WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Privacy: Reuse existing archive filenames to maintain URLs. 

Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken.

That can be avoided by reusing the same filename when building fresh archives.

Props desrosj, tz-media, allendav.
Merges [43180] to the 4.9 branch.
Fixes #43905.
Built from https://develop.svn.wordpress.org/branches/4.9@43186


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2018-05-09 14:30:26 +00:00
parent cca8f1053b
commit 809d5fa08e
2 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
wp-admin/includes/file.php
View File

@ -1990,11 +1990,29 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
fwrite( $file, "</html>\n" );
fclose( $file );
// Now, generate the ZIP.
/*
* Now, generate the ZIP.
*
* If an archive has already been generated, then remove it and reuse the
* filename, to avoid breaking any URLs that may have been previously sent
* via email.
*/
$error = false;
$archive_filename = $file_basename . '.zip';
$archive_pathname = $exports_dir . $archive_filename;
$archive_url = $exports_url . $archive_filename;
$archive_url = get_post_meta( $request_id, '_export_file_url', true );
$archive_pathname = get_post_meta( $request_id, '_export_file_path', true );
if ( empty( $archive_pathname ) || empty( $archive_url ) ) {
$archive_filename = $file_basename . '.zip';
$archive_pathname = $exports_dir . $archive_filename;
$archive_url = $exports_url . $archive_filename;
update_post_meta( $request_id, '_export_file_url', $archive_url );
update_post_meta( $request_id, '_export_file_path', $archive_pathname );
}
if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) {
wp_delete_file( $archive_pathname );
}
$zip = new ZipArchive;
if ( true === $zip->open( $archive_pathname, ZipArchive::CREATE ) ) {
@ -2026,10 +2044,6 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
if ( $error ) {
wp_send_json_error( $error );
}
// Save the export file in the request.
update_post_meta( $request_id, '_export_file_url', $archive_url );
update_post_meta( $request_id, '_export_file_path', $archive_pathname );
}
/**
@ -2205,14 +2219,6 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde
delete_post_meta( $request_id, '_export_data_raw' );
update_post_meta( $request_id, '_export_data_grouped', $groups );
// And now, generate the export file, cleaning up any previous file
$export_path = get_post_meta( $request_id, '_export_file_path', true );
if ( ! empty( $export_path ) ) {
delete_post_meta( $request_id, '_export_file_path' );
@unlink( $export_path );
}
delete_post_meta( $request_id, '_export_file_url' );
// Generate the export file from the collected, grouped personal data.
do_action( 'wp_privacy_personal_data_export_file', $request_id );

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.9.6-beta1-43182';
$wp_version = '4.9.6-beta1-43186';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.