Ticket #43738: 43738-2.diff

src/wp-admin/erase-personal-data.php

@@ -110 +110 @@
 
         <?php settings_errors(); ?>
 
-        <form action="<?php echo esc_url( admin_url( 'erase-personal-data.php' ) ); ?>" method="post" class="wp-privacy-request-form">
+        <form action="<?php echo esc_url( self_admin_url( 'erase-personal-data.php' ) ); ?>" method="post" class="wp-privacy-request-form">
                 <h2><?php esc_html_e( 'Add Data Erasure Request' ); ?></h2>
                 <div class="wp-privacy-request-form-field">
                         <table class="form-table">

src/wp-admin/export-personal-data.php

@@ -110 +110 @@
 
         <?php settings_errors(); ?>
 
-        <form action="<?php echo esc_url( admin_url( 'export-personal-data.php' ) ); ?>" method="post" class="wp-privacy-request-form">
+        <form action="<?php echo esc_url( self_admin_url( 'export-personal-data.php' ) ); ?>" method="post" class="wp-privacy-request-form">
                 <h2><?php esc_html_e( 'Add Data Export Request' ); ?></h2>
                 <div class="wp-privacy-request-form-field">
                 <table class="form-table">

src/wp-admin/includes/class-wp-privacy-requests-table.php

@@ -375 +375 @@
                         'post_status'    => 'any',
                         's'              => isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '',
                 );
+                if ( is_network_admin() ) {
+                        $args['meta_query'] = array(
+                                array(
+                                        'key'   => '_wp_user_request_blog_id',
+                                        'value' => 0,
+                                ),
+                        );
+                }
+                else {
+                        $args['meta_query'] = array(
+                                'relation' => 'OR',
+                                array(
+                                        'key'     => '_wp_user_request_blog_id',
+                                        'value'   => get_current_blog_id(),
+                                ),
+                                // The meta key will not exist for requests submitted before 5.5.
+                                array(
+                                        'key'     => '_wp_user_request_blog_id',
+                                        'compare' => 'NOT EXISTS',
+                                ),
+                        );
+                }
 
                 $orderby_mapping = array(
                         'requester' => 'post_title',

src/wp-admin/includes/privacy-tools.php

@@ -146 +146 @@
                                         break;
                                 }
 
-                                $request_id = wp_create_user_request( $email_address, $action_type, array(), $status );
+                                $request_id = wp_create_user_request(
+                                        $email_address,
+                                        $action_type,
+                                        array(),
+                                        is_network_admin() ? 0 : get_current_blog_id()
+                                );
+
                                 $message    = '';
 
                                 if ( is_wp_error( $request_id ) ) {
@@ -196 +202 @@
         /** This filter is documented in wp-includes/user.php */
         $expires = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );
 
-        $requests_query = new WP_Query(
-                array(
-                        'post_type'      => 'user_request',
-                        'posts_per_page' => -1,
-                        'post_status'    => 'request-pending',
-                        'fields'         => 'ids',
-                        'date_query'     => array(
-                                array(
-                                        'column' => 'post_modified_gmt',
-                                        'before' => $expires . ' seconds ago',
-                                ),
+        $args = array(
+                'post_type'      => 'user_request',
+                'posts_per_page' => -1,
+                'post_status'    => 'request-pending',
+                'fields'         => 'ids',
+                'date_query'     => array(
+                        array(
+                                'column' => 'post_modified_gmt',
+                                'before' => $expires . ' seconds ago',
                         ),
-                )
+                ),
         );
+        if ( is_network_admin() ) {
+                $args['meta_query'] = array(
+                        array(
+                                'key'   => '_wp_user_request_blog_id',
+                                'value' => 0,
+                        ),
+                );
+        }
+        else {
+                $args['meta_query'] = array(
+                        'relation' => 'OR',
+                        array(
+                                'key'     => '_wp_user_request_blog_id',
+                                'value'   => get_current_blog_id(),
+                        ),
+                        // The meta key will not exist for requests submitted before 5.5.
+                        array(
+                                'key'     => '_wp_user_request_blog_id',
+                                'compare' => 'NOT EXISTS',
+                        ),
+                );
+        }
+
+        $requests_query = new WP_Query( $args );
 
