Opened 5 years ago
Last modified 4 years ago
#49668 new defect (bug)
Multisite: export/erase requests initiated in a sub-site should check whether the user belongs to that sub-site
Reported by: | pbiron | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Privacy | Keywords: | has-patch |
Focuses: | multisite | Cc: |
Description
As of 5.4, when an export request is initiated from within a specific sub-site in a multisite, wp_user_personal_data_exporter()
will export user data for a user even if that user is not registered on that sub-site.
wp_user_personal_data_exporter()
should be modified to check that the user is registered on the sub-site where the request was initiated.
Note: wp_media_personal_data_exporter()
and wp_comment_personal_data_exporter()
do not need to be modified as the tables they query are specific to the sub-site, whereas the user table is global.
Related: #44176
Attachments (1)
Change History (11)
This ticket was mentioned in Slack in #core-privacy by pbiron. View the logs.
4 years ago
This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.
4 years ago
This ticket was mentioned in Slack in #core by pbiron. View the logs.
4 years ago
This ticket was mentioned in Slack in #core-privacy by pbiron. View the logs.
4 years ago
#6
in reply to:
↑ 1
@
4 years ago
Replying to pbiron:
- we'll have to think about how to make it easy for custom exporters to also limit exports in a similar fashion (which might just have to be in documentation...haven't given it much thought yet)
So this should probably be a utility function so that custom exporters don't have to reimplement the logic. Alternatively, the check should be moved ”up a level" to wp_privacy_process_personal_data_export_page()
.
This ticket was mentioned in Slack in #core by david.baumwald. View the logs.
4 years ago
#8
@
4 years ago
- Milestone changed from 5.5 to 5.6
moving to 5.6, as not quite ready and we're already in 5.5 beta 2.
49668.diff limits user privacy exports initiated from a multisite blog (including the main site) to users registered on that blog.
A few notes:
! is_network_admin()
check isn't needed as of right now, but I put it in there in anticipation of #43738, which is asking that export/erase requests be available at the network level