- + @@ -841,14 +841,14 @@ public static function _renderTabBasic( $args ) { - + ', '' ); @@ -868,7 +868,7 @@ public static function _renderTabBasic( $args ) { - + _filename = trim( (string) $filename ); + } + + /** + * Fetches information from the XLSX file and builds the series/data arrays. + * + * @access public + * @return boolean TRUE on success, FALSE on failure. + */ + public function fetch() { + if ( empty( $this->_filename ) ) { + $this->_error = esc_html__( 'No file provided. Please try again.', 'visualizer' ); + return false; + } + + // Ensure the OpenSpout autoloader is available. + $vendor_file = VISUALIZER_ABSPATH . 'vendor/autoload.php'; + if ( is_readable( $vendor_file ) ) { + include_once $vendor_file; + } + + if ( ! class_exists( 'OpenSpout\Reader\Common\Creator\ReaderEntityFactory' ) ) { + $this->_error = esc_html__( 'The OpenSpout library is required to import XLSX files but could not be found. Please contact support.', 'visualizer' ); + return false; + } + + $reader = \OpenSpout\Reader\Common\Creator\ReaderEntityFactory::createXLSXReader(); + try { + $reader->open( $this->_get_file_path() ); + + $all_rows = array(); + foreach ( $reader->getSheetIterator() as $sheet ) { + foreach ( $sheet->getRowIterator() as $row ) { + $row_data = array(); + foreach ( $row->getCells() as $cell ) { + $value = $cell->getValue(); + // Convert non-string scalars to string for uniform handling; + // _normalizeData() will cast them to the correct type later. + $row_data[] = is_null( $value ) ? null : (string) $value; + } + $all_rows[] = $row_data; + } + break; // Only read the first sheet. + } + } catch ( \Exception $e ) { + $reader->close(); + $this->_error = sprintf( + /* translators: %s - the exception message. */ + esc_html__( 'Could not read the XLSX file: %s', 'visualizer' ), + $e->getMessage() + ); + return false; + } + + $reader->close(); + + if ( count( $all_rows ) < 2 ) { + $this->_error = esc_html__( 'File should have a heading row (1st row) and a data type row (2nd row). Please try again.', 'visualizer' ); + return false; + } + + $labels = array_filter( $all_rows[0] ); + $types = array_filter( $all_rows[1] ); + + if ( ! $labels || ! $types ) { + $this->_error = esc_html__( 'File should have a heading row (1st row) and a data type row (2nd row). Please try again.', 'visualizer' ); + return false; + } + + $types = array_map( 'trim', $types ); + if ( ! self::_validateTypes( $types ) ) { + $this->_error = esc_html__( 'Invalid data types detected in the data type row (2nd row). Please try again.', 'visualizer' ); + return false; + } + + // Build the series array from row 1 (labels) and row 2 (types). + $label_values = $all_rows[0]; + $type_values = $all_rows[1]; + $col_count = count( $label_values ); + + for ( $i = 0; $i < $col_count; $i++ ) { + $default_type = ( $i === 0 ) ? 'string' : 'number'; + $label = isset( $label_values[ $i ] ) ? $this->toUTF8( (string) $label_values[ $i ] ) : ''; + $type = isset( $type_values[ $i ] ) && ! empty( $type_values[ $i ] ) ? trim( $type_values[ $i ] ) : $default_type; + + $this->_series[] = array( + 'label' => sanitize_text_field( wp_strip_all_tags( $label ) ), + 'type' => $type, + ); + } + + // Parse data rows (row 3 onwards). + for ( $r = 2, $total = count( $all_rows ); $r < $total; $r++ ) { + $this->_data[] = $this->_normalizeData( $all_rows[ $r ] ); + } + + return true; + } + + /** + * Returns the file path to open with the reader. + * Subclasses may override this to supply a locally-downloaded copy. + * + * @access protected + * @return string + */ + protected function _get_file_path() { + return $this->_filename; + } + + /** + * Returns the source name. + * + * @access public + * @return string + */ + public function getSourceName() { + return __CLASS__; + } +} diff --git a/classes/Visualizer/Source/Xlsx/Remote.php b/classes/Visualizer/Source/Xlsx/Remote.php new file mode 100644 index 000000000..857c2a988 --- /dev/null +++ b/classes/Visualizer/Source/Xlsx/Remote.php @@ -0,0 +1,146 @@ + $this->_filename, + 'data' => $this->_data, + ) + ); + } + + + /** + * Re-populates data for scheduled refreshes. + * + * @access public + * @param array $data The current data array. + * @param int $chart_id The chart post ID. + * @return array The re-populated data or the original array. + */ + public function repopulateData( $data, $chart_id ) { + if ( ! is_array( $data ) ) { + $data = array(); + } + return array_key_exists( 'data', $data ) ? $data['data'] : $data; + } + + /** + * Re-populates