diff --git a/src/wp-admin/includes/privacy-tools.php b/src/wp-admin/includes/privacy-tools.php
index 33611c1975..472c3de9ba 100644
--- a/src/wp-admin/includes/privacy-tools.php
+++ b/src/wp-admin/includes/privacy-tools.php
@@ -111,10 +111,10 @@ function _wp_personal_data_handle_actions() {
$action_type = sanitize_text_field( wp_unslash( $_POST['type_of_action'] ) );
$username_or_email_address = sanitize_text_field( wp_unslash( $_POST['username_or_email_for_privacy_request'] ) );
$email_address = '';
- $send_confirmation_email = true;
+ $status = 'pending';
if ( ! isset( $_POST['send_confirmation_email'] ) ) {
- $send_confirmation_email = false;
+ $status = 'confirmed';
}
if ( ! in_array( $action_type, _wp_privacy_action_request_types(), true ) ) {
@@ -146,37 +146,42 @@ function _wp_personal_data_handle_actions() {
break;
}
- $request_id = wp_create_user_request( $email_address, $action_type, array(), $send_confirmation_email );
+ $request_id = wp_create_user_request( $email_address, $action_type, array(), $status );
+ $message = '';
if ( is_wp_error( $request_id ) ) {
- add_settings_error(
- 'username_or_email_for_privacy_request',
- 'username_or_email_for_privacy_request',
- $request_id->get_error_message(),
- 'error'
- );
- break;
+ $message = $request_id->get_error_message();
} elseif ( ! $request_id ) {
+ $message = __( 'Unable to initiate confirmation request.' );
+ }
+
+ if ( $message ) {
add_settings_error(
'username_or_email_for_privacy_request',
'username_or_email_for_privacy_request',
- __( 'Unable to initiate confirmation request.' ),
+ $message,
'error'
);
break;
}
- if ( $send_confirmation_email ) {
+ if ( 'pending' === $status ) {
wp_send_user_request( $request_id );
+
+ $message = __( 'Confirmation request initiated successfully.' );
+ } elseif ( 'confirmed' === $status ) {
+ $message = __( 'Request added successfully.' );
}
- add_settings_error(
- 'username_or_email_for_privacy_request',
- 'username_or_email_for_privacy_request',
- __( 'Confirmation request initiated successfully.' ),
- 'success'
- );
- break;
+ if ( $message ) {
+ add_settings_error(
+ 'username_or_email_for_privacy_request',
+ 'username_or_email_for_privacy_request',
+ $message,
+ 'success'
+ );
+ break;
+ }
}
}
}
diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
index f08f685abb..5c6db55afb 100644
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -3936,18 +3936,17 @@ function _wp_privacy_account_request_confirmed_message( $request_id ) {
* users on the site, or guests without a user account.
*
* @since 4.9.6
- * @since 5.7.0 Added the `$send_confirmation_email` parameter.
+ * @since 5.7.0 Added the `$status` parameter.
*
* @param string $email_address User email address. This can be the address of a registered
* or non-registered user.
* @param string $action_name Name of the action that is being confirmed. Required.
* @param array $request_data Misc data you want to send with the verification request and pass
* to the actions once the request is confirmed.
- * @param bool $send_confirmation_email Optional. If false, the request status is set to 'Completed' directly.
- * Default true.
+ * @param string $status Optional request status (pending or confirmed). Default 'pending'.
* @return int|WP_Error Returns the request ID if successful, or a WP_Error object on failure.
*/
-function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $send_confirmation_email = true ) {
+function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $status = 'pending' ) {
$email_address = sanitize_email( $email_address );
$action_name = sanitize_key( $action_name );
@@ -3959,6 +3958,10 @@ function wp_create_user_request( $email_address = '', $action_name = '', $reques
return new WP_Error( 'invalid_action', __( 'Invalid action name.' ) );
}
+ if ( ! in_array( $status, array( 'pending', 'confirmed' ), true ) ) {
+ return new WP_Error( 'invalid_status', __( 'Invalid request status.' ) );
+ }
+
$user = get_user_by( 'email', $email_address );
$user_id = $user && ! is_wp_error( $user ) ? $user->ID : 0;
@@ -3980,19 +3983,13 @@ function wp_create_user_request( $email_address = '', $action_name = '', $reques
return new WP_Error( 'duplicate_request', __( 'An incomplete personal data request for this email address already exists.' ) );
}
- if ( false !== $send_confirmation_email ) {
- $status = 'request-pending';
- } else {
- $status = 'request-completed';
- }
-
$request_id = wp_insert_post(
array(
'post_author' => $user_id,
'post_name' => $action_name,
'post_title' => $email_address,
'post_content' => wp_json_encode( $request_data ),
- 'post_status' => $status,
+ 'post_status' => 'request-' . $status,
'post_type' => 'user_request',
'post_date' => current_time( 'mysql', false ),
'post_date_gmt' => current_time( 'mysql', true ),
diff --git a/tests/phpunit/tests/privacy/wpCreateUserRequest.php b/tests/phpunit/tests/privacy/wpCreateUserRequest.php
index 36d055852a..93fd1dfa74 100644
--- a/tests/phpunit/tests/privacy/wpCreateUserRequest.php
+++ b/tests/phpunit/tests/privacy/wpCreateUserRequest.php
@@ -310,11 +310,11 @@ class Tests_WpCreateUserRequest extends WP_UnitTestCase {
}
/**
- * Test that the request has a Pending status if a confirmation email is sent.
+ * Test that the request has a Pending status by default.
*
* @ticket 43890
*/
- public function test_pending_status_with_default_wp_create_user_request_params() {
+ public function test_wp_create_user_request_default_pending_status() {
$actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data' );
$post = get_post( $actual );
@@ -322,32 +322,37 @@ class Tests_WpCreateUserRequest extends WP_UnitTestCase {
}
/**
- * Test that the request has a Pending status if the $send_confirmation_email param is true.
+ * Test that the request has a Pending status if the $status param is 'pending'.
*
* @ticket 43890
*/
- public function test_pending_status_with_true_send_confirmation_email() {
- $request_data = array();
- $send_confirmation_email = true;
-
- $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data', $request_data, $send_confirmation_email );
+ public function test_wp_create_user_request_pending_status() {
+ $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data', array(), 'pending' );
$post = get_post( $actual );
$this->assertSame( 'request-pending', $post->post_status );
}
/**
- * Test that the request has a Completed status if the $send_confirmation_email param is false.
+ * Test that the request has a Confirmed status if the $status param is 'confirmed'.
*
* @ticket 43890
*/
- public function test_pending_status_with_false_send_confirmation_email() {
- $request_data = array();
- $send_confirmation_email = false;
-
- $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data', $request_data, $send_confirmation_email );
+ public function test_wp_create_user_request_confirmed_status() {
+ $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data', array(), 'confirmed' );
$post = get_post( $actual );
- $this->assertSame( 'request-completed', $post->post_status );
+ $this->assertSame( 'request-confirmed', $post->post_status );
+ }
+
+ /**
+ * Test that the request returns a WP_Error if $status isn't 'pending' or 'confirmed'.
+ *
+ * @ticket 43890
+ */
+ public function test_wp_create_user_request_wp_error_status() {
+ $actual = wp_create_user_request( self::$non_registered_user_email, 'export_personal_data', array(), 'wrong-status' );
+
+ $this->assertWPError( $actual );
}
}