[wp-trac] [WordPress Trac] #43546: Add to the privacy tools UX a means to export personal data by username or email address

WordPress Trac noreply at wordpress.org
Fri Apr 27 18:25:54 UTC 2018


#43546: Add to the privacy tools UX a means to export personal data by username or
email address
--------------------------------+-----------------------
 Reporter:  allendav            |       Owner:  allendav
     Type:  enhancement         |      Status:  assigned
 Priority:  normal              |   Milestone:  4.9.6
Component:  General             |     Version:  trunk
 Severity:  normal              |  Resolution:
 Keywords:  gdpr needs-testing  |     Focuses:
--------------------------------+-----------------------

Comment (by aaroncampbell):

 I definitely have a few concerns here, centered mostly around "keeping
 this personal data accessible in a downloadable format seems risky".

 The first, [comment:14 jeremyfelt] addressed already:
 > I think that for exported personal data, authentication should be
 required before the export file can be downloaded. Has there been any
 discussion around storing the data in a custom post type for a more
 dynamic retrieval on demand?

 Best case scenario would be required authentication that checks to make
 sure a user is allowed to have this file. Unfortunately WordPress doesn't
 have a way to do this right now. For smaller data sets that could be
 generated on the fly it wouldn't be too bad, but that's not particularly
 scalable.

 Which brings me to [comment:23 iandunn]'s suggestion:
 > `rand()` [https://secure.php.net/manual/en/function.rand.php  doesn't
 generate cryptographically secure random numbers]; would it be better to
 do something like `$obscura = wp_generate_password( 32, false, false )` ?

 This seems like an easy win. While `rand()` technically meets the promise
 of the code comment `// Generate a difficult to guess filename.` we can
 make it far '''more''' difficult to guess by using
 `wp_generate_password()`.

 Lastly, what about deleting these files? It looks like there is a cleanup
 method (`wp_privacy_delete_old_export_files()`) that removes old files,
 but it only runs when a new export is created (and removes the files but
 not the post meta linking to it?). I like the suggestion in the comment to
 set that up to run on a cron. It would also be nice to have a manual
 delete option so an admin could choose to delete the file once it has been
 downloaded or emailed.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43546#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list