         $request_ids = $requests_query->posts;
 

new file src/wp-admin/network/erase-personal-data.php

@@ +1 @@
+<?php
+/**
+ * Privacy tools, Erase Personal Data screen.
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+/** Load WordPress Administration Bootstrap */
+require_once __DIR__ . '/admin.php';
+
+require ABSPATH . 'wp-admin/erase-personal-data.php';

new file src/wp-admin/network/export-personal-data.php

@@ +1 @@
+<?php
+/**
+ * Privacy tools, Export Personal Data screen.
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+/** Load WordPress Administration Bootstrap */
+require_once __DIR__ . '/admin.php';
+
+require ABSPATH . 'wp-admin/export-personal-data.php';

src/wp-admin/network/menu.php

@@ -111 +111 @@
 $submenu['plugins.php'][10] = array( __( 'Add Plugin' ), 'install_plugins', 'plugin-install.php' );
 $submenu['plugins.php'][15] = array( __( 'Plugin File Editor' ), 'edit_plugins', 'plugin-editor.php' );
 
+$menu[21]                 = array( __( 'Tools' ), 'edit_posts', 'tools.php', '', 'menu-top menu-icon-tools', 'menu-tools', 'dashicons-admin-tools' );
+$submenu['tools.php'][5]  = array( __( 'Available Tools' ), 'edit_posts', 'tools.php' );
+$submenu['tools.php'][25] = array( __( 'Export Personal Data' ), 'export_others_personal_data', 'export-personal-data.php' );
+$submenu['tools.php'][30] = array( __( 'Erase Personal Data' ), 'erase_others_personal_data', 'erase-personal-data.php' );
+
 $menu[25] = array( __( 'Settings' ), 'manage_network_options', 'settings.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
 if ( defined( 'MULTISITE' ) && defined( 'WP_ALLOW_MULTISITE' ) && WP_ALLOW_MULTISITE ) {
         $submenu['settings.php'][5]  = array( __( 'Network Settings' ), 'manage_network_options', 'settings.php' );

src/wp-includes/admin-bar.php

@@ -646 +646 @@
                         );
                 }
 
+                if ( current_user_can( 'edit_posts' ) ) {
+                        $wp_admin_bar->add_node(
+                                array(
+                                        'parent' => 'network-admin',
+                                        'id'     => 'network-admin-tools',
+                                        'title'  => __( 'Tools' ),
+                                        'href'   => network_admin_url( 'tools.php' ),
+                                )
+                        );
+                }
+
                 if ( current_user_can( 'manage_network_options' ) ) {
                         $wp_admin_bar->add_node(
                                 array(

src/wp-includes/class-wp-user-request.php

@@ -98 +98 @@
          */
         public $confirm_key = '';
 
+        /**
+         * Blog ID the request was submitted to.
+         *
+         * Will be 0 if the request was submitted at the network-level.
+         *
+         * @since 5.5
+         * @var int
+         */
+        public $blog_id;
+
         /**
          * Constructor.
          *
@@ -117 +127 @@
                 $this->completed_timestamp = (int) get_post_meta( $post->ID, '_wp_user_request_completed_timestamp', true );
                 $this->request_data        = json_decode( $post->post_content, true );
                 $this->confirm_key         = $post->post_password;
+
+                $blog_id                   = get_post_meta( $post->ID, '_wp_user_request_blog_id', true );
+                // $blog_id will be the empty string for requests submitted prior to 5.5.
+                $this->blog_id             = '' !== $blog_id ? (int) $blog_id : get_current_blog_id();
         }
 }

src/wp-includes/user.php

@@ -4698 +4698 @@
  * users on the site, or guests without a user account.
  *
  * @since 4.9.6
+ *
  * @since 5.7.0 Added the `$status` parameter.
+ * @since x.y.z Added `$blog_id` parameter.
+
  *
- * @param string $email_address           User email address. This can be the address of a registered
- *                                        or non-registered user.
- * @param string $action_name             Name of the action that is being confirmed. Required.
- * @param array  $request_data            Misc data you want to send with the verification request and pass
- *                                        to the actions once the request is confirmed.
- * @param string $status                  Optional request status (pending or confirmed). Default 'pending'.
- * @return int|WP_Error                   Returns the request ID if successful, or a WP_Error object on failure.
+ * @param string $email_address User email address. This can be the address of a registered
+ *                              or non-registered user.
+ * @param string $action_name   Name of the action that is being confirmed. Required.
+ * @param array  $request_data  Misc data you want to send with the verification request and pass
+ *                              to the actions once the request is confirmed.
+ * @param string $status        Optional request status (pending or confirmed). Default 'pending'.
+ * @param int|null $blog_id     Blog ID to create request in.  Use 0 for a network-level requests.  Default is null, indicating the current blog ID.
+ * @return int|WP_Error         Returns the request ID if successful, or a WP_Error object on failure.
  */
-function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $status = 'pending' ) {
+function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $status = 'pending', $blog_id = null ) {
         $email_address = sanitize_email( $email_address );
         $action_name   = sanitize_key( $action_name );
+        $blog_id       = null === $blog_id ? get_current_blog_id() : (int) $blog_id;
 
         if ( ! is_email( $email_address ) ) {
                 return new WP_Error( 'invalid_email', __( 'Invalid email address.' ) );
@@ -4724 +4729 @@
                 return new WP_Error( 'invalid_status', __( 'Invalid request status.' ) );
         }
 
