->where($db->quoteName('state') . ' = 1')


Since state is always 0, the consent is never recognized as valid.

Fix: Add 'state' => 1 to the $userNote object in onUserAfterSave():


$userNote = (object) [
    'user_id' => $userId,
    'subject' => 'PLG_SYSTEM_PRIVACYCONSENT_SUBJECT',
    'body'    => Text::sprintf('PLG_SYSTEM_PRIVACYCONSENT_BODY', $ip, $userAgent),
    'created' => Factory::getDate()->toSql(),
    'state'   => 1, // <-- missing!
];



-------

Bug 2: profile.apply task not handled
File: plugins/system/privacyconsent/src/Extension/PrivacyConsent.php
Methods: onUserBeforeSave() and onUserAfterSave()

The frontend "Save" button sends task profile.apply. Both methods only handle profile.save (= "Save & Close"). profile.apply is missing in both arrays:

// current (buggy):
\in_array($task, ['registration.register', 'profile.save'])

// fix:
\in_array($task, ['registration.register', 'profile.save', 'profile.apply'])


Steps to Reproduce
Enable the System – Privacy Consent plugin with a privacy article configured.
Register a new frontend user.
Log in – user is redirected to profile edit page to give consent.
Select "I agree" and click Save (not "Save & Close").
→ Consent is inserted with state = 0, loop continues.
Even "Save & Close" does not resolve it due to Bug 1.
Expected Behavior
Consent is stored with state = 1 and the redirect loop ends after clicking Save or Save & Close.

Actual Behavior
All consent records are stored with state = 0 (DB default). isUserConsented() always returns false. User is permanently stuck in redirect loop.

Joomla Version: 5.4.5
PHP Version: 8.5
Database: libmysql - mysqlnd 7.4.33-nmm8
Server: Localhost via UNIX socket
Server-Typ: MariaDB
Server-Version: 10.11.14-MariaDB-0ubuntu0.24.04.1-log - Ubuntu 24.04
Affected file: plugins/system/privacyconsent/src/Extension/PrivacyConsent.php