Added nonce check to CSV importer actions
This commit is contained in:
parent
18813662dd
commit
cabf9de71a
|
@ -278,7 +278,7 @@ class WC_Admin_Importers {
|
|||
array(
|
||||
'position' => 'done',
|
||||
'percentage' => 100,
|
||||
'url' => add_query_arg( array( 'nonce' => wp_create_nonce( 'product-csv' ) ), admin_url( 'edit.php?post_type=product&page=product_importer&step=done' ) ),
|
||||
'url' => add_query_arg( array( '_wpnonce' => wp_create_nonce( 'woocommerce-csv-importer' ) ), admin_url( 'edit.php?post_type=product&page=product_importer&step=done' ) ),
|
||||
'imported' => count( $results['imported'] ),
|
||||
'failed' => count( $results['failed'] ),
|
||||
'updated' => count( $results['updated'] ),
|
||||
|
|
|
@ -366,6 +366,7 @@ class WC_Product_CSV_Importer_Controller {
|
|||
* Mapping step.
|
||||
*/
|
||||
protected function mapping_form() {
|
||||
check_admin_referer( 'woocommerce-csv-importer' );
|
||||
$args = array(
|
||||
'lines' => 1,
|
||||
'delimiter' => $this->delimiter,
|
||||
|
@ -399,6 +400,10 @@ class WC_Product_CSV_Importer_Controller {
|
|||
* Import the file if it exists and is valid.
|
||||
*/
|
||||
public function import() {
|
||||
// Displaying this page triggers Ajax action to run the import with a valid nonce,
|
||||
// therefore this page needs to be nonce protected as well.
|
||||
check_admin_referer( 'woocommerce-csv-importer' );
|
||||
|
||||
if ( ! self::is_file_valid_csv( $this->file ) ) {
|
||||
$this->add_error( __( 'Invalid file type. The importer supports CSV and TXT file formats.', 'woocommerce' ) );
|
||||
$this->output_errors();
|
||||
|
@ -411,7 +416,6 @@ class WC_Product_CSV_Importer_Controller {
|
|||
return;
|
||||
}
|
||||
|
||||
// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification -- Nonce already verified in WC_Admin_Importers::do_ajax_product_import()
|
||||
if ( ! empty( $_POST['map_from'] ) && ! empty( $_POST['map_to'] ) ) {
|
||||
$mapping_from = wc_clean( wp_unslash( $_POST['map_from'] ) );
|
||||
$mapping_to = wc_clean( wp_unslash( $_POST['map_to'] ) );
|
||||
|
@ -422,7 +426,6 @@ class WC_Product_CSV_Importer_Controller {
|
|||
wp_redirect( esc_url_raw( $this->get_next_step_link( 'upload' ) ) );
|
||||
exit;
|
||||
}
|
||||
// phpcs:enable
|
||||
|
||||
wp_localize_script(
|
||||
'wc-product-import',
|
||||
|
@ -447,13 +450,12 @@ class WC_Product_CSV_Importer_Controller {
|
|||
* Done step.
|
||||
*/
|
||||
protected function done() {
|
||||
// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
|
||||
check_admin_referer( 'woocommerce-csv-importer' );
|
||||
$imported = isset( $_GET['products-imported'] ) ? absint( $_GET['products-imported'] ) : 0;
|
||||
$updated = isset( $_GET['products-updated'] ) ? absint( $_GET['products-updated'] ) : 0;
|
||||
$failed = isset( $_GET['products-failed'] ) ? absint( $_GET['products-failed'] ) : 0;
|
||||
$skipped = isset( $_GET['products-skipped'] ) ? absint( $_GET['products-skipped'] ) : 0;
|
||||
$errors = array_filter( (array) get_user_option( 'product_import_error_log' ) );
|
||||
// phpcs:enable
|
||||
|
||||
include_once dirname( __FILE__ ) . '/views/html-csv-import-done.php';
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue