| 1937 | |
| 1938 | /** |
| 1939 | * Generate a single group for the personal data export report. |
| 1940 | * |
| 1941 | * @since 4.9.6 |
| 1942 | * |
| 1943 | * @param array $group_data The group data to render. |
| 1944 | * 'group_label' string The user-facing heading for the group, e.g. 'Comments'. |
| 1945 | * 'items' associative-array An array of group items. |
| 1946 | * $group_item_id string A group item ID (e.g. 'comment-123' ). |
| 1947 | * => $group_item_data array An array of name-value pairs for the item. |
| 1948 | * 'name' string The user-facing name of an item name-value pair, e.g. 'IP Address'. |
| 1949 | * 'value' string The user-facing value of an item data pair, e.g. '50.60.70.0'. |
| 1950 | * @return string The HTML for this group and its items |
| 1951 | */ |
| 1952 | function wp_privacy_generate_personal_data_export_group_html( $group_data ) { |
| 1953 | $allowed_tags = array( |
| 1954 | 'a' => array( |
| 1955 | 'href' => array(), |
| 1956 | 'target' => array() |
| 1957 | ), |
| 1958 | 'br' => array() |
| 1959 | ); |
| 1960 | $allowed_protocols = array( 'http', 'https' ); |
| 1961 | $group_html = ''; |
| 1962 | |
| 1963 | $group_html .= '<h2>' . esc_html( $group_data['group_label'] ) . '</h2>'; |
| 1964 | $group_html .= '<div>'; |
| 1965 | |
| 1966 | foreach ( (array) $group_data['items'] as $group_item_id => $group_item_data ) { |
| 1967 | $group_html .= '<table>'; |
| 1968 | $group_html .= '<tbody>'; |
| 1969 | |
| 1970 | foreach ( (array) $group_item_data as $group_item_datum ) { |
| 1971 | $group_html .= '<tr>'; |
| 1972 | $group_html .= '<th>' . esc_html( $group_item_datum['name'] ) . '</th>'; |
| 1973 | $group_html .= '<td>' . wp_kses( $group_item_datum['value'], $allowed_tags, $allowed_protocols ) . '</td>'; |
| 1974 | $group_html .= '</tr>'; |
| 1975 | } |
| 1976 | |
| 1977 | $group_html .= '</tbody>'; |
| 1978 | $group_html .= '</table>'; |
| 1979 | } |
| 1980 | |
| 1981 | $group_html .= '</div>'; |
| 1982 | |
| 1983 | return $group_html; |
| 1984 | } |
| 1985 | |
| 1986 | /** |
| 1987 | * Generate the personal data export file. |
| 1988 | * |
| 1989 | * @since 4.9.6 |
| 1990 | * |
| 1991 | * @param int $request_id The export request ID. |
| 1992 | */ |
| 1993 | function wp_privacy_generate_personal_data_export_file( $request_id ) { |
| 1994 | // Maybe make this a cron job instead |
| 1995 | wp_privacy_delete_old_export_files(); |
| 1996 | |
| 1997 | if ( ! class_exists( 'ZipArchive' ) ) { |
| 1998 | wp_send_json_error( __( 'Unable to generate export file. ZipArchive not available.' ) ); |
| 1999 | } |
| 2000 | |
| 2001 | // Get the request |
| 2002 | $request = get_post( $request_id ); |
| 2003 | if ( 'user_export_request' !== $request->post_type ) { |
| 2004 | wp_send_json_error( __( 'Invalid request ID when generating export file' ) ); |
| 2005 | } |
| 2006 | |
| 2007 | // Create the exports folder if needed |
| 2008 | $upload_dir = wp_upload_dir(); |
| 2009 | $exports_dir = trailingslashit( $upload_dir['basedir'] . '/exports' ); |
| 2010 | $exports_url = trailingslashit( $upload_dir['baseurl'] . '/exports' ); |
| 2011 | |
| 2012 | $result = wp_mkdir_p( $exports_dir ); |
| 2013 | if ( is_wp_error( $result ) ) { |
| 2014 | wp_send_json_error( $result->get_error_message() ); |
| 2015 | } |
| 2016 | |
| 2017 | // Protect export folder from browsing |
| 2018 | $index_pathname = $exports_dir . 'index.html'; |
| 2019 | if ( ! file_exists( $index_pathname ) ) { |
| 2020 | $file = fopen( $index_pathname, 'w' ); |
| 2021 | if ( false === $file ) { |
| 2022 | wp_send_json_error( __( 'Unable to protect export folder from browsing' ) ); |
| 2023 | } |
| 2024 | fwrite( $file, 'Silence is golden.' ); |
| 2025 | fclose( $file ); |
| 2026 | } |
| 2027 | |
| 2028 | // Generate a difficult to guess filename |
| 2029 | $email_address = get_post_meta( $request_id, '_user_email', true ); |
| 2030 | if ( ! is_email( $email_address ) ) { |
| 2031 | wp_send_json_error( __( 'Invalid email address when generating export file' ) ); |
| 2032 | } |
| 2033 | |
| 2034 | $stripped_email = str_replace( '@', '-at-', $email_address ); |
| 2035 | $stripped_email = sanitize_title( $stripped_email ); // slugify the email address |
| 2036 | $obscura = md5( rand() ); |
| 2037 | $file_basename = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura; |
| 2038 | $html_report_filename = $file_basename . '.html'; |
| 2039 | $html_report_pathname = $exports_dir . $html_report_filename; |
| 2040 | $file = fopen( $html_report_pathname, 'w' ); |
| 2041 | if ( false === $file ) { |
| 2042 | wp_send_json_error( __( 'Unable to open export file (HTML report) for writing' ) ); |
| 2043 | } |
| 2044 | |
| 2045 | $title = sprintf( |
| 2046 | // translators: %s Users e-mail address. |
| 2047 | __( 'Personal Data Export for %s' ), |
| 2048 | $email_address |
| 2049 | ); |
| 2050 | |
| 2051 | // Open HTML |
| 2052 | fwrite( $file, "<!DOCTYPE html>\n" ); |
| 2053 | fwrite( $file, "<html>\n" ); |
| 2054 | |
| 2055 | // Head |
| 2056 | fwrite( $file, "<head>\n" ); |
| 2057 | fwrite( $file, "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />\n" ); |
| 2058 | fwrite( $file, "<style type='text/css'>" ); |
| 2059 | fwrite( $file, "body { color: black; font-family: Arial, sans-serif; font-size: 11pt; margin: 15px auto; width: 860px; }" ); |
| 2060 | fwrite( $file, "table { background: #f0f0f0; border: 1px solid #ddd; margin-bottom: 20px; width: 100%; }" ); |
| 2061 | fwrite( $file, "th { padding: 5px; text-align: left; width: 20%; }" ); |
| 2062 | fwrite( $file, "td { padding: 5px; }" ); |
| 2063 | fwrite( $file, "tr:nth-child(odd) { background-color: #fafafa; }" ); |
| 2064 | fwrite( $file, "</style>" ); |
| 2065 | fwrite( $file, "<title>" ); |
| 2066 | fwrite( $file, esc_html( $title ) ); |
| 2067 | fwrite( $file, "</title>" ); |
| 2068 | fwrite( $file, "</head>\n" ); |
| 2069 | |
| 2070 | // Body |
| 2071 | fwrite( $file, "<body>\n" ); |
| 2072 | |
| 2073 | // Heading |
| 2074 | fwrite( $file, "<h1>" . esc_html__( 'Personal Data Export' ) . "</h1>" ); |
| 2075 | |
| 2076 | // And now, all the Groups |
| 2077 | $groups = get_post_meta( $request_id, '_export_data_grouped', true ); |
| 2078 | |
| 2079 | // First, build a "About" group on the fly for this report |
| 2080 | $about_group = array( |
| 2081 | 'group_label' => __( 'About' ), |
| 2082 | 'items' => array( |
| 2083 | 'about-1' => array( |
| 2084 | array( |
| 2085 | 'name' => __( 'Report generated for' ), |
| 2086 | 'value' => $email_address, |
| 2087 | ), |
| 2088 | array( |
| 2089 | 'name' => __( 'For site' ), |
| 2090 | 'value' => get_bloginfo( 'name' ), |
| 2091 | ), |
| 2092 | array( |
| 2093 | 'name' => __( 'At URL' ), |
| 2094 | 'value' => get_bloginfo( 'url' ), |
| 2095 | ), |
| 2096 | array( |
| 2097 | 'name' => __( 'On' ), |
| 2098 | 'value' => current_time( 'mysql' ), |
| 2099 | ), |
| 2100 | ), |
| 2101 | ) |
| 2102 | ); |
| 2103 | |
| 2104 | // Merge in the special about group |
| 2105 | $groups = array_merge( array( 'about' => $about_group ), $groups ); |
| 2106 | |
| 2107 | // Now, iterate over every group in $groups and have the formatter render it in HTML |
| 2108 | foreach ( (array) $groups as $group_id => $group_data ) { |
