[wp-trac] [WordPress Trac] #44197: ZIP file containing a user’s personal data has user’s personal data in filename
WordPress Trac
noreply at wordpress.org
Tue May 22 19:30:14 UTC 2018
#44197: ZIP file containing a user’s personal data has user’s personal data in
filename
--------------------------+------------------------------
Reporter: Ov3rfly | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: gdpr | Focuses:
--------------------------+------------------------------
Comment (by allendav):
Another idea: Don't send a direct link to the user in their email at all,
but a link which kicks off a download of the export file. The link should
include a nonce. That way we could perhaps continue to use the email
address in the filename served to the administrator?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44197#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list