PluginProbe ʕ •ᴥ•ʔ
WooCommerce / 10.9.3
WooCommerce v10.9.3
10.9.4 10.9.3 10.9.2 10.9.1 10.9.0 10.9.0-rc.1 10.9.0-beta.2 10.9.0-beta.1 10.8.1 10.8.0 10.8.0-rc.1 10.8.0-beta.2 10.8.0-beta.1 7.8.0-beta.1 7.8.0-beta.2 7.8.0-rc.1 7.8.0-rc.2 7.8.1 7.8.2 7.8.3 7.8.4 7.9.0 7.9.0-beta.1 7.9.0-beta.2 7.9.0-rc.2 7.9.0-rc.3 7.9.1 7.9.2 8.0.0 8.0.0-beta.1 8.0.0-beta.2 8.0.0-rc.1 8.0.0-rc.2 8.0.1 8.0.2 8.0.3 8.0.4 8.0.5 8.1.0 8.1.0-beta.1 8.1.0-rc.1 8.1.0-rc.2 8.1.1 8.1.2 8.1.3 8.1.4 8.2.0 8.2.0-beta.1 8.2.0-rc.1 8.2.0-rc.2 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.3.0 8.3.0-beta.1 8.3.0-rc.1 8.3.0-rc.2 8.3.1 8.3.2 8.3.3 8.3.4 8.4.0 8.4.0-beta.1 8.4.0-rc.1 8.4.1 8.4.2 8.4.3 8.5.0 8.5.0-beta.1 8.5.0-rc.1 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5 8.6.0 8.6.0-beta.1 8.6.0-rc.1 8.6.1 8.6.2 8.6.3 8.6.4 8.7.0 8.7.0-beta.1 8.7.0-beta.2 8.7.0-rc.1 8.7.1 8.7.2 8.7.3 8.8.0 8.8.0-beta.1 8.8.0-rc.1 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.8.6 8.8.7 8.9.0 8.9.0-beta.1 8.9.0-rc.1 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 9.0.0 9.0.0-beta.1 9.0.0-beta.2 9.0.0-rc.1 9.0.1 9.0.2 9.0.3 9.0.4 9.1.0 9.1.0-beta.1 9.1.0-rc.1 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.1.6 9.2.0 9.2.0-beta.1 9.2.0-rc.1 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.3.0 9.3.0-beta.1 9.3.0-rc.1 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.4.0 9.4.0-beta.1 9.4.0-beta.2 9.4.0-rc.1 9.4.0-rc.2 9.4.0-rc.3 9.4.0-rc.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.5.0 9.5.0-beta.1 9.5.0-beta.2 9.5.0-rc.1 9.5.1 9.5.2 9.5.3 9.5.4 9.6.0 9.6.0-beta.1 9.6.0-beta.2 9.6.0-rc.1 9.6.1 9.6.2 9.6.3 9.6.4 9.7.0 9.7.0-beta.1 9.7.0-rc.1 9.7.1 9.7.2 9.7.3 9.8.0 9.8.0-beta.1 9.8.0-rc.1 9.8.1 9.8.2 9.8.3 9.8.4 9.8.5 9.8.6 9.8.7 9.9.0 9.9.0-beta.1 9.9.0-rc.1 9.9.1 9.9.2 9.9.3 9.9.4 9.9.5 9.9.6 9.9.7 3.7.3 7.1.2 3.8.0 7.2.0 3.8.0-beta.1 7.2.0-beta.1 3.8.0-rc.1 7.2.0-beta.2 3.8.0-rc.2 7.2.0-rc.1 3.8.1 7.2.0-rc.2 3.8.2 7.2.1 3.8.3 7.2.2 3.9.0 7.2.3 3.9.0-beta.1 7.2.4 