From 809d5fa08e5ee3c1d0b9f07f5524b635f9d8a28e Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Wed, 9 May 2018 14:30:26 +0000 Subject: [PATCH] Privacy: Reuse existing archive filenames to maintain URLs. Whenever an admin initiates a download or email of a personal data export, a fresh copy of the file is generated. Previously, a new filename was used each time, which could lead to situations where a URL that was emailed to a data subject is broken. That can be avoided by reusing the same filename when building fresh archives. Props desrosj, tz-media, allendav. Merges [43180] to the 4.9 branch. Fixes #43905. Built from https://develop.svn.wordpress.org/branches/4.9@43186 git-svn-id: http://core.svn.wordpress.org/branches/4.9@43015 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/file.php | 38 ++++++++++++++++++++++---------------- wp-includes/version.php | 2 +- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 837c710529..63fa901c03 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -1990,11 +1990,29 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { fwrite( $file, "\n" ); fclose( $file ); - // Now, generate the ZIP. + /* + * Now, generate the ZIP. + * + * If an archive has already been generated, then remove it and reuse the + * filename, to avoid breaking any URLs that may have been previously sent + * via email. + */ $error = false; - $archive_filename = $file_basename . '.zip'; - $archive_pathname = $exports_dir . $archive_filename; - $archive_url = $exports_url . $archive_filename; + $archive_url = get_post_meta( $request_id, '_export_file_url', true ); + $archive_pathname = get_post_meta( $request_id, '_export_file_path', true ); + + if ( empty( $archive_pathname ) || empty( $archive_url ) ) { + $archive_filename = $file_basename . '.zip'; + $archive_pathname = $exports_dir . $archive_filename; + $archive_url = $exports_url . $archive_filename; + + update_post_meta( $request_id, '_export_file_url', $archive_url ); + update_post_meta( $request_id, '_export_file_path', $archive_pathname ); + } + + if ( ! empty( $archive_pathname ) && file_exists( $archive_pathname ) ) { + wp_delete_file( $archive_pathname ); + } $zip = new ZipArchive; if ( true === $zip->open( $archive_pathname, ZipArchive::CREATE ) ) { @@ -2026,10 +2044,6 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) { if ( $error ) { wp_send_json_error( $error ); } - - // Save the export file in the request. - update_post_meta( $request_id, '_export_file_url', $archive_url ); - update_post_meta( $request_id, '_export_file_path', $archive_pathname ); } /** @@ -2205,14 +2219,6 @@ function wp_privacy_process_personal_data_export_page( $response, $exporter_inde delete_post_meta( $request_id, '_export_data_raw' ); update_post_meta( $request_id, '_export_data_grouped', $groups ); - // And now, generate the export file, cleaning up any previous file - $export_path = get_post_meta( $request_id, '_export_file_path', true ); - if ( ! empty( $export_path ) ) { - delete_post_meta( $request_id, '_export_file_path' ); - @unlink( $export_path ); - } - delete_post_meta( $request_id, '_export_file_url' ); - // Generate the export file from the collected, grouped personal data. do_action( 'wp_privacy_personal_data_export_file', $request_id ); diff --git a/wp-includes/version.php b/wp-includes/version.php index f357c31049..80cb0f8fcb 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9.6-beta1-43182'; +$wp_version = '4.9.6-beta1-43186'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.