Ticket #2254 (new task)

Opened 11 months ago

Last modified 4 months ago

add db/import functionality to ecommerce module

Reported by: ischommer Owned by: sharvey
Priority: medium Milestone: E-commerce 0.7.0
Component: Modules - ecommerce Version: 2.2.1
Severity: medium effort / impact Keywords:
Cc: sminnee Hours:

Description (last modified by ischommer) (diff)

http://open.silverstripe.com/browser/modules/sapphire/trunk/core/model/DatabaseAdmin.php#L268 DatabaseAdmin?.php:258 function import()

references ecommerce-specific code (classes Product and ProductGroup?). it reads an arbitrary file from the server specified via GET, doesn't check for ADMIN-permissions (as far as i can tell), and doesn't validate the filename, which means its a directory traversal risk.

i've removed this code from core and attached it here, in case you want to add it to the ecommerce module.

its also a good base for a generic importer module (perhaps in GenericDataAdmin?).

Attachments

import.php (5.7 kB) - added by ischommer 11 months ago.

Change History

Changed 11 months ago by ischommer

Changed 11 months ago by ischommer

  • description modified (diff)

Changed 6 months ago by rlouis

  • owner changed from sharvey to rlouis
  • milestone set to E-Commerce 0.6.0

Changed 6 months ago by sminnee

  • milestone changed from E-Commerce 0.6.0 to E-commerce 0.7.0

Not required for 0.6. Please minimise the number of tickets in 0.6

Changed 4 months ago by sharvey

  • owner changed from rlouis to sharvey
Note: See TracTickets for help on using tickets.