series (series are stored in post meta and remain stable). + * + * @access public + * @param array $series The current series array. + * @param int $chart_id The chart post ID. + * @return array The original series array. + */ + public function repopulateSeries( $series, $chart_id ) { + return $series; + } + + /** + * Returns the source name. + * + * @access public + * @return string + */ + public function getSourceName() { + return __CLASS__; + } + + /** + * Downloads the remote XLSX file to a temporary path and returns that path + * for the parent reader to use. + * + * Enforces a maximum file size (default 10 MB, filterable via + * 'visualizer_xlsx_max_filesize') before handing the path to the parser, + * guarding against ZIP-bomb and DoS attacks. + * + * @access protected + * @return string Path to the temporary file, or the original URL if download failed. + */ + protected function _get_file_path() { + if ( $this->_tmpfile && ! is_wp_error( $this->_tmpfile ) && is_readable( $this->_tmpfile ) ) { + return $this->_tmpfile; + } + + require_once ABSPATH . 'wp-admin/includes/file.php'; + + $this->_tmpfile = download_url( $this->_filename ); + + if ( is_wp_error( $this->_tmpfile ) ) { + $this->_error = esc_html__( 'Could not download the XLSX file. Please check the URL and try again.', 'visualizer' ); + $this->_tmpfile = false; + // Return the original URL so the parent's open() call will fail + // gracefully and set an error rather than throwing a PHP error. + return $this->_filename; + } + + if ( ! is_file( $this->_tmpfile ) ) { + $this->_tmpfile = false; + $this->_error = esc_html__( 'Could not access the downloaded XLSX file. Please try again.', 'visualizer' ); + return $this->_filename; + } + + // Maximum allowed file size in bytes. Default 10 MB; override via filter. + $max_bytes = (int) apply_filters( 'visualizer_xlsx_max_filesize', 10 * 1024 * 1024 ); + if ( filesize( $this->_tmpfile ) > $max_bytes ) { + @unlink( $this->_tmpfile ); // phpcs:ignore WordPress.PHP.NoSilencedErrors + $this->_tmpfile = false; + $this->_error = esc_html__( + 'The XLSX file exceeds the maximum allowed size and cannot be imported.', + 'visualizer' + ); + return $this->_filename; + } + + return $this->_tmpfile; + } + + /** + * Fetches the remote file, parses it, and cleans up the temp file. + * + * @access public + * @return boolean TRUE on success, FALSE on failure. + */ + public function fetch() { + $result = parent::fetch(); + + // Clean up the temporary file after parsing. + if ( $this->_tmpfile && ! is_wp_error( $this->_tmpfile ) && is_file( $this->_tmpfile ) ) { + @unlink( $this->_tmpfile ); // phpcs:ignore WordPress.PHP.NoSilencedErrors + $this->_tmpfile = false; + } + + return $result; + } +} diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index 44608ccd7..cddb79048 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -1266,23 +1266,6 @@ parameters: count: 1 path: classes/Visualizer/Module/Chart.php - - - message: '#^Method Visualizer_Module_Chart\:\:handleCSVasString\(\) has no return type specified\.$#' - identifier: missingType.return - count: 1 - path: classes/Visualizer/Module/Chart.php - - - - message: '#^Method Visualizer_Module_Chart\:\:handleCSVasString\(\) has parameter \$data with no type specified\.$#' - identifier: missingType.parameter - count: 1 - path: classes/Visualizer/Module/Chart.php - - - - message: '#^Method Visualizer_Module_Chart\:\:handleCSVasString\(\) has parameter \$editor_type with no type specified\.$#' - identifier: missingType.parameter - count: 1 - path: classes/Visualizer/Module/Chart.php - message: '#^Method Visualizer_Module_Chart\:\:handlePermissions\(\) has no return type specified\.$#' @@ -5381,3 +5364,25 @@ parameters: identifier: argument.type count: 1 path: index.php + + - + message: '#^Path in include_once\(\)#' + identifier: includeOnce.fileNotFound + count: 1 + path: classes/Visualizer/Source/Xlsx.php + + - + identifier: missingType.iterableValue + count: 4 + path: classes/Visualizer/Source/Xlsx/Remote.php + + - + identifier: booleanNot.alwaysTrue + count: 2 + path: classes/Visualizer/Source/Xlsx/Remote.php + + - + message: '#^Call to function is_array\(\) with array will always evaluate to true\.