Changeset 47144

Timestamp:

01/31/2020 12:56:29 AM (3 years ago)

Author:

SergeyBiryukov

Message:

Privacy: Remove user's email address from personal data export filename.

Use wp_unique_filename() to avoid potential collisions instead.

Props xkon, garrett-eclipse, donmhico, Ov3rfly, Clorith, allendav.
Fixes #44197.

Location:

trunk

Files:

• src/wp-admin/includes/privacy-tools.php (modified) (1 diff)
• tests/phpunit/tests/privacy/wpPrivacyDeleteOldExportFiles.php (modified) (1 diff)
• tests/phpunit/tests/privacy/wpPrivacyProcessPersonalDataExportPage.php (modified) (1 diff)
• tests/phpunit/tests/privacy/wpPrivacySendPersonalDataExportEmail.php (modified) (1 diff)

trunk/src/wp-admin/includes/privacy-tools.php

@@ -321 +321 @@
     }
 
-    $stripped_email       = str_replace( '@', '-at-', $email_address );
-    $stripped_email       = sanitize_title( $stripped_email ); // Slugify the email address.
     $obscura              = wp_generate_password( 32, false, false );
-    $file_basename        = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
-    $html_report_filename = $file_basename . '.html';
+    $file_basename        = 'wp-personal-data-file-' . $obscura;
+    $html_report_filename = wp_unique_filename( $exports_dir, $file_basename . '.html' );
     $html_report_pathname = wp_normalize_path( $exports_dir . $html_report_filename );
     $file                 = fopen( $html_report_pathname, 'w' );

trunk/tests/phpunit/tests/privacy/wpPrivacyDeleteOldExportFiles.php

@@ -57 +57 @@
 
         self::$index_path          = $exports_dir . 'index.html';
-        self::$expired_export_file = $exports_dir . 'wp-personal-data-file-user-at-example-com-0123456789abcdef.zip';
-        self::$active_export_file  = $exports_dir . 'wp-personal-data-file-user-at-example-com-fedcba9876543210.zip';
+        self::$expired_export_file = $exports_dir . 'wp-personal-data-file-0123456789abcdef.zip';
+        self::$active_export_file  = $exports_dir . 'wp-personal-data-file-fedcba9876543210.zip';
     }
 

trunk/tests/phpunit/tests/privacy/wpPrivacyProcessPersonalDataExportPage.php

@@ -132 +132 @@
     public static function wpSetUpBeforeClass( $factory ) {
         self::$requester_email      = 'requester@example.com';
-        self::$export_file_url      = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
+        self::$export_file_url      = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
         self::$request_id           = wp_create_user_request( self::$requester_email, 'export_personal_data' );
         self::$page_index_first     = 1;

trunk/tests/phpunit/tests/privacy/wpPrivacySendPersonalDataExportEmail.php

@@ -105 +105 @@
      */
     public function test_function_should_send_export_link_to_requester() {
-        $archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
+        $archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
         update_post_meta( self::$request_id, '_export_file_url', $archive_url );