This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Personal data erasers. |
||
4 | * |
||
5 | * @since 3.4.0 |
||
6 | * @package WooCommerce\Classes |
||
7 | */ |
||
8 | |||
9 | defined( 'ABSPATH' ) || exit; |
||
10 | |||
11 | /** |
||
12 | * WC_Privacy_Erasers Class. |
||
13 | */ |
||
14 | class WC_Privacy_Erasers { |
||
15 | /** |
||
16 | * Finds and erases customer data by email address. |
||
17 | * |
||
18 | * @since 3.4.0 |
||
19 | * @param string $email_address The user email address. |
||
20 | * @param int $page Page. |
||
21 | * @return array An array of personal data in name value pairs |
||
22 | */ |
||
23 | public static function customer_data_eraser( $email_address, $page ) { |
||
24 | $response = array( |
||
25 | 'items_removed' => false, |
||
26 | 'items_retained' => false, |
||
27 | 'messages' => array(), |
||
28 | 'done' => true, |
||
29 | ); |
||
30 | |||
31 | $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. |
||
32 | |||
33 | if ( ! $user instanceof WP_User ) { |
||
34 | return $response; |
||
35 | } |
||
36 | |||
37 | $customer = new WC_Customer( $user->ID ); |
||
38 | |||
39 | if ( ! $customer ) { |
||
40 | return $response; |
||
41 | } |
||
42 | |||
43 | $props_to_erase = apply_filters( 'woocommerce_privacy_erase_customer_personal_data_props', array( |
||
44 | 'billing_first_name' => __( 'Billing First Name', 'woocommerce' ), |
||
45 | 'billing_last_name' => __( 'Billing Last Name', 'woocommerce' ), |
||
46 | 'billing_company' => __( 'Billing Company', 'woocommerce' ), |
||
47 | 'billing_address_1' => __( 'Billing Address 1', 'woocommerce' ), |
||
48 | 'billing_address_2' => __( 'Billing Address 2', 'woocommerce' ), |
||
49 | 'billing_city' => __( 'Billing City', 'woocommerce' ), |
||
50 | 'billing_postcode' => __( 'Billing Postal/Zip Code', 'woocommerce' ), |
||
51 | 'billing_state' => __( 'Billing State', 'woocommerce' ), |
||
52 | 'billing_country' => __( 'Billing Country', 'woocommerce' ), |
||
53 | 'billing_phone' => __( 'Phone Number', 'woocommerce' ), |
||
54 | 'billing_email' => __( 'Email Address', 'woocommerce' ), |
||
55 | 'shipping_first_name' => __( 'Shipping First Name', 'woocommerce' ), |
||
56 | 'shipping_last_name' => __( 'Shipping Last Name', 'woocommerce' ), |
||
57 | 'shipping_company' => __( 'Shipping Company', 'woocommerce' ), |
||
58 | 'shipping_address_1' => __( 'Shipping Address 1', 'woocommerce' ), |
||
59 | 'shipping_address_2' => __( 'Shipping Address 2', 'woocommerce' ), |
||
60 | 'shipping_city' => __( 'Shipping City', 'woocommerce' ), |
||
61 | 'shipping_postcode' => __( 'Shipping Postal/Zip Code', 'woocommerce' ), |
||
62 | 'shipping_state' => __( 'Shipping State', 'woocommerce' ), |
||
63 | 'shipping_country' => __( 'Shipping Country', 'woocommerce' ), |
||
64 | ), $customer ); |
||
65 | |||
66 | foreach ( $props_to_erase as $prop => $label ) { |
||
67 | $erased = false; |
||
68 | |||
69 | if ( is_callable( array( $customer, 'get_' . $prop ) ) && is_callable( array( $customer, 'set_' . $prop ) ) ) { |
||
70 | $value = $customer->{"get_$prop"}( 'edit' ); |
||
71 | |||
72 | if ( $value ) { |
||
73 | $customer->{"set_$prop"}( '' ); |
||
74 | $erased = true; |
||
75 | } |
||
76 | } |
||
77 | |||
78 | $erased = apply_filters( 'woocommerce_privacy_erase_customer_personal_data_prop', $erased, $prop, $customer ); |
||
79 | |||
80 | View Code Duplication | if ( $erased ) { |
|
81 | /* Translators: %s Prop name. */ |
||
82 | $response['messages'][] = sprintf( __( 'Removed customer "%s"', 'woocommerce' ), $label ); |
||
83 | $response['items_removed'] = true; |
||
84 | } |
||
85 | } |
||
86 | |||
87 | $customer->save(); |
||
88 | |||
89 | /** |
||
90 | * Allow extensions to remove data for this customer and adjust the response. |
