Make WordPress Core


Ignore:
Timestamp:
04/27/2018 07:53:37 PM (7 years ago)
Author:
azaozz
Message:

Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.

Props allendav.
See #43546.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r43011 r43012  
    43284328}
    43294329
     4330/**
     4331 * Ajax handler for exporting a user's personal data.
     4332 *
     4333 * @since 4.9.6
     4334 */
    43304335function wp_ajax_wp_privacy_export_personal_data() {
    4331     check_ajax_referer( 'wp-privacy-export-personal-data', 'security' );
     4336    $request_id  = (int) $_POST['id'];
     4337
     4338    if ( empty( $request_id ) ) {
     4339        wp_send_json_error( __( 'Error: Invalid request ID.' ) );
     4340    }
    43324341
    43334342    if ( ! current_user_can( 'manage_options' ) ) {
     
    43354344    }
    43364345
    4337     $email_address  = sanitize_text_field( $_POST['email'] );
     4346    check_ajax_referer( 'wp-privacy-export-personal-data-' . $request_id, 'security' );
     4347
     4348    // Get the request data.
     4349    $request = wp_get_user_request_data( $request_id );
     4350
     4351    if ( ! $request || 'export_personal_data' !== $request->action_name ) {
     4352        wp_send_json_error( __( 'Error: Invalid request type.' ) );
     4353    }
     4354
     4355    $email_address = $request->email;
     4356    if ( ! is_email( $email_address ) ) {
     4357        wp_send_json_error( __( 'Error: A valid email address must be given.' ) );
     4358    }
     4359
    43384360    $exporter_index = (int) $_POST['exporter'];
    43394361    $page           = (int) $_POST['page'];
     4362    $send_as_email  = isset( $_POST['sendAsEmail'] ) ? ( "true" === $_POST['sendAsEmail'] ) : false;
    43404363
    43414364    /**
     
    43494372     *         callback               string  Callable exporter that accepts an email address and
    43504373     *                                        a page and returns an array of name => value
    4351      *                                        pairs of personal data
    4352      *         exporter_friendly_name string  Translated user facing friendly name for the exporter
     4374     *                                        pairs of personal data.
     4375     *         exporter_friendly_name string  Translated user facing friendly name for the exporter.
    43534376     *     ]
    43544377     * }
     
    43764399        }
    43774400
    4378         // Surprisingly, email addresses can contain mutli-byte characters now
    4379         $email_address = trim( mb_strtolower( $email_address ) );
    4380 
    4381         if ( ! is_email( $email_address ) ) {
    4382             wp_send_json_error( 'A valid email address must be given.' );
    4383         }
    4384 
    43854401        $exporter = $exporters[ $index ];
     4402
    43864403        if ( ! is_array( $exporter ) ) {
    43874404            wp_send_json_error( "Expected an array describing the exporter at index {$exporter_index}." );
    43884405        }
    4389         if ( ! array_key_exists( 'callback', $exporter ) ) {
    4390             wp_send_json_error( "Exporter array at index {$exporter_index} does not include a callback." );
    4391         }
    4392         if ( ! is_callable( $exporter['callback'] ) ) {
    4393             wp_send_json_error( "Exporter callback at index {$exporter_index} is not a valid callback." );
    4394         }
    43954406        if ( ! array_key_exists( 'exporter_friendly_name', $exporter ) ) {
    43964407            wp_send_json_error( "Exporter array at index {$exporter_index} does not include a friendly name." );
     4408        }
     4409        if ( ! array_key_exists( 'callback', $exporter ) ) {
     4410            wp_send_json_error( "Exporter does not include a callback: {$exporter['exporter_friendly_name']}." );
     4411        }
     4412        if ( ! is_callable( $exporter['callback'] ) ) {
     4413            wp_send_json_error( "Exporter callback is not a valid callback: {$exporter['exporter_friendly_name']}." );
    43974414        }
    43984415
     
    44184435        }
    44194436    } else {
    4420         // No exporters, so we're done
     4437        // No exporters, so we're done.
    44214438        $response = array(
    44224439            'data' => array(),
     
    44364453     * @param string $email_address   The email address associated with this personal data.
    44374454     * @param int    $page            The zero-based page for this response.
     4455     * @param int    $request_id      The privacy request post ID associated with this request.
     4456     * @param bool   $send_as_email   Whether the final results of the export should be emailed to the user.
    44384457     */
    4439     $response = apply_filters( 'wp_privacy_personal_data_export_page', $response, $exporter_index, $email_address, $page );
     4458    $response = apply_filters( 'wp_privacy_personal_data_export_page', $response, $exporter_index, $email_address, $page, $request_id, $send_as_email );
     4459
    44404460    if ( is_wp_error( $response ) ) {
    44414461        wp_send_json_error( $response );
     
    44634483    check_ajax_referer( 'wp-privacy-erase-personal-data-' . $request_id, 'security' );
    44644484
    4465     // Find the request CPT
     4485    // Get the request data.
    44664486    $request = wp_get_user_request_data( $request_id );
    44674487
Note: See TracChangeset for help on using the changeset viewer.