| | 1937 | |
| | 1938 | /** |
| | 1939 | * Generate a single group for the personal data export report. |
| | 1940 | * |
| | 1941 | * @since 4.9.6 |
| | 1942 | * |
| | 1943 | * @param array $group_data The group data to render. |
| | 1944 | * 'group_label' string The user-facing heading for the group, e.g. 'Comments'. |
| | 1945 | * 'items' associative-array An array of group items. |
| | 1946 | * $group_item_id string A group item ID (e.g. 'comment-123' ). |
| | 1947 | * => $group_item_data array An array of name-value pairs for the item. |
| | 1948 | * 'name' string The user-facing name of an item name-value pair, e.g. 'IP Address'. |
| | 1949 | * 'value' string The user-facing value of an item data pair, e.g. '50.60.70.0'. |
| | 1950 | * @return string The HTML for this group and its items |
| | 1951 | */ |
| | 1952 | function wp_privacy_generate_personal_data_export_group_html( $group_data ) { |
| | 1953 | $allowed_tags = array( |
| | 1954 | 'a' => array( |
| | 1955 | 'href' => array(), |
| | 1956 | 'target' => array() |
| | 1957 | ), |
| | 1958 | 'br' => array() |
| | 1959 | ); |
| | 1960 | $allowed_protocols = array( 'http', 'https' ); |
| | 1961 | $group_html = ''; |
| | 1962 | |
| | 1963 | $group_html .= '<h2>' . esc_html( $group_data['group_label'] ) . '</h2>'; |
| | 1964 | $group_html .= '<div>'; |
| | 1965 | |
| | 1966 | foreach ( (array) $group_data['items'] as $group_item_id => $group_item_data ) { |
| | 1967 | $group_html .= '<table>'; |
| | 1968 | $group_html .= '<tbody>'; |
| | 1969 | |
| | 1970 | foreach ( (array) $group_item_data as $group_item_datum ) { |
| | 1971 | $group_html .= '<tr>'; |
| | 1972 | $group_html .= '<th>' . esc_html( $group_item_datum['name'] ) . '</th>'; |
| | 1973 | $group_html .= '<td>' . wp_kses( $group_item_datum['value'], $allowed_tags, $allowed_protocols ) . '</td>'; |
| | 1974 | $group_html .= '</tr>'; |
| | 1975 | } |
| | 1976 | |
| | 1977 | $group_html .= '</tbody>'; |
| | 1978 | $group_html .= '</table>'; |
| | 1979 | } |
| | 1980 | |
| | 1981 | $group_html .= '</div>'; |
| | 1982 | |
| | 1983 | return $group_html; |
| | 1984 | } |
| | 1985 | |
| | 1986 | /** |
| | 1987 | * Generate the personal data export file. |
| | 1988 | * |
| | 1989 | * @since 4.9.6 |
| | 1990 | * |
| | 1991 | * @param int $request_id The export request ID. |
| | 1992 | */ |
| | 1993 | function wp_privacy_generate_personal_data_export_file( $request_id ) { |
| | 1994 | // Maybe make this a cron job instead |
| | 1995 | wp_privacy_delete_old_export_files(); |
| | 1996 | |
| | 1997 | if ( ! class_exists( 'ZipArchive' ) ) { |
| | 1998 | wp_send_json_error( __( 'Unable to generate export file. ZipArchive not available.' ) ); |
| | 1999 | } |
| | 2000 | |
| | 2001 | // Get the request |
| | 2002 | $request = get_post( $request_id ); |
| | 2003 | if ( 'user_export_request' !== $request->post_type ) { |
| | 2004 | wp_send_json_error( __( 'Invalid request ID when generating export file' ) ); |
| | 2005 | } |
| | 2006 | |
| | 2007 | // Create the exports folder if needed |
| | 2008 | $upload_dir = wp_upload_dir(); |
| | 2009 | $exports_dir = trailingslashit( $upload_dir['basedir'] . '/exports' ); |
| | 2010 | $exports_url = trailingslashit( $upload_dir['baseurl'] . '/exports' ); |
| | 2011 | |
| | 2012 | $result = wp_mkdir_p( $exports_dir ); |
| | 2013 | if ( is_wp_error( $result ) ) { |
| | 2014 | wp_send_json_error( $result->get_error_message() ); |
| | 2015 | } |
| | 2016 | |
| | 2017 | // Protect export folder from browsing |
| | 2018 | $index_pathname = $exports_dir . 'index.html'; |
| | 2019 | if ( ! file_exists( $index_pathname ) ) { |
| | 2020 | $file = fopen( $index_pathname, 'w' ); |
| | 2021 | if ( false === $file ) { |
| | 2022 | wp_send_json_error( __( 'Unable to protect export folder from browsing' ) ); |