||
91 | * |
||
92 | * @since 3.4.0 |
||
93 | * @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done. |
||
94 | * @param WC_Order $order A customer object. |
||
95 | */ |
||
96 | return apply_filters( 'woocommerce_privacy_erase_personal_data_customer', $response, $customer ); |
||
97 | } |
||
98 | |||
99 | /** |
||
100 | * Finds and erases data which could be used to identify a person from WooCommerce data assocated with an email address. |
||
101 | * |
||
102 | * Orders are erased in blocks of 10 to avoid timeouts. |
||
103 | * |
||
104 | * @since 3.4.0 |
||
105 | * @param string $email_address The user email address. |
||
106 | * @param int $page Page. |
||
107 | * @return array An array of personal data in name value pairs |
||
108 | */ |
||
109 | public static function order_data_eraser( $email_address, $page ) { |
||
110 | $page = (int) $page; |
||
111 | $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. |
||
112 | $erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_order_data', 'no' ) ); |
||
113 | $response = array( |
||
114 | 'items_removed' => false, |
||
115 | 'items_retained' => false, |
||
116 | 'messages' => array(), |
||
117 | 'done' => true, |
||
118 | ); |
||
119 | |||
120 | $order_query = array( |
||
121 | 'limit' => 10, |
||
122 | 'page' => $page, |
||
123 | 'customer' => array( $email_address ), |
||
124 | ); |
||
125 | |||
126 | if ( $user instanceof WP_User ) { |
||
127 | $order_query['customer'][] = (int) $user->ID; |
||
128 | } |
||
129 | |||
130 | $orders = wc_get_orders( $order_query ); |
||
131 | |||
132 | if ( 0 < count( $orders ) ) { |
||
133 | foreach ( $orders as $order ) { |
||
134 | if ( apply_filters( 'woocommerce_privacy_erase_order_personal_data', $erasure_enabled, $order ) ) { |
||
135 | self::remove_order_personal_data( $order ); |
||
136 | |||
137 | /* Translators: %s Order number. */ |
||
138 | $response['messages'][] = sprintf( __( 'Removed personal data from order %s.', 'woocommerce' ), $order->get_order_number() ); |
||
139 | $response['items_removed'] = true; |
||
140 | View Code Duplication | } else { |
|
141 | /* Translators: %s Order number. */ |
||
142 | $response['messages'][] = sprintf( __( 'Personal data within order %s has been retained.', 'woocommerce' ), $order->get_order_number() ); |
||
143 | $response['items_retained'] = true; |
||
144 | } |
||
145 | } |
||
146 | $response['done'] = 10 > count( $orders ); |
||
147 | } else { |
||
148 | $response['done'] = true; |
||
149 | } |
||
150 | |||
151 | return $response; |
||
152 | } |
||
153 | |||
154 | /** |
||
155 | * Finds and removes customer download logs by email address. |
||
156 | * |
||
157 | * @since 3.4.0 |
||
158 | * @param string $email_address The user email address. |
||
159 | * @param int $page Page. |
||
160 | * @return array An array of personal data in name value pairs |
||
161 | */ |
||
162 | public static function download_data_eraser( $email_address, $page ) { |
||
163 | $page = (int) $page; |
||
164 | $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. |
||
165 | $erasure_enabled = wc_string_to_bool( get_option( 'woocommerce_erasure_request_removes_download_data', 'no' ) ); |
||
166 | $response = array( |
||
167 | 'items_removed' => false, |
||
168 | 'items_retained' => false, |
||
169 | 'messages' => array(), |
||
170 | 'done' => true, |
||
171 | ); |
||
172 | |||
173 | $downloads_query = array( |
||
174 | 'limit' => -1, |
||
175 | 'page' => $page, |
||
176 | 'return' => 'ids', |
||
177 | ); |
||
178 | |||
179 | View Code Duplication | if ( $user instanceof WP_User ) { |
|
180 | $downloads_query['user_id'] = (int) $user->ID; |
||
181 | } else { |
||
182 | $downloads_query['user_email'] = $email_address; |
||
183 | } |
||
