admin_head.php
4 weeks ago
admin_init.php
4 weeks ago
admin_menu.php
4 weeks ago
admin_notices.php
4 weeks ago
init.php
4 weeks ago
pmxe_after_export.php
4 weeks ago
pmxe_before_export.php
4 weeks ago
pmxe_exported_post.php
4 weeks ago
wp_ajax_dismiss_export_warnings.php
4 weeks ago
wp_ajax_dismiss_review_modal.php
4 weeks ago
wp_ajax_dismiss_warnings.php
4 weeks ago
wp_ajax_generate_zapier_api_key.php
4 weeks ago
wp_ajax_redirect_after_addon_installed.php
4 weeks ago
wp_ajax_save_scheduling.php
4 weeks ago
wp_ajax_scheduling_dialog_content.php
4 weeks ago
wp_ajax_scheduling_subscribe_dialog_content.php
4 weeks ago
wp_ajax_send_feedback.php
4 weeks ago
wp_ajax_wpae_available_rules.php
4 weeks ago
wp_ajax_wpae_filtering.php
4 weeks ago
wp_ajax_wpae_filtering_count.php
4 weeks ago
wp_ajax_wpae_get_scheduling_connection_icon.php
4 weeks ago
wp_ajax_wpae_preview.php
4 weeks ago
wp_ajax_wpae_upgrade_notice.php
4 weeks ago
wp_ajax_wpallexport.php
4 weeks ago
wp_loaded.php
4 weeks ago
wpmu_new_blog.php
4 weeks ago
wp_loaded.php
141 lines
| 1 | <?php |
| 2 | // phpcs:ignoreFile WordPress.Security.NonceVerification.Recommended -- access verified either via security_token HMAC (substr(md5($cron_job_key . $export_id), 0, 16)) for export downloads, or via \Wpae\Http\Router auth dispatch for the wpae_public_api branch |
| 3 | |
| 4 | defined( 'ABSPATH' ) || exit; |
| 5 | |
| 6 | |
| 7 | function pmxe_wp_loaded() { |
| 8 | |
| 9 | // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- intentional for long-running exports |
| 10 | @ini_set("max_input_time", PMXE_Plugin::getInstance()->getOption('max_input_time')); |
| 11 | |
| 12 | if ( ! empty($_GET['action']) && ! empty($_GET['export_id']) && (!empty($_GET['export_hash']) || !empty($_GET['security_token']))) |
| 13 | { |
| 14 | pmxe_set_max_execution_time(); |
| 15 | |
| 16 | if(empty($_GET['export_hash'])) { |
| 17 | $securityToken = sanitize_text_field( wp_unslash( $_GET['security_token'] ) ); |
| 18 | } else { |
| 19 | $securityToken = sanitize_text_field( wp_unslash( $_GET['export_hash'] ) ); |
| 20 | } |
| 21 | |
| 22 | $cron_job_key = PMXE_Plugin::getInstance()->getOption('cron_job_key'); |
| 23 | |
| 24 | if ( hash_equals( substr( md5( $cron_job_key . absint( $_GET['export_id'] ) ), 0, 16 ), $securityToken ) ) |
| 25 | { |
| 26 | $export = new PMXE_Export_Record(); |
| 27 | |
| 28 | $export->getById( absint( $_GET['export_id'] ) ); |
| 29 | |
| 30 | if ( ! $export->isEmpty()) |
| 31 | { |
| 32 | switch ($_GET['action']) |
| 33 | { |
| 34 | case 'get_data': |
| 35 | |
| 36 | if ( ! empty($export->options['current_filepath']) and @file_exists($export->options['current_filepath'])) |
| 37 | { |
| 38 | $filepath = $export->options['current_filepath']; |
| 39 | } |
| 40 | else |
| 41 | { |
| 42 | $is_secure_import = PMXE_Plugin::getInstance()->getOption('secure'); |
| 43 | |
| 44 | if ( ! $is_secure_import) |
| 45 | { |
| 46 | $filepath = get_attached_file($export->attch_id); |
| 47 | } |
| 48 | else |
| 49 | { |
| 50 | $filepath = wp_all_export_get_absolute_path($export->options['filepath']); |
| 51 | } |
| 52 | } |
| 53 | |
| 54 | if ( ! empty($_GET['part']) and is_numeric($_GET['part'])) $filepath = str_replace(basename($filepath), str_replace('.' . $export->options['export_to'], '', basename($filepath)) . '-' . absint( $_GET['part'] ) . '.' . $export->options['export_to'], $filepath); |
| 55 | |
