WordPress.org

Make WordPress Core

#49476 closed defect (bug) (fixed)

Incorrect links to export/delete personal data in emails

Reported by: Jurgen Oldenburg Owned by: SergeyBiryukov
Milestone: 5.3.3 Priority: normal
Severity: normal Version: 5.3
Component: Privacy Keywords: has-patch commit fixed-major
Focuses: Cc:

Description

When an email is sent to the administrator with a notification of a user requesting the erase or export of their personal data, the links are incorrect.

wp-admin/tools.php?page=export_personal_data
Should be: wp-admin/export-personal-data.php

And wp-admin/tools.php?page=remove_personal_data
should be: wp-admin/erase-personal-data.php

Both links result in a 'Sorry, you are not allowed to access this page' error.

Attachments (1)

49476.diff (1.8 KB) - added by garrett-eclipse 15 months ago.
Patch to update links in emails and update the back-compat redirects so they aren't blocked by the user_can_access_admin_page check

Download all attachments as: .zip

Change History (12)

#1 @SergeyBiryukov
15 months ago

  • Component changed from General to Privacy

#2 @SergeyBiryukov
15 months ago

Hi there, welcome to WordPress Trac! Thanks for the report.

Just adding a link to the related changeset here: [45448] / #43895.

@garrett-eclipse
15 months ago

Patch to update links in emails and update the back-compat redirects so they aren't blocked by the user_can_access_admin_page check

#3 @garrett-eclipse
15 months ago

  • Keywords has-patch needs-testing added; needs-patch removed
  • Milestone changed from Awaiting Review to 5.3.3
  • Version set to 5.3

Thanks @jurgen-oldenburg for catching this.

I've updated the links in 49476.diff to point to the new locations.

Also while looking into this I found there was some redirect code in the tools.php which was supposed to mitigate the change by redirecting to the proper new location;

This unfortunately is run after the /wp-admin/admin.php require which through a later require of wp-admin/includes/menu.php does a user_can_access_admin_page check and fails due to the pages no longer existing. To address this I moved the conditional before the require and added wp-load.php require_once calls in order to have wp_redirect function.

@SergeyBiryukov I've milestoned for 5.3.3 as this is a reversion introduced on that branch but am wondering if it's not too late for 5.4.
CC @azaozz as the original committer of the privacy re-organization. Mostly wanting to see if my approach to the back-compat redirect is appropriate.

#4 @SergeyBiryukov
14 months ago

  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

This ticket was mentioned in Slack in #core by david.baumwald. View the logs.


14 months ago

#6 @johnbillion
14 months ago

  • Milestone changed from 5.3.3 to 5.4

#7 @johnbillion
14 months ago

  • Keywords needs-testing removed

#8 @johnbillion
14 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 47412:

Privacy: Fix the URLs and legacy redirects for the personal data export and erasure screens.

Props Jurgen Oldenburg, garrett-eclipse

Fixes #49476

This ticket was mentioned in Slack in #core by garrett-eclipse. View the logs.


14 months ago

#10 @SergeyBiryukov
14 months ago

  • Keywords commit fixed-major added
  • Milestone changed from 5.4 to 5.3.3
  • Resolution fixed deleted
  • Status changed from closed to reopened

[47412] should be backported to the 5.3 branch, per comment:3.

#11 @SergeyBiryukov
14 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 47417:

Privacy: Fix the URLs and legacy redirects for the personal data export and erasure screens.

Props Jurgen Oldenburg, garrett-eclipse.
Merges [47412] to the 5.3 branch.
Fixes #49476.

Note: See TracTickets for help on using tickets.