| 2109 | fwrite( $file, wp_privacy_generate_personal_data_export_group_html( $group_data ) ); |
| 2110 | } |
| 2111 | |
| 2112 | fwrite( $file, "</body>\n" ); |
| 2113 | |
| 2114 | // Close HTML |
| 2115 | fwrite( $file, "</html>\n" ); |
| 2116 | fclose( $file ); |
| 2117 | |
| 2118 | // Now, generate the ZIP |
| 2119 | $archive_filename = $file_basename . '.zip'; |
| 2120 | $archive_pathname = $exports_dir . $archive_filename; |
| 2121 | $archive_url = $exports_url . $archive_filename; |
| 2122 | |
| 2123 | $zip = new ZipArchive; |
| 2124 | |
| 2125 | if ( TRUE === $zip->open( $archive_pathname, ZipArchive::CREATE ) ) { |
| 2126 | $zip->addFile( $html_report_pathname, 'index.html' ); |
| 2127 | $zip->close(); |
| 2128 | } else { |
| 2129 | wp_send_json_error( __( 'Unable to open export file (archive) for writing' ) ); |
| 2130 | } |
| 2131 | |
| 2132 | // And remove the HTML file |
| 2133 | unlink( $html_report_pathname ); |
| 2134 | |
| 2135 | // Save the export file in the request |
| 2136 | update_post_meta( $request_id, '_export_file_url', $archive_url ); |
| 2137 | update_post_meta( $request_id, '_export_file_path', $archive_pathname ); |
| 2138 | } |
| 2139 | |
| 2140 | /** |
| 2141 | * Send an email to the user with a link to the personal data export file |
| 2142 | * |
| 2143 | * @since 4.9.6 |
| 2144 | * |
| 2145 | * @param int $request_id The request ID for this personal data export. |
| 2146 | * @return true|WP_Error True on success or `WP_Error` on failure. |
| 2147 | */ |
| 2148 | function wp_privacy_send_personal_data_export_email( $request_id ) { |
| 2149 | $request = get_post( $request_id ); |
| 2150 | if ( 'user_export_request' !== $request->post_type ) { |
| 2151 | return new WP_Error( 'invalid', __( 'Invalid request ID when sending personal data export email' ) ); |
| 2152 | } |
| 2153 | |
| 2154 | /* translators: Do not translate LINK, EMAIL, SITENAME, SITEURL: those are placeholders. */ |
| 2155 | $email_text = __( |
| 2156 | 'Howdy, |
| 2157 | |
| 2158 | Your request for an export of personal data has been completed. You may |
| 2159 | download your personal data by clicking on the link below. This link is |
| 2160 | good for the next 3 days. |
| 2161 | |
| 2162 | ###LINK### |
| 2163 | |
| 2164 | This email has been sent to ###EMAIL###. |
| 2165 | |
| 2166 | Regards, |
| 2167 | All at ###SITENAME### |
| 2168 | ###SITEURL###' |
| 2169 | ); |
| 2170 | |
| 2171 | /** |
| 2172 | * Filters the text of the email sent with a personal data export file. |
| 2173 | * |
| 2174 | * The following strings have a special meaning and will get replaced dynamically: |
| 2175 | * ###LINK### URL of the personal data export file for the user. |
| 2176 | * ###EMAIL### The email we are sending to. |
| 2177 | * ###SITENAME### The name of the site. |
| 2178 | * ###SITEURL### The URL to the site. |
| 2179 | * |
| 2180 | * @since 4.9.6 |
| 2181 | * |
| 2182 | * @param string $email_text Text in the email. |
| 2183 | * @param int $request_id The request ID for this personal data export. |
| 2184 | * } |
| 2185 | */ |
| 2186 | $content = apply_filters( 'wp_privacy_personal_data_email_content', $email_text, $request_id ); |
| 2187 | |
| 2188 | $email_address = get_post_meta( $request_id, '_user_email', true ); |
| 2189 | $export_file_url = get_post_meta( $request_id, '_export_file_url', true ); |
| 2190 | $site_name = is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ); |
| 2191 | $site_url = network_home_url(); |
| 2192 | |
| 2193 | $content = str_replace( '###LINK###', esc_url_raw( $export_file_url ), $content ); |
