Modify product import file check to use the WP filesystem API.
Otherwise it doesn't work on environments that don't have a direct filesystem like e.g. WordPress VIP.
This commit is contained in:
parent
ec9cdbdbf7
commit
44c0e1c94f
|
@ -5,6 +5,7 @@
|
||||||
* @package WooCommerce\Admin\Importers
|
* @package WooCommerce\Admin\Importers
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
use Automattic\WooCommerce\Internal\Utilities\FilesystemUtil;
|
||||||
use Automattic\WooCommerce\Utilities\I18nUtil;
|
use Automattic\WooCommerce\Utilities\I18nUtil;
|
||||||
|
|
||||||
if ( ! defined( 'ABSPATH' ) ) {
|
if ( ! defined( 'ABSPATH' ) ) {
|
||||||
|
@ -113,37 +114,18 @@ class WC_Product_CSV_Importer_Controller {
|
||||||
* @throws \Exception When file validation fails.
|
* @throws \Exception When file validation fails.
|
||||||
*/
|
*/
|
||||||
protected static function check_file_path( string $path ): void {
|
protected static function check_file_path( string $path ): void {
|
||||||
$is_valid_file = false;
|
$wp_filesystem = FilesystemUtil::get_wp_filesystem();
|
||||||
|
|
||||||
if ( ! empty( $path ) ) {
|
// File must exist and be readable.
|
||||||
$path = realpath( $path );
|
$is_valid_file = $wp_filesystem->is_readable( $path );
|
||||||
$is_valid_file = false !== $path;
|
|
||||||
}
|
|
||||||
|
|
||||||
// File must be readable.
|
|
||||||
$is_valid_file = $is_valid_file && is_readable( $path );
|
|
||||||
|
|
||||||
// Check that file is within an allowed location.
|
// Check that file is within an allowed location.
|
||||||
if ( $is_valid_file ) {
|
if ( $is_valid_file ) {
|
||||||
$normalized_path = wp_normalize_path( $path );
|
$is_valid_file = self::file_is_in_directory( $path, $wp_filesystem->abspath() );
|
||||||
$in_valid_location = false;
|
if ( ! $is_valid_file ) {
|
||||||
$valid_locations = array();
|
|
||||||
$valid_locations[] = ABSPATH;
|
|
||||||
|
|
||||||
$upload_dir = wp_get_upload_dir();
|
$upload_dir = wp_get_upload_dir();
|
||||||
if ( false === $upload_dir['error'] ) {
|
$is_valid_file = false === $upload_dir['error'] && self::file_is_in_directory( $path, $upload_dir['basedir'] );
|
||||||
$valid_locations[] = $upload_dir['basedir'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( $valid_locations as $valid_location ) {
|
|
||||||
$normalized_location = wp_normalize_path( realpath( $valid_location ) );
|
|
||||||
if ( 0 === stripos( $normalized_path, trailingslashit( $normalized_location ) ) ) {
|
|
||||||
$in_valid_location = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$is_valid_file = $in_valid_location;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! $is_valid_file ) {
|
if ( ! $is_valid_file ) {
|
||||||
|
@ -155,6 +137,17 @@ class WC_Product_CSV_Importer_Controller {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if a given file is inside a given directory.
|
||||||
|
*
|
||||||
|
* @param string $file_path The full path of the file to check.
|
||||||
|
* @param string $directory The path of the directory to check.
|
||||||
|
* @return bool True if the file is inside the directory.
|
||||||
|
*/
|
||||||
|
private static function file_is_in_directory( string $file_path, string $directory ): bool {
|
||||||
|
return 0 === stripos( wp_normalize_path( $file_path ), trailingslashit( wp_normalize_path( $directory ) ) );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all the valid filetypes for a CSV file.
|
* Get all the valid filetypes for a CSV file.
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in New Issue