Privacy: Use relative paths for exported personal data.

Ensures back-compat while moving to paths off of the /exports directory.

Fixes: #44038.

Props: allendav, mrTall, desrosj, garrett-eclipse, cameronamcintyre, nmenescardi, xkon, whyisjake, davidbaumwald.


git-svn-id: https://develop.svn.wordpress.org/trunk@48127 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock 2020-06-22 22:38:11 +00:00
parent 8216e5019a
commit 800cfa8a82
3 changed files with 73 additions and 15 deletions

View File

@ -468,17 +468,46 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
* filename, to avoid breaking any URLs that may have been previously sent * filename, to avoid breaking any URLs that may have been previously sent
* via email. * via email.
*/ */
$error = false; $error = false;
// This postmeta is used from version 5.4.
$archive_filename = get_post_meta( $request_id, '_export_file_name', true );
// These are used for backwards compatibility.
$archive_url = get_post_meta( $request_id, '_export_file_url', true ); $archive_url = get_post_meta( $request_id, '_export_file_url', true );
$archive_pathname = get_post_meta( $request_id, '_export_file_path', true ); $archive_pathname = get_post_meta( $request_id, '_export_file_path', true );
if ( empty( $archive_pathname ) || empty( $archive_url ) ) { // If archive_filename exists, make sure to remove deprecated postmeta.
$archive_filename = $file_basename . '.zip'; if ( ! empty( $archive_filename ) ) {
$archive_pathname = $exports_dir . $archive_filename; $archive_pathname = $exports_dir . $archive_filename;
$archive_url = $exports_url . $archive_filename; $archive_url = $exports_url . $archive_filename;
update_post_meta( $request_id, '_export_file_url', $archive_url ); // Remove the deprecated postmeta.
update_post_meta( $request_id, '_export_file_path', wp_normalize_path( $archive_pathname ) ); delete_post_meta( $request_id, '_export_file_url' );
delete_post_meta( $request_id, '_export_file_path' );
} elseif ( ! empty( $archive_pathname ) ) {
// Check if archive_pathname exists. If not, create the new postmeta and remove the deprecated.
$archive_filename = basename( $archive_pathname );
$archive_url = $exports_url . $archive_filename;
// Add the new postmeta that is used since version 5.4.
update_post_meta( $request_id, '_export_file_name', wp_normalize_path( $archive_filename ) );
// Remove the deprecated postmeta.
delete_post_meta( $request_id, '_export_file_url' );
delete_post_meta( $request_id, '_export_file_path' );
} else {
// If there's no archive_filename or archive_pathname create a new one.
$archive_filename = $file_basename . '.zip';
$archive_url = $exports_url . $archive_filename;
$archive_pathname = $exports_dir . $archive_filename;
// Add the new postmeta that is used since version 5.4.
update_post_meta( $request_id, '_export_file_name', wp_normalize_path( $archive_filename ) );
// Remove the deprecated postmeta.
delete_post_meta( $request_id, '_export_file_url' );
delete_post_meta( $request_id, '_export_file_path' );
} }
if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) { if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) {
@ -539,6 +568,10 @@ function wp_privacy_send_personal_data_export_email( $request_id ) {
// Get the request. // Get the request.
$request = wp_get_user_request( $request_id ); $request = wp_get_user_request( $request_id );
// Get the export file URL.
$exports_url = wp_privacy_exports_url();
$export_file_name = get_post_meta( $request_id, '_export_file_name', true );
if ( ! $request || 'export_personal_data' !== $request->action_name ) { if ( ! $request || 'export_personal_data' !== $request->action_name ) {
return new WP_Error( 'invalid_request', __( 'Invalid request ID when sending personal data export email.' ) ); return new WP_Error( 'invalid_request', __( 'Invalid request ID when sending personal data export email.' ) );
} }
@ -556,7 +589,7 @@ function wp_privacy_send_personal_data_export_email( $request_id ) {
$expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS ); $expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS );
$expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration ); $expiration_date = date_i18n( get_option( 'date_format' ), time() + $expiration );
$export_file_url = get_post_meta( $request_id, '_export_file_url', true ); $export_file_url = $exports_url . $export_file_name;
$site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
$site_url = home_url(); $site_url = home_url();
@ -820,7 +853,10 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
_wp_privacy_completed_request( $request_id ); _wp_privacy_completed_request( $request_id );
} else { } else {
// Modify the response to include the URL of the export file so the browser can fetch it. // Modify the response to include the URL of the export file so the browser can fetch it.
$export_file_url = get_post_meta( $request_id, '_export_file_url', true ); $exports_url = wp_privacy_exports_url();
$export_file_name = get_post_meta( $request_id, '_export_file_name', true );
$export_file_url = $exports_url . $export_file_name;
if ( ! empty( $export_file_url ) ) { if ( ! empty( $export_file_url ) ) {
$response['url'] = $export_file_url; $response['url'] = $export_file_url;
} }

