From 798e3dc84d93e2e96b9afb79e5b20db122af6983 Mon Sep 17 00:00:00 2001 From: iandunn Date: Tue, 8 May 2018 00:52:21 +0000 Subject: [PATCH] Privacy: Reuse existing archive filenames to maintain URLs. Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken. That can be avoided by reusing the same filename when building fresh archives. Props desrosj, tz-media, allendav. Fixes #43905. Built from https://develop.svn.wordpress.org/trunk@43180 git-svn-id: http://core.svn.wordpress.org/trunk@43009 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/file.php | 38 ++++++++++++++++++++++---------------- wp-includes/version.php | 2 +- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index f0f64cdbe3..4bec958b25 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -2127,11 +2127,29 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { fwrite( $file, "\n" ); fclose( $file ); - // Now, generate the ZIP. + /* + * Now, generate the ZIP. + * + * If an archive has already been generated, then remove it and reuse the + * filename, to avoid breaking any URLs that may have been previously sent + * via email. + */ $error = false; - $archive_filename = $file_basename . '.zip'; - $archive_pathname = $exports_dir . $archive_filename; - $archive_url = $exports_url . $archive_filename; + $archive_url = get_post_meta( $request_id, '_export_file_url', true ); + $archive_pathname = get_post_meta( $request_id, '_export_file_path', true ); + + if ( empty( $archive_pathname ) || empty( $archive_url ) ) { + $archive_filename = $file_basename . '.zip'; + $archive_pathname = $exports_dir . $archive_filename; + $archive_url = $exports_url . $archive_filename; + + update_post_meta( $request_id, '_export_file_url', $archive_url ); + update_post_meta( $request_id, '_export_file_path', $archive_pathname ); + } + + if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) { + wp_delete_file( $archive_pathname ); + } $zip = new ZipArchive; if ( true === $zip->open( $archive_pathname, ZipArchive::CREATE ) ) { @@ -2163,10 +2181,6 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { if ( $error ) { wp_send_json_error( $error ); } - - // Save the export file in the request. - update_post_meta( $request_id, '_export_file_url', $archive_url ); - update_post_meta( $request_id, '_export_file_path', $archive_pathname ); } /** @@ -2342,14 +2356,6 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde delete_post_meta( $request_id, '_export_data_raw' ); update_post_meta( $request_id, '_export_data_grouped', $groups ); - // And now, generate the export file, cleaning up any previous file - $export_path = get_post_meta( $request_id, '_export_file_path', true ); - if ( ! empty( $export_path ) ) { - delete_post_meta( $request_id, '_export_file_path' ); - @unlink( $export_path ); - } - delete_post_meta( $request_id, '_export_file_url' ); - // Generate the export file from the collected, grouped personal data. do_action( 'wp_privacy_personal_data_export_file', $request_id ); diff --git a/wp-includes/version.php b/wp-includes/version.php index a4da21acf4..e96452d14c 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '5.0-alpha-43179'; +$wp_version = '5.0-alpha-43180'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.