Privacy: Use relative paths for exported personal data.
Ensures back-compat while moving to paths off of the /exports directory. Fixes: #44038. Props: allendav, mrTall, desrosj, garrett-eclipse, cameronamcintyre, nmenescardi, xkon, whyisjake, davidbaumwald. git-svn-id: https://develop.svn.wordpress.org/trunk@48127 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock
parent
8216e5019a
commit
800cfa8a82
@ -468,17 +468,46 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
|
||||
* filename, to avoid breaking any URLs that may have been previously sent
|
||||
* via email.
|
||||
*/
|
||||
$error = false;
|
||||
$error = false;
|
||||
|
||||
// This postmeta is used from version 5.4.
|
||||
$archive_filename = get_post_meta( $request_id, '_export_file_name', true );
|
||||
|
||||
// These are used for backwards compatibility.
|
||||
$archive_url = get_post_meta( $request_id, '_export_file_url', true );
|
||||
$archive_pathname = get_post_meta( $request_id, '_export_file_path', true );
|
||||
|
||||
if ( empty( $archive_pathname ) || empty( $archive_url ) ) {
|
||||
$archive_filename = $file_basename . '.zip';
|
||||
// If archive_filename exists, make sure to remove deprecated postmeta.
|
||||
if ( ! empty( $archive_filename ) ) {
|
||||
$archive_pathname = $exports_dir . $archive_filename;
|
||||
$archive_url = $exports_url . $archive_filename;
|
||||
|
||||
update_post_meta( $request_id, '_export_file_url', $archive_url );
|
||||
update_post_meta( $request_id, '_export_file_path', wp_normalize_path( $archive_pathname ) );
|
||||
// Remove the deprecated postmeta.
|
||||
delete_post_meta( $request_id, '_export_file_url' );
|
||||
delete_post_meta( $request_id, '_export_file_path' );
|
||||
} elseif ( ! empty( $archive_pathname ) ) {
|
||||
// Check if archive_pathname exists. If not, create the new postmeta and remove the deprecated.
|
||||
$archive_filename = basename( $archive_pathname );
|
||||
$archive_url = $exports_url . $archive_filename;
|
||||
|
||||
// Add the new postmeta that is used since version 5.4.
|
||||
update_post_meta( $request_id, '_export_file_name', wp_normalize_path( $archive_filename ) );
|
||||
|
||||
// Remove the deprecated postmeta.
|
||||
delete_post_meta( $request_id, '_export_file_url' );
|
||||
delete_post_meta( $request_id, '_export_file_path' );
|
||||
} else {
|
||||
// If there's no archive_filename or archive_pathname create a new one.
|
||||
$archive_filename = $file_basename . '.zip';
|
||||
$archive_url = $exports_url . $archive_filename;
|
||||
$archive_pathname = $exports_dir . $archive_filename;
|
||||
|
||||
// Add the new postmeta that is used since version 5.4.
|
||||
update_post_meta( $request_id, '_export_file_name', wp_normalize_path( $archive_filename ) );
|
||||
|
||||
// Remove the deprecated postmeta.
|
||||
delete_post_meta( $request_id, '_export_file_url' );
|
||||
delete_post_meta( $request_id, '_export_file_path' );
|
||||
}
|
||||
|
||||
if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) {
|
||||
@ -539,6 +568,10 @@ function wp_privacy_send_personal_data_export_email( $request_id ) {
|
||||
// Get the request.
|
||||
$request = wp_get_user_request( $request_id );
|
||||
|
||||
// Get the export file URL.
|
||||
$exports_url = wp_privacy_exports_url();
|
||||
$export_file_name = get_post_meta( $request_id, '_export_file_name', true );
|
||||
|
||||
if ( ! $request || 'export_personal_data' !== $request->action_name ) {
|
||||
return new WP_Error( 'invalid_request', __( 'Invalid request ID when sending personal data export email.' ) );
|
||||
}
|
||||
@ -556,7 +589,7 @@ function wp_privacy_send_personal_data_export_email( $request_id ) {
|
||||
$expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS );
|
||||
$expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration );
|
||||
|
||||
$export_file_url = get_post_meta( $request_id, '_export_file_url', true );
|
||||
$export_file_url = $exports_url . $export_file_name;
|
||||
$site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
||||
$site_url = home_url();
|
||||
|
||||
@ -820,7 +853,10 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
|
||||
_wp_privacy_completed_request( $request_id );
|
||||
} else {
|
||||
// Modify the response to include the URL of the export file so the browser can fetch it.
