[wp-trac] [WordPress Trac] #44197: ZIP file containing a user’s personal data has user’s personal data in filename
WordPress Trac
noreply at wordpress.org
Mon Jan 27 20:06:10 UTC 2020
#44197: ZIP file containing a user’s personal data has user’s personal data in
filename
-------------------------------------+------------------------------
Reporter: Ov3rfly | Owner: garrett-eclipse
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 5.4
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Changes (by garrett-eclipse):
* keywords: has-patch => has-patch needs-testing
* owner: (none) => garrett-eclipse
* status: new => accepted
Comment:
Thanks for the patch @donmhico and for the feedback @xkon & @Ov3rfly.
I've refreshed the patch in
[https://core.trac.wordpress.org/attachment/ticket/44197/44197.3.diff
44197.3.diff] to utilize `wp_unique_filename` to avoid any potential
collisions and everything is testing nicely. I also tested pre-existing
requests before the change and their exports still function without issue
so shouldn't be any back-compat complications.
Note: Existing files which hold email in the name will be left for the
administrator to cleanup.
P.S. @donmhico I checked the PHP Unit Tests and will second that this
change hasn't caused any issues with existing tests.
I think is looks good to move forward, if anyone wants to give it a final
test before marking for commit.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44197#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list