WordPress.org
Get WordPress

Make WordPress Core

Opened 2 months ago

Last modified 5 weeks ago

#64282 new defect (bug)

Erase personal data does not remove biographical info

Reported by: wpandlpuser's profile wpandlpuser Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.8.3
Component: Privacy Keywords: has-patch has-testing needs-unit-tests
Focuses: Cc:

Description

Dear WordPress team,

I am unsure whether this is a bug or a design-related gap.

When I use the WP dashboard/Tools/Erase personal data function, the Biographical information field is not deleted. It seems to be the standard behavior for any WP site.

Shouldn’t this be considered as personal data? A user could enter here his/her name, unique identifier, etc. As the field name suggests, the user might populate it with personal information.

I am looking forward to your feedback.

Thanks!

Steps to reproduce:

  1. Clean WP install
  2. New user registration
  3. User populates biographical information
  4. Administrator runs WP dashboard/Tools/Erase personal data
  5. Administrator runs WP dashboard/Tools/Export personal data and sees the biographical information still in the system

Attachments (1)

64282.diff (3.6 KB) - added by iflairwebtechnologies 8 weeks ago.
Fix Biographical Info Erasure Issue in wp-admin (6.8.3)

Download all attachments as: .zip

Change History (11)

#1 @palak678
2 months ago

I tested locally and the issue is still persist

see the below image :

https://postimg.cc/gallery/hKn42Tf

@iflairwebtechnologies
8 weeks ago

Fix Biographical Info Erasure Issue in wp-admin (6.8.3)

#2 @iflairwebtechnologies
8 weeks ago

  • Keywords has-patch added

Fixed an issue where biographical info (description) was not erased during the Erase Personal Data process in WordPress 6.8.3.

Changes made:

1 In wp-includes/user.php:

  • Added a custom personal data eraser, wp_user_personal_data_eraser, to handle the erasure of biographical information (stored in the description field) during the personal data erasure process.
  • Specifically, added a call to delete_user_meta( $user_id, 'description' ) to ensure the biographical information is removed as part of the data erasure request.

2. In wp-includes/default-filters.php:

  • Registered the custom user personal data eraser by adding a filter wp_privacy_personal_data_erasers to ensure the new erasure function is applied during the personal data removal process.
Last edited 8 weeks ago by iflairwebtechnologies (previous) (diff)

#3 @mindctrl
7 weeks ago

  • Keywords 2nd-opinion needs-unit-tests added

@wpandlpuser Welcome to Trac, and thank you for this report. I agree that the bio could contain information that could identify an individual. I'll tag this with 2nd-opinion to get another opinion.

@iflairwebtechnologies thank you for the patch. Would you be open to creating this as a PR against WordPress/wordpress-develop on GitHub? This allows for easier review and it runs the WordPress test suite. https://github.com/WordPress/wordpress-develop

#4 @wpandlpuser
7 weeks ago

Dear @mindctrl and @iflairwebtechnologies ,
Thank you for your feedback.
Is it possible to know already which upcoming version number will contain the patch?
What are the next steps?
I am new to the Trac issue reporting process.

Thank you!

This ticket was mentioned in PR #10589 on WordPress/wordpress-develop by @iflairwebtechnologies.
7 weeks ago #5

Trac ticket: https://core.trac.wordpress.org/ticket/64282

Summary

This patch ensures the biographical information (user meta 'description') is removed
as part of the personal data erasure process.

What I changed

  1. Added a personal data eraser function wp_user_personal_data_eraser() in wp-includes/user.php that deletes description user meta during erasure.
  2. Registered the eraser via the wp_privacy_personal_data_erasers filter (wp-includes/default-filters.php).


Testing

  • Applied the patch and verified description meta is removed when erasing personal data.
  • (If you ran tests locally, list them here.)


Notes

  • Original Trac diff: 64282.diff
  • Author: @iflairwebtechnologies


Please let me know if you'd like me to split the changes, add unit tests, or adjust any naming.

#6 @mindctrl
7 weeks ago

Is it possible to know already which upcoming version number will contain the patch?

Generally it's not clear until a release lead or component maintainer sets a milestone.

What are the next steps?

A good next step would be to test the PR that @iflairwebtechnologies opened. There are links here in this Trac ticket. A good way to do that is to follow this guide: https://make.wordpress.org/test/handbook/test-reports/

This guide is linked at the bottom: https://make.wordpress.org/test/handbook/test-reports/patch-testing/

The Test Reports plugin is helpful for generating a report template for you: https://wordpress.org/plugins/test-reports/

You can post your test report here, and if you want you can provide feedback on the PR too.

#7 @iflairwebtechnologies
7 weeks ago

  • Keywords has-testing added; 2nd-opinion needs-unit-tests removed

Test Report

Description

This report validates whether the patch for ticket #64282 (Erasing biographical info during the Erase Personal Data process) works correctly.

Patch tested:


Environment

  • WordPress: 6.9
  • PHP: 8.2.0
  • Server: Apache/2.4.54 (Unix) OpenSSL/1.1.1s PHP/8.2.0 mod_perl/2.0.12 Perl/v5.34.1
  • Database: MySQLi (Server: 10.4.27-MariaDB / Client: mysqlnd 8.2.0)
  • Browser: Chrome 142.0.0.0
  • OS: Linux
  • Theme: Twenty Twenty 2.9
  • MU Plugins: None
  • Plugins:
    • Custom Gutenberg Block 1.0
    • Test Reports 1.2.1
    • Theme Check 20231220


Steps Tested

  1. Created a new user account.
  2. Added text inside the “Biographical Info” (description) field.
  3. Navigated to Tools → Erase Personal Data.
  4. Sent an erasure request for the user's email.
  5. Approved the request from the Tools page.
  6. Clicked “Erase Personal Data” to process the removal.
  7. Returned to the user's profile to verify whether biographical info was erased.


Expected Results

  • The "description" user meta (biographical info) should be erased during the personal data erasure process.


Actual Results

  1. ✅ The biographical info field was fully removed after running the erasure.
  2. No warnings or errors occurred.
  3. Patch works as intended and resolves the reported issue.


Additional Notes

  • Tested with minimal plugins activated to avoid interference.
  • No unexpected side effects were observed in other user meta fields.


Supplemental Artifacts

Before Erasure:
https://prnt.sc/42nYJ3mzDAeH

After Erasure:
http://prnt.sc/5lr_h7VGrFS4

#8 @mindctrl
6 weeks ago

  • Keywords needs-unit-tests added

#9 @iflairwebtechnologies
6 weeks ago

@palak678
We have updated the code and generated a PR request. Can you please test again?

#10 @iflairwebtechnologies
5 weeks ago

Tested the latest patch/PR on a fresh WordPress install.

Steps tested:

  • Created a new user
  • Added content to the Biographical Info field
  • Ran Erase Personal Data request
  • Confirmed the request
  • Verified user profile after erasure


Results:

  • Biographical Info is successfully removed
  • No PHP warnings/notices observed
  • No regressions found in other profile fields


Marking as tested successfully.

Note: See TracTickets for help on using tickets.