[wp-trac] [WordPress Trac] #44236: Maintain consistency between privacy export report and archive filenames

WordPress Trac noreply at wordpress.org
Mon Sep 24 19:31:50 UTC 2018 

#44236: Maintain consistency between privacy export report and archive filenames
-------------------------------------------------+-------------------------
 Reporter:  iandunn                              |       Owner:  GripsArt
     Type:  defect (bug)                         |      Status:  assigned
 Priority:  low                                  |   Milestone:  4.9.9
Component:  Privacy                              |     Version:  4.9.6
 Severity:  minor                                |  Resolution:
 Keywords:  good-first-bug needs-testing has-    |     Focuses:
  patch needs-unit-tests                         |
-------------------------------------------------+-------------------------

Comment (by desrosj):

 A company could have custom naming requirements from an organizational
 standpoint. For example, an organization may desire their file names to
 follow a pattern of `%customer_id_number%.zip`. I don't think adding a
 filter here is a big deal, but it could be useful for many.

 I think that the result of the filter should be sanitized with
 `sanitize_file_name()` for safety. Usually, it is desired to let filtered
 values cause errors to make them easier to detect and debug, allowing
 unsanitized values here could be risky.

 > Avoid making it easier to guess the filenames.

 For this, maybe we do not pass along the `$obscura` value to the filter
 and ''always'' tack it to the end.

 > If the filter returns an empty string, the file becomes: .html.

 This should be checked for.

 All these things considered would result in something like this:

 {{{
 $default_basename = 'wp-personal-data-file-' . $stripped_email;
 $file_basename    = apply_filters( 'wp_personal_export_file_basename',
 $default_basename );
 $file_basename    = sanitize_file_name( $file_basename );

 if ( empty( $file_basename ) ) {
         $file_basename = $default_basename;
 }

 $html_report_filename = $file_basename . '-' . $obscura . '.html';
 }}}

 By tacking on the `$obscura` value after the basename is filtered, it
 prevents the possibility of a name collision (`$obscura` being 32
 characters long, there are 62^32^ possibilities). It also continues to
 follow the standard introduced in 4.9.6.

 Some other feedback:

 - The filter's secondary description should specify that the file
 extension should not be included in the returned value. If the `$obscura`
 value is moved to after the filter as shown in my example above, that
 should be noted as well.
 - I agree with @birgire about adding other parameters to the filter. I
 think that `$stripped_email`, and `$request_id` in addition to the
 filtered value is sufficient.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44236#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list