[wp-trac] [WordPress Trac] #44236: Maintain consistency between privacy export report and archive filenames
WordPress Trac
noreply at wordpress.org
Tue Sep 25 13:48:02 UTC 2018
#44236: Maintain consistency between privacy export report and archive filenames
-------------------------------------------------+-------------------------
Reporter: iandunn | Owner: GripsArt
Type: defect (bug) | Status: assigned
Priority: low | Milestone: 4.9.9
Component: Privacy | Version: 4.9.6
Severity: minor | Resolution:
Keywords: good-first-bug needs-testing has- | Focuses:
patch needs-unit-tests |
-------------------------------------------------+-------------------------
Comment (by desrosj):
I avoided using `wp_unique_filename()` because in its default state, it
could unintentionally expose user data. For example, if I receive an
export file called `my-email-at-email-host-com-abcdefghijklmnop-2.zip`, I
can assume that `-1.zip` and `.zip` versions of this file exist (or did
exist at one point) and visit those URLs directly. `wp_unique_filename()`
has a third parameter, callback, that should be used to replace the
`$obscura` value in the filename instead of incrementing the file by
number.
If this part of the logic is broken out into its own function, I think
that the logic for that could be included in the new function instead of
the callback parameter of `wp_unique_filename()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44236#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list