3.9.0-beta.2 7.3.0 3.9.0-rc.1 7.3.0-beta.1 3.9.0-rc.2 7.3.0-beta.2 3.9.0-rc.3 7.3.0-rc.1 3.9.0-rc.4 7.3.0-rc.2 3.9.1 7.3.1 3.9.2 7.4.0 3.9.3 7.4.0-beta.1 3.9.4 7.4.0-beta.2 3.9.5 7.4.0-rc.1 4.0.0 7.4.0-rc.2 4.0.0-beta.1 7.4.1 4.0.0-rc.1 7.4.2 4.0.0-rc.2 7.5.0 4.0.1 7.5.0-beta.1 4.0.2 7.5.0-beta.2 4.0.3 7.5.0-rc.1 4.0.4 7.5.1 4.1.0 7.5.2 4.1.0-beta.1 7.6.0 4.1.0-beta.2 7.6.0-beta.1 4.1.0-rc.1 7.6.0-beta.2 4.1.0-rc.2 7.6.0-rc.1 4.1.1 7.6.0-rc.2 4.1.2 7.6.0-rc.3 4.1.3 7.6.1 4.1.4 7.6.2 4.2.0 7.7.0 4.2.0-RC.1 7.7.0-beta.1 4.2.0-RC.2 7.7.0-beta.2 4.2.0-beta.1 7.7.0-rc.1 4.2.1 7.7.1 4.2.2 7.7.2 4.2.3 7.7.3 4.2.4 7.8.0 4.2.5 4.3.0 4.3.0-beta.1 4.3.0-rc.1 4.3.0-rc.2 4.3.0-rc.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.4.0 4.4.0-beta.1 4.4.0-rc.1 4.4.1 4.4.2 4.4.3 4.4.4 4.5.0 4.5.0-beta.1 4.5.0-rc.1 4.5.0-rc.3 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.6.0-beta.1 4.6.0-rc.1 4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.7.0 4.7.0-beta.1 4.7.0-beta.2 4.7.0-rc.1 4.7.1 4.7.1-beta.1 4.7.2 4.7.3 4.7.4 4.8.0 4.8.0-beta.1 4.8.0-rc.1 4.8.0-rc.2 4.8.1 4.8.2 4.8.3 4.9.0 4.9.0-beta.1 4.9.0-rc.1 4.9.0-rc.2 4.9.1 4.9.2 4.9.3 4.9.4 4.9.5 5.0.0 5.0.0-beta.1 5.0.0-beta.2 5.0.0-rc.1 5.0.0-rc.2 5.0.0-rc.3 5.0.1 5.0.2 5.0.3 5.1.0 5.1.0-beta.1 5.1.0-rc.1 trunk 5.1.1 10.0.0 5.1.2 10.0.0-rc.1 5.1.3 10.0.0-rc.2 5.2.0 10.0.1 5.2.0-beta.1 10.0.2 5.2.0-rc.1 10.0.3 5.2.0-rc.2 10.0.4 5.2.1 10.0.5 5.2.2 10.0.6 5.2.3 10.1.0 5.2.4 10.1.0-rc.1 5.2.5 10.1.0-rc.2 5.3.0 10.1.0-rc.3 5.3.0-beta.1 10.1.0-rc.4 5.3.0-rc.1 10.1.1 5.3.0-rc.2 10.1.2 5.3.1 10.1.3 5.3.2 10.1.4 5.3.3 10.2.0 5.4.0 10.2.0-beta.1 5.4.0-beta.1 10.2.0-beta.2 5.4.0-rc.1 10.2.0-rc.1 5.4.1 10.2.1 5.4.2 10.2.2 5.4.3 10.2.3 5.4.4 10.2.4 5.4.5 10.3.0 5.5.0 10.3.0-beta.1 5.5.0-beta.1 10.3.0-beta.2 5.5.0-rc.1 10.3.0-rc.1 5.5.0-rc.2 10.3.0-rc.2 5.5.1 10.3.1 5.5.2 10.3.2 5.5.3 10.3.3 5.5.4 10.3.4 5.5.5 10.3.5 5.6.0 10.3.6 5.6.0-beta.1 10.3.7 5.6.0-rc.1 10.3.8 5.6.0-rc.2 10.4.0 5.6.1 10.4.0-beta.1 5.6.2 10.4.0-beta.2 5.6.3 