Add tar.gz support to Mastodon importer #2453
Conversation
Extends the Mastodon importer to accept tar.gz and tgz archives in addition to zip files. Since WordPress doesn't have built-in tar.gz support, the implementation tries multiple extraction methods: 1. PHP's PharData extension (most reliable when available) 2. System tar command via exec (fallback for servers that allow it) 3. Graceful failure with helpful error messages The extract_tar_gz() method follows WordPress conventions by returning WP_Error on failure, matching the behavior of unzip_file().
Extract the archive type detection and extraction logic from the import() method into a new extract_archive() method for better code organization and maintainability. This makes the import() method cleaner and the archive handling logic more reusable.
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for tar.gz and tgz archive formats to the Mastodon importer, which previously only supported ZIP files. The implementation includes multiple fallback extraction methods (PharData extension and system tar command) with proper error handling.
Key Changes:
- Extended file type validation to accept tar.gz and tgz formats alongside ZIP
- Refactored archive extraction into dedicated methods with multiple fallback strategies
- Updated user-facing documentation and error messages to reflect new format support
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| includes/wp-admin/import/class-mastodon.php | Implements tar.gz extraction with PharData/exec fallbacks, updates file type validation, and refactors extraction logic |
| .github/changelog/2453-from-description | Adds changelog entry documenting the new feature |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| $command = sprintf( | ||
| 'tar -xzf %s -C %s 2>&1', |
There was a problem hiding this comment.
The tar command execution could be vulnerable to command injection if the file path contains shell metacharacters. While escapeshellarg() is used, consider validating that self::$archive path doesn't contain unexpected characters or use a safer extraction method.
| ); | ||
| $output = array(); | ||
| $return_var = 0; | ||
| exec( $command, $output, $return_var ); |
There was a problem hiding this comment.
Using exec() with file paths poses a security risk even with escapeshellarg(). Consider checking if the paths are within expected directories (e.g., using realpath() and verifying they're under wp_content_dir()) before executing the command.
Reference: https://wordpress.org/support/topic/import-mastodon-beta/#post-18701387
Proposed changes:
Other information:
Testing instructions:
Alternative testing with ZIP:
Server compatibility:
Changelog entry
Changelog Entry Details
Significance
Type
Message
Add support for tar.gz archives in Mastodon importer.