+        if ( $blog_id && ! get_site( $blog_id ) ) {
+                return new WP_Error( 'invalid_blog_id', __( 'Invalid blog ID.' ) );
+        }
+
         $user    = get_user_by( 'email', $email_address );
         $user_id = $user && ! is_wp_error( $user ) ? $user->ID : 0;
 
         // Check for duplicates.
-        $requests_query = new WP_Query(
-                array(
-                        'post_type'     => 'user_request',
-                        'post_name__in' => array( $action_name ), // Action name stored in post_name column.
-                        'title'         => $email_address,        // Email address stored in post_title column.
-                        'post_status'   => array(
-                                'request-pending',
-                                'request-confirmed',
+        $args = array(
+                'post_type'     => 'user_request',
+                'post_name__in' => array( $action_name ), // Action name stored in post_name column.
+                'title'         => $email_address,        // Email address stored in post_title column.
+                'post_status'   => array(
+                        'request-pending',
+                        'request-confirmed',
+                ),
+                'fields'        => 'ids',
+                'meta_query'    => array(
+                        array(
+                                'key'   => '_wp_user_request_blog_id',
+                                'value' => $blog_id,
                         ),
-                        'fields'        => 'ids',
-                )
+                ),
         );
+        if ( $blog_id ) {
+                // add a check for requests submitted prior to 5.5.
+                $args['meta_query']['relation'] = 'OR';
+                $args['meta_query'][] = array(
+                        'key'     => '_wp_user_request_blog_id',
+                        'compare' => 'NOT EXISTS',
+                );
+        }
+
+        $requests_query = new WP_Query( $args );
 
         if ( $requests_query->found_posts ) {
                 return new WP_Error( 'duplicate_request', __( 'An incomplete personal data request for this email address already exists.' ) );
@@ -4755 +4778 @@
                         'post_type'     => 'user_request',
                         'post_date'     => current_time( 'mysql', false ),
                         'post_date_gmt' => current_time( 'mysql', true ),
+                        'meta_input'    => array(
+                                '_wp_user_request_blog_id' => $blog_id,
+                        ),
                 ),
                 true
         );

new file src/wp-admin/network/tools.php

@@ +1 @@
+<?php
+/**
+ * Multisite Tools Administration Screen.
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+if ( isset( $_GET['page'] ) && ! empty( $_POST ) ) {
+        // Ensure POST-ing to `tools.php?page=export_personal_data` and `tools.php?page=remove_personal_data`
+        // continues to work after creating the new files for exporting and erasing of personal data.
+        if ( 'export_personal_data' === $_GET['page'] ) {
+                require_once ABSPATH . 'wp-admin/network/export-personal-data.php';
+                return;
+        } elseif ( 'remove_personal_data' === $_GET['page'] ) {
+                require_once ABSPATH . 'wp-admin/network/erase-personal-data.php';
+                return;
+        }
+}
+
+if ( isset( $_GET['page'] ) ) {
+        // These were also moved to files in WP 5.3.
+        if ( 'export_personal_data' === $_GET['page'] ) {
+                require_once dirname( __DIR__ ) . '/wp-load.php';
+                wp_redirect( admin_url( 'network/export-personal-data.php' ), 301 );
+                exit;
+        } elseif ( 'remove_personal_data' === $_GET['page'] ) {
+                require_once dirname( __DIR__ ) . '/wp-load.php';
+                wp_redirect( admin_url( 'network/erase-personal-data.php' ), 301 );
+                exit;
+        }
+}
+
+/** WordPress Administration Bootstrap */
+require_once __DIR__ . '/admin.php';
+
+// Used in the HTML title tag.
+$title = __( 'Tools' );
+
+require_once ABSPATH . 'wp-admin/admin-header.php';
+
+?>
+<div class="wrap">
+<h1><?php echo esc_html( $title ); ?></h1>
+<?php
+
+/**
+ * Fires at the end of the Tools Administration screen.
+ *
+ * @since x.y.z
+ */
+do_action( 'network_tool_box' );
+
+?>
+</div>
+<?php
+
+require_once ABSPATH . 'wp-admin/admin-footer.php';

src/wp-admin/includes/privacy-tools.php

@@ -150 +150 @@
                                         $email_address,
                                         $action_type,
                                         array(),
+                                        $status,
                                         is_network_admin() ? 0 : get_current_blog_id()
                                 );