Make WordPress Core

Changeset 50159


Ignore:
Timestamp:
02/02/2021 07:43:37 PM (4 years ago)
Author:
antpb
Message:

Privacy: Allow Admin to Skip e-mail confirmation for Export.

This adds a form option to skip the admin email alert when exporting personal data.

Props xkon, azaozz, TZ-Media, iandunn, desrosj, iprg, allendav, wesselvandenberg, karmatosed, birgire, davidbaumwald, estelaris, paaljoachim, hellofromTonya.
Fixes #43890.

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/css/forms.css

    r50025 r50159  
    13311331}
    13321332
    1333 .wp-privacy-request-form label {
    1334     font-weight: 600;
    1335     line-height: 1.5;
    1336     padding-bottom: .5em;
    1337     display: block;
    1338 }
    1339 
    13401333.wp-privacy-request-form input {
    13411334    margin: 0;
  • trunk/src/wp-admin/erase-personal-data.php

    r50147 r50159  
    110110    <form action="<?php echo esc_url( admin_url( 'erase-personal-data.php' ) ); ?>" method="post" class="wp-privacy-request-form">
    111111        <h2><?php esc_html_e( 'Add Data Erasure Request' ); ?></h2>
    112         <p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
    113 
    114112        <div class="wp-privacy-request-form-field">
    115             <label for="username_or_email_for_privacy_request"><?php esc_html_e( 'Username or email address' ); ?></label>
    116             <input type="text" required class="regular-text ltr" id="username_or_email_for_privacy_request" name="username_or_email_for_privacy_request" />
    117             <?php submit_button( __( 'Send Request' ), 'secondary', 'submit', false ); ?>
     113            <table class="form-table">
     114                <tr>
     115                    <th scope="row">
     116                        <label for="username_or_email_for_privacy_request"><?php esc_html_e( 'Username or email address' ); ?></label>
     117                    </th>
     118                    <td>
     119                        <input type="text" required class="regular-text ltr" id="username_or_email_for_privacy_request" name="username_or_email_for_privacy_request" />
     120                    </td>
     121                </tr>
     122                <tr>
     123                    <th scope="row">
     124                        <?php _e( 'Confirmation email' ); ?>
     125                    </th>
     126                    <td>
     127                        <label for="send_confirmation_email">
     128                            <input type="checkbox" name="send_confirmation_email" id="send_confirmation_email" value="1" checked="checked" />
     129                            <?php _e( 'Send personal data erasure confirmation email.' ); ?>
     130                        </label>
     131                    </td>
     132                </tr>
     133            </table>
     134            <p class="submit">
     135                <?php submit_button( __( 'Send Request' ), 'secondary', 'submit', false ); ?>
     136            </p>
    118137        </div>
    119138        <?php wp_nonce_field( 'personal-data-request' ); ?>
  • trunk/src/wp-admin/export-personal-data.php

    r50147 r50159  
    110110    <form action="<?php echo esc_url( admin_url( 'export-personal-data.php' ) ); ?>" method="post" class="wp-privacy-request-form">
    111111        <h2><?php esc_html_e( 'Add Data Export Request' ); ?></h2>
    112         <p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
    113 
    114112        <div class="wp-privacy-request-form-field">
    115             <label for="username_or_email_for_privacy_request"><?php esc_html_e( 'Username or email address' ); ?></label>
    116             <input type="text" required class="regular-text ltr" id="username_or_email_for_privacy_request" name="username_or_email_for_privacy_request" />
    117             <?php submit_button( __( 'Send Request' ), 'secondary', 'submit', false ); ?>
     113        <table class="form-table">
     114                <tr>
     115                    <th scope="row">
     116                        <label for="username_or_email_for_privacy_request"><?php esc_html_e( 'Username or email address' ); ?></label>
     117                    </th>
     118                    <td>
     119                        <input type="text" required class="regular-text ltr" id="username_or_email_for_privacy_request" name="username_or_email_for_privacy_request" />
     120                    </td>
     121                </tr>
     122                <tr>
     123                    <th scope="row">
     124                        <?php _e( 'Confirmation email' ); ?>
     125                    </th>
     126                    <td>
     127                        <label for="send_confirmation_email">
     128                            <input type="checkbox" name="send_confirmation_email" id="send_confirmation_email" value="1" checked="checked" />
     129                            <?php _e( 'Send personal data export confirmation email.' ); ?>
     130                        </label>
     131                    </td>
     132                </tr>
     133            </table>
     134            <p class="submit">
     135                <?php submit_button( __( 'Send Request' ), 'secondary', 'submit', false ); ?>
     136            </p>
    118137        </div>
    119138        <?php wp_nonce_field( 'personal-data-request' ); ?>
  • trunk/src/wp-admin/includes/privacy-tools.php

    r50055 r50159  
    112112                $username_or_email_address = sanitize_text_field( wp_unslash( $_POST['username_or_email_for_privacy_request'] ) );
    113113                $email_address             = '';
     114                $send_confirmation_email   = true;
     115
     116                if ( ! isset( $_POST['send_confirmation_email'] ) ) {
     117                    $send_confirmation_email   = false;
     118                }
    114119
    115120                if ( ! in_array( $action_type, _wp_privacy_action_request_types(), true ) ) {
     