| 2194 | $content = str_replace( '###EMAIL###', $email_address, $content ); |
| 2195 | $content = str_replace( '###SITENAME###', wp_specialchars_decode( $site_name, ENT_QUOTES ), $content ); |
| 2196 | $content = str_replace( '###SITEURL###', esc_url_raw( $site_url ), $content ); |
| 2197 | |
| 2198 | $mail_success = wp_mail( |
| 2199 | $email_address, |
| 2200 | sprintf( |
| 2201 | __( '[%s] Personal Data Export' ), |
| 2202 | wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) |
| 2203 | ), |
| 2204 | $content |
| 2205 | ); |
| 2206 | |
| 2207 | if ( ! $mail_success ) { |
| 2208 | return new WP_Error( 'error', __( 'Unable to send personal data export email' ) ); |
| 2209 | } |
| 2210 | |
| 2211 | return true; |
| 2212 | } |
| 2213 | |
| 2214 | /** |
| 2215 | * Intercept personal data exporter page ajax responses in order to assemble the personal data export file. |
| 2216 | * @see wp_privacy_personal_data_export_page |
| 2217 | * @since 4.9.6 |
| 2218 | * |
| 2219 | * @param array $response The response from the personal data exporter for the given page. |
| 2220 | * @param int $exporter_index The index of the personal data exporter. Begins at 1. |
| 2221 | * @param string $email_address The email address of the user whose personal data this is. |
| 2222 | * @param int $page The page of personal data for this exporter. Begins at 1. |
| 2223 | * @param int $request_id The request ID for this personal data export. |
| 2224 | * @param bool $send_as_email Whether the final results of the export should be emailed to the user. |
| 2225 | * @return array The filtered response. |
| 2226 | */ |
| 2227 | function wp_privacy_process_personal_data_export_page( $response, $exporter_index, $email_address, $page, $request_id, $send_as_email ) { |
| 2228 | // Do some simple checks on the shape of the response from the exporter |
| 2229 | // If the exporter response is malformed, don't attempt to consume it - let it |
| 2230 | // pass through to generate a warning to the user by default ajax processing |
| 2231 | if ( ! is_array( $response ) ) { |
| 2232 | return $response; |
| 2233 | } |
| 2234 | |
| 2235 | if ( ! array_key_exists( 'done', $response ) ) { |
| 2236 | return $response; |
| 2237 | } |
| 2238 | |
| 2239 | if ( ! array_key_exists( 'data', $response ) ) { |
| 2240 | return $response; |
| 2241 | } |
| 2242 | |
| 2243 | if ( ! is_array( $response['data'] ) ) { |
| 2244 | return $response; |
| 2245 | } |
| 2246 | |
| 2247 | // Get the request |
| 2248 | $request = get_post( $request_id ); |
| 2249 | if ( 'user_export_request' !== $request->post_type ) { |
| 2250 | wp_send_json_error( __( 'Invalid request ID when merging exporter data' ) ); |
| 2251 | } |
| 2252 | |
| 2253 | $export_data = array(); |
| 2254 | |
| 2255 | // First exporter, first page? Reset the report data accumulation array |
| 2256 | if ( 1 === $exporter_index && 1 === $page ) { |
| 2257 | update_post_meta( $request_id, '_export_data_raw', $export_data ); |
| 2258 | } else { |
| 2259 | $export_data = get_post_meta( $request_id, '_export_data_raw', true ); |
| 2260 | } |
| 2261 | |
| 2262 | // Now, merge the data from the exporter response into the data we have accumulated already |
| 2263 | $export_data = array_merge( $export_data, $response['data'] ); |
| 2264 | update_post_meta( $request_id, '_export_data_raw', $export_data ); |
| 2265 | |
| 2266 | // If we are not yet on the last page of the last exporter, return now |
| 2267 | $exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() ); |
| 2268 | $is_last_exporter = $exporter_index === count( $exporters ); |
