[wp-trac] [WordPress Trac] #43443: Add a method for confirmation of requests for deleting or anonymizing of personal data

WordPress Trac noreply at wordpress.org
Sat Mar 10 00:53:52 UTC 2018 

#43443: Add a method for confirmation of requests for deleting or anonymizing of
personal data
-------------------------------------------------+-------------------------
 Reporter:  azaozz                               |       Owner:  mikejolley
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  5.0
Component:  General                              |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  gdpr has-patch dev-feedback needs-   |     Focuses:
  testing                                        |
-------------------------------------------------+-------------------------

Comment (by allendav):

 Nice work Mike! A few thoughts:

 In src/wp-includes/user.php you generate a pseudo user ID using
 $uid = function_exists( 'hash' ) ? hash( 'sha256', $email ) : sha1( $email
 );
 would you add a comment saying why you chose that ternary? i assume that
 is similar to code elsewhere in WordPress core?

 I kinda liked the send_confirm_account_action_email function name better
 than wp_send_account_verification_key - because the latter suggests a
 specific action (verify your account) whereas the former is more generic
 so… maybe wp_send_account_action_confirmation_email instead? IDK - I guess
 this would impact the (re-)naming of your filters too so feel free to
 ignore

 The account_verification_expiration filter - seems that might be named
 something like account_action_key_max_age

 BTW, I get a few whitespace and equal sign alignment warnings from phpcs
 with the WordPress package (just installed it myself today)

 Next, in the email template

 All at ###SITENAME###

 The All seems weird in an actual email, e.g. I got

 Regards,
 All at WordPressSVN
 http://localhost/wordpress-svn/src

 Maybe make that "All" template-able too (or make it "All of us", idk)

 Tests well. I made sure I could confirm an action. Made sure old action
 keys were not accepted once a new key was generated for an email.

 Lastly, regarding flows - if the user contacts the admin via email,
 especially in the case of a deletion request, the admin should probably
 email them back before doing the delete, since email headers can be faked.
 We might want to expose this feature you've written to admins in that flow
 especially so they can get verification before a destructive action. That
 could be part of #43437 of course.

 Maybe add to this a means of cc'ing the administrator on the confirmation
 request? I.e. as part of the paper trail? IDK. The reason I'm wondering
 about that is it isn't clear to me yet is where we could log the final
 confirmation after the user completes it. At the end of the scenario I've
 described, the admin would just have the original request from the user,
 we could cc ourselves to get the confirmation request, but we wouldn't end
 up with a record (e.g. in email) of their confirming the request. Hmmmm.
 Maybe we can't avoid that log :P

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43443#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list