[wp-trac] [WordPress Trac] #44197: ZIP file containing a user’s personal data has user’s personal data in filename
WordPress Trac
noreply at wordpress.org
Fri Jan 10 12:27:35 UTC 2020
#44197: ZIP file containing a user’s personal data has user’s personal data in
filename
--------------------------+---------------------
Reporter: Ov3rfly | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.4
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+---------------------
Changes (by xkon):
* keywords: => needs-patch
* milestone: Awaiting Review => 5.4
Comment:
I do agree with @Ov3rfly on this and as @Clorith mentions also it's easy
to download the file via the admin.
I'm not aware of how many would actually go to the physical location of
the files to manually download the zip and forward it. Since the option of
downloading already exists within the admin I don't see a reason to do so
personally.
In this case, in my opinion, the advantages of removing the email from the
filename are way more than just the easiness of finding a .zip via the
filesystem directly.
Also since we're also changing the paths on #44038 it might be a good idea
to tackle both :). I'll mark this for 5.4 in case we can manage to move
this forward within time.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44197#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list