
16 |
* Ajax event for importing a CSV
|
17 |
*/
|
18 |
public function csv_customer_import_request() {
|
19 |
-
|
20 |
-
if (!wp_verify_nonce($_POST['nonce'], WF_CUSTOMER_IMP_EXP_ID) && !WF_Customer_Import_Export_CSV::hf_user_permission()) {
|
21 |
-
wp_die(__('Access Denied', 'users-customers-import-export-for-wp-woocommerce'));
|
22 |
-
}
|
23 |
-
|
24 |
define( 'WP_LOAD_IMPORTERS', true );
|
25 |
WF_CustomerImpExpCsv_Importer::customer_importer();
|
26 |
}
|
16 |
* Ajax event for importing a CSV
|
17 |
*/
|
18 |
public function csv_customer_import_request() {
|
|
|
|
|
|
|
|
|
|
|
19 |
define( 'WP_LOAD_IMPORTERS', true );
|
20 |
WF_CustomerImpExpCsv_Importer::customer_importer();
|
21 |
}
|
includes/importer/class-wf-customerimpexpcsv-customer-import.php
CHANGED
@@ -254,7 +254,14 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
254 |
echo '<p class="error">' . __('Error finding uploaded file!', 'users-customers-import-export-for-wp-woocommerce') . '</p>';
|
255 |
}
|
256 |
break;
|
257 |
-
case 3 :
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
258 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
259 |
|
260 |
if (function_exists('gc_enable'))
|
@@ -265,7 +272,6 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
265 |
@flush();
|
266 |
$wpdb->hide_errors();
|
267 |
|
268 |
-
$file = stripslashes($_POST['file']);
|
269 |
$start_pos = isset($_POST['start_pos']) ? absint($_POST['start_pos']) : 0;
|
270 |
$end_pos = isset($_POST['end_pos']) ? absint($_POST['end_pos']) : '';
|
271 |
|
@@ -276,13 +282,15 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
276 |
$results = array();
|
277 |
$results['import_results'] = $this->import_results;
|
278 |
$results['processed_posts'] = $this->processed_posts;
|
279 |
-
|
280 |
echo "<!--WC_START-->";
|
281 |
echo json_encode($results);
|
282 |
echo "<!--WC_END-->";
|
283 |
exit;
|
284 |
break;
|
285 |
case 4 :
|
|
|
|
|
|
|
286 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
287 |
if (function_exists('gc_enable'))
|
288 |
gc_enable();
|
@@ -293,7 +301,8 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
293 |
$wpdb->hide_errors();
|
294 |
|
295 |
$this->processed_posts = isset($_POST['processed_posts']) ? Wt_WUWCIEP_Security_helper::sanitize_item($_POST['processed_posts'], 'int_arr') : array();
|
296 |
-
|
|
|
297 |
_e('Step 1...', 'users-customers-import-export-for-wp-woocommerce') . ' ';
|
298 |
|
299 |
wp_defer_term_counting(true);
|
@@ -308,7 +317,10 @@ class WF_CustomerImpExpCsv_Customer_Import extends WP_Importer {
|
|
308 |
// SUCCESS
|
309 |
_e('Finished. Import complete.', 'users-customers-import-export-for-wp-woocommerce');
|
310 |
|
311 |
-
$
|
|
|
|
|
|
|
312 |
exit;
|
313 |
break;
|
314 |
}
|
254 |
echo '<p class="error">' . __('Error finding uploaded file!', 'users-customers-import-export-for-wp-woocommerce') . '</p>';
|
255 |
}
|
256 |
break;
|
257 |
+
case 3 :
|
258 |
+
if (!wp_verify_nonce($_POST['nonce'], WF_CUSTOMER_IMP_EXP_ID) || !WF_Customer_Import_Export_CSV::hf_user_permission()) {
|
259 |
+
wp_die(__('Access Denied', 'users-customers-import-export-for-wp-woocommerce'));
|
260 |
+
}
|
261 |
+
$file = stripslashes( $_POST['file'] ); // Validating given path is valid path, not a URL
|
262 |
+
if (filter_var($file, FILTER_VALIDATE_URL)) {
|
263 |
+
die();
|
264 |
+
}
|
265 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
266 |
|
267 |
if (function_exists('gc_enable'))
|
272 |
@flush();
|
273 |
$wpdb->hide_errors();
|
274 |
|
|
|
275 |
$start_pos = isset($_POST['start_pos']) ? absint($_POST['start_pos']) : 0;
|
276 |
$end_pos = isset($_POST['end_pos']) ? absint($_POST['end_pos']) : '';
|
277 |
|
282 |
$results = array();
|
283 |
$results['import_results'] = $this->import_results;
|
284 |
$results['processed_posts'] = $this->processed_posts;
|
|
|
285 |
echo "<!--WC_START-->";
|
286 |
echo json_encode($results);
|
287 |
echo "<!--WC_END-->";
|
288 |
exit;
|
289 |
break;
|
290 |
case 4 :
|
291 |
+
if (!wp_verify_nonce($_POST['nonce'], WF_CUSTOMER_IMP_EXP_ID) || !WF_Customer_Import_Export_CSV::hf_user_permission()) {
|
292 |
+
wp_die(__('Access Denied', 'users-customers-import-export-for-wp-woocommerce'));
|
293 |
+
}
|
294 |
