Erasure
-
Vanilla data erasure feature issue:—
The problem is that the plugin expects a non-false return value from delete_user_meta(), but delete_user_meta() returns
false if the meta doesn’t exist (which is normal for users who may not have all meta fields set).The plugin’s logic is flawed – it reports an “error” when trying to delete meta that doesn’t exist, which is actually the desired state for
GDPR compliance.Here’s the issue:
- delete_user_meta() returns false if the meta key doesn’t exist
- The plugin treats this as an error and shows the “unable to be removed” message
- But if the meta doesn’t exist, that means the data is already “erased”
│ wp-content/plugins/when-last-login/includes/privacy-policy.php │ │
│ │ │ │
│ │ 141 $items_retained = false; │ │
│ │ 142 if ( $user && $user->ID ) { │ │
│ │ 143 │ │
│ │ 144 - $deleted_when_last_login = delete_user_meta( $user->ID, 'when_last_login' ); │ │
│ │ 145 - if ( $deleted_when_last_login ) { │ │
│ │ 146 - $items_removed = true; │ │
│ │ 147 - } else { │ │
│ │ 148 - $messages[] = __( 'Your last login timestamp was unable to be removed at this time.', 'when-last-login' ); │ │
│ │ 149 - $items_retained = true; │ │
│ │ 144 + // Check if meta exists before trying to delete │ │
│ │ 145 + $existing_login = get_user_meta( $user->ID, 'when_last_login', true ); │ │
│ │ 146 + if ( $existing_login ) { │ │
│ │ 147 + $deleted_when_last_login = delete_user_meta( $user->ID, 'when_last_login' ); │ │
│ │ 148 + if ( $deleted_when_last_login ) { │ │
│ │ 149 + $items_removed = true; │ │
│ │ 150 + } else { │ │
│ │ 151 + $messages[] = __( 'Your last login timestamp was unable to be removed at this time.', 'when-last-login' ); │ │
│ │ 152 + $items_retained = true; │ │
│ │ 153 + } │ │
│ │ 154 } │ │
│ │ 155 + // If meta doesn't exist, that's fine - data is already "erased"
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
The topic ‘Erasure’ is closed to new replies.
