Make WordPress Core

Opened 4 years ago

Last modified 3 years ago

#49668 new defect (bug)

Multisite: export/erase requests initiated in a sub-site should check whether the user belongs to that sub-site

Reported by: pbiron's profile pbiron Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch
Focuses: multisite Cc:

Description

As of 5.4, when an export request is initiated from within a specific sub-site in a multisite, wp_user_personal_data_exporter() will export user data for a user even if that user is not registered on that sub-site.

wp_user_personal_data_exporter() should be modified to check that the user is registered on the sub-site where the request was initiated.

Note: wp_media_personal_data_exporter() and wp_comment_personal_data_exporter() do not need to be modified as the tables they query are specific to the sub-site, whereas the user table is global.

Related: #44176

Attachments (1)

49668.diff (953 bytes) - added by pbiron 4 years ago.

Download all attachments as: .zip

Change History (11)

@pbiron
4 years ago

#1 follow-up: @pbiron
4 years ago

  • Keywords has-patch added

49668.diff limits user privacy exports initiated from a multisite blog (including the main site) to users registered on that blog.

A few notes:

  1. the ! is_network_admin() check isn't needed as of right now, but I put it in there in anticipation of #43738, which is asking that export/erase requests be available at the network level
  2. we'll have to think about how to make it easy for custom exporters to also limit exports in a similar fashion (which might just have to be in documentation...haven't given it much thought yet)
  3. this is not yet ready to be committed, and should just be considered a POC at this point

This ticket was mentioned in Slack in #core-privacy by pbiron. View the logs.


4 years ago

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


4 years ago

This ticket was mentioned in Slack in #core by pbiron. View the logs.


4 years ago

This ticket was mentioned in Slack in #core-privacy by pbiron. View the logs.


4 years ago

#6 in reply to: ↑ 1 @pputzer
4 years ago

Replying to pbiron:

  1. we'll have to think about how to make it easy for custom exporters to also limit exports in a similar fashion (which might just have to be in documentation...haven't given it much thought yet)

So this should probably be a utility function so that custom exporters don't have to reimplement the logic. Alternatively, the check should be moved ”up a level" to wp_privacy_process_personal_data_export_page().

This ticket was mentioned in Slack in #core by david.baumwald. View the logs.


4 years ago

#8 @pbiron
4 years ago

  • Milestone changed from 5.5 to 5.6

moving to 5.6, as not quite ready and we're already in 5.5 beta 2.

#9 @garrett-eclipse
3 years ago

  • Milestone changed from 5.6 to Future Release

5.6 beta is coming up quickly, will revisit in a future release.

#10 @garrett-eclipse
3 years ago

  • Focuses privacy removed

Dropping privacy focus as it's already in the Privacy component.

Note: See TracTickets for help on using tickets.