Modify product import file check to use the WP filesystem API.
Otherwise it doesn't work on environments that don't have a direct filesystem like e.g. WordPress VIP.
This commit is contained in:
Nestor Soriano
parent
ec9cdbdbf7
commit
44c0e1c94f
|
|
@ -5,6 +5,7 @@
|
|||
* @package WooCommerce\Admin\Importers
|
||||
*/
|
||||
|
||||
use Automattic\WooCommerce\Internal\Utilities\FilesystemUtil;
|
||||
use Automattic\WooCommerce\Utilities\I18nUtil;
|
||||
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
|
|
@ -113,37 +114,18 @@ class WC_Product_CSV_Importer_Controller {
|
|||
* @throws \Exception When file validation fails.
|
||||
*/
|
||||
protected static function check_file_path( string $path ): void {
|
||||
$is_valid_file = false;
|
||||
$wp_filesystem = FilesystemUtil::get_wp_filesystem();
|
||||
|
||||
if ( ! empty( $path ) ) {
|
||||
$path = realpath( $path );
|
||||
$is_valid_file = false !== $path;
|
||||
}
|
||||
|
||||
// File must be readable.
|
||||
$is_valid_file = $is_valid_file && is_readable( $path );
|
||||
// File must exist and be readable.
|
||||
$is_valid_file = $wp_filesystem->is_readable( $path );
|
||||
|
||||
// Check that file is within an allowed location.
|
||||
if ( $is_valid_file ) {
|
||||
$normalized_path = wp_normalize_path( $path );
|
||||
$in_valid_location = false;
|
||||
$valid_locations = array();
|
||||
$valid_locations[] = ABSPATH;
|
||||
|
||||
$upload_dir = wp_get_upload_dir();
|
||||
if ( false === $upload_dir['error'] ) {
|
||||
$valid_locations[] = $upload_dir['basedir'];
|
||||
$is_valid_file = self::file_is_in_directory( $path, $wp_filesystem->abspath() );
|
||||
if ( ! $is_valid_file ) {
|
||||
$upload_dir = wp_get_upload_dir();
|
||||
$is_valid_file = false === $upload_dir['error'] && self::file_is_in_directory( $path, $upload_dir['basedir'] );
|
||||
}
|
||||
|
||||
foreach ( $valid_locations as $valid_location ) {
|
||||
$normalized_location = wp_normalize_path( realpath( $valid_location ) );
|
||||
if ( 0 === stripos( $normalized_path, trailingslashit( $normalized_location ) ) ) {
|
||||
$in_valid_location = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$is_valid_file = $in_valid_location;
|
||||
}
|
||||
|
||||
if ( ! $is_valid_file ) {
|
||||
|
|
@ -155,6 +137,17 @@ class WC_Product_CSV_Importer_Controller {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a given file is inside a given directory.
|
||||
*
|
||||
* @param string $file_path The full path of the file to check.
|
||||
* @param string $directory The path of the directory to check.
|
||||
* @return bool True if the file is inside the directory.
|
||||
*/
|
||||
private static function file_is_in_directory( string $file_path, string $directory ): bool {
|
||||
return 0 === stripos( wp_normalize_path( $file_path ), trailingslashit( wp_normalize_path( $directory ) ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all the valid filetypes for a CSV file.
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue