Privacy: Ensure that exported user data reports can't be found with directory listings.
By moving from .html to .php files, we can prevent directory listings, and ensure that WordPress can load. This brings the changes from [50037] to the 5.6 branch. Fixes #52299. Props lucasbustamante, xkon, freewebmentor, SergeyBiryukov, whyisjake. Built from https://develop.svn.wordpress.org/branches/5.6@50038 git-svn-id: http://core.svn.wordpress.org/branches/5.6@49739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1073030b2e
commit
afeec1960d
|
@ -322,13 +322,13 @@ function wp_privacy_generate_personal_data_export_file( $request_id ) {
|
|||
}
|
||||
|
||||
// Protect export folder from browsing.
|
||||
$index_pathname = $exports_dir . 'index.html';
|
||||
$index_pathname = $exports_dir . 'index.php';
|
||||
if ( ! file_exists( $index_pathname ) ) {
|
||||
$file = fopen( $index_pathname, 'w' );
|
||||
if ( false === $file ) {
|
||||
wp_send_json_error( __( 'Unable to protect user privacy export folder from browsing.' ) );
|
||||
}
|
||||
fwrite( $file, '<!-- Silence is golden. -->' );
|
||||
fwrite( $file, '<?php // Silence is golden.' );
|
||||
fclose( $file );
|
||||
}
|
||||
|
||||
|
|
|
@ -7396,7 +7396,7 @@ function wp_privacy_delete_old_export_files() {
|
|||
}
|
||||
|
||||
require_once ABSPATH . 'wp-admin/includes/file.php';
|
||||
$export_files = list_files( $exports_dir, 100, array( 'index.html' ) );
|
||||
$export_files = list_files( $exports_dir, 100, array( 'index.php' ) );
|
||||
|
||||
/**
|
||||
* Filters the lifetime, in seconds, of a personal data export file.
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.6.1-alpha-50036';
|
||||
$wp_version = '5.6.1-alpha-50038';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue