From d14e59cdb0c0c41840807bf564c67698ea0fa809 Mon Sep 17 00:00:00 2001 From: Mike Jolley Date: Mon, 30 Apr 2018 17:30:39 +0100 Subject: [PATCH] Remove some PII from paypal logs and avoid storing custom meta from responses --- .../class-wc-gateway-paypal-ipn-handler.php | 14 ++-------- .../class-wc-gateway-paypal-pdt-handler.php | 26 ++++++------------- 2 files changed, 10 insertions(+), 30 deletions(-) diff --git a/includes/gateways/paypal/includes/class-wc-gateway-paypal-ipn-handler.php b/includes/gateways/paypal/includes/class-wc-gateway-paypal-ipn-handler.php index 38f7c7496df..151404d6838 100644 --- a/includes/gateways/paypal/includes/class-wc-gateway-paypal-ipn-handler.php +++ b/includes/gateways/paypal/includes/class-wc-gateway-paypal-ipn-handler.php @@ -99,16 +99,15 @@ class WC_Gateway_Paypal_IPN_Handler extends WC_Gateway_Paypal_Response { // Post back to get a response. $response = wp_safe_remote_post( $this->sandbox ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr', $params ); - WC_Gateway_Paypal::log( 'IPN Request: ' . wc_print_r( $params, true ) ); WC_Gateway_Paypal::log( 'IPN Response: ' . wc_print_r( $response, true ) ); // Check to see if the request was valid. if ( ! is_wp_error( $response ) && $response['response']['code'] >= 200 && $response['response']['code'] < 300 && strstr( $response['body'], 'VERIFIED' ) ) { - WC_Gateway_Paypal::log( 'Received valid response from PayPal' ); + WC_Gateway_Paypal::log( 'Received valid response from PayPal IPN' ); return true; } - WC_Gateway_Paypal::log( 'Received invalid response from PayPal' ); + WC_Gateway_Paypal::log( 'Received invalid response from PayPal IPN' ); if ( is_wp_error( $response ) ) { WC_Gateway_Paypal::log( 'Error response: ' . $response->get_error_message() ); @@ -347,15 +346,6 @@ class WC_Gateway_Paypal_IPN_Handler extends WC_Gateway_Paypal_Response { * @param array $posted Posted data. */ protected function save_paypal_meta_data( $order, $posted ) { - if ( ! empty( $posted['payer_email'] ) ) { - update_post_meta( $order->get_id(), 'Payer PayPal address', wc_clean( $posted['payer_email'] ) ); - } - if ( ! empty( $posted['first_name'] ) ) { - update_post_meta( $order->get_id(), 'Payer first name', wc_clean( $posted['first_name'] ) ); - } - if ( ! empty( $posted['last_name'] ) ) { - update_post_meta( $order->get_id(), 'Payer last name', wc_clean( $posted['last_name'] ) ); - } if ( ! empty( $posted['payment_type'] ) ) { update_post_meta( $order->get_id(), 'Payment type', wc_clean( $posted['payment_type'] ) ); } diff --git a/includes/gateways/paypal/includes/class-wc-gateway-paypal-pdt-handler.php b/includes/gateways/paypal/includes/class-wc-gateway-paypal-pdt-handler.php index 24d119b1c8f..051d071165c 100644 --- a/includes/gateways/paypal/includes/class-wc-gateway-paypal-pdt-handler.php +++ b/includes/gateways/paypal/includes/class-wc-gateway-paypal-pdt-handler.php @@ -83,16 +83,15 @@ class WC_Gateway_Paypal_PDT_Handler extends WC_Gateway_Paypal_Response { * Check Response for PDT. */ public function check_response() { - if ( empty( $_REQUEST['cm'] ) || empty( $_REQUEST['tx'] ) || empty( $_REQUEST['st'] ) ) { + if ( empty( $_REQUEST['cm'] ) || empty( $_REQUEST['tx'] ) || empty( $_REQUEST['st'] ) ) { // WPCS: Input var ok, CSRF ok, sanitization ok. return; } - $order_id = wc_clean( wp_unslash( $_REQUEST['cm'] ) ); - $status = wc_clean( strtolower( wp_unslash( $_REQUEST['st'] ) ) ); // phpcs:ignore WordPress.VIP.ValidatedSanitizedInput.InputNotSanitized - $amount = wc_clean( wp_unslash( $_REQUEST['amt'] ) ); // phpcs:ignore WordPress.VIP.ValidatedSanitizedInput.InputNotValidated - $transaction = wc_clean( wp_unslash( $_REQUEST['tx'] ) ); - - $order = $this->get_paypal_order( $order_id ); + $order_id = wc_clean( wp_unslash( $_REQUEST['cm'] ) ); // WPCS: input var ok, CSRF ok, sanitization ok. + $status = wc_clean( strtolower( wp_unslash( $_REQUEST['st'] ) ) ); // WPCS: input var ok, CSRF ok, sanitization ok. + $amount = wc_clean( wp_unslash( $_REQUEST['amt'] ) ); // WPCS: input var ok, CSRF ok, sanitization ok. + $transaction = wc_clean( wp_unslash( $_REQUEST['tx'] ) ); // WPCS: input var ok, CSRF ok, sanitization ok. + $order = $this->get_paypal_order( $order_id ); if ( ! $order || ! $order->has_status( 'pending' ) ) { return false; @@ -101,7 +100,7 @@ class WC_Gateway_Paypal_PDT_Handler extends WC_Gateway_Paypal_Response { $transaction_result = $this->validate_transaction( $transaction ); if ( $transaction_result ) { - WC_Gateway_Paypal::log( 'PDT Transaction Result: ' . wc_print_r( $transaction_result, true ) ); + WC_Gateway_Paypal::log( 'PDT Transaction Status: ' . wc_print_r( $status, true ) ); update_post_meta( $order->get_id(), '_paypal_status', $status ); update_post_meta( $order->get_id(), '_transaction_id', $transaction ); @@ -114,19 +113,10 @@ class WC_Gateway_Paypal_PDT_Handler extends WC_Gateway_Paypal_Response { } else { $this->payment_complete( $order, $transaction, __( 'PDT payment completed', 'woocommerce' ) ); - // Log paypal transaction fee and other meta data. + // Log paypal transaction fee and payment type. if ( ! empty( $transaction_result['mc_fee'] ) ) { update_post_meta( $order->get_id(), 'PayPal Transaction Fee', $transaction_result['mc_fee'] ); } - if ( ! empty( $transaction_result['payer_email'] ) ) { - update_post_meta( $order->get_id(), 'Payer PayPal address', $transaction_result['payer_email'] ); - } - if ( ! empty( $transaction_result['first_name'] ) ) { - update_post_meta( $order->get_id(), 'Payer first name', $transaction_result['first_name'] ); - } - if ( ! empty( $transaction_result['last_name'] ) ) { - update_post_meta( $order->get_id(), 'Payer last name', $transaction_result['last_name'] ); - } if ( ! empty( $transaction_result['payment_type'] ) ) { update_post_meta( $order->get_id(), 'Payment type', $transaction_result['payment_type'] ); }