[wp-trac] [WordPress Trac] #44197: ZIP file containing a user’s personal data has user’s personal data in filename

WordPress Trac noreply at wordpress.org
Fri Jan 10 12:27:35 UTC 2020


#44197: ZIP file containing a user’s personal data has user’s personal data in
filename
--------------------------+---------------------
 Reporter:  Ov3rfly       |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  5.4
Component:  Privacy       |     Version:  4.9.6
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:
--------------------------+---------------------
Changes (by xkon):

 * keywords:   => needs-patch
 * milestone:  Awaiting Review => 5.4


Comment:

 I do agree with @Ov3rfly on this and as @Clorith mentions also it's easy
 to download the file via the admin.

 I'm not aware of how many would actually go to the physical location of
 the files to manually download the zip and forward it. Since the option of
 downloading already exists within the admin I don't see a reason to do so
 personally.

 In this case, in my opinion, the advantages of removing the email from the
 filename are way more than just the easiness of finding a .zip via the
 filesystem directly.

 Also since we're also changing the paths on #44038 it might be a good idea
 to tackle both :). I'll mark this for 5.4 in case we can manage to move
 this forward within time.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44197#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list