[wp-trac] [WordPress Trac] #43546: Add to the privacy tools UX a means to export personal data by username or email address
WordPress Trac
noreply at wordpress.org
Mon Apr 30 20:08:39 UTC 2018
#43546: Add to the privacy tools UX a means to export personal data by username or
email address
--------------------------------+-----------------------
Reporter: allendav | Owner: allendav
Type: enhancement | Status: assigned
Priority: normal | Milestone: 4.9.6
Component: General | Version: trunk
Severity: normal | Resolution:
Keywords: gdpr needs-testing | Focuses:
--------------------------------+-----------------------
Comment (by iandunn):
In [changeset:"43046" 43046]:
{{{
#!CommitTicketReference repository="" revision="43046"
Privacy: Add cron to delete expired export files to protect privacy.
The primary means of protecting the files is the CSPRN appended to the
filename, but there is no reason to keep the files after the data subject
has downloaded them, so deleting them provides an additional layer of
protection. Previously this was done from
`wp_privacy_generate_personal_data_export_file()`, but that does not
guarantee that it will be run regularly, and on smaller sites that could
result in export files being exposed for much longer than necessary.
`wp_privacy_delete_old_export_files()` was moved to a front end file, so
that it can be called from `cron.php`.
This introduces the `wp_privacy_export_expiration` filter, which allows
plugins to customize how long the exports are kept before being deleted.
`index.html` was added to the `$exclusions` parameter of `list_files()` to
make sure that it isn't deleted. If it were, then poorly-configured
servers would allow the directory to be traversed, exposing all of the
exported files.
Props iandunn, desrosj.
See #43546.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43546#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list