WordPress.org

Make WordPress Core

Opened 4 months ago

Last modified 2 weeks ago

#49668 new defect (bug)

Multisite: export/erase requests initiated in a sub-site should check whether the user belongs to that sub-site

Reported by: pbiron Owned by:
Milestone: 5.5 Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch
Focuses: multisite, privacy Cc:

Description

As of 5.4, when an export request is initiated from within a specific sub-site in a multisite, wp_user_personal_data_exporter() will export user data for a user even if that user is not registered on that sub-site.

wp_user_personal_data_exporter() should be modified to check that the user is registered on the sub-site where the request was initiated.

Note: wp_media_personal_data_exporter() and wp_comment_personal_data_exporter() do not need to be modified as the tables they query are specific to the sub-site, whereas the user table is global.

Related: #44176

Attachments (1)

49668.diff (953 bytes) - added by pbiron 4 months ago.

Download all attachments as: .zip

Change History (7)

@pbiron
4 months ago

#1 follow-up: @pbiron
4 months ago

  • Keywords has-patch added

49668.diff limits user privacy exports initiated from a multisite blog (including the main site) to users registered on that blog.

A few notes:

  1. the ! is_network_admin() check isn't needed as of right now, but I put it in there in anticipation of #43738, which is asking that export/erase requests be available at the network level
  2. we'll have to think about how to make it easy for custom exporters to also limit exports in a similar fashion (which might just have to be in documentation...haven't given it much thought yet)
  3. this is not yet ready to be committed, and should just be considered a POC at this point

This ticket was mentioned in Slack in #core-privacy by pbiron. View the logs.


3 months ago

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


3 months ago

This ticket was mentioned in Slack in #core by pbiron. View the logs.


2 weeks ago

This ticket was mentioned in Slack in #core-privacy by pbiron. View the logs.


2 weeks ago

#6 in reply to: ↑ 1 @pputzer
2 weeks ago

Replying to pbiron:

  1. we'll have to think about how to make it easy for custom exporters to also limit exports in a similar fashion (which might just have to be in documentation...haven't given it much thought yet)

So this should probably be a utility function so that custom exporters don't have to reimplement the logic. Alternatively, the check should be moved ”up a level" to wp_privacy_process_personal_data_export_page().

Note: See TracTickets for help on using tickets.