| | 2023 | } |
| | 2024 | fwrite( $file, 'Silence is golden.' ); |
| | 2025 | fclose( $file ); |
| | 2026 | } |
| | 2027 | |
| | 2028 | // Generate a difficult to guess filename |
| | 2029 | $email_address = get_post_meta( $request_id, '_user_email', true ); |
| | 2030 | if ( ! is_email( $email_address ) ) { |
| | 2031 | wp_send_json_error( __( 'Invalid email address when generating export file' ) ); |
| | 2032 | } |
| | 2033 | |
| | 2034 | $stripped_email = str_replace( '@', '-at-', $email_address ); |
| | 2035 | $stripped_email = sanitize_title( $stripped_email ); // slugify the email address |
| | 2036 | $obscura = md5( rand() ); |
| | 2037 | $file_basename = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura; |
| | 2038 | $html_report_filename = $file_basename . '.html'; |
| | 2039 | $html_report_pathname = $exports_dir . $html_report_filename; |
| | 2040 | $file = fopen( $html_report_pathname, 'w' ); |
| | 2041 | if ( false === $file ) { |
| | 2042 | wp_send_json_error( __( 'Unable to open export file (HTML report) for writing' ) ); |
| | 2043 | } |
| | 2044 | |
| | 2045 | $title = sprintf( |
| | 2046 | // translators: %s Users e-mail address. |
| | 2047 | __( 'Personal Data Export for %s' ), |
| | 2048 | $email_address |
| | 2049 | ); |
| | 2050 | |
| | 2051 | // Open HTML |
| | 2052 | fwrite( $file, "<!DOCTYPE html>\n" ); |
| | 2053 | fwrite( $file, "<html>\n" ); |
| | 2054 | |
| | 2055 | // Head |
| | 2056 | fwrite( $file, "<head>\n" ); |
| | 2057 | fwrite( $file, "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />\n" ); |
| | 2058 | fwrite( $file, "<style type='text/css'>" ); |
| | 2059 | fwrite( $file, "body { color: black; font-family: Arial, sans-serif; font-size: 11pt; margin: 15px auto; width: 860px; }" ); |
| | 2060 | fwrite( $file, "table { background: #f0f0f0; border: 1px solid #ddd; margin-bottom: 20px; width: 100%; }" ); |
| | 2061 | fwrite( $file, "th { padding: 5px; text-align: left; width: 20%; }" ); |
| | 2062 | fwrite( $file, "td { padding: 5px; }" ); |
| | 2063 | fwrite( $file, "tr:nth-child(odd) { background-color: #fafafa; }" ); |
| | 2064 | fwrite( $file, "</style>" ); |
| | 2065 | fwrite( $file, "<title>" ); |
| | 2066 | fwrite( $file, esc_html( $title ) ); |
| | 2067 | fwrite( $file, "</title>" ); |
| | 2068 | fwrite( $file, "</head>\n" ); |
| | 2069 | |
| | 2070 | // Body |
| | 2071 | fwrite( $file, "<body>\n" ); |
| | 2072 | |
| | 2073 | // Heading |
| | 2074 | fwrite( $file, "<h1>" . esc_html__( 'Personal Data Export' ) . "</h1>" ); |
| | 2075 | |
| | 2076 | // And now, all the Groups |
| | 2077 | $groups = get_post_meta( $request_id, '_export_data_grouped', true ); |
| | 2078 | |
| | 2079 | // First, build a "About" group on the fly for this report |
| | 2080 | $about_group = array( |
| | 2081 | 'group_label' => __( 'About' ), |
| | 2082 | 'items' => array( |
| | 2083 | 'about-1' => array( |
| | 2084 | array( |
| | 2085 | 'name' => __( 'Report generated for' ), |
| | 2086 | 'value' => $email_address, |
| | 2087 | ), |
| | 2088 | array( |
| | 2089 | 'name' => __( 'For site' ), |
| | 2090 | 'value' => get_bloginfo( 'name' ), |
| | 2091 | ), |
| | 2092 | array( |
| | 2093 | 'name' => __( 'At URL' ), |
| | 2094 | 'value' => get_bloginfo( 'url' ), |
| | 2095 | ), |
| | 2096 | array( |
| | 2097 | 'name' => __( 'On' ), |
| | 2098 | 'value' => current_time( 'mysql' ), |
| | 2099 | ), |
| | 2100 | ), |
| | 2101 | ) |
| | 2102 | ); |
| | 2103 | |
| | 2104 | // Merge in the special about group |
| | 2105 | $groups = array_merge( array( 'about' => $about_group ), $groups ); |
| | 2106 | |
| | 2107 | // Now, iterate over every group in $groups and have the formatter render it in HTML |
| | 2108 | foreach ( (array) $groups as $group_id => $group_data ) { |
