diff --git a/includes/admin/tools/export/class-batch-export.php b/includes/admin/tools/export/class-batch-export.php index 1d912eefde..f8fd1e1616 100644 --- a/includes/admin/tools/export/class-batch-export.php +++ b/includes/admin/tools/export/class-batch-export.php @@ -116,6 +116,7 @@ class Give_Batch_Export extends Give_Export { /** * Give_Batch_Export constructor. * + * @unreleased Create only csv file. * @since 2.9.0 add hash to filename to avoid collisions * @since 1.5 * @@ -123,18 +124,17 @@ class Give_Batch_Export extends Give_Export { * @param string|null $filename */ public function __construct( $_step = 1, $filename = null ) { - - $upload_dir = wp_upload_dir(); + $upload_dir = wp_upload_dir(); $this->filetype = '.csv'; - if ( null === $filename ) { - $hash = uniqid(); - $this->filename = "give-{$hash}-{$this->export_type}{$this->filetype}"; - } else { - $this->filename = $filename; - } + if ( null === $filename ) { + $hash = uniqid(); + $this->filename = "give-{$hash}-{$this->export_type}{$this->filetype}"; + } else { + $this->filename = "{$filename}{$this->filetype}"; + } - $this->file = trailingslashit( $upload_dir['basedir'] ) . $this->filename; + $this->file = trailingslashit( $upload_dir['basedir'] ) . $this->filename; if ( ! is_writable( $upload_dir['basedir'] ) ) { $this->is_writable = false; diff --git a/includes/admin/tools/export/export-actions.php b/includes/admin/tools/export/export-actions.php index d87e300287..bb76fab690 100644 --- a/includes/admin/tools/export/export-actions.php +++ b/includes/admin/tools/export/export-actions.php @@ -17,6 +17,7 @@ /** * Process the download file generated by a batch export. * + * @unreleased Sanitize file name. Allow plain file name only. * @since 2.9.0 pass the filename received to the exporter * @since 1.5 * @@ -45,11 +46,10 @@ function give_process_batch_export_form() { */ do_action( 'give_batch_export_class_include', $_REQUEST['class'] ); - $filename = $_REQUEST['file_name']; + $filename = basename(sanitize_file_name($_REQUEST['file_name']), '.csv'); - $export = new $_REQUEST['class']( 1, $filename ); + $export = new $_REQUEST['class']( 1, $filename ); $export->export(); - } add_action( 'give_form_batch_export', 'give_process_batch_export_form' ); diff --git a/includes/admin/tools/export/export-functions.php b/includes/admin/tools/export/export-functions.php index 043af5b2d4..a01ecf8229 100755 --- a/includes/admin/tools/export/export-functions.php +++ b/includes/admin/tools/export/export-functions.php @@ -19,6 +19,7 @@ /** * Process batch exports via ajax * + * @unreleased Sanitize file name. Allow plain file name only. * @since 1.5 * @return void */ @@ -48,7 +49,9 @@ function give_do_ajax_export() { $step = absint( $_POST['step'] ); $class = sanitize_text_field( $form['give-export-class'] ); - $filename = isset( $_POST['file_name'] ) ? sanitize_text_field( $_POST['file_name'] ) : null; + $filename = isset( $_POST['file_name'] ) ? + basename(sanitize_file_name( $_POST['file_name'] ), '.csv') : + null; /* @var Give_Batch_Export $export */ $export = new $class( $step, $filename );