CSVUploadHelper.php
211 lines
| 1 | <?php |
| 2 | declare( strict_types = 1 ); |
| 3 | |
| 4 | namespace Automattic\WooCommerce\Internal\Admin\ImportExport; |
| 5 | |
| 6 | use Automattic\WooCommerce\Internal\Utilities\FilesystemUtil; |
| 7 | |
| 8 | /** |
| 9 | * Helper for CSV import functionality. |
| 10 | * |
| 11 | * @since 9.3.0 |
| 12 | */ |
| 13 | class CSVUploadHelper { |
| 14 | |
| 15 | /** |
| 16 | * Name (inside the uploads folder) to use for the CSV import directory. |
| 17 | * |
| 18 | * @return string |
| 19 | */ |
| 20 | protected function get_import_subdir_name(): string { |
| 21 | return 'wc-imports'; |
| 22 | } |
| 23 | |
| 24 | /** |
| 25 | * Returns the full path to the CSV import directory within the uploads folder. |
| 26 | * It will attempt to create the directory if it doesn't exist. |
| 27 | * |
| 28 | * @param bool $create TRUE to attempt to create the directory. FALSE otherwise. |
| 29 | * @return string |
| 30 | * @throws \Exception In case the upload directory doesn't exits or can't be created. |
| 31 | */ |
| 32 | public function get_import_dir( bool $create = true ): string { |
| 33 | $wp_upload_dir = wp_upload_dir( null, $create ); |
| 34 | if ( $wp_upload_dir['error'] ) { |
| 35 | throw new \Exception( esc_html( $wp_upload_dir['error'] ) ); |
| 36 | } |
| 37 | |
| 38 | $upload_dir = trailingslashit( $wp_upload_dir['basedir'] ) . $this->get_import_subdir_name(); |
| 39 | if ( $create ) { |
| 40 | FilesystemUtil::mkdir_p_not_indexable( $upload_dir ); |
| 41 | } |
| 42 | return $upload_dir; |
| 43 | } |
| 44 | |
| 45 | /** |
| 46 | * Handles a CSV file upload. |
| 47 | * |
| 48 | * @param string $import_type Type of upload or context. |
| 49 | * @param string $files_index $_FILES index that contains the file to upload. |
| 50 | * @param array|null $allowed_mime_types List of allowed MIME types. |
| 51 | * @return array { |
| 52 | * Details for the uploaded file. |
| 53 | * |
| 54 | * @type int $id Attachment ID. |
| 55 | * @type string $file Full path to uploaded file. |
| 56 | * } |
| 57 | * |
| 58 | * @throws \Exception In case of error. |
| 59 | */ |
| 60 | public function handle_csv_upload( string $import_type, string $files_index = 'import', ?array $allowed_mime_types = null ): array { |
| 61 | $import_type = sanitize_key( $import_type ); |
| 62 | if ( ! $import_type ) { |
| 63 | throw new \Exception( 'Import type is invalid.' ); |
| 64 | } |
| 65 | |
| 66 | if ( ! $allowed_mime_types ) { |
| 67 | $allowed_mime_types = array( |
| 68 | 'csv' => 'text/csv', |
| 69 | 'txt' => 'text/plain', |
| 70 | ); |
| 71 | } |
| 72 | |
| 73 | $file = $_FILES[ $files_index ] ?? null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.NonceVerification.Missing |
| 74 | if ( ! isset( $file['tmp_name'] ) || ! is_uploaded_file( $file['tmp_name'] ) ) { |
| 75 | throw new \Exception( esc_html__( 'File is empty. Please upload something more substantial. This error could also be caused by uploads being disabled in your php.ini or by post_max_size being defined as smaller than upload_max_filesize in php.ini.', 'woocommerce' ) ); |
| 76 | } |
| 77 | |
| 78 | if ( ! function_exists( 'wp_import_handle_upload' ) ) { |
| 79 | require_once ABSPATH . 'wp-admin/includes/import.php'; |
| 80 | } |
| 81 | |
| 82 | // Make sure upload dir exists. |
| 83 | $this->get_import_dir(); |
| 84 | |
| 85 | // Add prefix. |
| 86 | $file['name'] = $import_type . '-' . $file['name']; |
| 87 | |
| 88 | $overrides_callback = function ( $overrides_ ) use ( $allowed_mime_types ) { |
| 89 | $overrides_['test_form'] = false; |
| 90 | $overrides_['test_type'] = true; |
| 91 | $overrides_['mimes'] = $allowed_mime_types; |
| 92 | return $overrides_; |
| 93 | }; |
| 94 | |
| 95 | add_filter( 'upload_dir', array( $this, 'override_upload_dir' ) ); |
| 96 | add_filter( 'wp_unique_filename', array( $this, 'override_unique_filename' ), 0, 2 ); |
| 97 | add_filter( 'wp_handle_upload_overrides', $overrides_callback, 999 ); |
| 98 | add_filter( 'wp_handle_upload_prefilter', array( $this, 'remove_txt_from_uploaded_file' ), 0 ); |
| 99 | add_filter( 'wp_check_filetype_and_ext', array( $this, 'filter_woocommerce_check_filetype_for_csv' ), 10, 5 ); |
| 100 | |
| 101 | $orig_files_import = $_FILES['import'] ?? null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.NonceVerification.Missing |
| 102 | $_FILES['import'] = $file; // wp_import_handle_upload() expects the file to be in 'import'. |
| 103 | |
| 104 | $upload = wp_import_handle_upload(); |
| 105 | |
| 106 | remove_filter( 'upload_dir', array( $this, 'override_upload_dir' ) ); |
