Privacy settings page is listing non published pages

[f2cmb]

Hello,

when choosing in the select field in /wp-admin/privacy.php a page whose status is draft, the option wp_page_for_privacy_policy in the database is updated, but as the page is not published, the get_privacy_policy_url() in ​https://github.com/WordPress/WordPress/blob/master/wp-includes/user.php#L3110 stays empty, causing the email generated in ​https://github.com/WordPress/WordPress/blob/master/wp-includes/user.php#L3137 giving an empty url.

[audrasjb]

Hi and welcome to WordPress Trac!

Indeed, I guess get_privacy_policy_url() should return a WP_Error if the privacy page is missing or not published yet.

Use case: this is useful if the function is called directly by developers.

[f2cmb]

add if statement for draft status on privacy policy page

[audrasjb]

Thanks for the patch @f2cmb :)
I guess this is a good first step to add "draft" notice.

Maybe we should also add "pending" notice to this patch?

[desrosj]

The first part of the ticket (showing a notice in the admin when the policy is not publicly visible) is already being addressed in #44320. There are more details there, so let's focus the conversation on that ticket.

I am not able to reproduce the second part of your ticket. On a fresh install, if the privacy policy page is in draft state, the For more information, you can also read our privacy policy: URL does not appear in the email. get_privacy_policy_url() will return an empty string if the privacy policy page is not published or not selected, which will cause the alternate email text to be used (L3037).

Looking through core, most of the "get link" functions either return a string, null, or false. I think false would be ok to use here when the selected privacy policy page does not exist or is not published, but I don't think that this change is needed.

@f2cmb if you are seeing the privacy policy link as empty in the confirmation email you specified, can you give me some steps to reproduce the issue?

[desrosj]

Also of note, being able to select a draft page was a conscious decision. When the user clicks the "Create New Page: button, a privacy policy page is created in draft state and saved to the option. It's also not uncommon for a privacy policy page to need a long period of time to build, or to go through several levels of approval, so selecting the page when it is still in draft status is useful.

[f2cmb]

Replying to desrosj:

@f2cmb if you are seeing the privacy policy link as empty in the confirmation email you specified, can you give me some steps to reproduce the issue?

Sure, first i didn't set a page for this. Then i've been in privacy.php and set my custom page. Then i received the mail with the sentence who leads to the link, but there was nothing after " : ". And i realize it was a draft. Then when i changed the status to "publish" it was ok. My guess was that the select field, as far as the site is live and have to respect the GDPR, the Privacy Policy page has to be a public one to avoid a mail with no link in it.

[f2cmb]

Replying to desrosj:

Also of note, being able to select a draft page was a conscious decision. When the user clicks the "Create New Page: button, a privacy policy page is created in draft state and saved to the option. It's also not uncommon for a privacy policy page to need a long period of time to build, or to go through several levels of approval, so selecting the page when it is still in draft status is useful.

Maybe something that can throw an alert to the user, based on the status page or an option, could help webmasters to avoid sending an email with no link ?

Thanks for your comments and precisions, best regards.

[desrosj]

Replying to f2cmb:

Maybe something that can throw an alert to the user, based on the status page or an option, could help webmasters to avoid sending an email with no link ?

That is the goal in #44320.

I am still unable to reproduce the issue that you are describing. I am going to close this out as worksforme. If someone else is able to reproduce this we can reopen it.