add_filter('http_request_timeout', array($this, 'bump_request_timeout'));
|
295 |
if (function_exists('gc_enable'))
|
296 |
gc_enable();
|
301 |
$wpdb->hide_errors();
|
302 |
|
303 |
$this->processed_posts = isset($_POST['processed_posts']) ? Wt_WUWCIEP_Security_helper::sanitize_item($_POST['processed_posts'], 'int_arr') : array();
|
304 |
+
$file = isset($_POST['file']) ? stripslashes($_POST['file']) : '';
|
305 |
+
|
306 |
_e('Step 1...', 'users-customers-import-export-for-wp-woocommerce') . ' ';
|
307 |
|
308 |
wp_defer_term_counting(true);
|
317 |
// SUCCESS
|
318 |
_e('Finished. Import complete.', 'users-customers-import-export-for-wp-woocommerce');
|
319 |
|
320 |
+
if(in_array(pathinfo($file, PATHINFO_EXTENSION),array('txt','csv'))){
|
321 |
+
unlink($file);
|
322 |
+
}
|
323 |
+
$this->import_end();
|
324 |
exit;
|
325 |
break;
|
326 |
}
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.webtoffee.com/plugins/
|
|
4 |
Tags: user import, user export, export customers, import customers, export users to csv, import users from csv, woocommerce export customers, export import users, woocommerce import customers, woocommerce export customer email
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.3.2
|
7 |
-
Stable tag: 1.3.
|
8 |
License: GPLv3
|
9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
10 |
|
@@ -158,6 +158,8 @@ By default, admin and store manager are given access to export users. Please vis
|
|
158 |
|
159 |
== Changelog ==
|
160 |
|
|
|
|
|
161 |
= 1.3.8 =
|
162 |
* Security fix.
|
163 |
= 1.3.7 =
|
4 |
Tags: user import, user export, export customers, import customers, export users to csv, import users from csv, woocommerce export customers, export import users, woocommerce import customers, woocommerce export customer email
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.3.2
|
7 |
+
Stable tag: 1.3.9
|
8 |
License: GPLv3
|
9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
10 |
|
158 |
|
159 |
== Changelog ==
|
160 |
|
161 |
+
= 1.3.9 =
|
162 |
+
* [Improvement] Security
|
163 |
= 1.3.8 =
|
164 |
* Security fix.
|
165 |
= 1.3.7 =
|
users-customers-import-export-for-wp-woocommerce.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
7 |
Author: WebToffee
|
8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
9 |
-
Version: 1.3.
|
10 |
WC tested up to: 3.9.2
|
11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
12 |
License: GPLv3
|
@@ -36,7 +36,7 @@ if( !defined('WF_CUSTOMER_IMP_EXP_ID') )
|
|
36 |
|
37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
38 |
{
|
39 |
-
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.
|
40 |
}
|
41 |
|
42 |
|
@@ -172,7 +172,7 @@ if (!class_exists('WF_Customer_Import_Export_CSV')) :
|
|
172 |
|
173 |
function webtoffee_storefrog_admin_notices() {
|
174 |
|
175 |
-
if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false)) {
|
176 |
return;
|
177 |
}
|
178 |
$screen = get_current_screen();
|
@@ -200,7 +200,7 @@ if (!class_exists('WF_Customer_Import_Export_CSV')) :
|
|
200 |
|
201 |
function webtoffee_storefrog_notice_dismiss() {
|
202 |
|
203 |
-
if (
|
204 |
update_option('UEIPF_Webtoffee_storefrog_admin_notices_dismissed', 1);
|
205 |
wp_die();
|
206 |
}
|
6 |
Description: Export and Import User/Customers details From and To your WordPress/WooCommerce.
|
7 |
Author: WebToffee
|
8 |
Author URI: https://www.webtoffee.com/product/wordpress-users-woocommerce-customers-import-export/
|
9 |
+
Version: 1.3.9
|
10 |
WC tested up to: 3.9.2
|
11 |
Text Domain: users-customers-import-export-for-wp-woocommerce
|
12 |
License: GPLv3
|
36 |
|
37 |
if( !defined('WF_CUSTOMER_IMP_EXP_VERSION') )
|
38 |
{
|
39 |
+
define("WF_CUSTOMER_IMP_EXP_VERSION", "1.3.9");
|
40 |
}
|
41 |
|
42 |
|
172 |
|
173 |
function webtoffee_storefrog_admin_notices() {
|
174 |
|
175 |
+
if (apply_filters('webtoffee_storefrog_suppress_admin_notices', false) || !self::hf_user_permission() ) {
|
176 |
return;
|
177 |
}
|
178 |
$screen = get_current_screen();
|
200 |
|
201 |
function webtoffee_storefrog_notice_dismiss() {
|
202 |
|
203 |
+
if (!self::hf_user_permission()) {
|
204 |
update_option('UEIPF_Webtoffee_storefrog_admin_notices_dismissed', 1);
|
205 |
wp_die();
|
206 |
}
|