<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[44824] trunk: Privacy: Be less restrictive of the HTML tags allowed in user data exports.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/44824">44824</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/44824","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>desrosj</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2019-03-08 22:04:50 +0000 (Fri, 08 Mar 2019)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Privacy: Be less restrictive of the HTML tags allowed in user data exports.
Previously, only `a` and `br` tags were allowed in the `value` table cell for each field included in the HTML file generated when a user is exporting their personal data. Instead of relying on a hardcoded list of allowed tags, the `wp_kses()` call in `wp_privacy_generate_personal_data_export_group_html()` will now fallback to the default list of allowed tags (which includes `i`, `strong`, `em`, and other basic HTML formatting tags).
Also, a new context of `personal_data_export` will now be passed to the `wp_kses()` call. As a result, the list of HTML tags and attributes allowed in the export file can now be filtered using the `wp_kses_allowed_html` filter and checking for the `personal_data_export` context.
Fixes <a href="https://core.trac.wordpress.org/ticket/44044">#44044</a>.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpadminincludesfilephp">trunk/src/wp-admin/includes/file.php</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunktestsphpunittestsprivacywpPrivacyGeneratePersonalDataExportGroupHtmlphp">trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportGroupHtml.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpadminincludesfilephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/includes/file.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/includes/file.php 2019-03-08 20:51:32 UTC (rev 44823)
+++ trunk/src/wp-admin/includes/file.php 2019-03-08 22:04:50 UTC (rev 44824)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1956,17 +1956,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return string The HTML for this group and its items.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_privacy_generate_personal_data_export_group_html( $group_data ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $allowed_tags = array(
- 'a' => array(
- 'href' => array(),
- 'target' => array(),
- ),
- 'br' => array(),
- );
- $allowed_protocols = array( 'http', 'https' );
- $group_html = '';
-
- $group_html .= '<h2>' . esc_html( $group_data['group_label'] ) . '</h2>';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $group_html = '<h2>' . esc_html( $group_data['group_label'] ) . '</h2>';
</ins><span class="cx" style="display: block; padding: 0 10px"> $group_html .= '<div>';
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> foreach ( (array) $group_data['items'] as $group_item_id => $group_item_data ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1975,7 +1965,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> foreach ( (array) $group_item_data as $group_item_datum ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $value = $group_item_datum['value'];
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // If it looks like a link, make it a link
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // If it looks like a link, make it a link.
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( false === strpos( $value, ' ' ) && ( 0 === strpos( $value, 'http://' ) || 0 === strpos( $value, 'https://' ) ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $value = '<a href="' . esc_url( $value ) . '">' . esc_html( $value ) . '</a>';
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1982,7 +1972,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $group_html .= '<tr>';
</span><span class="cx" style="display: block; padding: 0 10px"> $group_html .= '<th>' . esc_html( $group_item_datum['name'] ) . '</th>';
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $group_html .= '<td>' . wp_kses( $value, $allowed_tags, $allowed_protocols ) . '</td>';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $group_html .= '<td>' . wp_kses( $value, 'personal_data_export' ) . '</td>';
</ins><span class="cx" style="display: block; padding: 0 10px"> $group_html .= '</tr>';
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunktestsphpunittestsprivacywpPrivacyGeneratePersonalDataExportGroupHtmlphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportGroupHtml.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportGroupHtml.php (rev 0)
+++ trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportGroupHtml.php 2019-03-08 22:04:50 UTC (rev 44824)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,200 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Test cases for the `wp_privacy_generate_personal_data_export_group_html()` function.
+ *
+ * @package WordPress
+ * @subpackage UnitTests
+ * @since 5.2.0
+ */
+
+/**
+ * Tests_Privacy_WpPrivacyGeneratePersonalDataExportGroupHtml class.
+ *
+ * @group privacy
+ * @covers ::wp_privacy_generate_personal_data_export_group_html
+ *
+ * @since 5.2.0
+ */
+class Tests_Privacy_WpPrivacyGeneratePersonalDataExportGroupHtml extends WP_UnitTestCase {
+
+ /**
+ * Test when a single data item is passed.
+ *
+ * @ticket 44044
+ */
+ public function test_group_html_generation_single_data_item() {
+ $data = array(
+ 'group_label' => 'Test Data Group',
+ 'items' => array(
+ array(
+ array(
+ 'name' => 'Field 1 Name',
+ 'value' => 'Field 1 Value',
+ ),
+ array(
+ 'name' => 'Field 2 Name',
+ 'value' => 'Field 2 Value',
+ ),
+ ),
+ ),
+ );
+
+ $actual = wp_privacy_generate_personal_data_export_group_html( $data );
+ $expected_table_markup = '<table><tbody><tr><th>Field 1 Name</th><td>Field 1 Value</td></tr><tr><th>Field 2 Name</th><td>Field 2 Value</td></tr></tbody></table>';
+
+ $this->assertContains( '<h2>Test Data Group</h2>', $actual );
+ $this->assertContains( $expected_table_markup, $actual );
+ }
+
+ /**
+ * Test when a multiple data items are passed.