| | 2109 | fwrite( $file, wp_privacy_generate_personal_data_export_group_html( $group_data ) ); |
| | 2110 | } |
| | 2111 | |
| | 2112 | fwrite( $file, "</body>\n" ); |
| | 2113 | |
| | 2114 | // Close HTML |
| | 2115 | fwrite( $file, "</html>\n" ); |
| | 2116 | fclose( $file ); |
| | 2117 | |
| | 2118 | // Now, generate the ZIP |
| | 2119 | $archive_filename = $file_basename . '.zip'; |
| | 2120 | $archive_pathname = $exports_dir . $archive_filename; |
| | 2121 | $archive_url = $exports_url . $archive_filename; |
| | 2122 | |
| | 2123 | $zip = new ZipArchive; |
| | 2124 | |
| | 2125 | if ( TRUE === $zip->open( $archive_pathname, ZipArchive::CREATE ) ) { |
| | 2126 | $zip->addFile( $html_report_pathname, 'index.html' ); |
| | 2127 | $zip->close(); |
| | 2128 | } else { |
| | 2129 | wp_send_json_error( __( 'Unable to open export file (archive) for writing' ) ); |
| | 2130 | } |
| | 2131 | |
| | 2132 | // And remove the HTML file |
| | 2133 | unlink( $html_report_pathname ); |
| | 2134 | |
| | 2135 | // Save the export file in the request |
| | 2136 | update_post_meta( $request_id, '_export_file_url', $archive_url ); |
| | 2137 | update_post_meta( $request_id, '_export_file_path', $archive_pathname ); |
| | 2138 | } |
| | 2139 | |
| | 2140 | /** |
| | 2141 | * Send an email to the user with a link to the personal data export file |
| | 2142 | * |
| | 2143 | * @since 4.9.6 |
| | 2144 | * |
| | 2145 | * @param int $request_id The request ID for this personal data export. |
| | 2146 | * @return true|WP_Error True on success or `WP_Error` on failure. |
| | 2147 | */ |
| | 2148 | function wp_privacy_send_personal_data_export_email( $request_id ) { |
| | 2149 | $request = get_post( $request_id ); |
| | 2150 | if ( 'user_export_request' !== $request->post_type ) { |
| | 2151 | return new WP_Error( 'invalid', __( 'Invalid request ID when sending personal data export email' ) ); |
| | 2152 | } |
| | 2153 | |
| | 2154 | /* translators: Do not translate LINK, EMAIL, SITENAME, SITEURL: those are placeholders. */ |
| | 2155 | $email_text = __( |
| | 2156 | 'Howdy, |
| | 2157 | |
| | 2158 | Your request for an export of personal data has been completed. You may |
| | 2159 | download your personal data by clicking on the link below. This link is |
| | 2160 | good for the next 3 days. |
| | 2161 | |
| | 2162 | ###LINK### |
| | 2163 | |
| | 2164 | This email has been sent to ###EMAIL###. |
| | 2165 | |
| | 2166 | Regards, |
| | 2167 | All at ###SITENAME### |
| | 2168 | ###SITEURL###' |
| | 2169 | ); |
| | 2170 | |
| | 2171 | /** |
| | 2172 | * Filters the text of the email sent with a personal data export file. |
| | 2173 | * |
| | 2174 | * The following strings have a special meaning and will get replaced dynamically: |
| | 2175 | * ###LINK### URL of the personal data export file for the user. |
| | 2176 | * ###EMAIL### The email we are sending to. |
| | 2177 | * ###SITENAME### The name of the site. |
| | 2178 | * ###SITEURL### The URL to the site. |
| | 2179 | * |
| | 2180 | * @since 4.9.6 |
| | 2181 | * |
| | 2182 | * @param string $email_text Text in the email. |
| | 2183 | * @param int $request_id The request ID for this personal data export. |
| | 2184 | * } |
| | 2185 | */ |
| | 2186 | $content = apply_filters( 'wp_privacy_personal_data_email_content', $email_text, $request_id ); |
| | 2187 | |
| | 2188 | $email_address = get_post_meta( $request_id, '_user_email', true ); |
| | 2189 | $export_file_url = get_post_meta( $request_id, '_export_file_url', true ); |
| | 2190 | $site_name = is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ); |
| | 2191 | $site_url = network_home_url(); |
| | 2192 | |
| | 2193 | $content = str_replace( '###LINK###', esc_url_raw( $export_file_url ), $content ); |
