Privacy: Ensure that exported user data reports can't be found with directory listings.

By moving from `.html` to `.php` files, we can prevent directory listings, and ensure that WordPress can load.

Fixes #52299.

Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake. 

Built from https://develop.svn.wordpress.org/trunk@50037


git-svn-id: http://core.svn.wordpress.org/trunk@49738 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/privacy-tools.php

@@ -322,13 +322,13 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
 	}
 
 	// Protect export folder from browsing.
-	$index_pathname = $exports_dir . 'index.html';
+	$index_pathname = $exports_dir . 'index.php';
 	if ( ! file_exists( $index_pathname ) ) {
 		$file = fopen( $index_pathname, 'w' );
 		if ( false === $file ) {
 			wp_send_json_error( __( 'Unable to protect personal data export folder from browsing.' ) );
 		}
-		fwrite( $file, '<!-- Silence is golden. -->' );
+		fwrite( $file, '<?php // Silence is golden.' );
 		fclose( $file );
 	}
 

wp-includes/functions.php

@@ -7398,7 +7398,7 @@ function wp_privacy_delete_old_export_files() {
 	}
 
 	require_once ABSPATH . 'wp-admin/includes/file.php';
-	$export_files = list_files( $exports_dir, 100, array( 'index.html' ) );
+	$export_files = list_files( $exports_dir, 100, array( 'index.php' ) );
 
 	/**
 	 * Filters the lifetime, in seconds, of a personal data export file.

wp-includes/version.php

@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.7-alpha-50035';
+$wp_version = '5.7-alpha-50037';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.