feat(plugin-repo): Add privacy policy content check#1291
Open
faisalahammad wants to merge 2 commits intoWordPress:trunkfrom
Open
feat(plugin-repo): Add privacy policy content check#1291faisalahammad wants to merge 2 commits intoWordPress:trunkfrom
faisalahammad wants to merge 2 commits intoWordPress:trunkfrom
Conversation
Add a new Privacy_Policy_Check that warns when a plugin uses personal-data-handling APIs but does not call wp_add_privacy_policy_content(). WordPress.org guidelines require plugins that collect, store, or transmit personal data to a third party to suggest privacy policy text to site administrators via this function. The check scans PHP files for signals indicating potential personal data handling: - wp_remote_post() / wp_remote_get() (external data transmission) - setcookie() / $_COOKIE (cookie-based tracking) - wp_set_auth_cookie() (authentication cookies) If any signal is detected and wp_add_privacy_policy_content() is not called anywhere in the plugin, a single warning is emitted on the plugin's main file pointing to the official WordPress privacy developer documentation. Plugins with no signals are completely unaffected by this check. Fixes WordPress#1249
faisalahammad
requested review from
chriscct7,
davidperezgar,
ernilambar and
frantorres
as code owners
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
The plugin description contained wp_add_privacy_policy_content() with parentheses, which caused the check's detection regex to match the comment string and return early as if the function was already implemented — producing no warning and failing the test. The description now reads 'does not register privacy policy content' which avoids the false positive without changing the intent of the test fixture.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the feature requested in #1249.
WordPress.org guidelines require that every plugin which collects, uses, stores, or passes personal data to a third party must suggest privacy policy text to site administrators using
wp_add_privacy_policy_content(). In practice, the vast majority of plugins that handle personal data do not implement this.This PR adds a new
Privacy_Policy_Check(static file check) that detects common personal-data-handling signals and warns ifwp_add_privacy_policy_content()is absent.How it works
The check scans all PHP files in the plugin for signals that indicate potential personal data handling:
wp_remote_post()wp_remote_get()setcookie()$_COOKIEwp_set_auth_cookie()If any signal is found and
wp_add_privacy_policy_content()is not called anywhere in the plugin, a single warning (severity 5) is emitted on the plugin's main file with a link to the WordPress privacy developer docs.Plugins with no signals are completely unaffected — the check stays silent.
Design decisions
wp_add_privacy_policy_content()first; if present, skips all signal scanning$_POST/$_GETFiles changed
includes/Checker/Checks/Plugin_Repo/Privacy_Policy_Check.php— new check classincludes/Checker/Default_Check_Repository.php— register asprivacy_policydocs/checks.md— add row to the checks tabletests/phpunit/tests/Checker/Checks/Privacy_Policy_Check_Tests.php— 3 test casestests/phpunit/testdata/plugins/test-plugin-privacy-policy-with-errors/— has signal, no privacy call → triggers warningtests/phpunit/testdata/plugins/test-plugin-privacy-policy-without-errors/— has signal +wp_add_privacy_policy_content()→ cleantests/phpunit/testdata/plugins/test-plugin-privacy-policy-no-signals/— no signals → cleanTesting
Manually verified against Mailchimp for WordPress (mc4wp) — correctly fires the
missing_privacy_policy_contentwarning onmailchimp-for-wp.php.Verified against Akismet (which properly calls
wp_add_privacy_policy_content()) — no warning produced.Closes #1249