View File

@ -44,9 +44,27 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
protected static $response_last_page; protected static $response_last_page;
/** /**
* Export File Url. * Export Url.
* *
* @since 5.2.0 * @since 5.5.0
*
* @var string $export_url
*/
protected static $export_url;
/**
* Export File Name.
*
* @since 5.5.0
*
* @var string $export_file_name
*/
protected static $export_file_name;
/**
* Export File URL.
*
* @since 5.5.0
* *
* @var string $export_file_url * @var string $export_file_url
*/ */
@ -131,7 +149,9 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
*/ */
public static function wpSetUpBeforeClass( $factory ) { public static function wpSetUpBeforeClass( $factory ) {
self::$requester_email = 'requester@example.com'; self::$requester_email = 'requester@example.com';
self::$export_file_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip'; self::$export_url = wp_privacy_exports_url();
self::$export_file_name = 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
self::$export_file_url = self::$export_url . self::$export_file_name;
self::$request_id = wp_create_user_request( self::$requester_email, 'export_personal_data' ); self::$request_id = wp_create_user_request( self::$requester_email, 'export_personal_data' );
self::$page_index_first = 1; self::$page_index_first = 1;
self::$page_index_last = 2; self::$page_index_last = 2;
@ -502,7 +522,7 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
* @ticket 44233 * @ticket 44233
*/ */
public function test_return_response_with_export_file_url_when_not_sent_as_email_for_last_exporter_on_last_page() { public function test_return_response_with_export_file_url_when_not_sent_as_email_for_last_exporter_on_last_page() {
update_post_meta( self::$request_id, '_export_file_url', self::$export_file_url ); update_post_meta( self::$request_id, '_export_file_name', self::$export_file_name );
// Process data, given the last exporter, on the last page and not send as email. // Process data, given the last exporter, on the last page and not send as email.
$actual_response = wp_privacy_process_personal_data_export_page( $actual_response = wp_privacy_process_personal_data_export_page(
@ -528,7 +548,7 @@ class Tests_Privacy_WpPrivacyProcessPersonalDataExportPage extends WP_UnitTestCa
* @ticket 44233 * @ticket 44233
*/ */
public function test_return_response_without_export_file_url_when_sent_as_email_for_last_exporter_on_last_page() { public function test_return_response_without_export_file_url_when_sent_as_email_for_last_exporter_on_last_page() {
update_post_meta( self::$request_id, '_export_file_url', self::$export_file_url ); update_post_meta( self::$request_id, '_export_file_name', self::$export_file_name );
// Process data, given the last exporter, on the last page and send as email. // Process data, given the last exporter, on the last page and send as email.
$actual_response = wp_privacy_process_personal_data_export_page( $actual_response = wp_privacy_process_personal_data_export_page(

View File

@ -104,8 +104,10 @@ class Tests_Privacy_WpPrivacySendPersonalDataExportEmail extends WP_UnitTestCase
* The function should send an export link to the requester when the user request is confirmed. * The function should send an export link to the requester when the user request is confirmed.
*/ */
public function test_function_should_send_export_link_to_requester() { public function test_function_should_send_export_link_to_requester() {
$archive_url = wp_privacy_exports_url() . 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip'; $archive_url = wp_privacy_exports_url();
update_post_meta( self::$request_id, '_export_file_url', $archive_url ); $archive_file_name = 'wp-personal-data-file-Wv0RfMnGIkl4CFEDEEkSeIdfLmaUrLsl.zip';
$archive_file_url = $archive_url . $archive_file_name;
update_post_meta( self::$request_id, '_export_file_name', $archive_file_name );
$email_sent = wp_privacy_send_personal_data_export_email( self::$request_id ); $email_sent = wp_privacy_send_personal_data_export_email( self::$request_id );
$mailer = tests_retrieve_phpmailer_instance(); $mailer = tests_retrieve_phpmailer_instance();
@ -113,7 +115,7 @@ class Tests_Privacy_WpPrivacySendPersonalDataExportEmail extends WP_UnitTestCase
$this->assertSame( 'request-confirmed', get_post_status( self::$request_id ) ); $this->assertSame( 'request-confirmed', get_post_status( self::$request_id ) );
$this->assertSame( self::$requester_email, $mailer->get_recipient( 'to' )->address ); $this->assertSame( self::$requester_email, $mailer->get_recipient( 'to' )->address );
$this->assertContains( 'Personal Data Export', $mailer->get_sent()->subject ); $this->assertContains( 'Personal Data Export', $mailer->get_sent()->subject );
$this->assertContains( $archive_url, $mailer->get_sent()->body ); $this->assertContains( $archive_file_url, $mailer->get_sent()->body );
$this->assertContains( 'please download it', $mailer->get_sent()->body ); $this->assertContains( 'please download it', $mailer->get_sent()->body );
$this->assertTrue( $email_sent ); $this->assertTrue( $email_sent );
} }