| 56 | break; |
| 57 | |
| 58 | case 'get_bundle': |
| 59 | |
| 60 | $filepath = wp_all_export_get_absolute_path($export->options['bundlepath']); |
| 61 | |
| 62 | break; |
| 63 | } |
| 64 | |
| 65 | if (file_exists($filepath)) |
| 66 | { |
| 67 | $uploads = wp_upload_dir(); |
| 68 | $fileurl = $uploads['baseurl'] . str_replace($uploads['basedir'], '', str_replace(basename($filepath), rawurlencode(basename($filepath)), $filepath)); |
| 69 | |
| 70 | if($export['options']['export_to'] == XmlExportEngine::EXPORT_TYPE_XML && $export['options']['xml_template_type'] == XmlExportEngine::EXPORT_TYPE_GOOLE_MERCHANTS) { |
| 71 | |
| 72 | // If we are doing a google merchants export, send the file as a download. |
| 73 | header("Content-type: text/plain"); |
| 74 | header("Content-Disposition: attachment; filename=".basename($filepath)); |
| 75 | // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_readfile -- export plugin reads/writes its own files in uploads dir, WP_Filesystem not viable for streamed CSV/XML output |
| 76 | readfile($filepath); |
| 77 | |
| 78 | die; |
| 79 | } |
| 80 | |
| 81 | if(apply_filters('wp_all_export_no_cache', false)) { |
| 82 | |
| 83 | // If we are doing a google merchants export, send the file as a download. |
| 84 | header("Content-type: " . mime_content_type($filepath)); |
| 85 | header("Content-Disposition: attachment; filename=" . basename($filepath)); |
| 86 | header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); |
| 87 | header("Cache-Control: post-check=0, pre-check=0", false); |
| 88 | header("Pragma: no-cache"); |
| 89 | |
| 90 | // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_readfile -- export plugin reads/writes its own files in uploads dir, WP_Filesystem not viable for streamed CSV/XML output |
| 91 | readfile($filepath); |
| 92 | |
| 93 | die; |
| 94 | } |
| 95 | |
| 96 | $fileurl = str_replace( "\\", "/", $fileurl ); |
| 97 | |
| 98 | wp_safe_redirect($fileurl); |
| 99 | } |
| 100 | else |
| 101 | { |
| 102 | wp_send_json(array( |
| 103 | 'status' => 403, |
| 104 | 'message' => __('File doesn\'t exist', 'wp-all-export') |
| 105 | )); |
| 106 | } |
| 107 | } |
| 108 | } |
| 109 | else |
| 110 | { |
| 111 | wp_send_json(array( |
| 112 | 'status' => 403, |
| 113 | 'message' => __('Export hash is not valid.', 'wp-all-export') |
| 114 | )); |
| 115 | } |
| 116 | } |
| 117 | |
| 118 | if(isset($_GET['action']) && $_GET['action'] == 'wpae_public_api') { |
| 119 | |
| 120 | pmxe_set_max_execution_time(); |
| 121 | |
| 122 | $router = new \Wpae\Http\Router(); |
| 123 | $router->route( isset( $_GET['q'] ) ? sanitize_text_field( wp_unslash( $_GET['q'] ) ) : '', false); |
| 124 | } |
| 125 | } |
| 126 | |
| 127 | if(!function_exists('pmxe_set_max_execution_time')) { |
| 128 | function pmxe_set_max_execution_time() |
| 129 | { |
| 130 | // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- intentional for long-running exports |
| 131 | @ini_set("max_input_time", PMXE_Plugin::getInstance()->getOption('max_input_time')); |
| 132 | |
| 133 | $maxExecutionTime = PMXE_Plugin::getInstance()->getOption('max_execution_time'); |
| 134 | if ($maxExecutionTime == -1) { |
| 135 | $maxExecutionTime = 0; |
| 136 | } |
| 137 | |
| 138 | // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- intentional for long-running exports |
| 139 | @ini_set("max_execution_time", $maxExecutionTime); |
| 140 | } |
| 141 | } |