Make WordPress Core

Changeset 48127


Ignore:
Timestamp:
06/22/2020 10:38:11 PM (4 years ago)
Author:
whyisjake
Message:

Privacy: Use relative paths for exported personal data.

Ensures back-compat while moving to paths off of the /exports directory.

Fixes: #44038.

Props: allendav, mrTall, desrosj, garrett-eclipse, cameronamcintyre, nmenescardi, xkon, whyisjake, davidbaumwald.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/privacy-tools.php

    r48100 r48127  
    469469     * via email.
    470470     */
    471     $error            = false;
     471    $error = false;
     472
     473    // This postmeta is used from version 5.4.
     474    $archive_filename = get_post_meta( $request_id, '_export_file_name', true );
     475
     476    // These are used for backwards compatibility.
    472477    $archive_url      = get_post_meta( $request_id, '_export_file_url', true );
    473478    $archive_pathname = get_post_meta( $request_id, '_export_file_path', true );
    474479
    475     if ( empty( $archive_pathname ) || empty( $archive_url ) ) {
    476         $archive_filename = $file_basename . '.zip';
     480    // If archive_filename exists, make sure to remove deprecated postmeta.
     481    if ( ! empty( $archive_filename ) ) {
    477482        $archive_pathname = $exports_dir . $archive_filename;
    478483        $archive_url      = $exports_url . $archive_filename;
    479484
    480         update_post_meta( $request_id, '_export_file_url', $archive_url );
    481         update_post_meta( $request_id, '_export_file_path', wp_normalize_path( $archive_pathname ) );
     485        // Remove the deprecated postmeta.
     486        delete_post_meta( $request_id, '_export_file_url' );
     487        delete_post_meta( $request_id, '_export_file_path' );
     488    } elseif ( ! empty( $archive_pathname ) ) {
     489        // Check if archive_pathname exists. If not, create the new postmeta and remove the deprecated.
     490        $archive_filename = basename( $archive_pathname );
     491        $archive_url      = $exports_url . $archive_filename;
     492
     493        // Add the new postmeta that is used since version 5.4.
     494        update_post_meta( $request_id, '_export_file_name', wp_normalize_path( $archive_filename ) );
     495
     496        // Remove the deprecated postmeta.
     497        delete_post_meta( $request_id, '_export_file_url' );
     498        delete_post_meta( $request_id, '_export_file_path' );
     499    } else {
     500        // If there's no archive_filename or archive_pathname create a new one.
     501        $archive_filename = $file_basename . '.zip';
     502        $archive_url      = $exports_url . $archive_filename;
     503        $archive_pathname = $exports_dir . $archive_filename;
     504
     505        // Add the new postmeta that is used since version 5.4.
     506        update_post_meta( $request_id, '_export_file_name', wp_normalize_path( $archive_filename ) );
     507
     508        // Remove the deprecated postmeta.
     509        delete_post_meta( $request_id, '_export_file_url' );
     510        delete_post_meta( $request_id, '_export_file_path' );
    482511    }
    483512
     
    540569    $request = wp_get_user_request( $request_id );
    541570
     571    // Get the export file URL.
     572    $exports_url      = wp_privacy_exports_url();
     573    $export_file_name = get_post_meta( $request_id, '_export_file_name', true );
     574
    542575    if ( ! $request || 'export_personal_data' !== $request->action_name ) {
    543576        return new WP_Error( 'invalid_request', __( 'Invalid request ID when sending personal data export email.' ) );
     
    557590    $expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration );
    558591
    559     $export_file_url = get_post_meta( $request_id, '_export_file_url', true );
     592    $export_file_url = $exports_url . $export_file_name;
    560593    $site_name       = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
    561594    $site_url        = home_url();
     
    821854    } else {
    822855        // Modify the response to include the URL of the export file so the browser can fetch it.
    823         $export_file_url = get_post_meta( $request_id, '_export_file_url', true );
     856        $exports_url      = wp_privacy_exports_url();
     857        $export_file_name = get_post_meta( $request_id, '_export_file_name', true );
     858        $export_file_url  = $exports_url . $export_file_name;
     859
    824860        if ( ! empty( $export_file_url ) ) {
    825861            $response['url'] = $export_file_url;
  • trunk/tests/phpunit/tests/privacy/wpPrivacyProcessPersonalDataExportPage.php

    r47144 r48127  
    4545
    4646    /**
    47      * Export File Url.
    48      *
    49      * @since 5.2.0
     47     * Export Url.
     48     *
     49     * @since 5.5.0
     50     *
     51     * @var string $export_url
     52     */
     53    protected static $export_url;
     54
     55    /**
     56     * Export File Name.
     57     *
     58     * @since 5.5.0
     59     *
     60     * @var string $export_file_name
     61     */
     62    protected static $export_file_name;
     63
     64    /**
     65     * Export File URL.
     66     *
     67     * @since 5.5.0
    5068     *
    5169     * @var string $export_file_url
     
    132150    public static function wpSetUpBeforeClass( $factory ) {
    133151        self::$requester_email      = 'requester@example.com';
    134         self::$export_file_url      = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
     152        self::$export_url           = wp_privacy_exports_url();
     153        self::$export_file_name     = 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
     154        self::$export_file_url      = self::$export_url . self::$export_file_name;
    135155        self::$request_id           = wp_create_user_request( self::$requester_email, 'export_personal_data' );
    136156        self::$page_index_first     = 1;
     
    503523     */
    504524    public function test_return_response_with_export_file_url_when_not_sent_as_email_for_last_exporter_on_last_page() {
    505         update_post_meta( self::$request_id, '_export_file_url', self::$export_file_url );
     525        update_post_meta( self::$request_id, '_export_file_name', self::$export_file_name );
    506526
    507527        // Process data, given the last exporter, on the last page and not send as email.
     
    529549     */
    530550    public function test_return_response_without_export_file_url_when_sent_as_email_for_last_exporter_on_last_page() {
    531         update_post_meta( self::$request_id, '_export_file_url', self::$export_file_url );
     551        update_post_meta( self::$request_id, '_export_file_name', self::$export_file_name );
    532552
    533553        // Process data, given the last exporter, on the last page and send as email.
  • trunk/tests/phpunit/tests/privacy/wpPrivacySendPersonalDataExportEmail.php

    r48100 r48127  
    105105     */
    106106    public function test_function_should_send_export_link_to_requester() {
    107         $archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
    108         update_post_meta( self::$request_id, '_export_file_url', $archive_url );
     107        $archive_url       = wp_privacy_exports_url();
     108        $archive_file_name = 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
     109        $archive_file_url  = $archive_url . $archive_file_name;
     110        update_post_meta( self::$request_id, '_export_file_name', $archive_file_name );
    109111
    110112        $email_sent = wp_privacy_send_personal_data_export_email( self::$request_id );
     
    114116        $this->assertSame( self::$requester_email, $mailer->get_recipient( 'to' )->address );
    115117        $this->assertContains( 'Personal Data Export', $mailer->get_sent()->subject );
    116         $this->assertContains( $archive_url, $mailer->get_sent()->body );
     118        $this->assertContains( $archive_file_url, $mailer->get_sent()->body );
    117119        $this->assertContains( 'please download it', $mailer->get_sent()->body );
    118120        $this->assertTrue( $email_sent );
Note: See TracChangeset for help on using the changeset viewer.