WordPress.org

Making WordPress.org

Changeset 6111


Ignore:
Timestamp:
11/10/2017 02:18:10 AM (8 months ago)
Author:
iandunn
Message:

WordCamp Budgets: Delete old payment information to protect privacy.

See #3244

Location:
sites/trunk/wordcamp.org/public_html/wp-content/plugins
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments-network/bootstrap.php

    r6106 r6111  
    2323    require_once( WP_PLUGIN_DIR . '/wordcamp-payments/includes/sponsor-invoice.php' );
    2424    require_once( WP_PLUGIN_DIR . '/wordcamp-payments/includes/reimbursement-request.php' );
     25    require_once( WP_PLUGIN_DIR . '/wordcamp-payments/includes/payment-request.php' );
    2526
    2627    require_once( __DIR__ . '/includes/wordcamp-budgets-dashboard.php' );
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments-network/includes/wordcamp-budgets-dashboard.php

    r6106 r6111  
    22
    33namespace WordCamp\Budgets_Dashboard;
     4
     5use WordCamp_Budgets;
     6use WCP_Payment_Request;
     7use Payment_Requests_Dashboard;
     8use WordCamp\Budgets\Reimbursement_Requests;
     9use WordCamp\Budgets_Dashboard\Reimbursement_Requests AS Reimbursements_Dashboard;
     10
    411defined( 'WPINC' ) or die();
     12
     13define( 'REDACTED_VALUE',               '[deleted for privacy]'    );
     14define( 'REDACT_PAID_REQUESTS_CRON_ID', 'wcb_redact_paid_requests' );
    515
    616/*
     
    1727add_action( 'admin_init', __NAMESPACE__ . '\process_action_set_pending_payment', 11 );
    1828add_action( 'admin_init', __NAMESPACE__ . '\process_import_request', 11 );
     29
     30add_action( REDACT_PAID_REQUESTS_CRON_ID, __NAMESPACE__ . '\redact_paid_requests' );
     31
     32if ( ! wp_next_scheduled( REDACT_PAID_REQUESTS_CRON_ID ) ) {
     33    wp_schedule_event( time(), 'twicedaily', REDACT_PAID_REQUESTS_CRON_ID );
     34}
    1935
    2036/**
     
    894910}
    895911
     912/**
     913 * Redact payment information when it's no longer needed, to protect privacy.
     914 */
     915function redact_paid_requests() {
     916    global $wpdb;
     917
     918    $reimbursements_index = Reimbursements_Dashboard\get_index_table_name();
     919    $vendors_index        = Payment_Requests_Dashboard::get_table_name();
     920    $encrypted_fields     = WordCamp_Budgets::get_encrypted_fields();
     921    $retention_period     = strtotime( WordCamp_Budgets::PAYMENT_INFO_RETENTION_PERIOD . ' days ago' );
     922
     923    $paid_reimbursements = $wpdb->get_results( "
     924        SELECT blog_id, request_id, date_paid
     925        FROM `$reimbursements_index`
     926        WHERE status = 'wcb-paid'
     927    " );
     928
     929    $paid_vendors = $wpdb->get_results( "
     930        SELECT blog_id, post_id AS request_id, paid AS date_paid
     931        FROM `$vendors_index`
     932        WHERE status = 'wcb-paid'
     933    " );
     934
     935    foreach ( array_merge( $paid_reimbursements, $paid_vendors ) as $indexed_reimbursement ) {
     936        switch_to_blog( $indexed_reimbursement->blog_id );
     937
     938        $reimbursement_post = get_post( $indexed_reimbursement->request_id );
     939        $field_prefix       = get_encrypted_field_prefix( $reimbursement_post->post_type );
     940
     941        if ( $indexed_reimbursement->date_paid < $retention_period ) {
     942            foreach ( $encrypted_fields as $field ) {
     943                $field = $field_prefix . $field;
     944
     945                if ( ! empty( $reimbursement_post->$field ) && REDACTED_VALUE !== $reimbursement_post->$field ) {
     946                    update_post_meta( $reimbursement_post->ID, $field, REDACTED_VALUE );
     947                }
     948            }
     949        }
     950
     951        restore_current_blog();
     952    }
     953}
     954
     955/**
     956 * Get the encrypted field prefix for the given post type
     957 *
     958 * @todo Instead of hardcoding them here and in the Payments modules, it'd be better to setup
     959 *       constants and use those everywhere.
     960 *
     961 * @see WordCamp_Budgets::validate_save_payment_method_fields()
     962 *
     963 * @param string $post_type
     964 *
     965 * @return string
     966 */
     967function get_encrypted_field_prefix( $post_type ) {
     968    switch ( $post_type ) {
     969        case Reimbursement_Requests\POST_TYPE:
     970            $prefix = '_wcbrr_';
     971            break;
     972
     973        case WCP_Payment_Request::POST_TYPE:
     974            $prefix = '_camppayments_';
     975            break;
     976
     977        default:
     978            $prefix = '';
     979            break;
     980    }
     981
     982    return $prefix;
     983}
     984
    896985class WCB_Import_Results {
    897986    public static $data;
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/encryption.php

    r6107 r6111  
    4343        if ( ! is_string( $raw_data ) ) {
    4444            return new WP_Error( 'encryption-error', 'Only strings can be encrypted.' );
     45        }
     46
     47        if ( REDACTED_VALUE === $raw_data ) {
     48            return $raw_data;
    4549        }
    4650
Note: See TracChangeset for help on using the changeset viewer.