184 | |||
185 | $customer_download_data_store = WC_Data_Store::load( 'customer-download' ); |
||
186 | |||
187 | // Revoke download permissions. |
||
188 | if ( apply_filters( 'woocommerce_privacy_erase_download_personal_data', $erasure_enabled, $email_address ) ) { |
||
189 | if ( $user instanceof WP_User ) { |
||
190 | $result = $customer_download_data_store->delete_by_user_id( (int) $user->ID ); |
||
191 | } else { |
||
192 | $result = $customer_download_data_store->delete_by_user_email( $email_address ); |
||
193 | } |
||
194 | View Code Duplication | if ( $result ) { |
|
195 | $response['messages'][] = __( 'Removed access to downloadable files.', 'woocommerce' ); |
||
196 | $response['items_removed'] = true; |
||
197 | } |
||
198 | View Code Duplication | } else { |
|
199 | $response['messages'][] = __( 'Customer download permissions have been retained.', 'woocommerce' ); |
||
200 | $response['items_retained'] = true; |
||
201 | } |
||
202 | |||
203 | return $response; |
||
204 | } |
||
205 | |||
206 | /** |
||
207 | * Remove personal data specific to WooCommerce from an order object. |
||
208 | * |
||
209 | * Note; this will hinder order processing for obvious reasons! |
||
210 | * |
||
211 | * @param WC_Order $order Order object. |
||
212 | */ |
||
213 | public static function remove_order_personal_data( $order ) { |
||
214 | $anonymized_data = array(); |
||
215 | |||
216 | /** |
||
217 | * Allow extensions to remove their own personal data for this order first, so order data is still available. |
||
218 | * |
||
219 | * @since 3.4.0 |
||
220 | * @param WC_Order $order A customer object. |
||
221 | */ |
||
222 | do_action( 'woocommerce_privacy_before_remove_order_personal_data', $order ); |
||
223 | |||
224 | /** |
||
225 | * Expose props and data types we'll be anonymizing. |
||
226 | * |
||
227 | * @since 3.4.0 |
||
228 | * @param array $props Keys are the prop names, values are the data type we'll be passing to wp_privacy_anonymize_data(). |
||
229 | * @param WC_Order $order A customer object. |
||
230 | */ |
||
231 | $props_to_remove = apply_filters( 'woocommerce_privacy_remove_order_personal_data_props', array( |
||
232 | 'customer_ip_address' => 'ip', |
||
233 | 'customer_user_agent' => 'text', |
||
234 | 'billing_first_name' => 'text', |
||
235 | 'billing_last_name' => 'text', |
||
236 | 'billing_company' => 'text', |
||
237 | 'billing_address_1' => 'text', |
||
238 | 'billing_address_2' => 'text', |
||
239 | 'billing_city' => 'text', |
||
240 | 'billing_postcode' => 'text', |
||
241 | 'billing_state' => 'address_state', |
||
242 | 'billing_country' => 'address_country', |
||
243 | 'billing_phone' => 'phone', |
||
244 | 'billing_email' => 'email', |
||
245 | 'shipping_first_name' => 'text', |
||
246 | 'shipping_last_name' => 'text', |
||
247 | 'shipping_company' => 'text', |
||
248 | 'shipping_address_1' => 'text', |
||
249 | 'shipping_address_2' => 'text', |
||
250 | 'shipping_city' => 'text', |
||
251 | 'shipping_postcode' => 'text', |
||
252 | 'shipping_state' => 'address_state', |
||
253 | 'shipping_country' => 'address_country', |
||
254 | 'customer_id' => 'numeric_id', |
||
255 | 'transaction_id' => 'numeric_id', |
||
256 | ), $order ); |
||
257 | |||
258 | if ( ! empty( $props_to_remove ) && is_array( $props_to_remove ) ) { |
||
259 | foreach ( $props_to_remove as $prop => $data_type ) { |
||
260 | // Get the current value in edit context. |
||
261 | $value = $order->{"get_$prop"}( 'edit' ); |
||
262 | |||
263 | // If the value is empty, it does not need to be anonymized. |
||
264 | if ( empty( $value ) || empty( $data_type ) ) { |
||
265 | continue; |
||
266 | } |
||
267 | |||
268 | $anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : ''; |
||
