[wp-trac] [WordPress Trac] #46536: wp_create_user_request should sanitize the action_name using _wp_privacy_action_request_types

WordPress Trac noreply at wordpress.org
Fri Sep 18 18:59:57 UTC 2020 

#46536: wp_create_user_request should sanitize the action_name using
_wp_privacy_action_request_types
-------------------------------------------------+-------------------------
 Reporter:  garrett-eclipse                      |       Owner:  garrett-
                                                 |  eclipse
     Type:  defect (bug)                         |      Status:  accepted
 Priority:  normal                               |   Milestone:  5.6
Component:  Privacy                              |     Version:  4.9.6
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests needs-      |     Focuses:
  testing                                        |
-------------------------------------------------+-------------------------

Comment (by garrett-eclipse):

 Great feedback as always @birgire thank you.

 Yes that's correct, the system is meant to only support the two
 `['export_personal_data', 'remove_personal_data']` you can't really get
 any others in currently without breaking core. In future we may revisit
 but would expect we'd do so via the `_wp_privacy_action_request_types`
 method as a single source for a filter and defaults. This change doesn't
 change any functionality aside from making things consistent and future-
 proof if we do want to add a filter at some point.

 I've updated the patch in
 [https://core.trac.wordpress.org/attachment/ticket/46536/46536.3.diff
 46536.3.diff] to ensure we have the original ticket number preserved on
 the test_invalid_action. Good catch.

 As to expanding upon our action errors to be more specific, I'm 100%
 onboard. I thought maybe we used generic errors as they were re-used
 strings but searching that doesn't seem to be the case. I'll start a new
 ticket/patch, started here but found it was alot of strings so let's get
 this improvement in and iterate on the error strings separately.

 Give it another once over if you don't mind and mark for committer review
 if you're happy.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46536#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list