Merge pull request #21938 from Prospress/fix/21935

Unescape imported escaped CSV formulas in product attributes

includes/export/abstract-wc-csv-exporter.php

@@ -354,7 +354,7 @@ abstract class WC_CSV_Exporter {
 		$active_content_triggers = array( '=', '+', '-', '@' );
 
 		if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
-			$data = "'" . $data . "'";
+			$data = "'" . $data;
 		}
 
 		return $data;

includes/import/abstract-wc-product-importer.php

@@ -765,21 +765,21 @@ abstract class WC_Product_Importer implements WC_Importer_Interface {
 	}
 
 	/**
-	 * The exporter prepends a ' to fields that start with a - which causes
-	 * issues with negative numbers. This removes the ' if the input is still a valid
-	 * number after removal.
+	 * The exporter prepends a ' to escape fields that start with =, +, - or @.
+	 * Remove the prepended ' character preceding those characters.
 	 *
-	 * @since 3.3.0
-	 * @param string $value A numeric string that may or may not have ' prepended.
+	 * @since 3.5.2
+	 * @param  string $value A string that may or may not have been escaped with '.
 	 * @return string
 	 */
-	protected function unescape_negative_number( $value ) {
-		if ( 0 === strpos( $value, "'-" ) ) {
-			$unescaped = trim( $value, "'" );
-			if ( is_numeric( $unescaped ) ) {
-				return $unescaped;
-			}
+	protected function unescape_data( $value ) {
+		$active_content_triggers = array( "'=", "'+", "'-", "'@" );
+
+		if ( in_array( mb_substr( $value, 0, 2 ), $active_content_triggers, true ) ) {
+			$value = mb_substr( $value, 1 );
 		}
+
 		return $value;
 	}
+
 }

includes/import/class-wc-product-csv-importer.php

@@ -284,6 +284,7 @@ class WC_Product_CSV_Importer extends WC_Product_Importer {
 			return array();
 		}
 
+		$value = $this->unescape_data( $value );
 		return array_map( 'wc_clean', $this->explode_values( $value ) );
 	}
 
@@ -318,7 +319,7 @@ class WC_Product_CSV_Importer extends WC_Product_Importer {
 		}
 
 		// Remove the ' prepended to fields that start with - if needed.
-		$value = $this->unescape_negative_number( $value );
+		$value = $this->unescape_data( $value );
 
 		return floatval( $value );
 	}
@@ -335,7 +336,7 @@ class WC_Product_CSV_Importer extends WC_Product_Importer {
 		}
 
 		// Remove the ' prepended to fields that start with - if needed.
-		$value = $this->unescape_negative_number( $value );
+		$value = $this->unescape_data( $value );
 
 		return wc_stock_amount( $value );
 	}
@@ -403,6 +404,7 @@ class WC_Product_CSV_Importer extends WC_Product_Importer {
 			return array();
 		}
 
+		$value = $this->unescape_data( $value );
 		$names = $this->explode_values( $value );
 		$tags  = array();
 
@@ -549,7 +551,7 @@ class WC_Product_CSV_Importer extends WC_Product_Importer {
 	 */
 	public function parse_int_field( $value ) {
 		// Remove the ' prepended to fields that start with - if needed.
-		$value = $this->unescape_negative_number( $value );
+		$value = $this->unescape_data( $value );
 
 		return intval( $value );
 	}

tests/unit-tests/exporter/product.php

@@ -24,16 +24,16 @@ class WC_Tests_Product_CSV_Exporter extends WC_Unit_Test_Case {
 		$exporter = new WC_Product_CSV_Exporter();
 
 		$data = "=cmd|' /C calc'!A0";
-		$this->assertEquals( "'=cmd|' /C calc'!A0'", $exporter->escape_data( $data ) );
+		$this->assertEquals( "'=cmd|' /C calc'!A0", $exporter->escape_data( $data ) );
 
 		$data = "+cmd|' /C calc'!A0";
-		$this->assertEquals( "'+cmd|' /C calc'!A0'", $exporter->escape_data( $data ) );
+		$this->assertEquals( "'+cmd|' /C calc'!A0", $exporter->escape_data( $data ) );
 
 		$data = "-cmd|' /C calc'!A0";
-		$this->assertEquals( "'-cmd|' /C calc'!A0'", $exporter->escape_data( $data ) );
+		$this->assertEquals( "'-cmd|' /C calc'!A0", $exporter->escape_data( $data ) );
 
 		$data = "@cmd|' /C calc'!A0";
-		$this->assertEquals( "'@cmd|' /C calc'!A0'", $exporter->escape_data( $data ) );
+		$this->assertEquals( "'@cmd|' /C calc'!A0", $exporter->escape_data( $data ) );
 	}
 
 	/**