[wp-trac] [WordPress Trac] #44230: Export Personal Data Flaw

WordPress Trac noreply at wordpress.org
Fri May 25 15:38:32 UTC 2018


#44230: Export Personal Data Flaw
--------------------------+-----------------------------
 Reporter:  psycleuk      |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Privacy       |    Version:  4.9.6
 Severity:  major         |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 In testing the new export personal data feature that was introduced in
 WordPress 4.9.6, i believe i have found a flaw in how it works.

 Once a user has confirmed the data request and an admin user clicks the
 send email option against the request, this creates the zip file in the
 uploads directory. The zip file is then publicly accessible to anyone that
 could work out the url for 3 days by default. This seems wrong to me, the
 zip file should only be accessible to the user who requested it.

 As a work around i have had to reduce the expiry time of the zip file,
 using the wp_privacy_export_expiration filter to be 1 hour. To minimise
 the window that the file is available and at risk, but still give the
 requesting user time to access it.

 Steps to reproduce:

 - follow the Export Personal Data request process to send the data email

 - use the link in the email to download the zip file, this can be
 performed by anyone who has/knows the link

 Expected result:

 - the wp-personal-data-exports folder should have public access blocked

 - access to the zip file should be through a token (ideally single use)
 and validated against the requesting user before allowing download

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44230>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list