Changeset 7745
- Timestamp:
- 10/18/2018 09:57:25 PM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/privacy.php
r7742 r7745 11 11 12 12 add_filter( 'the_posts', __NAMESPACE__ . '\hide_others_payment_files', 10, 2 ); 13 add_filter( 'wp_unique_filename', __NAMESPACE__ . '\obscure_payment_file_names', 10, 2 ); 13 14 add_filter( 'wp_privacy_personal_data_exporters', __NAMESPACE__ . '\register_personal_data_exporters' ); 14 15 add_filter( 'wp_privacy_personal_data_erasers', __NAMESPACE__ . '\register_personal_data_erasers' ); … … 95 96 96 97 return wp_list_pluck( $payment_posts_with_attachments, 'ID' ); 98 } 99 100 /** 101 * Add a CSPRN to payment file names to protect privacy. 102 * 103 * Without this, a 3rd party could scrape the site looking for predictable filenames. With this added, that is no 104 * longer practical. See https://core.trac.wordpress.org/ticket/43546#comment:34 for details on how a similar 105 * technique was used in Core. A length of `16` was chosen because that makes the filename less cumbersome, but 106 * still makes brute force practically impossible (2.267522912 * 10^26 years). 107 * 108 * @param string $filename 109 * @param string $extension 110 * 111 * @return string 112 */ 113 function obscure_payment_file_names( $filename, $extension ) { 114 $attached_post = get_post( absint( $_REQUEST['post_id'] ?? 0 ) ); 115 $relevant_post_types = array( 116 Reimbursement_Requests\POST_TYPE, 117 WCP_Payment_Request::POST_TYPE, 118 ); 119 120 if ( $attached_post instanceof WP_Post && in_array( $attached_post->post_type, $relevant_post_types, true ) ) { 121 $filename = sprintf( 122 '%s-%s%s', 123 str_replace( $extension, '', $filename ), 124 wp_generate_password( 16, false, false ), 125 $extension 126 ); 127 } 128 129 return $filename; 97 130 } 98 131
Note: See TracChangeset
for help on using the changeset viewer.