Privacy: Remove user's email address from personal data export filename.
Use `wp_unique_filename()` to avoid potential collisions instead. Props xkon, garrett-eclipse, donmhico, Ov3rfly, Clorith, allendav. Fixes #44197. git-svn-id: https://develop.svn.wordpress.org/trunk@47144 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
8b5b3bb38c
commit
7192a8f562
@ -320,11 +320,9 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
|
||||
fclose( $file );
|
||||
}
|
||||
|
||||
$stripped_email = str_replace( '@', '-at-', $email_address );
|
||||
$stripped_email = sanitize_title( $stripped_email ); // Slugify the email address.
|
||||
$obscura = wp_generate_password( 32, false, false );
|
||||
$file_basename = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
|
||||
$html_report_filename = $file_basename . '.html';
|
||||
$file_basename = 'wp-personal-data-file-' . $obscura;
|
||||
$html_report_filename = wp_unique_filename( $exports_dir, $file_basename . '.html' );
|
||||
$html_report_pathname = wp_normalize_path( $exports_dir . $html_report_filename );
|
||||
$file = fopen( $html_report_pathname, 'w' );
|
||||
if ( false === $file ) {
|
||||
|
@ -56,8 +56,8 @@ class Tests_Privacy_WpPrivacyDeleteOldExportFiles extends WP_UnitTestCase {
|
||||
}
|
||||
|
||||
self::$index_path = $exports_dir . 'index.html';
|
||||
self::$expired_export_file = $exports_dir . 'wp-personal-data-file-user-at-example-com-0123456789abcdef.zip';
|
||||
self::$active_export_file = $exports_dir . 'wp-personal-data-file-user-at-example-com-fedcba9876543210.zip';
|
||||
self::$expired_export_file = $exports_dir . 'wp-personal-data-file-0123456789abcdef.zip';
|
||||
self::$active_export_file = $exports_dir . 'wp-personal-data-file-fedcba9876543210.zip';
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -131,7 +131,7 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
|
||||
*/
|
||||
public static function wpSetUpBeforeClass( $factory ) {
|
||||
self::$requester_email = 'requester@example.com';
|
||||
self::$export_file_url = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
self::$export_file_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
self::$request_id = wp_create_user_request( self::$requester_email, 'export_personal_data' );
|
||||
self::$page_index_first = 1;
|
||||
self::$page_index_last = 2;
|
||||
|
@ -104,7 +104,7 @@ class Tests_Privacy_WpPrivacySendPersonalDataExportEmail extends WP_UnitTestCase
|
||||
* The function should send an export link to the requester when the user request is confirmed.
|
||||
*/
|
||||
public function test_function_should_send_export_link_to_requester() {
|
||||
$archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-requester-at-example-com-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
$archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
update_post_meta( self::$request_id, '_export_file_url', $archive_url );
|
||||
|
||||
$email_sent = wp_privacy_send_personal_data_export_email( self::$request_id );
|
||||
|
Loading…
Reference in New Issue
Block a user