| 107 | remove_filter( 'wp_unique_filename', array( $this, 'override_unique_filename' ), 0 ); |
| 108 | remove_filter( 'wp_handle_upload_overrides', $overrides_callback, 999 ); |
| 109 | remove_filter( 'wp_handle_upload_prefilter', array( $this, 'remove_txt_from_uploaded_file' ), 0 ); |
| 110 | remove_filter( 'wp_check_filetype_and_ext', array( $this, 'filter_woocommerce_check_filetype_for_csv' ), 10 ); |
| 111 | |
| 112 | if ( $orig_files_import ) { |
| 113 | $_FILES['import'] = $orig_files_import; |
| 114 | } else { |
| 115 | unset( $_FILES['import'] ); |
| 116 | } |
| 117 | |
| 118 | if ( ! empty( $upload['error'] ) ) { |
| 119 | throw new \Exception( esc_html( $upload['error'] ) ); |
| 120 | } |
| 121 | |
| 122 | if ( ! wc_is_file_valid_csv( $upload['file'], false ) ) { |
| 123 | wp_delete_attachment( $file['id'], true ); |
| 124 | throw new \Exception( esc_html__( 'Invalid file type for a CSV import.', 'woocommerce' ) ); |
| 125 | } |
| 126 | |
| 127 | return $upload; |
| 128 | } |
| 129 | |
| 130 | /** |
| 131 | * Hooked onto 'upload_dir' to override the default upload directory for a CSV upload. |
| 132 | * |
| 133 | * @param array $uploads WP upload dir details. |
| 134 | * @return array |
| 135 | * |
| 136 | * @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed. |
| 137 | */ |
| 138 | public function override_upload_dir( $uploads ): array { |
| 139 | $new_subdir = '/' . $this->get_import_subdir_name(); |
| 140 | |
| 141 | $uploads['path'] = $uploads['basedir'] . $new_subdir; |
| 142 | $uploads['url'] = $uploads['baseurl'] . $new_subdir; |
| 143 | $uploads['subdir'] = $new_subdir; |
| 144 | |
| 145 | return $uploads; |
| 146 | } |
| 147 | |
| 148 | /** |
| 149 | * Adds a random string to the name of an uploaded CSV file to make it less discoverable. Hooked onto 'wp_unique_filename'. |
| 150 | * |
| 151 | * @param string $filename File name. |
| 152 | * @param string $ext File extension. |
| 153 | * @return string |
| 154 | * |
| 155 | * @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed. |
| 156 | */ |
| 157 | public function override_unique_filename( string $filename, string $ext ): string { |
| 158 | $length = min( 10, 255 - strlen( $filename ) - 1 ); |
| 159 | if ( 1 < $length ) { |
| 160 | $suffix = strtolower( wp_generate_password( $length, false, false ) ); |
| 161 | $filename = substr( $filename, 0, strlen( $filename ) - strlen( $ext ) ) . '-' . $suffix . $ext; |
| 162 | } |
| 163 | |
| 164 | return $filename; |
| 165 | } |
| 166 | |
| 167 | /** |
| 168 | * `wp_import_handle_upload()` appends .txt to any file name. This function is hooked onto 'wp_handle_upload_prefilter' |
| 169 | * to remove those extra characters. |
| 170 | * |
| 171 | * @param array $file File details in the form of a $_FILES entry. |
| 172 | * @return array Modified file details. |
| 173 | * |
| 174 | * @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed. |
| 175 | */ |
| 176 | public function remove_txt_from_uploaded_file( array $file ): array { |
| 177 | $file['name'] = substr( $file['name'], 0, -4 ); |
| 178 | return $file; |
| 179 | } |
| 180 | |
| 181 | /** |
| 182 | * Filters the WordPress determination of a file's type and extension, specifically to correct |
| 183 | * CSV files that are misidentified as 'text/html'. |
| 184 | * |
| 185 | * @param array $data An array of file data: ['ext'] (string), ['type'] (string), ['proper_filename'] (string|false). |
| 186 | * @param string $file Full path to the file. |
| 187 | * @param string $filename The Mime type of the file. |
| 188 | * @param array $mimes Array of mime types. |
| 189 | * @param string $real_mime The actual mime type or empty string. |
| 190 | * @return array Filtered file data. |
| 191 | */ |
| 192 | public function filter_woocommerce_check_filetype_for_csv( $data, $file, $filename, $mimes, $real_mime ) { |
| 193 | // Check if the file was misidentified as 'text/html' by PHP. |
| 194 | if ( 'text/html' === $real_mime ) { |
| 195 | // Determine the expected file type based on the filename extension. |
| 196 | // $mimes here is the context-specific list of mimes for the current upload. |
| 197 | $filename_check = wp_check_filetype( $filename, $mimes ); |
| 198 | |
| 199 | $file_ext = $filename_check['ext']; |
| 200 | $file_type = $filename_check['type']; |
| 201 | |
| 202 | if ( ( 'csv' === $file_ext && 'text/csv' === $file_type ) ) { |
| 203 | $data['ext'] = 'csv'; |
| 204 | $data['type'] = 'text/csv'; |
| 205 | } |
| 206 | } |
| 207 | |
| 208 | return $data; |
| 209 | } |
| 210 | } |
| 211 |