Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-28 15:54:57 +02:00
Code Issues Projects Releases Wiki Activity
06dd3449e9
WordPress/wp-admin
History
Sergey Biryukov 06dd3449e9 Privacy: Add cron to delete expired export files to protect privacy. 
The primary means of protecting the files is the CSPRN appended to the filename, but there is no reason to keep the files after the data subject has downloaded them, so deleting them provides an additional layer of protection. Previously this was done from `wp_privacy_generate_personal_data_export_file()`, but that does not guarantee that it will be run regularly, and on smaller sites that could result in export files being exposed for much longer than necessary.

`wp_privacy_delete_old_export_files()` was moved to a front end file, so that it can be called from `cron.php`.

This introduces the `wp_privacy_export_expiration` filter, which allows plugins to customize how long the exports are kept before being deleted.

`index.html` was added to the `$exclusions` parameter of `list_files()` to make sure that it isn't deleted. If it were, then poorly-configured servers would allow the directory to be traversed, exposing all of the exported files.

Props iandunn, desrosj.
Merges [43046] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43095


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:33:26 +00:00
..
css Privacy: add new wp-admin screens for exporting and removing of personal data. 2018-05-01 23:42:25 +00:00
images
includes Privacy: Add cron to delete expired export files to protect privacy. 2018-05-02 02:33:26 +00:00
js Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run. 2018-05-02 02:16:25 +00:00
maint
network General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
user Administration: Ensure the new Privacy Policy screen appears when within the Network Admin and User Admin. 2017-11-06 18:17:54 +00:00
about.php Bump 4.9 branch to version 4.9.5 2018-04-03 20:17:40 +00:00
admin-ajax.php Privacy: add means to erase personal data by username or email address. First run. 2018-05-02 00:03:27 +00:00
admin-footer.php
admin-functions.php
admin-header.php
admin-post.php
admin.php Transients: After [41963], add missing cron task for delete_expired_transients(). 2017-10-24 23:00:47 +00:00
async-upload.php Remove SWFUpload, 2017-09-21 16:35:48 +00:00
comment.php
credits.php Help/About: Move "Get involved" link on Credits screen to the top of the page for better visibility. 2018-04-30 03:19:24 +00:00
custom-background.php
custom-header.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
customize.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
edit-comments.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
edit-form-advanced.php Editor: Disable wp_keep_scroll_position in IE11 since buggy; fix matches polyfill conflict with ME.js by doing runtime feature detection in context window. 2017-11-15 19:00:38 +00:00
edit-form-comment.php
edit-link-form.php
edit-tag-form.php Taxonomy: Introduce a back_to_items taxonomy label. 2017-09-27 14:39:45 +00:00
edit-tags.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
edit.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
export.php
freedoms.php About: Synchronize 4.9 tagline across about pages for credits, freedoms, and privacy. 2017-11-12 20:00:37 +00:00
import.php
index.php Dashboard: Remove the "Try Gutenberg" callout. 2018-03-28 00:18:43 +00:00
install-helper.php
install.php I18N: Allow numbers in locales during installation. 2017-09-04 19:30:43 +00:00
link-add.php
link-manager.php
link-parse-opml.php
link.php
load-scripts.php
load-styles.php
media-new.php
media-upload.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
media.php
menu-header.php Administration: Admin menu: Use aria-current for the current active page. 2017-09-09 14:50:43 +00:00
menu.php Role/Capability: Introduce capabilities dedicated to installing and updating language files. 2017-08-18 18:31:44 +00:00
moderation.php
ms-admin.php
ms-delete-site.php I18N: Unify permission error message in wp-admin/ms-delete-site.php. 2017-10-19 00:48:50 +00:00
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php Users: Remove some links to the dashboard from My Sites for users who cannot access it. 2017-10-09 15:22:46 +00:00
nav-menus.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
network.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
options-discussion.php Comments: Change IP references in moderation option labels and email notifications to IP address for clarity. 2017-10-03 13:09:47 +00:00
options-general.php Role/Capability: Make install_languages capability check less restrictive. 2018-01-24 22:59:38 +00:00
options-head.php
options-media.php Media: On Media Settings screen, make the pairs of labels and inputs always stacked vertically, on both mobile and desktop screens. 2018-03-20 22:49:39 +00:00
options-permalink.php Permalinks: Change mention of URI to URL in the description of %category% tag. 2017-10-25 11:11:45 +00:00
options-reading.php Customize: Rename "Static front page" to just "Homepage". 2017-09-10 16:20:44 +00:00
options-writing.php I18N: Remove <code> and <kbd> tags from translatable strings on Settings screens. 2017-10-24 10:51:52 +00:00
options.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
plugin-editor.php Code Editors: Update copy in warning modals. 2017-10-24 18:47:47 +00:00
plugin-install.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:52:48 +00:00
plugins.php Dashboard: Remove the "Try Gutenberg" callout. 2018-03-28 00:18:43 +00:00
post-new.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
post.php Editor: Add the replace_editor filter. 2017-10-11 12:06:48 +00:00
press-this.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
privacy.php About: Synchronize 4.9 tagline across about pages for credits, freedoms, and privacy. 2017-11-12 20:00:37 +00:00
profile.php
revision.php
setup-config.php I18N: Replace hardcoded file name in translatable strings in wp-admin/setup-config.php with a placeholder. 2017-10-18 15:27:53 +00:00
term.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
theme-editor.php Theme Editor: Translate the URL to the Child Themes Codex page. 2017-11-27 03:53:40 +00:00
theme-install.php Themes: Improve line wrapping in feature filter on Theme Install screen and in the Customizer. 2018-01-15 19:30:40 +00:00
themes.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
tools.php Retire Press This and extract it to a plugin. First run. 2017-09-24 14:22:54 +00:00
update-core.php Plugins: Tweak the plugin icons added in [41695]. 2017-10-04 23:43:46 +00:00
update.php Customize: Eliminate use of customize-loader in core so Customizer is opened consistently in top window. 2017-10-09 16:04:48 +00:00
upgrade-functions.php
upgrade.php
upload.php
user-edit.php Taxonomy/Users: Use correct escaping function for URLs. 2017-09-19 21:14:47 +00:00
user-new.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
users.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00
widgets.php General: Replace Cheatin’ uh? with friendlier error messages. 2018-03-09 00:15:42 +00:00