$#' + identifier: function.alreadyNarrowedType + count: 1 + path: classes/Visualizer/Source/Xlsx/Remote.php diff --git a/samples/bar.xlsx b/samples/bar.xlsx new file mode 100644 index 000000000..c210dc016 Binary files /dev/null and b/samples/bar.xlsx differ diff --git a/tests/test-import.php b/tests/test-import.php index b18df0331..67b5f73e3 100644 --- a/tests/test-import.php +++ b/tests/test-import.php @@ -145,6 +145,134 @@ private function create_chart() { $this->chart = $query->posts[0]; } + /** + * Testing XLSX file import feature. + * + * @access public + * @dataProvider xlsxFileProvider + */ + public function test_file_import_xlsx( $file, $content, $series ) { + $this->create_chart(); + $this->_setRole( 'administrator' ); + $dest = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . basename( $file ); + copy( $file, $dest ); + $_FILES = array( + 'local_data' => array( + 'tmp_name' => $dest, + 'name' => basename( $file ), + 'error' => 0, + ), + ); + $_GET = array( + 'nonce' => wp_create_nonce( 'visualizer-upload-data' ), + 'chart' => $this->chart, + ); + // swallow the output + ob_start(); + try { + $this->_handleAjax( 'visualizer-upload-data' ); + } catch ( WPAjaxDieContinueException $e ) { + // We expected this, do nothing. + } catch ( WPAjaxDieStopException $ee ) { + // We expected this, do nothing. + } + ob_end_clean(); + unlink( $dest ); + $series_new = get_post_meta( $this->chart, 'visualizer-series', true ); + $chart = get_post( $this->chart ); + $src = get_post_meta( $this->chart, 'visualizer-source', true ); + $content_new = $chart->post_content; + $this->assertEquals( 'Visualizer_Source_Xlsx', $src ); + $this->assertEquals( $content_new, serialize( $content ) ); + $this->assertEquals( $series_new, $series ); + } + + /** + * Provide the XLSX file for uploading. + * + * @access public + */ + public function xlsxFileProvider() { + $file = VISUALIZER_ABSPATH . DIRECTORY_SEPARATOR . 'samples' . DIRECTORY_SEPARATOR . 'bar.xlsx'; + $this->assertFileExists( $file, 'Fixture samples/bar.xlsx does not exist' ); + list( $content, $series ) = $this->parseXlsxFile( $file ); + return array( + array( $file, $content, $series ), + ); + } + + /** + * Parses an XLSX fixture file via OpenSpout and returns [ $content, $series ] + * in the same shape that Visualizer_Source_Xlsx::fetch() produces, so the + * test assertion is independent of the source class implementation. + * + * @access private + * @param string $file Absolute path to the XLSX file. + * @return array Two-element array: [ $content, $series ]. + */ + private function parseXlsxFile( $file ) { + $vendor_file = VISUALIZER_ABSPATH . 'vendor/autoload.php'; + if ( is_readable( $vendor_file ) ) { + include_once $vendor_file; + } + + $reader = \OpenSpout\Reader\Common\Creator\ReaderEntityFactory::createXLSXReader(); + $reader->open( $file ); + + $all_rows = array(); + foreach ( $reader->getSheetIterator() as $sheet ) { + foreach ( $sheet->getRowIterator() as $row ) { + $row_data = array(); + foreach ( $row->getCells() as $cell ) { + $value = $cell->getValue(); + $row_data[] = is_null( $value ) ? null : (string) $value; + } + $all_rows[] = $row_data; + } + break; // first sheet only + } + $reader->close(); + + // Row 1 = labels, Row 2 = types (mirrors Visualizer_Source_Xlsx convention). + $label_values = array_values( $all_rows[0] ); + $type_values = array_values( $all_rows[1] ); + $col_count = count( $label_values ); + + $_series = array(); + for ( $i = 0; $i < $col_count; $i++ ) { + $default_type = ( $i === 0 ) ? 'string' : 'number'; + $_series[] = array( + 'label' => isset( $label_values[ $i ] ) ? $label_values[ $i ] : '', + 'type' => ( isset( $type_values[ $i ] ) && ! empty( $type_values[ $i ] ) ) ? trim( $type_values[ $i ] ) : $default_type, + ); + } + + $_content = array(); + for ( $r = 2; $r < count( $all_rows ); $r++ ) { + $row = $all_rows[ $r ]; + foreach ( $_series as $i => $col ) { + if ( ! isset( $row[ $i ] ) ) { + $row[ $i ] = null; + } + if ( is_null( $row[ $i ] ) ) { + continue; + } + switch ( $col['type'] ) { + case 'number': + $row[ $i ] = is_numeric( $row[ $i ] ) ? floatval( $row[ $i ] ) : ( is_numeric( str_replace( ',', '', $row[ $i ] ) ) ? floatval( str_replace( ',', '', $row[ $i ] ) ) : null ); + break; + case 'boolean': + $datum = trim( strval( $row[ $i ] ) ); + $row[ $i ] = in_array( $datum, array( 'true', 'yes', '1' ), true ) ? 'true' : 'false'; + break; + } + } + $_content[] = $row; + } + + return array( $_content, $_series ); + } + /** * Testing file import feature. * @@ -159,6 +287,7 @@ public function test_file_import( $file, $content, $series ) { $_FILES = array( 'local_data' => array( 'tmp_name' => $dest, + 'name' => basename( $file ), 'error' => 0, ), );
', '' ); @@ -868,7 +868,7 @@ public static function _renderTabBasic( $args ) {