Make WordPress Core

Opened 21 months ago

Last modified 20 months ago

#56542 new enhancement

Should not allow to unregistered user be able to make a "Export Personal Data" Request

Reported by: hiren1094's profile hiren1094 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: has-patch needs-privacy-review
Focuses: administration, privacy Cc:

Description

Hello,

We should fix the condition of unregistered users allowed to "Export Personal Data" request when try with an email address

Attachments (2)

56542.patch (1.3 KB) - added by hiren1094 21 months ago.
Patch added
56542.2.patch (1.3 KB) - added by hiren1094 21 months ago.
Patch Updated

Download all attachments as: .zip

Change History (8)

#1 @tobifjellner
21 months ago

  • Component changed from Export to Privacy

@hiren1094
21 months ago

Patch added

#2 @hiren1094
21 months ago

  • Keywords has-patch added; needs-patch removed

@hiren1094
21 months ago

Patch Updated

#3 @costdev
21 months ago

  • Version changed from 6.0.2 to 4.9.6

I believe this has been the case since the feature was introduced in WordPress 4.9.6 (#43546).

Updating the Version property of the ticket.

#4 @joedolson
21 months ago

Privacy is about removing a person's data; no part of that necessitates that the person has a login or user account. While this issue might need some work, ensuring there's a user for a given username or email is not the solution; we need to be able to export and remove all data relevant to any identity, whether they're a user in the site or not. Plugins could save user data in independent contexts, and those need to be considered.

#5 @hiren1094
21 months ago

@joedolson

Thank you for more clarification.

I totally agree to we need to be able to export and remove all data relevant to any identity, whether they're a user in the site or not.

But we need to find out how many plugins/functionality save user details and those functionality & plugins we need to link with "Export/Remove Personal Data".

Meanwhile, I will recommend we need to put a document link in the screen so admin/user can easily read in a document right now which user data we export and which one we erase.

#6 @paapst
20 months ago

  • Focuses privacy added
  • Keywords needs-privacy-review added
Note: See TracTickets for help on using tickets.