[wp-trac] [WordPress Trac] #44230: Export Personal Data Flaw
WordPress Trac
noreply at wordpress.org
Fri May 25 15:38:32 UTC 2018
#44230: Export Personal Data Flaw
--------------------------+-----------------------------
Reporter: psycleuk | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
In testing the new export personal data feature that was introduced in
WordPress 4.9.6, i believe i have found a flaw in how it works.
Once a user has confirmed the data request and an admin user clicks the
send email option against the request, this creates the zip file in the
uploads directory. The zip file is then publicly accessible to anyone that
could work out the url for 3 days by default. This seems wrong to me, the
zip file should only be accessible to the user who requested it.
As a work around i have had to reduce the expiry time of the zip file,
using the wp_privacy_export_expiration filter to be 1 hour. To minimise
the window that the file is available and at risk, but still give the
requesting user time to access it.
Steps to reproduce:
- follow the Export Personal Data request process to send the data email
- use the link in the email to download the zip file, this can be
performed by anyone who has/knows the link
Expected result:
- the wp-personal-data-exports folder should have public access blocked
- access to the zip file should be through a token (ideally single use)
and validated against the requesting user before allowing download
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44230>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list