WordPress.org

Make WordPress Core

Opened 11 days ago

Closed 32 hours ago

#44356 closed defect (bug) (worksforme)

Privacy settings page is listing non published pages

Reported by: f2cmb Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Privacy Keywords:
Focuses: Cc:

Description

Hello,

when choosing in the select field in /wp-admin/privacy.php a page whose status is draft, the option wp_page_for_privacy_policy in the database is updated, but as the page is not published, the get_privacy_policy_url() in https://github.com/WordPress/WordPress/blob/master/wp-includes/user.php#L3110 stays empty, causing the email generated in https://github.com/WordPress/WordPress/blob/master/wp-includes/user.php#L3137 giving an empty url.

Attachments (1)

44356.diff (765 bytes) - added by f2cmb 11 days ago.
add if statement for draft status on privacy policy page

Download all attachments as: .zip

Change History (9)

#1 @audrasjb
11 days ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to 4.9.7

Hi and welcome to WordPress Trac!

Indeed, I guess get_privacy_policy_url() should return a WP_Error if the privacy page is missing or not published yet.

Use case: this is useful if the function is called directly by developers.

Last edited 11 days ago by audrasjb (previous) (diff)

@f2cmb
11 days ago

add if statement for draft status on privacy policy page

#2 @audrasjb
11 days ago

  • Keywords has-patch 2nd-opinion added; needs-patch removed

Thanks for the patch @f2cmb :) I guess this is a good first step to add "draft" notice.

Maybe we should also add "pending" notice to this patch?

#3 follow-up: @desrosj
11 days ago

  • Keywords close reporter-feedback added
  • Milestone changed from 4.9.7 to Awaiting Review

The first part of the ticket (showing a notice in the admin when the policy is not publicly visible) is already being addressed in #44320. There are more details there, so let's focus the conversation on that ticket.

I am not able to reproduce the second part of your ticket. On a fresh install, if the privacy policy page is in draft state, the For more information, you can also read our privacy policy: URL does not appear in the email. get_privacy_policy_url() will return an empty string if the privacy policy page is not published or not selected, which will cause the alternate email text to be used (L3037).

Looking through core, most of the "get link" functions either return a string, null, or false. I think false would be ok to use here when the selected privacy policy page does not exist or is not published, but I don't think that this change is needed.

@f2cmb if you are seeing the privacy policy link as empty in the confirmation email you specified, can you give me some steps to reproduce the issue?

#4 follow-up: @desrosj
11 days ago

Also of note, being able to select a draft page was a conscious decision. When the user clicks the "Create New Page: button, a privacy policy page is created in draft state and saved to the option. It's also not uncommon for a privacy policy page to need a long period of time to build, or to go through several levels of approval, so selecting the page when it is still in draft status is useful.

#5 in reply to: ↑ 3 @f2cmb
11 days ago

Replying to desrosj:

@f2cmb if you are seeing the privacy policy link as empty in the confirmation email you specified, can you give me some steps to reproduce the issue?

Sure, first i didn't set a page for this. Then i've been in privacy.php and set my custom page. Then i received the mail with the sentence who leads to the link, but there was nothing after " : ". And i realize it was a draft. Then when i changed the status to "publish" it was ok. My guess was that the select field, as far as the site is live and have to respect the GDPR, the Privacy Policy page has to be a public one to avoid a mail with no link in it.

#6 in reply to: ↑ 4 ; follow-up: @f2cmb
11 days ago

Replying to desrosj:

Also of note, being able to select a draft page was a conscious decision. When the user clicks the "Create New Page: button, a privacy policy page is created in draft state and saved to the option. It's also not uncommon for a privacy policy page to need a long period of time to build, or to go through several levels of approval, so selecting the page when it is still in draft status is useful.

Maybe something that can throw an alert to the user, based on the status page or an option, could help webmasters to avoid sending an email with no link ?

Thanks for your comments and precisions, best regards.

#7 @f2cmb
11 days ago

  • Keywords reporter-feedback removed

#8 in reply to: ↑ 6 @desrosj
32 hours ago

  • Keywords 2nd-opinion close has-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Replying to f2cmb:

Maybe something that can throw an alert to the user, based on the status page or an option, could help webmasters to avoid sending an email with no link ?

That is the goal in #44320.

I am still unable to reproduce the issue that you are describing. I am going to close this out as worksforme. If someone else is able to reproduce this we can reopen it.

Note: See TracTickets for help on using tickets.