mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
Privacy: Ensure that exported user data reports can't be found with directory listings.
By moving from `.html` to `.php` files, we can prevent directory listings, and ensure that WordPress can load. Fixes #52299. Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake. Built from https://develop.svn.wordpress.org/trunk@50037 git-svn-id: http://core.svn.wordpress.org/trunk@49738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ab6271c0a7
commit
5f532382aa
@ -322,13 +322,13 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
|
||||
}
|
||||
|
||||
// Protect export folder from browsing.
|
||||
$index_pathname = $exports_dir . 'index.html';
|
||||
$index_pathname = $exports_dir . 'index.php';
|
||||
if ( ! file_exists( $index_pathname ) ) {
|
||||
$file = fopen( $index_pathname, 'w' );
|
||||
if ( false === $file ) {
|
||||
wp_send_json_error( __( 'Unable to protect personal data export folder from browsing.' ) );
|
||||
}
|
||||
fwrite( $file, '<!-- Silence is golden. -->' );
|
||||
fwrite( $file, '<?php // Silence is golden.' );
|
||||
fclose( $file );
|
||||
}
|
||||
|
||||
|
@ -7398,7 +7398,7 @@ function wp_privacy_delete_old_export_files() {
|
||||
}
|
||||
|
||||
require_once ABSPATH . 'wp-admin/includes/file.php';
|
||||
$export_files = list_files( $exports_dir, 100, array( 'index.html' ) );
|
||||
$export_files = list_files( $exports_dir, 100, array( 'index.php' ) );
|
||||
|
||||
/**
|
||||
* Filters the lifetime, in seconds, of a personal data export file.
|
||||
|
@ -13,7 +13,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.7-alpha-50035';
|
||||
$wp_version = '5.7-alpha-50037';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
Loading…
Reference in New Issue
Block a user