WordPress.org

Making WordPress.org

Changeset 7745


Ignore:
Timestamp:
10/18/2018 09:57:25 PM (9 months ago)
Author:
iandunn
Message:

WordCamp Payments: Obscure payment file names to prevent scraping.

See #3244

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/privacy.php

    r7742 r7745  
    1111
    1212add_filter( 'the_posts',                          __NAMESPACE__ . '\hide_others_payment_files', 10, 2 );
     13add_filter( 'wp_unique_filename',                 __NAMESPACE__ . '\obscure_payment_file_names', 10, 2 );
    1314add_filter( 'wp_privacy_personal_data_exporters', __NAMESPACE__ . '\register_personal_data_exporters' );
    1415add_filter( 'wp_privacy_personal_data_erasers',   __NAMESPACE__ . '\register_personal_data_erasers'   );
     
    9596
    9697    return wp_list_pluck( $payment_posts_with_attachments, 'ID' );
     98}
     99
     100/**
     101 * Add a CSPRN to payment file names to protect privacy.
     102 *
     103 * Without this, a 3rd party could scrape the site looking for predictable filenames. With this added, that is no
     104 * longer practical. See https://core.trac.wordpress.org/ticket/43546#comment:34 for details on how a similar
     105 * technique was used in Core. A length of `16` was chosen because that makes the filename less cumbersome, but
     106 * still makes brute force practically impossible (2.267522912 * 10^26 years).
     107 *
     108 * @param string $filename
     109 * @param string $extension
     110 *
     111 * @return string
     112 */
     113function obscure_payment_file_names( $filename, $extension ) {
     114    $attached_post       = get_post( absint( $_REQUEST['post_id'] ?? 0 ) );
     115    $relevant_post_types = array(
     116        Reimbursement_Requests\POST_TYPE,
     117        WCP_Payment_Request::POST_TYPE,
     118    );
     119
     120    if ( $attached_post instanceof WP_Post && in_array( $attached_post->post_type, $relevant_post_types, true ) ) {
     121        $filename = sprintf(
     122            '%s-%s%s',
     123            str_replace( $extension, '', $filename ),
     124            wp_generate_password( 16, false, false ),
     125            $extension
     126        );
     127    }
     128
     129    return $filename;
    97130}
    98131
Note: See TracChangeset for help on using the changeset viewer.