Opened 6 years ago
Last modified 4 years ago
#44204 new defect (bug)
Privacy export codebase in 4.9.6 doesn't use WP Filesystem API
Reported by: | diablodale | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.9.6 |
Component: | Privacy | Keywords: | needs-patch |
Focuses: | administration | Cc: |
Description
The codebase added in WP 4.9.6 for privacy was written with low-level file APIs like fopen(), file_exists(), fwrite(), etc. rather than the WP Filesystem API. Quick to see in wp_privacy_generate_personal_data_export_file(). This restricts core parts of the privacy management functionality to only operate on hosts with direct access to the local filesystem.
It is recommended to instead use the WP Filesystem API so that more secure hosts are supported and a broader set of filesystems can be used, e.g. SSH, FTPext, FTPsocket, etc. https://codex.wordpress.org/Filesystem_API
Change History (4)
Note: See
TracTickets for help on using
tickets.
Welcome to WordPress Trac @diablodale
This crossed my mind when looking at ways to unit test the
wp_privacy_generate_personal_data_export_file()
function. I haven't looked into the internals of WP Filesystem API, but I suspect it could make the testing easier. It seems e.g. Drupal is using vfsStream to mock the file system, but the requirements are PHP 5.3.I think this is a restriction for plugins that write the upload folder, but not for core in general, but it seems like a good suggestion here.