[wp-trac] [WordPress Trac] #50141: Data erasure/export links should notify the user that the action has already been confirmed

WordPress Trac noreply at wordpress.org
Tue May 12 04:01:20 UTC 2020


#50141: Data erasure/export links should notify the user that the action has
already been confirmed
--------------------------+------------------------------
 Reporter:  dd32          |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Privacy       |     Version:
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:  administration
--------------------------+------------------------------

Comment (by dd32):

 Replying to [comment:2 johnbillion]:
 > Is it common for email clients or servers to automatically follow links
 in emails? That sounds like a nightmare from a privacy and functional
 point of view.

 The only place I've seen it happening is with Antivirus scanners (Client-
 based and server-side), Checking for malicious content in embedded links
 is a common offering as far as I know. Some just compare against known
 phishing urls, others check the actual page content for malicious content.

 I can't really think of many links that you'll find in emails where an
 unauthenticated scanner requesting the URL would cause concern, let alone
 expire the link.

 > Let's open a separate issue for that as it affects other functionality
 too such as password resets.

 I don't think that would be the case, since those links only expire once
 the form on the pages actually get used. The first request just adds the
 URL params to cookies and redirects to a non-tokenised url.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/50141#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list