[wp-trac] [WordPress Trac] #44197: ZIP file containing a user’s personal data has user’s personal data in filename

WordPress Trac noreply at wordpress.org
Mon Jan 27 13:11:40 UTC 2020


#44197: ZIP file containing a user’s personal data has user’s personal data in
filename
--------------------------+---------------------
 Reporter:  Ov3rfly       |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  5.4
Component:  Privacy       |     Version:  4.9.6
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+---------------------
Changes (by donmhico):

 * keywords:  needs-patch => has-patch


Comment:

 Thanks for the report @Ov3rfly.
 [https://core.trac.wordpress.org/attachment/ticket/44197/44197.diff
 44197.diff] removes the email address part in the export zip file name.

 Regarding the concern of mis sending incorrect file by the admin manually.
 IMHO, the whole point of anonymization is to prevent us from relating the
 data to a specific user, which is basically rendered nil if the admin can
 "find" the correct export zip for a user.

 Like @Clorith pointed out it may be better to provide better UI for the
 "Download Personal Data" link so the Admin knows and encouraged to
 download it via the Dashboard instead of manually looking into it.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44197#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list