10.4.0-rc.1 5.7.0 10.4.1 5.7.0-beta.1 10.4.2 5.7.0-rc.1 10.4.3 5.7.1 10.4.4 5.7.2 10.5.0 5.7.3 10.5.0-beta.1 5.8.0 10.5.0-beta.2 5.8.0-beta.1 10.5.0-rc.1 5.8.0-beta.2 10.5.0-rc.2 5.8.0-rc.1 10.5.0-rc.3 5.8.1 10.5.1 5.8.2 10.5.2 5.9.0 10.5.3 5.9.0-beta.1 10.6.0 5.9.0-rc.1 10.6.0-beta.1 5.9.0-rc.2 10.6.0-beta.2 5.9.1 10.6.0-rc.1 5.9.2 10.6.1 6.0.0 10.6.2 6.0.0-beta.1 10.7.0 6.0.0-rc.1 10.7.0-beta.1 6.0.1 10.7.0-beta.2 6.0.2 10.7.0-rc.1 6.1.0 3.0.0 6.1.0-beta.1 3.0.1 6.1.0-rc.1 3.0.2 6.1.0-rc.2 3.0.3 6.1.1 3.0.4 6.1.2 3.0.5 6.1.3 3.0.6 6.2.0 3.0.7 6.2.0-beta.1 3.0.8 6.2.0-rc.1 3.0.9 6.2.0-rc.2 3.1.0 6.2.1 3.1.1 6.2.2 3.1.2 6.2.3 3.2.0 6.3.0 3.2.1 6.3.0-beta.1 3.2.2 6.3.0-rc.1 3.2.3 6.3.0-rc.2 3.2.4 6.3.1 3.2.5 6.3.2 3.2.6 6.4.0 3.3.0 6.4.0-beta.1 3.3.1 6.4.0-rc.1 3.3.2 6.4.1 3.3.2-rc.1 6.4.2 3.3.3 6.5.0 3.3.4 6.5.0-beta.1 3.3.5 6.5.0-rc.1 3.3.6 6.5.0-rc.2 3.4.0 6.5.1 3.4.0-beta.1 6.5.2 3.4.0-rc.2 6.6.0 3.4.1 6.6.0-beta.1 3.4.2 6.6.0-rc.1 3.4.3 6.6.0-rc.2 3.4.4 6.6.1 3.4.5 6.6.2 3.4.6 6.7.0 3.4.7 6.7.0-beta.1 3.4.8 6.7.0-beta.2 3.5.0 6.7.0-rc.1 3.5.0-beta.1 6.7.1 3.5.0-rc.1 6.8.0 3.5.0-rc.2 6.8.0-beta.1 3.5.1 6.8.0-beta.2 3.5.10 6.8.0-rc.1 3.5.2 6.8.1 3.5.3 6.8.2 3.5.4 6.8.3 3.5.5 6.9.0 3.5.6 6.9.0-beta.1 3.5.7 6.9.0-beta.2 3.5.8 6.9.0-rc.1 3.5.9 6.9.1 3.6.0 6.9.2 3.6.0-beta.1 6.9.3 3.6.0-rc.1 6.9.4 3.6.0-rc.2 6.9.5 3.6.0-rc.3 7.0.0 3.6.1 7.0.0-beta.1 3.6.2 7.0.0-beta.2 3.6.3 7.0.0-beta.3 3.6.4 7.0.0-rc.1 3.6.5 7.0.0-rc.2 3.6.6 7.0.1 3.6.7 7.0.2 3.7.0 7.1.0 3.7.0-beta.1 7.1.0-beta.1 3.7.0-rc.1 7.1.0-beta.2 3.7.0-rc.2 7.1.0-rc.1 3.7.1 7.1.0-rc.2 3.7.2 7.1.1
woocommerce / src / Internal / Admin / ImportExport / CSVUploadHelper.php
woocommerce / src / Internal / Admin / ImportExport Last commit date
CSVUploadHelper.php 1 year ago
CSVUploadHelper.php
211 lines
1 <?php
2 declare( strict_types = 1 );
3
4 namespace Automattic\WooCommerce\Internal\Admin\ImportExport;
5
6 use Automattic\WooCommerce\Internal\Utilities\FilesystemUtil;
7
8 /**
9 * Helper for CSV import functionality.