|
||||
$export_file_url = get_post_meta( $request_id, '_export_file_url', true );
|
||||
$exports_url = wp_privacy_exports_url();
|
||||
$export_file_name = get_post_meta( $request_id, '_export_file_name', true );
|
||||
$export_file_url = $exports_url . $export_file_name;
|
||||
|
||||
if ( ! empty( $export_file_url ) ) {
|
||||
$response['url'] = $export_file_url;
|
||||
}
|
||||
|
||||
@ -44,9 +44,27 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
|
||||
protected static $response_last_page;
|
||||
|
||||
/**
|
||||
* Export File Url.
|
||||
* Export Url.
|
||||
*
|
||||
* @since 5.2.0
|
||||
* @since 5.5.0
|
||||
*
|
||||
* @var string $export_url
|
||||
*/
|
||||
protected static $export_url;
|
||||
|
||||
/**
|
||||
* Export File Name.
|
||||
*
|
||||
* @since 5.5.0
|
||||
*
|
||||
* @var string $export_file_name
|
||||
*/
|
||||
protected static $export_file_name;
|
||||
|
||||
/**
|
||||
* Export File URL.
|
||||
*
|
||||
* @since 5.5.0
|
||||
*
|
||||
* @var string $export_file_url
|
||||
*/
|
||||
@ -131,7 +149,9 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
|
||||
*/
|
||||
public static function wpSetUpBeforeClass( $factory ) {
|
||||
self::$requester_email = 'requester@example.com';
|
||||
self::$export_file_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
self::$export_url = wp_privacy_exports_url();
|
||||
self::$export_file_name = 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
self::$export_file_url = self::$export_url . self::$export_file_name;
|
||||
self::$request_id = wp_create_user_request( self::$requester_email, 'export_personal_data' );
|
||||
self::$page_index_first = 1;
|
||||
self::$page_index_last = 2;
|
||||
@ -502,7 +522,7 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
|
||||
* @ticket 44233
|
||||
*/
|
||||
public function test_return_response_with_export_file_url_when_not_sent_as_email_for_last_exporter_on_last_page() {
|
||||
update_post_meta( self::$request_id, '_export_file_url', self::$export_file_url );
|
||||
update_post_meta( self::$request_id, '_export_file_name', self::$export_file_name );
|
||||
|
||||
// Process data, given the last exporter, on the last page and not send as email.
|
||||
$actual_response = wp_privacy_process_personal_data_export_page(
|
||||
@ -528,7 +548,7 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
|
||||
* @ticket 44233
|
||||
*/
|
||||
public function test_return_response_without_export_file_url_when_sent_as_email_for_last_exporter_on_last_page() {
|
||||
update_post_meta( self::$request_id, '_export_file_url', self::$export_file_url );
|
||||
update_post_meta( self::$request_id, '_export_file_name', self::$export_file_name );
|
||||
|
||||
// Process data, given the last exporter, on the last page and send as email.
|
||||
$actual_response = wp_privacy_process_personal_data_export_page(
|
||||
|
||||
@ -104,8 +104,10 @@ class Tests_Privacy_WpPrivacySendPersonalDataExportEmail extends WP_UnitTestCase
|
||||
* The function should send an export link to the requester when the user request is confirmed.
|
||||
*/
|
||||
public function test_function_should_send_export_link_to_requester() {
|
||||
$archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
update_post_meta( self::$request_id, '_export_file_url', $archive_url );
|
||||
$archive_url = wp_privacy_exports_url();
|
||||
$archive_file_name = 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
|
||||
$archive_file_url = $archive_url . $archive_file_name;
|
||||
update_post_meta( self::$request_id, '_export_file_name', $archive_file_name );
|
||||
|
||||
$email_sent = wp_privacy_send_personal_data_export_email( self::$request_id );
|
||||
$mailer = tests_retrieve_phpmailer_instance();
|
||||
@ -113,7 +115,7 @@ class Tests_Privacy_WpPrivacySendPersonalDataExportEmail extends WP_UnitTestCase
|
||||
$this->assertSame( 'request-confirmed', get_post_status( self::$request_id ) );
|
||||
$this->assertSame( self::$requester_email, $mailer->get_recipient( 'to' )->address );
|
||||
$this->assertContains( 'Personal Data Export', $mailer->get_sent()->subject );
|
||||
$this->assertContains( $archive_url, $mailer->get_sent()->body );
|
||||
$this->assertContains( $archive_file_url, $mailer->get_sent()->body );
|
||||
$this->assertContains( 'please download it', $mailer->get_sent()->body );
|
||||
$this->assertTrue( $email_sent );
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user