diff --git a/core/assets/js/admin-feedback.js b/core/assets/js/admin-feedback.js index 8e51aa6..862fadc 100644 --- a/core/assets/js/admin-feedback.js +++ b/core/assets/js/admin-feedback.js @@ -100,23 +100,22 @@ $(".helpful-export").unbind("click").on("click", function(e) { e.preventDefault(); + + let exportForm = $('
', { + 'action' : '/', + 'method' : 'post', + }); - let current_button = $(this); - let ajax_data = { - action: "helpful_export_feedback", - _wpnonce: helpful_admin_feedback.nonce, - type: $(current_button).data("type"), - }; - - let request = self.ajaxRequest(ajax_data); + exportForm.append($('', { + 'name' : 'action', + 'value' : 'helpful/feedback/export', + 'type' : 'hidden', + })); + + $(document.body).append(exportForm); - request.done(function(response) { - if ("success" === response.status) { - window.location.href = response.file; - } else { - alert(response.message); - } - }); + exportForm.submit(); + exportForm.remove(); }); }, deleteFeedback: function() { diff --git a/core/assets/js/admin-log.js b/core/assets/js/admin-log.js index 0c016f0..5ae847a 100644 --- a/core/assets/js/admin-log.js +++ b/core/assets/js/admin-log.js @@ -84,50 +84,27 @@ }, { "text": helpful_admin_log.translations.export, action: function(e, dt, node, config) { - let rows = dt.rows({ selected: true }); - let exportItems = []; - - $.each(rows.data(), function(index, row) { - exportItems.push(row.row_id); + let exportForm = $('', { + 'action' : '/', + 'method' : 'post', }); - - if (exportItems.length > 0) { - let request = self.ajaxRequest({ - "_wpnonce": helpful_admin_log.nonces.export_rows, - "action": "helpful_export_rows", - "rows": exportItems, - }); - - request.done(function(response) { - if ("success" === response.status) { - window.location.href = response.file; - } else { - alert(response.message); - } - }); - } else { - let request = self.ajaxRequest({ - "_wpnonce": helpful_admin_log.nonces.export_rows, - "action": "helpful_export_rows", - "rows": "all", - }); - - request.done(function(response) { - let randomString = Math.random().toString(36).substring(2, 9); - - $(".helpfulLogsClickable").remove(); - - var clickableElement = $("", { - class: "helpfulLogsClickable", - href: response.file, - download: "helpful-log-" + randomString + ".csv", - style: "position:absolute;top:0;left:-9999px;" - }).appendTo("body"); - - $(".helpfulLogsClickable")[0].click(); - }); - } + exportForm.append($('', { + 'name' : 'action', + 'value' : 'helpful/logs/export_rows', + 'type' : 'hidden', + })); + + exportForm.append($('', { + 'name' : 'rows', + 'value' : 'all', + 'type' : 'hidden', + })); + + $(document.body).append(exportForm); + + exportForm.submit(); + exportForm.remove(); } }], }); diff --git a/core/modules/class-core.php b/core/modules/class-core.php index 0a5cdd5..51fbe21 100644 --- a/core/modules/class-core.php +++ b/core/modules/class-core.php @@ -58,6 +58,8 @@ public function __construct() { add_action( 'upgrader_process_complete', array( & $this, 'on_plugin_update' ), 10, 2 ); add_action( 'wp_mail_failed', array( & $this, 'log_mailer_errors' ), 10, 1 ); + + add_action( 'template_redirect', array( & $this, 'remove_unsecure_files' ) ); } /** @@ -349,4 +351,30 @@ public function log_mailer_errors( $wp_error ) { $message = 'Helpful Email Error: ' . $wp_error->get_error_message(); helpful_error_log( $message ); } + + public function remove_unsecure_files() + { + $options = new Services\Options(); + + if ( 'done' === $options->get_option( 'c486cd94bac894cdd5aa9145af9371e6', 'no' ) ) { + return; + } + + $uploads = wp_upload_dir(); + + $files = [ + '/helpful/logs.csv', + '/helpful/feedback.csv', + ]; + + foreach ( $files as $file ) { + $path = $uploads['basedir'] . $file; + + if ( file_exists( $path ) ) { + unlink( $path ); + } + } + + $options->update_option( 'c486cd94bac894cdd5aa9145af9371e6', 'done' ); + } } diff --git a/core/modules/class-feedback-admin.php b/core/modules/class-feedback-admin.php index 4c0e801..d88b5f8 100644 --- a/core/modules/class-feedback-admin.php +++ b/core/modules/class-feedback-admin.php @@ -39,8 +39,9 @@ public function __construct() { add_action( 'wp_ajax_helpful_admin_feedback_items', array( & $this, 'ajax_get_feedback_items' ) ); add_action( 'wp_ajax_helpful_remove_feedback', array( & $this, 'ajax_delete_feedback_item' ) ); - add_action( 'wp_ajax_helpful_export_feedback', array( & $this, 'ajax_export_feedback' ) ); add_action( 'wp_ajax_helpful_delete_all_feedback', array( & $this, 'ajax_delete_all_feedback' ) ); + + add_action( 'template_redirect', array( & $this, 'export_feedback' ) ); } /** @@ -218,25 +219,27 @@ public function ajax_delete_feedback_item() { wp_die(); } - /** - * Exports the feedback to a CSV. - * - * @global $wpdb - */ - public function ajax_export_feedback() { - check_ajax_referer( 'helpful_admin_feedback_nonce' ); + public function export_feedback() + { + if ( ! is_user_logged_in() ) { + return; + } + + $user = wp_get_current_user(); + + if ( ! in_array( 'administrator', $user->roles ) ) { + return; + } + + if ( ! array_key_exists( 'action', $_REQUEST ) || $_REQUEST['action'] !