Privacy: Reuse existing archive filenames to maintain URLs.

Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.

That can be avoided by reusing the same filename when building fresh archives.

Props desrosj, tz-media, allendav.
Fixes #43905.


git-svn-id: https://develop.svn.wordpress.org/trunk@43180 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ian Dunn 2018-05-08 00:51:59 +00:00
parent a131758bf5
commit a631c2378d
1 changed files with 22 additions and 16 deletions

View File

@ -2127,12 +2127,30 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
fwrite( $file, "</html>\n" );
fclose( $file );
// Now, generate the ZIP.
/*
* Now, generate the ZIP.
*
* If an archive has already been generated, then remove it and reuse the
* filename, to avoid breaking any URLs that may have been previously sent
* via email.
*/
$error = false;
$archive_url = get_post_meta( $request_id, '_export_file_url', true );
$archive_pathname = get_post_meta( $request_id, '_export_file_path', true );
if ( empty( $archive_pathname ) || empty( $archive_url ) ) {
$archive_filename = $file_basename . '.zip';
$archive_pathname = $exports_dir . $archive_filename;
$archive_url = $exports_url . $archive_filename;
update_post_meta( $request_id, '_export_file_url', $archive_url );
update_post_meta( $request_id, '_export_file_path', $archive_pathname );
}
if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) {
wp_delete_file( $archive_pathname );
}
$zip = new ZipArchive;
if ( true === $zip->open( $archive_pathname, ZipArchive::CREATE ) ) {
if ( ! $zip->addFile( $html_report_pathname, 'index.html' ) ) {
@ -2163,10 +2181,6 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
if ( $error ) {
wp_send_json_error( $error );
}
// Save the export file in the request.
update_post_meta( $request_id, '_export_file_url', $archive_url );
update_post_meta( $request_id, '_export_file_path', $archive_pathname );
}
/**
@ -2342,14 +2356,6 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
delete_post_meta( $request_id, '_export_data_raw' );
update_post_meta( $request_id, '_export_data_grouped', $groups );
// And now, generate the export file, cleaning up any previous file
$export_path = get_post_meta( $request_id, '_export_file_path', true );
if ( ! empty( $export_path ) ) {
delete_post_meta( $request_id, '_export_file_path' );
@unlink( $export_path );
}
delete_post_meta( $request_id, '_export_file_url' );
// Generate the export file from the collected, grouped personal data.
do_action( 'wp_privacy_personal_data_export_file', $request_id );