From 5f8c6a4d60b6b677f3fed88cf46680f2fb05a9f2 Mon Sep 17 00:00:00 2001 From: Andrew Lima Date: Wed, 15 Nov 2023 14:26:00 +0200 Subject: [PATCH 1/4] Scrub email log data --- classes/class-pmpromc-mailchimp-api.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/classes/class-pmpromc-mailchimp-api.php b/classes/class-pmpromc-mailchimp-api.php index 86537db..4ea43f4 100644 --- a/classes/class-pmpromc-mailchimp-api.php +++ b/classes/class-pmpromc-mailchimp-api.php @@ -153,6 +153,12 @@ public function update_audience_members( $audience = '', $updates = [] ) { } foreach ( $pmpromc_lists as $audience_arr ) { if ( $audience_arr['id'] == $audience ) { + $scrub_log_data = $updates; + // Scrub email address from the update data to obfuscate it a bit. + if ( ! empty( $scrub_log_data[0]->email_address ) ) { + $scrub_log_data[0]->email_address = preg_replace( '/(?<=.).(?=.*@)/u', '*', $scrub_log_data[0]->email_address ); + } + pmpromc_log("Processing update for audience {$audience_arr['name']} ({$audience}): " . print_r( $updates, true ) ); break; } From a94228621c31a4a42c0f594cf025c841031f1ebd Mon Sep 17 00:00:00 2001 From: Andrew Lima Date: Wed, 15 Nov 2023 14:28:19 +0200 Subject: [PATCH 2/4] Update class-pmpromc-mailchimp-api.php --- classes/class-pmpromc-mailchimp-api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/class-pmpromc-mailchimp-api.php b/classes/class-pmpromc-mailchimp-api.php index 4ea43f4..da07e66 100644 --- a/classes/class-pmpromc-mailchimp-api.php +++ b/classes/class-pmpromc-mailchimp-api.php @@ -159,7 +159,7 @@ public function update_audience_members( $audience = '', $updates = [] ) { $scrub_log_data[0]->email_address = preg_replace( '/(?<=.).(?=.*@)/u', '*', $scrub_log_data[0]->email_address ); } - pmpromc_log("Processing update for audience {$audience_arr['name']} ({$audience}): " . print_r( $updates, true ) ); + pmpromc_log("Processing update for audience {$audience_arr['name']} ({$audience}): " . print_r( $scrub_log_data, true ) ); break; } } From afebf8f160eac3b65ce4d8ea8b566c25d34a9daa Mon Sep 17 00:00:00 2001 From: Andrew Lima Date: Wed, 15 Nov 2023 15:30:51 +0200 Subject: [PATCH 3/4] revert changes --- classes/class-pmpromc-mailchimp-api.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/classes/class-pmpromc-mailchimp-api.php b/classes/class-pmpromc-mailchimp-api.php index da07e66..86537db 100644 --- a/classes/class-pmpromc-mailchimp-api.php +++ b/classes/class-pmpromc-mailchimp-api.php @@ -153,13 +153,7 @@ public function update_audience_members( $audience = '', $updates = [] ) { } foreach ( $pmpromc_lists as $audience_arr ) { if ( $audience_arr['id'] == $audience ) { - $scrub_log_data = $updates; - // Scrub email address from the update data to obfuscate it a bit. - if ( ! empty( $scrub_log_data[0]->email_address ) ) { - $scrub_log_data[0]->email_address = preg_replace( '/(?<=.).(?=.*@)/u', '*', $scrub_log_data[0]->email_address ); - } - - pmpromc_log("Processing update for audience {$audience_arr['name']} ({$audience}): " . print_r( $scrub_log_data, true ) ); + pmpromc_log("Processing update for audience {$audience_arr['name']} ({$audience}): " . print_r( $updates, true ) ); break; } } From 8fedd2e9f069e2e6f07720422f38ff0c1cb9d8b4 Mon Sep 17 00:00:00 2001 From: Andrew Lima Date: Wed, 15 Nov 2023 15:31:36 +0200 Subject: [PATCH 4/4] obfuscate emails in logging data. * SECURITY: Obfuscates the user's domain from the log file. this makes more sense than showing ****@gmail.com (as gmail is very common) --- includes/functions.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/includes/functions.php b/includes/functions.php index e407f20..6dcba16 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -266,6 +266,10 @@ function pmpromc_log( $entry ) { return; } + // Define a regular expression pattern to match email addresses + $pattern = '/(?<=@)([a-zA-Z0-9._%+-]+)(?=\.[a-zA-Z]{2,})/'; + $entry = preg_replace( $pattern, '****', $entry ); + $logstr = "Logged On: " . date_i18n("m/d/Y H:i:s") . "\n"; $logstr .= $entry; $logstr .= "\n-------------\n";