Bug fix: admin email on Pixel init

[rishijd]

Description

The Problem:
The $param field in the Facebook Pixel initialization code was being populated with admin user data (email, first name, last name)
This occurred because the plugin was calling FacebookWordpressOptions::get_user_info() for any logged-in user, including admins
While all individual event tracking functions properly filter out admin users using FacebookPluginUtils::is_internal_user(), the main pixel initialization code did not apply this filter

This problem was also reported by the open source community: https://wordpress.org/support/topic/exposes-your-admin-email-address/

The Fix
I modified [class-facebookwordpresspixelinjection.php] to:

• Check if the current user is an internal/admin user using FacebookPluginUtils::is_internal_user()
• Only include user info for non-admin users by passing an empty array for admin users

Type of change

• Bug fix (non-breaking change which fixes an issue)

Checklist

• I have commented my code, particularly in hard-to-understand areas.
• I have confirmed that my changes do not introduce any new PHPCS warnings or errors.
• I have checked plugin debug logs that my changes do not introduce any new PHP warnings or FATAL errors.
• I followed general Pull Request best practices. Meta employees to follow this wiki.
• I have added tests (if necessary) and all the new and existing unit tests pass locally with my changes.
• I have completed dogfooding and QA testing, or I have conducted thorough due diligence to ensure that it does not break existing functionality.
• I have updated or requested update to plugin documentations (if necessary).

Changelog entry

Bug fix / vulnerability: fix admin email on Pixel init

Test Plan

Test by viewing source on my demo website. This fix ensures that admin user data is never included in the pixel tracking parameters, while maintaining full functionality for legitimate frontend users. The solution is consistent with how the plugin already protects admin data in all other tracking functions.
(Previous state: my wp-admin email/detail are included. New state: whether logged in or not (as admin), admin detail not included).

Screenshots

Please provide screenshots or snapshots of the system/state both before and after implementing the changes, if appropriate

Before

After

[vahidkay-meta]

So even if the email/etc. of an internal user is used for initializing pixel, that's limited to that person's session.
So it would not be exposed on a separate session for another non-logged-in user. Isn't that the case?

[vahidkay-meta]

Like, if you open a page using a different browser / Incognito window, it should not show the internal_user information.

[vahidkay-meta]

This is the event, when page opened by a logged-in user:

And this is for a user that's not logged-in