WordPress.org

Make WordPress Core

Changeset 47144


Ignore:
Timestamp:
01/31/2020 12:56:29 AM (6 months ago)
Author:
SergeyBiryukov
Message:

Privacy: Remove user's email address from personal data export filename.

Use wp_unique_filename() to avoid potential collisions instead.

Props xkon, garrett-eclipse, donmhico, Ov3rfly, Clorith, allendav.
Fixes #44197.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/privacy-tools.php

    r47122 r47144  
    321321    }
    322322
    323     $stripped_email       = str_replace( '@', '-at-', $email_address );
    324     $stripped_email       = sanitize_title( $stripped_email ); // Slugify the email address.
    325323    $obscura              = wp_generate_password( 32, false, false );
    326     $file_basename        = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
    327     $html_report_filename = $file_basename . '.html';
     324    $file_basename        = 'wp-personal-data-file-' . $obscura;
     325    $html_report_filename = wp_unique_filename( $exports_dir, $file_basename . '.html' );
    328326    $html_report_pathname = wp_normalize_path( $exports_dir . $html_report_filename );
    329327    $file                 = fopen( $html_report_pathname, 'w' );
  • trunk/tests/phpunit/tests/privacy/wpPrivacyDeleteOldExportFiles.php

    r46586 r47144  
    5757
    5858        self::$index_path          = $exports_dir . 'index.html';
    59         self::$expired_export_file = $exports_dir . 'wp-personal-data-file-user-at-example-com-0123456789abcdef.zip';
    60         self::$active_export_file  = $exports_dir . 'wp-personal-data-file-user-at-example-com-fedcba9876543210.zip';
     59        self::$expired_export_file = $exports_dir . 'wp-personal-data-file-0123456789abcdef.zip';
     60        self::$active_export_file  = $exports_dir . 'wp-personal-data-file-fedcba9876543210.zip';
    6161    }
    6262
  • trunk/tests/phpunit/tests/privacy/wpPrivacyProcessPersonalDataExportPage.php

    r46644 r47144  
    132132    public static function wpSetUpBeforeClass( $factory ) {
    133133        self::$requester_email      = 'requester@example.com';
    134         self::$export_file_url      = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
     134        self::$export_file_url      = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
    135135        self::$request_id           = wp_create_user_request( self::$requester_email, 'export_personal_data' );
    136136        self::$page_index_first     = 1;
  • trunk/tests/phpunit/tests/privacy/wpPrivacySendPersonalDataExportEmail.php

    r46586 r47144  
    105105     */
    106106    public function test_function_should_send_export_link_to_requester() {
    107         $archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
     107        $archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
    108108        update_post_meta( self::$request_id, '_export_file_url', $archive_url );
    109109
Note: See TracChangeset for help on using the changeset viewer.