10 *
11 * @since 9.3.0
12 */
13 class CSVUploadHelper {
14
15 /**
16 * Name (inside the uploads folder) to use for the CSV import directory.
17 *
18 * @return string
19 */
20 protected function get_import_subdir_name(): string {
21 return 'wc-imports';
22 }
23
24 /**
25 * Returns the full path to the CSV import directory within the uploads folder.
26 * It will attempt to create the directory if it doesn't exist.
27 *
28 * @param bool $create TRUE to attempt to create the directory. FALSE otherwise.
29 * @return string
30 * @throws \Exception In case the upload directory doesn't exits or can't be created.
31 */
32 public function get_import_dir( bool $create = true ): string {
33 $wp_upload_dir = wp_upload_dir( null, $create );
34 if ( $wp_upload_dir['error'] ) {
35 throw new \Exception( esc_html( $wp_upload_dir['error'] ) );
36 }
37
38 $upload_dir = trailingslashit( $wp_upload_dir['basedir'] ) . $this->get_import_subdir_name();
39 if ( $create ) {
40 FilesystemUtil::mkdir_p_not_indexable( $upload_dir );
41 }
42 return $upload_dir;
43 }
44
45 /**
46 * Handles a CSV file upload.
47 *
48 * @param string $import_type Type of upload or context.
49 * @param string $files_index $_FILES index that contains the file to upload.
50 * @param array|null $allowed_mime_types List of allowed MIME types.
51 * @return array {
52 * Details for the uploaded file.
53 *
54 * @type int $id Attachment ID.
55 * @type string $file Full path to uploaded file.
56 * }
57 *
58 * @throws \Exception In case of error.
59 */
60 public function handle_csv_upload( string $import_type, string $files_index = 'import', ?array $allowed_mime_types = null ): array {
61 $import_type = sanitize_key( $import_type );
62 if ( ! $import_type ) {
63 throw new \Exception( 'Import type is invalid.' );
64 }
65
66 if ( ! $allowed_mime_types ) {
67 $allowed_mime_types = array(
68 'csv' => 'text/csv',
69 'txt' => 'text/plain',
70 );
71 }
72
73 $file = $_FILES[ $files_index ] ?? null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.NonceVerification.Missing
74 if ( ! isset( $file['tmp_name'] ) || ! is_uploaded_file( $file['tmp_name'] ) ) {
75 throw new \Exception( esc_html__( 'File is empty. Please upload something more substantial. This error could also be caused by uploads being disabled in your php.ini or by post_max_size being defined as smaller than upload_max_filesize in php.ini.', 'woocommerce' ) );
76 }
77
78 if ( ! function_exists( 'wp_import_handle_upload' ) ) {
79 require_once ABSPATH . 'wp-admin/includes/import.php';
80 }
81
82 // Make sure upload dir exists.
83 $this->get_import_dir();
84
85 // Add prefix.
86 $file['name'] = $import_type . '-' . $file['name'];
87
88 $overrides_callback = function ( $overrides_ ) use ( $allowed_mime_types ) {
89 $overrides_['test_form'] = false;
90 $overrides_['test_type'] = true;
91 $overrides_['mimes'] = $allowed_mime_types;
92 return $overrides_;
93 };
94
95 add_filter( 'upload_dir', array( $this, 'override_upload_dir' ) );
96 add_filter( 'wp_unique_filename', array( $this, 'override_unique_filename' ), 0, 2 );
97 add_filter( 'wp_handle_upload_overrides', $overrides_callback, 999 );
98 add_filter( 'wp_handle_upload_prefilter', array( $this, 'remove_txt_from_uploaded_file' ), 0 );
99 add_filter( 'wp_check_filetype_and_ext', array( $this, 'filter_woocommerce_check_filetype_for_csv' ), 10, 5 );
100
101 $orig_files_import = $_FILES['import'] ?? null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.NonceVerification.Missing
102 $_FILES['import'] = $file; // wp_import_handle_upload() expects the file to be in 'import'.
