From eafc40be6d2dda576535dd8bc7c9477562000df2 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Fri, 31 Jan 2020 00:58:06 +0000 Subject: [PATCH] Privacy: Remove user's email address from personal data export filename. Use `wp_unique_filename()` to avoid potential collisions instead. Props xkon, garrett-eclipse, donmhico, Ov3rfly, Clorith, allendav. Fixes #44197. Built from https://develop.svn.wordpress.org/trunk@47144 git-svn-id: http://core.svn.wordpress.org/trunk@46944 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/privacy-tools.php | 6 ++---- wp-includes/version.php | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/wp-admin/includes/privacy-tools.php b/wp-admin/includes/privacy-tools.php index a22ad40374..6028cb6a3b 100644 --- a/wp-admin/includes/privacy-tools.php +++ b/wp-admin/includes/privacy-tools.php @@ -320,11 +320,9 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { fclose( $file ); } - $stripped_email = str_replace( '@', '-at-', $email_address ); - $stripped_email = sanitize_title( $stripped_email ); // Slugify the email address. $obscura = wp_generate_password( 32, false, false ); - $file_basename = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura; - $html_report_filename = $file_basename . '.html'; + $file_basename = 'wp-personal-data-file-' . $obscura; + $html_report_filename = wp_unique_filename( $exports_dir, $file_basename . '.html' ); $html_report_pathname = wp_normalize_path( $exports_dir . $html_report_filename ); $file = fopen( $html_report_pathname, 'w' ); if ( false === $file ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index 95024ce5f0..2505788971 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.4-alpha-47143'; +$wp_version = '5.4-alpha-47144'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.