WordPress.org

Make WordPress Core

Opened 13 days ago

Closed 13 days ago

Last modified 7 days ago

#44040 closed defect (bug) (fixed)

Potential PHP notice in `wp_ajax_wp_privacy_erase_personal_data()`

Reported by: desrosj Owned by: SergeyBiryukov
Milestone: 4.9.6 Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr has-patch commit
Focuses: Cc:

Description

The $eraser_key variable is passed to the wp_privacy_personal_data_erasure_page filter, but it is only set if there is one or more data erasers defined.

The variable should be initialized earlier to avoid a PHP notice.

Attachments (1)

44040.diff (1.8 KB) - added by allendav 13 days ago.

Download all attachments as: .zip

Change History (8)

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


13 days ago

#2 @allendav
13 days ago

  • Keywords has-patch needs-testing added; needs-patch removed

To test:

  • WP_DEBUG true
  • Comment out add_filter( 'wp_privacy_personal_data_erasers', 'wp_register_comment_personal_data_eraser' ); in wp-includes/default-filters.php
  • Make sure you have NO other plugins installed that contribute erasers - the goal is to get to 0 erasers :P
  • Perform an erasure on an uncompleted request. Ensure it completes and is marked as such.
  • Ensure no notices in the logs
Last edited 13 days ago by allendav (previous) (diff)

@allendav
13 days ago

#3 @allendav
13 days ago

Updated patch - accidentally included default-filters test hack.

Also fixed same flaw which also exists in the exporters logic.

#4 @desrosj
13 days ago

  • Keywords commit added; needs-testing removed

#5 @SergeyBiryukov
13 days ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 43228:

Privacy: Avoid a PHP notice in wp_ajax_wp_privacy_erase_personal_data(), make sure $eraser_key is always defined.

Props allendav.
Fixes #44040.

#6 @SergeyBiryukov
13 days ago

In 43229:

Privacy: Avoid a PHP notice in wp_ajax_wp_privacy_erase_personal_data(), make sure $eraser_key is always defined.

Props allendav.
Merges [43228] to the 4.9 branch.
Fixes #44040.

#7 @desrosj
7 days ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

Note: See TracTickets for help on using tickets.