Context Navigation

privacy-tools.php

Timestamp:

01/31/2020 12:56:29 AM (4 years ago)

Author:

SergeyBiryukov

Message:

Privacy: Remove user's email address from personal data export filename.

Use wp_unique_filename() to avoid potential collisions instead.

Props xkon, garrett-eclipse, donmhico, Ov3rfly, Clorith, allendav.
Fixes #44197.

File:

-                      r47122
+                      r47144
+    }
-    $stripped_email       = str_replace( '@', '-at-', $email_address );
-    $stripped_email       = sanitize_title( $stripped_email ); // Slugify the email address.
     $obscura              = wp_generate_password( 32, false, false );
     $file_basename        = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
     $html_report_filename = $file_basename . '.html';
+    $file_basename        = 'wp-personal-data-file-' . $obscura;
+    $html_report_filename = wp_unique_filename( $exports_dir, $file_basename . '.html' );
     $html_report_pathname = wp_normalize_path( $exports_dir . $html_report_filename );
     $file                 = fopen( $html_report_pathname, 'w' );

Note: See TracChangeset for help on using the changeset viewer.