| 2269 | $exporter_done = $response['done']; |
| 2270 | if ( ! $is_last_exporter || ! $exporter_done ) { |
| 2271 | return $response; |
| 2272 | } |
| 2273 | |
| 2274 | // Last exporter, last page - let's prepare the export file |
| 2275 | |
| 2276 | // First we need to re-organize the raw data hierarchically in groups and items. |
| 2277 | $groups = array(); |
| 2278 | foreach ( (array) $export_data as $export_datum ) { |
| 2279 | $group_id = $export_datum['group_id']; |
| 2280 | $group_label = $export_datum['group_label']; |
| 2281 | if ( ! array_key_exists( $group_id, $groups ) ) { |
| 2282 | $groups[ $group_id ] = array( |
| 2283 | 'group_label' => $group_label, |
| 2284 | 'items' => array(), |
| 2285 | ); |
| 2286 | } |
| 2287 | |
| 2288 | $item_id = $export_datum['item_id']; |
| 2289 | if ( ! array_key_exists( $item_id, $groups[ $group_id ]['items'] ) ) { |
| 2290 | $groups[ $group_id ]['items'][ $item_id ] = array(); |
| 2291 | } |
| 2292 | |
| 2293 | $old_item_data = $groups[ $group_id ]['items'][ $item_id ]; |
| 2294 | $merged_item_data = array_merge( $export_datum['data'], $old_item_data ); |
| 2295 | $groups[ $group_id ]['items'][ $item_id ] = $merged_item_data; |
| 2296 | } |
| 2297 | |
| 2298 | // Then save the grouped data into the request |
| 2299 | delete_post_meta( $request_id, '_export_data_raw' ); |
| 2300 | update_post_meta( $request_id, '_export_data_grouped', $groups ); |
| 2301 | |
| 2302 | // And now, generate the export file |
| 2303 | $report_path = get_post_meta( $request_id, '_export_file_path', true ); |
| 2304 | if ( ! empty( $request_path ) ) { |
| 2305 | delete_post_meta( $request_id, '_export_file_path' ); |
| 2306 | @unlink( $request_path ); |
| 2307 | } |
| 2308 | delete_post_meta( $request_id, '_export_file_url' ); |
| 2309 | |
| 2310 | // Generate the export file from the collected, grouped personal data |
| 2311 | do_action( 'wp_privacy_personal_data_export_file', $request_id ); |
| 2312 | |
| 2313 | // Clear the grouped data now that it is no longer needed |
| 2314 | delete_post_meta( $request_id, '_export_data_grouped' ); |
| 2315 | |
| 2316 | // If the destination is email, send it now |
| 2317 | if ( $send_as_email ) { |
| 2318 | $mail_success = wp_privacy_send_personal_data_export_email( $request_id ); |
| 2319 | if ( is_wp_error( $mail_success ) ) { |
| 2320 | wp_send_json_error( $mail_success->get_error_message() ); |
| 2321 | } |
| 2322 | } else { |
| 2323 | // Modify the response to include the URL of the export file so the browser can fetch it |
| 2324 | $export_file_url = get_post_meta( $request_id, '_export_file_url', true ); |
| 2325 | if ( ! empty( $export_file_url ) ) { |
| 2326 | $response['url'] = $export_file_url; |
| 2327 | } |
| 2328 | } |
| 2329 | |
| 2330 | // Update the request to completed state |
| 2331 | _wp_privacy_completed_request( $request_id ); |
| 2332 | |
| 2333 | return $response; |
| 2334 | } |
| 2335 | |
| 2336 | /** |
| 2337 | * Cleans up export files older than three days old |
| 2338 | * |
| 2339 | * @since 4.9.6 |
| 2340 | */ |
| 2341 | function wp_privacy_delete_old_export_files() { |
| 2342 | $upload_dir = wp_upload_dir(); |
| 2343 | $exports_dir = trailingslashit( $upload_dir['basedir'] . '/exports' ); |
| 2344 | $export_files = list_files( $exports_dir ); |
| 2345 | |
| 2346 | foreach( (array) $export_files as $export_file ) { |
| 2347 | $file_age_in_seconds = time() - filemtime( $export_file ); |
| 2348 | |
| 2349 | if ( 3 * DAY_IN_SECONDS < $file_age_in_seconds ) { |
| 2350 | @unlink( $export_file ); |
| 2351 | } |
| 2352 | } |
| 2353 | } |