[wp-trac] [WordPress Trac] #44197: ZIP file containing a user’s personal data has user’s personal data in filename
WordPress Trac
noreply at wordpress.org
Mon Jan 27 13:11:40 UTC 2020
#44197: ZIP file containing a user’s personal data has user’s personal data in
filename
--------------------------+---------------------
Reporter: Ov3rfly | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.4
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+---------------------
Changes (by donmhico):
* keywords: needs-patch => has-patch
Comment:
Thanks for the report @Ov3rfly.
[https://core.trac.wordpress.org/attachment/ticket/44197/44197.diff
44197.diff] removes the email address part in the export zip file name.
Regarding the concern of mis sending incorrect file by the admin manually.
IMHO, the whole point of anonymization is to prevent us from relating the
data to a specific user, which is basically rendered nil if the admin can
"find" the correct export zip for a user.
Like @Clorith pointed out it may be better to provide better UI for the
"Download Personal Data" link so the Admin knows and encouraged to
download it via the Dashboard instead of manually looking into it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44197#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list