    142147                }
    143148
    144                 $request_id = wp_create_user_request( $email_address, $action_type );
     149                $request_id = wp_create_user_request( $email_address, $action_type, array(), $send_confirmation_email );
    145150
    146151                if ( is_wp_error( $request_id ) ) {
     
    162167                }
    163168
    164                 wp_send_user_request( $request_id );
     169                if ( $send_confirmation_email ) {
     170                    wp_send_user_request( $request_id );
     171                }
    165172
    166173                add_settings_error(
  • trunk/src/wp-includes/user.php

    r50141 r50159  
    39383938 * @since 4.9.6
    39393939 *
    3940  * @param string $email_address User email address. This can be the address of a registered or non-registered user.
    3941  * @param string $action_name   Name of the action that is being confirmed. Required.
    3942  * @param array  $request_data  Misc data you want to send with the verification request and pass to the actions once the request is confirmed.
    3943  * @return int|WP_Error Returns the request ID if successful, or a WP_Error object on failure.
    3944  */
    3945 function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array() ) {
     3940 * @param string $email_address           User email address. This can be the address of a registered or non-registered user.
     3941 * @param string $action_name             Name of the action that is being confirmed. Required.
     3942 * @param array  $request_data            Misc data you want to send with the verification request and pass to the actions once the request is confirmed.
     3943 * @param bool   $send_confirmation_email Optional. True by default, if false is passed the request status is set to Completed directly.
     3944 * @return int|WP_Error                   Returns the request ID if successful, or a WP_Error object on failure.
     3945 */
     3946function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $send_confirmation_email = true ) {
    39463947    $email_address = sanitize_email( $email_address );
    39473948    $action_name   = sanitize_key( $action_name );
     
    39763977    }
    39773978
     3979    if ( false !== $send_confirmation_email ) {
     3980        $status = 'request-pending';
     3981    } else {
     3982        $status = 'request-completed';
     3983    }
     3984
    39783985    $request_id = wp_insert_post(
    39793986        array(
     
    39823989            'post_title'    => $email_address,
    39833990            'post_content'  => wp_json_encode( $request_data ),
    3984             'post_status'   => 'request-pending',
     3991            'post_status'   => $status,
    39853992            'post_type'     => 'user_request',
    39863993            'post_date'     => current_time( 'mysql', false ),
  • trunk/tests/phpunit/tests/privacy/wpCreateUserRequest.php

    r49603 r50159  
    309309        $this->assertSame( 'empty_content', $actual->get_error_code() );
    310310    }
     311
     312    /**
     313     * Test that the request has a Pending status if a confirmation email is sent.
     314     *
     315     * @ticket 43890
     316     */
     317    public function test_pending_status_with_default_wp_create_user_request_params() {
     318        $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data' );
     319        $post   = get_post( $actual );
     320
     321        $this->assertSame( 'request-pending', $post->post_status );
     322    }
     323
     324    /**
     325     * Test that the request has a Pending status if the $send_confirmation_email param is true.
     326     *
     327     * @ticket 43890
     328     */
     329    public function test_pending_status_with_true_send_confirmation_email() {
     330        $request_data            = array();
     331        $send_confirmation_email = true;
     332
     333        $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data', $request_data, $send_confirmation_email );
     334        $post   = get_post( $actual );
     335
     336        $this->assertSame( 'request-pending', $post->post_status );
     337    }
     338
     339    /**
     340     * Test that the request has a Completed status if the $send_confirmation_email param is false.
     341     *
     342     * @ticket 43890
     343     */
     344    public function test_pending_status_with_false_send_confirmation_email() {
     345        $request_data                    = array();
     346        $send_confirmation_email = false;
     347
     348        $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data', $request_data, $send_confirmation_email );
     349        $post   = get_post( $actual );
     350
     351        $this->assertSame( 'request-completed', $post->post_status );
     352    }
    311353}
Note: See TracChangeset for help on using the changeset viewer.