From 06fd54dab6ff7c160dcafe5e6d3e17bfdc6d4f1c Mon Sep 17 00:00:00 2001 From: iandunn Date: Thu, 10 May 2018 05:00:20 +0000 Subject: [PATCH] Privacy: Notify admin via email when a request is confirmed. Previously the admin didn't have any way to know if a pending request was ready to be processed, aside from manually checking the Export/Erase pages. Sending them an email is a much more convenient option. Props garrett-eclipse, desrosj, iandunn. See #43967. Built from https://develop.svn.wordpress.org/trunk@43211 git-svn-id: http://core.svn.wordpress.org/trunk@43040 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/default-filters.php | 1 + wp-includes/user.php | 116 ++++++++++++++++++++++++++++++++ wp-includes/version.php | 2 +- 3 files changed, 118 insertions(+), 1 deletion(-) diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index ebc3c330b9..7ecff3ade1 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -349,6 +349,7 @@ add_action( 'welcome_panel', 'wp_welcome_panel' ); // Privacy add_action( 'user_request_action_confirmed', '_wp_privacy_account_request_confirmed' ); +add_action( 'user_request_action_confirmed', '_wp_privacy_send_request_confirmation_notification', 12 ); // After request marked as completed. add_filter( 'user_request_action_confirmed_message', '_wp_privacy_account_request_confirmed_message', 10, 2 ); add_filter( 'wp_privacy_personal_data_exporters', 'wp_register_comment_personal_data_exporter' ); add_filter( 'wp_privacy_personal_data_exporters', 'wp_register_media_personal_data_exporter' ); diff --git a/wp-includes/user.php b/wp-includes/user.php index 2a31e1db1e..8c4a2605cd 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -2950,6 +2950,122 @@ function _wp_privacy_account_request_confirmed( $request_id ) { ) ); } +/** + * Notify the site administrator via email when a request is confirmed. + * + * Without this, the admin would have to manually check the site to see if any + * action was needed on their part yet. + * + * @since 4.9.6 + * + * @param int $request_id The ID of the request. + */ +function _wp_privacy_send_request_confirmation_notification( $request_id ) { + $request_data = wp_get_user_request_data( $request_id ); + + if ( ! is_a( $request_data, 'WP_User_Request' ) || 'request-confirmed' !== $request_data->status ) { + return; + } + + $already_notified = (bool) get_post_meta( $request_id, '_wp_admin_notified', true ); + + if ( $already_notified ) { + return; + } + + $subject = sprintf( + /* translators: %s Site name. */ + __( '[%s] Action Confirmed' ), + wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) + ); + + $manage_url = add_query_arg( 'page', $request_data->action_name, admin_url( 'tools.php' ) ); + + /** + * Filters the recipient of the data request confirmation notification. + * + * In a Multisite environment, this will default to the email address of the + * network admin because, by default, single site admins do not have the + * capabilities required to process requests. Some networks may wish to + * delegate those capabilities to a single-site admin, or a dedicated person + * responsible for managing privacy requests. + * + * @since 4.9.6 + * + * @param string $admin_email The email address of the notification recipient. + * @param WP_User_Request $request_data The request that is initiating the notification. + */ + $admin_email = apply_filters( 'user_request_confirmed_email_to', get_site_option( 'admin_email' ), $request_data ); + + $email_data = array( + 'request' => $request_data, + 'user_email' => $request_data->email, + 'description' => wp_user_request_action_description( $request_data->action_name ), + 'manage_url' => $manage_url, + 'sitename' => get_option( 'blogname' ), + 'siteurl' => home_url(), + 'admin_email' => $admin_email, + ); + + /* translators: Do not translate SITENAME, USER_EMAIL, DESCRIPTION, MANAGE_URL, SITEURL; those are placeholders. */ + $email_text = __( + 'Howdy, + +A user data privacy request has been confirmed on ###SITENAME###: + +User: ###USER_EMAIL### +Request: ###DESCRIPTION### + +You can view and manage these data privacy requests here: + +###MANAGE_URL### + +Regards, +All at ###SITENAME### +###SITEURL###' + ); + + /** + * Filters the body of the user request confirmation email. + * + * The email is sent to an administrator when an user request is confirmed. + * The following strings have a special meaning and will get replaced dynamically: + * + * ###SITENAME### The name of the site. + * ###USER_EMAIL### The user email for the request. + * ###DESCRIPTION### Description of the action being performed so the user knows what the email is for. + * ###MANAGE_URL### The URL to manage requests. + * ###SITEURL### The URL to the site. + * + * @since 4.9.6 + * + * @param string $email_text Text in the email. + * @param array $email_data { + * Data relating to the account action email. + * + * @type WP_User_Request $request User request object. + * @type string $user_email The email address confirming a request + * @type string $description Description of the action being performed so the user knows what the email is for. + * @type string $manage_url The link to click manage privacy requests of this type. + * @type string $sitename The site name sending the mail. + * @type string $siteurl The site URL sending the mail. + * } + */ + $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data ); + + $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); + $content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content ); + $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); + $content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content ); + $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); + + $email_sent = wp_mail( $email_data['admin_email'], $subject, $content ); + + if ( $email_sent ) { + update_post_meta( $request_id, '_wp_admin_notified', true ); + } +} + /** * Return request confirmation message HTML. * diff --git a/wp-includes/version.php b/wp-includes/version.php index a1acf996c2..a76cb0a19e 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '5.0-alpha-43210'; +$wp_version = '5.0-alpha-43211'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.