| | 2194 | $content = str_replace( '###EMAIL###', $email_address, $content ); |
| | 2195 | $content = str_replace( '###SITENAME###', wp_specialchars_decode( $site_name, ENT_QUOTES ), $content ); |
| | 2196 | $content = str_replace( '###SITEURL###', esc_url_raw( $site_url ), $content ); |
| | 2197 | |
| | 2198 | $mail_success = wp_mail( |
| | 2199 | $email_address, |
| | 2200 | sprintf( |
| | 2201 | __( '[%s] Personal Data Export' ), |
| | 2202 | wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) |
| | 2203 | ), |
| | 2204 | $content |
| | 2205 | ); |
| | 2206 | |
| | 2207 | if ( ! $mail_success ) { |
| | 2208 | return new WP_Error( 'error', __( 'Unable to send personal data export email' ) ); |
| | 2209 | } |
| | 2210 | |
| | 2211 | return true; |
| | 2212 | } |
| | 2213 | |
| | 2214 | /** |
| | 2215 | * Intercept personal data exporter page ajax responses in order to assemble the personal data export file. |
| | 2216 | * @see wp_privacy_personal_data_export_page |
| | 2217 | * @since 4.9.6 |
| | 2218 | * |
| | 2219 | * @param array $response The response from the personal data exporter for the given page. |
| | 2220 | * @param int $exporter_index The index of the personal data exporter. Begins at 1. |
| | 2221 | * @param string $email_address The email address of the user whose personal data this is. |
| | 2222 | * @param int $page The page of personal data for this exporter. Begins at 1. |
| | 2223 | * @param int $request_id The request ID for this personal data export. |
| | 2224 | * @param bool $send_as_email Whether the final results of the export should be emailed to the user. |
| | 2225 | * @return array The filtered response. |
| | 2226 | */ |
| | 2227 | function wp_privacy_process_personal_data_export_page( $response, $exporter_index, $email_address, $page, $request_id, $send_as_email ) { |
| | 2228 | // Do some simple checks on the shape of the response from the exporter |
| | 2229 | // If the exporter response is malformed, don't attempt to consume it - let it |
| | 2230 | // pass through to generate a warning to the user by default ajax processing |
| | 2231 | if ( ! is_array( $response ) ) { |
| | 2232 | return $response; |
| | 2233 | } |
| | 2234 | |
| | 2235 | if ( ! array_key_exists( 'done', $response ) ) { |
| | 2236 | return $response; |
| | 2237 | } |
| | 2238 | |
| | 2239 | if ( ! array_key_exists( 'data', $response ) ) { |
| | 2240 | return $response; |
| | 2241 | } |
| | 2242 | |
| | 2243 | if ( ! is_array( $response['data'] ) ) { |
| | 2244 | return $response; |
| | 2245 | } |
| | 2246 | |
| | 2247 | // Get the request |
| | 2248 | $request = get_post( $request_id ); |
| | 2249 | if ( 'user_export_request' !== $request->post_type ) { |
| | 2250 | wp_send_json_error( __( 'Invalid request ID when merging exporter data' ) ); |
| | 2251 | } |
| | 2252 | |
| | 2253 | $export_data = array(); |
| | 2254 | |
| | 2255 | // First exporter, first page? Reset the report data accumulation array |
| | 2256 | if ( 1 === $exporter_index && 1 === $page ) { |
| | 2257 | update_post_meta( $request_id, '_export_data_raw', $export_data ); |
| | 2258 | } else { |
| | 2259 | $export_data = get_post_meta( $request_id, '_export_data_raw', true ); |
| | 2260 | } |
| | 2261 | |
| | 2262 | // Now, merge the data from the exporter response into the data we have accumulated already |
| | 2263 | $export_data = array_merge( $export_data, $response['data'] ); |
| | 2264 | update_post_meta( $request_id, '_export_data_raw', $export_data ); |
| | 2265 | |
| | 2266 | // If we are not yet on the last page of the last exporter, return now |
| | 2267 | $exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() ); |
| | 2268 | $is_last_exporter = $exporter_index === count( $exporters ); |