103
104 $upload = wp_import_handle_upload();
105
106 remove_filter( 'upload_dir', array( $this, 'override_upload_dir' ) );
107 remove_filter( 'wp_unique_filename', array( $this, 'override_unique_filename' ), 0 );
108 remove_filter( 'wp_handle_upload_overrides', $overrides_callback, 999 );
109 remove_filter( 'wp_handle_upload_prefilter', array( $this, 'remove_txt_from_uploaded_file' ), 0 );
110 remove_filter( 'wp_check_filetype_and_ext', array( $this, 'filter_woocommerce_check_filetype_for_csv' ), 10 );
111
112 if ( $orig_files_import ) {
113 $_FILES['import'] = $orig_files_import;
114 } else {
115 unset( $_FILES['import'] );
116 }
117
118 if ( ! empty( $upload['error'] ) ) {
119 throw new \Exception( esc_html( $upload['error'] ) );
120 }
121
122 if ( ! wc_is_file_valid_csv( $upload['file'], false ) ) {
123 wp_delete_attachment( $file['id'], true );
124 throw new \Exception( esc_html__( 'Invalid file type for a CSV import.', 'woocommerce' ) );
125 }
126
127 return $upload;
128 }
129
130 /**
131 * Hooked onto 'upload_dir' to override the default upload directory for a CSV upload.
132 *
133 * @param array $uploads WP upload dir details.
134 * @return array
135 *
136 * @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed.
137 */
138 public function override_upload_dir( $uploads ): array {
139 $new_subdir = '/' . $this->get_import_subdir_name();
140
141 $uploads['path'] = $uploads['basedir'] . $new_subdir;
142 $uploads['url'] = $uploads['baseurl'] . $new_subdir;
143 $uploads['subdir'] = $new_subdir;
144
145 return $uploads;
146 }
147
148 /**
149 * Adds a random string to the name of an uploaded CSV file to make it less discoverable. Hooked onto 'wp_unique_filename'.
150 *
151 * @param string $filename File name.
152 * @param string $ext File extension.
153 * @return string
154 *
155 * @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed.
156 */
157 public function override_unique_filename( string $filename, string $ext ): string {
158 $length = min( 10, 255 - strlen( $filename ) - 1 );
159 if ( 1 < $length ) {
160 $suffix = strtolower( wp_generate_password( $length, false, false ) );
161 $filename = substr( $filename, 0, strlen( $filename ) - strlen( $ext ) ) . '-' . $suffix . $ext;
162 }
163
164 return $filename;
165 }
166
167 /**
168 * `wp_import_handle_upload()` appends .txt to any file name. This function is hooked onto 'wp_handle_upload_prefilter'
169 * to remove those extra characters.
170 *
171 * @param array $file File details in the form of a $_FILES entry.
172 * @return array Modified file details.
173 *
174 * @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed.
175 */
176 public function remove_txt_from_uploaded_file( array $file ): array {
177 $file['name'] = substr( $file['name'], 0, -4 );
178 return $file;
179 }
180
181 /**
182 * Filters the WordPress determination of a file's type and extension, specifically to correct
183 * CSV files that are misidentified as 'text/html'.
184 *
185 * @param array $data An array of file data: ['ext'] (string), ['type'] (string), ['proper_filename'] (string|false).
186 * @param string $file Full path to the file.
187 * @param string $filename The Mime type of the file.
188 * @param array $mimes Array of mime types.
189 * @param string $real_mime The actual mime type or empty string.
190 * @return array Filtered file data.
191 */
192 public function filter_woocommerce_check_filetype_for_csv( $data, $file, $filename, $mimes, $real_mime ) {
193 // Check if the file was misidentified as 'text/html' by PHP.
194 if ( 'text/html' === $real_mime ) {
195 // Determine the expected file type based on the filename extension.
196 // $mimes here is the context-specific list of mimes for the current upload.
197 $filename_check = wp_check_filetype( $filename, $mimes );
198
199 $file_ext = $filename_check['ext'];
200 $file_type = $filename_check['type'];
201
202 if ( ( 'csv' === $file_ext && 'text/csv' === $file_type ) ) {
203 $data['ext'] = 'csv';
204 $data['type'] = 'text/csv';
205 }
206 }
207
208 return $data;
209 }
210 }
211