Privacy: Remove user's email address from personal data export filename.

Use `wp_unique_filename()` to avoid potential collisions instead.

Props xkon, garrett-eclipse, donmhico, Ov3rfly, Clorith, allendav.
Fixes #44197.

git-svn-id: https://develop.svn.wordpress.org/trunk@47144 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2020-01-31 00:56:29 +00:00
parent 8b5b3bb38c
commit 7192a8f562
4 changed files with 6 additions and 8 deletions

View File

@ -320,11 +320,9 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
fclose( $file );
}
$stripped_email = str_replace( '@', '-at-', $email_address );
$stripped_email = sanitize_title( $stripped_email ); // Slugify the email address.
$obscura = wp_generate_password( 32, false, false );
$file_basename = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
$html_report_filename = $file_basename . '.html';
$file_basename = 'wp-personal-data-file-' . $obscura;
$html_report_filename = wp_unique_filename( $exports_dir, $file_basename . '.html' );
$html_report_pathname = wp_normalize_path( $exports_dir . $html_report_filename );
$file = fopen( $html_report_pathname, 'w' );
if ( false === $file ) {

View File

@ -56,8 +56,8 @@ class Tests_Privacy_WpPrivacyDeleteOldExportFiles extends WP_UnitTestCase {
}
self::$index_path = $exports_dir . 'index.html';
self::$expired_export_file = $exports_dir . 'wp-personal-data-file-user-at-example-com-0123456789abcdef.zip';
self::$active_export_file = $exports_dir . 'wp-personal-data-file-user-at-example-com-fedcba9876543210.zip';
self::$expired_export_file = $exports_dir . 'wp-personal-data-file-0123456789abcdef.zip';
self::$active_export_file = $exports_dir . 'wp-personal-data-file-fedcba9876543210.zip';
}
/**

View File

@ -131,7 +131,7 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
*/
public static function wpSetUpBeforeClass( $factory ) {
self::$requester_email = 'requester@example.com';
self::$export_file_url = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
self::$export_file_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
self::$request_id = wp_create_user_request( self::$requester_email, 'export_personal_data' );
self::$page_index_first = 1;
self::$page_index_last = 2;

View File

@ -104,7 +104,7 @@ class Tests_Privacy_WpPrivacySendPersonalDataExportEmail extends WP_UnitTestCase
* The function should send an export link to the requester when the user request is confirmed.
*/
public function test_function_should_send_export_link_to_requester() {
$archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
$archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
update_post_meta( self::$request_id, '_export_file_url', $archive_url );
$email_sent = wp_privacy_send_personal_data_export_email( self::$request_id );