| | 2269 | $exporter_done = $response['done']; |
| | 2270 | if ( ! $is_last_exporter || ! $exporter_done ) { |
| | 2271 | return $response; |
| | 2272 | } |
| | 2273 | |
| | 2274 | // Last exporter, last page - let's prepare the export file |
| | 2275 | |
| | 2276 | // First we need to re-organize the raw data hierarchically in groups and items. |
| | 2277 | $groups = array(); |
| | 2278 | foreach ( (array) $export_data as $export_datum ) { |
| | 2279 | $group_id = $export_datum['group_id']; |
| | 2280 | $group_label = $export_datum['group_label']; |
| | 2281 | if ( ! array_key_exists( $group_id, $groups ) ) { |
| | 2282 | $groups[ $group_id ] = array( |
| | 2283 | 'group_label' => $group_label, |
| | 2284 | 'items' => array(), |
| | 2285 | ); |
| | 2286 | } |
| | 2287 | |
| | 2288 | $item_id = $export_datum['item_id']; |
| | 2289 | if ( ! array_key_exists( $item_id, $groups[ $group_id ]['items'] ) ) { |
| | 2290 | $groups[ $group_id ]['items'][ $item_id ] = array(); |
| | 2291 | } |
| | 2292 | |
| | 2293 | $old_item_data = $groups[ $group_id ]['items'][ $item_id ]; |
| | 2294 | $merged_item_data = array_merge( $export_datum['data'], $old_item_data ); |
| | 2295 | $groups[ $group_id ]['items'][ $item_id ] = $merged_item_data; |
| | 2296 | } |
| | 2297 | |
| | 2298 | // Then save the grouped data into the request |
| | 2299 | delete_post_meta( $request_id, '_export_data_raw' ); |
| | 2300 | update_post_meta( $request_id, '_export_data_grouped', $groups ); |
| | 2301 | |
| | 2302 | // And now, generate the export file |
| | 2303 | $report_path = get_post_meta( $request_id, '_export_file_path', true ); |
| | 2304 | if ( ! empty( $request_path ) ) { |
| | 2305 | delete_post_meta( $request_id, '_export_file_path' ); |
| | 2306 | @unlink( $request_path ); |
| | 2307 | } |
| | 2308 | delete_post_meta( $request_id, '_export_file_url' ); |
| | 2309 | |
| | 2310 | // Generate the export file from the collected, grouped personal data |
| | 2311 | do_action( 'wp_privacy_personal_data_export_file', $request_id ); |
| | 2312 | |
| | 2313 | // Clear the grouped data now that it is no longer needed |
| | 2314 | delete_post_meta( $request_id, '_export_data_grouped' ); |
| | 2315 | |
| | 2316 | // If the destination is email, send it now |
| | 2317 | if ( $send_as_email ) { |
| | 2318 | $mail_success = wp_privacy_send_personal_data_export_email( $request_id ); |
| | 2319 | if ( is_wp_error( $mail_success ) ) { |
| | 2320 | wp_send_json_error( $mail_success->get_error_message() ); |
| | 2321 | } |
| | 2322 | } else { |
| | 2323 | // Modify the response to include the URL of the export file so the browser can fetch it |
| | 2324 | $export_file_url = get_post_meta( $request_id, '_export_file_url', true ); |
| | 2325 | if ( ! empty( $export_file_url ) ) { |
| | 2326 | $response['url'] = $export_file_url; |
| | 2327 | } |
| | 2328 | } |
| | 2329 | |
| | 2330 | // Update the request to completed state |
| | 2331 | _wp_privacy_completed_request( $request_id ); |
| | 2332 | |
| | 2333 | return $response; |
| | 2334 | } |
| | 2335 | |
| | 2336 | /** |
| | 2337 | * Cleans up export files older than three days old |
| | 2338 | * |
| | 2339 | * @since 4.9.6 |
| | 2340 | */ |
| | 2341 | function wp_privacy_delete_old_export_files() { |
| | 2342 | $upload_dir = wp_upload_dir(); |
| | 2343 | $exports_dir = trailingslashit( $upload_dir['basedir'] . '/exports' ); |
| | 2344 | $export_files = list_files( $exports_dir ); |
| | 2345 | |
| | 2346 | foreach( (array) $export_files as $export_file ) { |
| | 2347 | $file_age_in_seconds = time() - filemtime( $export_file ); |
| | 2348 | |
| | 2349 | if ( 3 * DAY_IN_SECONDS < $file_age_in_seconds ) { |
| | 2350 | @unlink( $export_file ); |
| | 2351 | } |
| | 2352 | } |
| | 2353 | } |