[wp-trac] [WordPress Trac] #50141: Data erasure/export links should notify the user that the action has already been confirmed
WordPress Trac
noreply at wordpress.org
Mon May 11 02:16:56 UTC 2020
#50141: Data erasure/export links should notify the user that the action has
already been confirmed
----------------------------+-----------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version:
Severity: normal | Keywords: needs-patch
Focuses: administration |
----------------------------+-----------------------------
When a data erasure/export process is started, an email is sent to the
email to confirm the action. That email contains only-use-once link that
needs to be confirmed for the process to start.
The first request to that url has a nice "Thanks, you'll be notified when
ready" type message, but clicking the link a second time will just trigger
a `wp_die( 'This link has expired.' );` message without any context as to
why.
It's also possible that some email scanners (Either on the server, or on
an email client) may request the URL on the users behalf to verify if the
URL contains any malicious content in which case the email owner would
never actually see the success message, and only the expired link message.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50141>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list