== 'helpful/feedback/export' ) { + return; + } global $wpdb; $table = $wpdb->prefix . 'helpful_feedback'; $rows = $wpdb->get_results( "SELECT * FROM $table ORDER BY id DESC" ); - $response = array( - 'status' => 'error', - 'file' => '', - 'message' => esc_html_x( 'File could not be created.', 'failed upload alert', 'helpful' ), - ); - if ( $rows ) { $items = array(); @@ -260,14 +263,9 @@ public function ajax_export_feedback() { if ( ! empty( $items ) ) { $csv = new Services\CSV( apply_filters( 'helpful/feedback/export/csv_name', 'feedback.csv' ) ); $csv->add_items( $items ); - $csv->create_file(); - - $response['status'] = 'success'; - $response['file'] = $csv->get_file(); + $csv->render(); } } - - wp_send_json( $response ); } /** diff --git a/core/services/class-csv.php b/core/services/class-csv.php index 6130513..00908c8 100644 --- a/core/services/class-csv.php +++ b/core/services/class-csv.php @@ -124,6 +124,44 @@ public function create_file() { $this->file = $uploads['baseurl'] . $file_name; } + public function render() + { + if ( ! is_array( $this->items ) ) { + return; + } + header( 'Content-Type: text/csv' ); + header( 'Content-Disposition: attachment; filename=' . $this->filename); + + $options = new Services\Options(); + $items = $this->items; + $lines = array(); + $lines[] = array_keys( $items[0] ); + + foreach ( $items as $item ) : + $lines[] = array_values( $item ); + endforeach; + + clearstatcache(); + + $separator = ';'; + $separators = array( ';', ',' ); + $separators = apply_filters( 'helpful_export_separators', $separators ); + + $option = $options->get_option( 'helpful_export_separator', ';', 'esc_attr' ); + + if ( $option && in_array( $option, $separators, true ) ) { + $separator = esc_html( $option ); + } + + $file = fopen( 'php://output', 'w+' ); + + foreach ( $lines as $line ) : + fputcsv( $file, $line, $separator ); + endforeach; + + fclose( $file ); + } + /** * Get the current file url, only available after creating. * diff --git a/core/tabs/class-log.php b/core/tabs/class-log.php index 0a59ad0..1121962 100644 --- a/core/tabs/class-log.php +++ b/core/tabs/class-log.php @@ -52,7 +52,7 @@ public function __construct() { add_action( 'wp_ajax_helpful_get_log_data', array( & $this, 'ajax_get_log_data' ) ); add_action( 'helpful_tab_log_before', array( & $this, 'register_tab_alerts' ) ); add_action( 'wp_ajax_helpful_delete_rows', array( & $this, 'ajax_delete_rows' ) ); - add_action( 'wp_ajax_helpful_export_rows', array( & $this, 'ajax_export_rows' ) ); + add_action( 'template_redirect', array( & $this, 'export_logs' ) ); } /** @@ -225,17 +225,21 @@ public function ajax_delete_rows() { wp_send_json_error( _x( 'The selected entries could not be deleted.', 'logs alert', 'helpful' ) ); } - /** - * Exports entries to a CSV and returns the file URL to the client. - */ - public function ajax_export_rows() { - check_ajax_referer( 'helpful/logs/export_rows' ); + public function export_logs() + { + if ( ! is_user_logged_in() ) { + return; + } - $response = array( - 'status' => 'error', - 'file' => '', - 'message' => esc_html_x( 'The selected entries could not be exported.', 'logs alert', 'helpful' ), - ); + $user = wp_get_current_user(); + + if ( ! in_array( 'administrator', $user->roles ) ) { + return; + } + + if ( ! array_key_exists( 'action', $_REQUEST ) || $_REQUEST['action'] !== 'helpful/logs/export_rows' ) { + return; + } if ( array_key_exists( 'rows', $_REQUEST ) ) { $lines = array(); @@ -298,13 +302,8 @@ public function ajax_export_rows() { if ( ! empty( $lines ) ) { $csv = new Services\CSV( apply_filters( 'helpful/logs/export/csv_name', 'logs.csv' ) ); $csv->add_items( $lines ); - $csv->create_file(); - - $response['status'] = 'success'; - $response['file'] = $csv->get_file(); + $csv->render(); } } - - wp_send_json( $response ); } } diff --git a/helpful.php b/helpful.php index 0292faf..d0d1f85 100644 --- a/helpful.php +++ b/helpful.php @@ -2,7 +2,7 @@ /** * Plugin Name: Helpful * Description: Add a fancy feedback form under your posts or post-types and ask your visitors a question. Give them the abbility to vote with yes or no. - * Version: 4.5.25 + * Version: 4.5.26 * Author: Pixelbart * Author URI: https://pixelbart.de * Text Domain: helpful diff --git a/readme.txt b/readme.txt index 8a56b63..f583fa1 100644 --- a/readme.txt +++ b/readme.txt @@ -3,9 +3,9 @@ Contributors: pixelbart Donate link: https://www.buymeacoffee.com/pixelbart Tags: helpful, poll, feedback, reviews, vote, review, voting Requires at least: 4.6 -Tested up to: 6.0 +Tested up to: 6.1 Requires PHP: 5.6.20 -Stable tag: 4.5.25 +Stable tag: 4.5.26 License: MIT License License URI: https://opensource.org/licenses/MIT