sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Privacy: Include session tokens in Personal Data Export. 

Session tokens contain an IP address and user agent.

Props garrett-eclipse, nickylimjj, lakenh, xkon, rconde.
Fixes #45889.

git-svn-id: https://develop.svn.wordpress.org/trunk@47237 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2020-02-10 05:42:52 +00:00
parent 8fef1b28a9
commit 5b0be97e7c
2 changed files with 81 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/wp-includes/user.php
View File

@ -2939,6 +2939,8 @@ function wp_register_user_personal_data_exporter( $exporters ) {
* Finds and exports personal data associated with an email address from the user and user_meta table. * Finds and exports personal data associated with an email address from the user and user_meta table.
* *
* @since 4.9.6 * @since 4.9.6
* @since 5.4.0 Added 'Community Events Location' group to the export data.
* @since 5.4.0 Added 'Session Tokens' group to the export data.
* *
* @param string $email_address The users email address. * @param string $email_address The users email address.
* @return array An array of personal data. * @return array An array of personal data.
@ -3012,11 +3014,6 @@ function wp_user_personal_data_exporter( $email_address ) {
'data' => $user_data_to_export, 'data' => $user_data_to_export,
); );
/**
* Introduce any Community Events Location data that is available.
*
* @since 5.4.0
*/
if ( isset( $user_meta['community-events-location'] ) ) { if ( isset( $user_meta['community-events-location'] ) ) {
$location = maybe_unserialize( $user_meta['community-events-location'][0] ); $location = maybe_unserialize( $user_meta['community-events-location'][0] );
@ -3048,6 +3045,42 @@ function wp_user_personal_data_exporter( $email_address ) {
); );
} }
if ( isset( $user_meta['session_tokens'] ) ) {
$session_tokens = maybe_unserialize( $user_meta['session_tokens'][0] );
$session_tokens_props_to_export = array(
'expiration' => __( 'Expiration' ),
'ip' => __( 'IP' ),
'ua' => __( 'User Agent' ),
'login' => __( 'Last Login' ),
);
foreach ( $session_tokens as $token_key => $session_token ) {
$session_tokens_data_to_export = array();
foreach ( $session_tokens_props_to_export as $key => $name ) {
if ( ! empty( $session_token[ $key ] ) ) {
$value = $session_token[ $key ];
if ( in_array( $key, array( 'expiration', 'login' ) ) ) {
$value = date_i18n( 'F d, Y H:i A', $value );
}
$session_tokens_data_to_export[] = array(
'name' => $name,
'value' => $value,
);
}
}
$data_to_export[] = array(
'group_id' => 'session-tokens',
'group_label' => __( 'Session Tokens' ),
'group_description' => __( 'User’s Session Tokens data.' ),
'item_id' => "session-tokens-{$user->ID}-{$token_key}",
'data' => $session_tokens_data_to_export,
);
}
}
return array( return array(
'data' => $data_to_export, 'data' => $data_to_export,
'done' => true, 'done' => true,

43
tests/phpunit/tests/user.php
View File

@ -1751,4 +1751,47 @@ class Tests_User extends WP_UnitTestCase {
$this->assertEquals( '-84.5143900', $actual['data'][1]['data'][3]['value'] ); $this->assertEquals( '-84.5143900', $actual['data'][1]['data'][3]['value'] );
} }
/**
* Testing the `wp_user_personal_data_exporter()` function
* with Session Tokens data.
*
* @ticket 45889
*/
function test_wp_session_tokens_personal_data_exporter() {
$test_user = new WP_User( self::$contrib_id );
$session_tokens_data = array(
'yft87y56457687sfd897867545fg76ds78iyuhgjyui7865' => array(
'expiration' => 1580461981,
'ip' => '0.0.0.0',
'ua' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36',
'login' => 1580289181,
),
);
update_user_option( $test_user->ID, 'session_tokens', $session_tokens_data, true );
$actual = wp_user_personal_data_exporter( $test_user->user_email );
$this->assertTrue( $actual['done'] );
// Contains Session Tokens.
$this->assertEquals( 'Session Tokens', $actual['data'][1]['group_label'] );
// Contains Expiration.
$this->assertEquals( 'Expiration', $actual['data'][1]['data'][0]['name'] );
$this->assertEquals( 'January 31, 2020 09:13 AM', $actual['data'][1]['data'][0]['value'] );
// Contains IP.
$this->assertEquals( 'IP', $actual['data'][1]['data'][1]['name'] );
$this->assertEquals( '0.0.0.0', $actual['data'][1]['data'][1]['value'] );
// Contains IP.
$this->assertEquals( 'User Agent', $actual['data'][1]['data'][2]['name'] );
$this->assertEquals( 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36', $actual['data'][1]['data'][2]['value'] );
// Contains IP.
$this->assertEquals( 'Last Login', $actual['data'][1]['data'][3]['name'] );
$this->assertEquals( 'January 29, 2020 09:13 AM', $actual['data'][1]['data'][3]['value'] );
}
} }