+ *
+ * @ticket 44044
+ */
+ public function test_group_html_generation_multiple_data_items() {
+ $data = array(
+ 'group_label' => 'Test Data Group',
+ 'items' => array(
+ array(
+ array(
+ 'name' => 'Field 1 Name',
+ 'value' => 'Field 1 Value',
+ ),
+ array(
+ 'name' => 'Field 2 Name',
+ 'value' => 'Field 2 Value',
+ ),
+ ),
+ array(
+ array(
+ 'name' => 'Field 1 Name',
+ 'value' => 'Another Field 1 Value',
+ ),
+ array(
+ 'name' => 'Field 2 Name',
+ 'value' => 'Another Field 2 Value',
+ ),
+ ),
+ ),
+ );
+
+ $actual = wp_privacy_generate_personal_data_export_group_html( $data );
+
+ $this->assertContains( '<h2>Test Data Group</h2>', $actual );
+ $this->assertContains( '<td>Field 1 Value', $actual );
+ $this->assertContains( '<td>Another Field 1 Value', $actual );
+ $this->assertContains( '<td>Field 2 Value', $actual );
+ $this->assertContains( '<td>Another Field 2 Value', $actual );
+ $this->assertSame( 2, substr_count( $actual, '<th>Field 1 Name' ) );
+ $this->assertSame( 2, substr_count( $actual, '<th>Field 2 Name' ) );
+ $this->assertSame( 4, substr_count( $actual, '<tr>' ) );
+ }
+
+ /**
+ * Values that appear to be links should be wrapped in `<a>` tags.
+ *
+ * @ticket 44044
+ */
+ public function test_links_become_anchors() {
+ $data = array(
+ 'group_label' => 'Test Data Group',
+ 'items' => array(
+ array(
+ array(
+ 'name' => 'HTTP Link',
+ 'value' => 'http://wordpress.org',
+ ),
+ array(
+ 'name' => 'HTTPS Link',
+ 'value' => 'https://wordpress.org',
+ ),
+ array(
+ 'name' => 'Link with Spaces',
+ 'value' => 'https://wordpress.org not a link.',
+ ),
+ ),
+ ),
+ );
+
+ $actual = wp_privacy_generate_personal_data_export_group_html( $data );
+
+ $this->assertContains( '<a href="http://wordpress.org">http://wordpress.org</a>', $actual );
+ $this->assertContains( '<a href="https://wordpress.org">https://wordpress.org</a>', $actual );
+ $this->assertContains( 'https://wordpress.org not a link.', $actual );
+ }
+
+ /**
+ * HTML in group labels should be escaped.
+ *
+ * @ticket 44044
+ */
+ public function test_group_labels_escaped() {
+ $data = array(
+ 'group_label' => '<div>Escape HTML in group lavels</div>',
+ 'items' => array(),
+ );
+
+ $actual = wp_privacy_generate_personal_data_export_group_html( $data );
+
+ $this->assertContains( '<h2><div>Escape HTML in group lavels</div></h2>', $actual );
+ }
+
+ /**
+ * Test that the exported data should contain allowed HTML.
+ *
+ * @ticket 44044
+ */
+ public function test_allowed_html_not_stripped() {
+ $data = array(
+ 'group_label' => 'Test Data Group',
+ 'items' => array(
+ array(
+ 'links' => array(
+ 'name' => 'Links are allowed',
+ 'value' => '<a href="http://wordpress.org">http://wordpress.org</a>',
+ ),
+ 'formatting' => array(
+ 'name' => 'Simple formatting is allowed',
+ 'value' => '<b>bold</b>, <em>emphasis</em>, <i>italics</i>, and <strong>strong</strong> are allowed.',
+ ),
+ ),
+ ),
+ );
+
+ $actual = wp_privacy_generate_personal_data_export_group_html( $data );
+
+ $this->assertContains( $data['items'][0]['links']['value'], $actual );
+ $this->assertContains( $data['items'][0]['formatting']['value'], $actual );
+ }
+
+ /**
+ * Test that the exported data should not contain disallowed HTML.
+ *
+ * @ticket 44044
+ */
+ public function test_disallowed_html_is_stripped() {
+ $data = array(
+ 'group_label' => 'Test Data Group',
+ 'items' => array(
+ array(
+ 'scripts' => array(
+ 'name' => 'Script tags are not allowed.',
+ 'value' => '<script>Testing that script tags are stripped.</script>',
+ ),
+ 'images' => array(
+ 'name' => 'Images are not allowed',
+ 'value' => '<img src="https://example.com/logo.jpg" alt="Alt text" />',
+ ),
+ ),
+ ),
+ );
+
+ $actual = wp_privacy_generate_personal_data_export_group_html( $data );
+
+ $this->assertNotContains( $data['items'][0]['scripts']['value'], $actual );
+ $this->assertContains( '<td>Testing that script tags are stripped.</td>', $actual );
+
+ $this->assertNotContains( $data['items'][0]['images']['value'], $actual );
+ $this->assertContains( '<th>Images are not allowed</th><td></td>', $actual );
+ }
+}
</ins></span></pre>
</div>
</div>
</body>
</html>