LLMS_Admin_Export_Download

LLMS_Admin_Export_Download class


Source Source

File: includes/admin/class-llms-admin-export-download.php

class LLMS_Admin_Export_Download {

	/**
	 * Constructor.
	 *
	 * @since   3.28.1
	 * @version 3.28.1
	 */
	public function __construct() {

		add_action( 'admin_init', array( $this, 'maybe_serve_export' ) );

	}

	/**
	 * Serve an export file as a download.
	 *
	 * @since 3.28.1
	 * @since 5.9.0 Stop using deprecated `FILTER_SANITIZE_STRING`.
	 * @since 7.5.0 Check nonce and only consider the basename of the file to be downloaded.
	 *
	 * @return void
	 */
	public function maybe_serve_export() {

		$export = llms_filter_input( INPUT_GET, 'llms-dl-export', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
		if ( ! $export ) {
			return;
		}

		// Verify nonce.
		if ( ! llms_verify_nonce( 'llms_dl_export_nonce', LLMS_Abstract_Exportable_Admin_Table::EXPORT_NONCE_ACTION, 'GET' ) ) {
			wp_die( __( 'Cheatin’ huh?', 'lifterlms' ) );
		}

		// Only allow people who can view reports view exports.
		if ( ! current_user_can( 'view_others_lifterlms_reports' ) && ! current_user_can( 'view_lifterlms_reports' ) ) {
			wp_die( __( 'Cheatin’ huh?', 'lifterlms' ) );
		}

		$path = LLMS_TMP_DIR . basename( $export );
		if ( ! file_exists( $path ) ) {
			wp_die( __( 'Cheatin’ huh?', 'lifterlms' ) );
		}

		$info = pathinfo( $path );
		if ( 'csv' !== $info['extension'] ) {
			wp_die( __( 'Cheatin’ huh?', 'lifterlms' ) );
		}

		header( 'Content-Type: text/csv' );
		header( 'Content-Disposition: attachment; filename="' . $export . '"' );

		$file = file_get_contents( $path );
		unlink( $path );

Top ↑

Methods Methods


Top ↑

Changelog Changelog

Changelog
Version Description
3.28.1 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.