feat: add CSV export for visitor records +semver: minor#56
Merged
Conversation
Introduce a filtered CSV download from the Visitors admin screen. The export honours active search and risk-type filters, streams all matching rows unpaginated, and prepends a UTF-8 BOM for Excel compatibility. Bump version to 1.2.0.
gstraccini
Bot
added
the
☑️ auto-merge
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Sorry @guibranco, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
WalkthroughPR adds a CSV export feature to the ipquery WordPress plugin, enabling admin users to download visitor records as UTF-8 CSV with optional filters (search, risk type), and bumps the plugin version to 1.2.0 across all metadata files. ChangesCSV Export Feature
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gstraccini[bot]](https://avatars.githubusercontent.com/in/480132?s=60&v=4){kind=small}
Contributor
🔍 WordPress Plugin Check Report
📊 Report
|
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
399 |
PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 394. |
🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@includes/class-ipquery-admin.php`:
- Around line 376-401: The CSV export writes raw string cells in the foreach
loop inside class-ipquery-admin.php (the fputcsv call) and may allow
spreadsheet-formula payloads; before building the array passed to fputcsv,
sanitize each string cell (country, country_code, city, state, zipcode, org,
isp, first_seen, last_seen, and any other user-sourced text) by detecting if the
value begins with '=', '+', '-', or '@' and, if so, prefix it with a single
quote character to neutralize formulas; leave numeric and boolean fields
unchanged and apply this normalization right where the array for fputcsv is
constructed in the foreach ($rows as $row) block.
In `@includes/class-ipquery-db.php`:
- Around line 356-403: get_all_for_export currently pulls the entire result set
into memory; change it to read and emit rows in chunks (e.g., add $limit and
$offset loop or keyset pagination using the $orderby column) and fetch each page
with a prepared $wpdb->get_results call, streaming/processing each chunk instead
of returning the full array; update the function signature or add a new method
to accept a callback/Generator so callers can consume rows as they arrive, keep
using the validated $orderby/$order and $where_sql/$values logic but append
"LIMIT %d OFFSET %d" (or keyset WHERE > last_value) to the SQL and loop until an
empty chunk to avoid OOM.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 36d50206-2734-48dc-b877-8a319b65c549
📒 Files selected for processing (7)
README.mdadmin/views/visitors.phpdocs/visitors.mdincludes/class-ipquery-admin.phpincludes/class-ipquery-db.phpipquery.phpreadme.txt
Reformats the fputcsv header array in the CSV export to use one element per line for improved readability and easier diffs. Also adds missing phpcs ignore flag `WordPress.DB.PreparedSQL.NotPrepared` to the direct DB query suppression comment.
|
|
Failed to generate code suggestions for PR |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📑 Description
Introduce a filtered CSV download from the Visitors admin screen. The export honours active search and risk-type filters, streams all matching rows unpaginated, and prepends a UTF-8 BOM for Excel compatibility. Bump version to 1.2.0.
✅ Checks
☢️ Does this introduce a breaking change?
Summary by CodeRabbit
New Features
Documentation
Chores