269 | |||
270 | /** |
||
271 | * Expose a way to control the anonymized value of a prop via 3rd party code. |
||
272 | * |
||
273 | * @since 3.4.0 |
||
274 | * @param string $anon_value Value of this prop after anonymization. |
||
275 | * @param string $prop Name of the prop being removed. |
||
276 | * @param string $value Current value of the data. |
||
277 | * @param string $data_type Type of data. |
||
278 | * @param WC_Order $order An order object. |
||
279 | */ |
||
280 | $anonymized_data[ $prop ] = apply_filters( 'woocommerce_privacy_remove_order_personal_data_prop_value', $anon_value, $prop, $value, $data_type, $order ); |
||
281 | } |
||
282 | } |
||
283 | |||
284 | // Set all new props and persist the new data to the database. |
||
285 | $order->set_props( $anonymized_data ); |
||
286 | |||
287 | // Remove meta data. |
||
288 | $meta_to_remove = apply_filters( 'woocommerce_privacy_remove_order_personal_data_meta', array( |
||
289 | 'Payer first name' => 'text', |
||
290 | 'Payer last name' => 'text', |
||
291 | 'Payer PayPal address' => 'email', |
||
292 | 'Transaction ID' => 'numeric_id', |
||
293 | ) ); |
||
294 | |||
295 | if ( ! empty( $meta_to_remove ) && is_array( $meta_to_remove ) ) { |
||
296 | foreach ( $meta_to_remove as $meta_key => $data_type ) { |
||
297 | $value = $order->get_meta( $meta_key ); |
||
298 | |||
299 | // If the value is empty, it does not need to be anonymized. |
||
300 | if ( empty( $value ) || empty( $data_type ) ) { |
||
301 | continue; |
||
302 | } |
||
303 | |||
304 | $anon_value = function_exists( 'wp_privacy_anonymize_data' ) ? wp_privacy_anonymize_data( $data_type, $value ) : ''; |
||
305 | |||
306 | /** |
||
307 | * Expose a way to control the anonymized value of a value via 3rd party code. |
||
308 | * |
||
309 | * @since 3.4.0 |
||
310 | * @param string $anon_value Value of this data after anonymization. |
||
311 | * @param string $prop meta_key key being removed. |
||
312 | * @param string $value Current value of the data. |
||
313 | * @param string $data_type Type of data. |
||
314 | * @param WC_Order $order An order object. |
||
315 | */ |
||
316 | $anon_value = apply_filters( 'woocommerce_privacy_remove_order_personal_data_meta_value', $anon_value, $meta_key, $value, $data_type, $order ); |
||
317 | |||
318 | if ( $anon_value ) { |
||
319 | $order->update_meta_data( $meta_key, $anon_value ); |
||
320 | } else { |
||
321 | $order->delete_meta_data( $meta_key ); |
||
322 | } |
||
323 | } |
||
324 | } |
||
325 | |||
326 | $order->update_meta_data( '_anonymized', 'yes' ); |
||
327 | $order->save(); |
||
328 | |||
329 | // Delete order notes which can contain PII. |
||
330 | $notes = wc_get_order_notes( array( |
||
331 | 'order_id' => $order->get_id(), |
||
332 | ) ); |
||
333 | |||
334 | foreach ( $notes as $note ) { |
||
335 | wc_delete_order_note( $note->id ); |
||
336 | } |
||
337 | |||
338 | // Add note that this event occured. |
||
339 | $order->add_order_note( __( 'Personal data removed.', 'woocommerce' ) ); |
||
340 | |||
341 | /** |
||
342 | * Allow extensions to remove their own personal data for this order. |
||
343 | * |
||
344 | * @since 3.4.0 |
||
345 | * @param WC_Order $order A customer object. |
||
346 | */ |
||
347 | do_action( 'woocommerce_privacy_remove_order_personal_data', $order ); |
||
348 | } |
||
349 | |||
350 | /** |
||
351 | * Finds and erases customer tokens by email address. |
||
352 | * |
||
353 | * @since 3.4.0 |
||
354 | * @param string $email_address The user email address. |
||
355 | * @param int $page Page. |
||
356 | * @return array An array of personal data in name value pairs |
||
357 | */ |
||
358 | public static function customer_tokens_eraser( $email_address, $page ) { |
||
0 ignored issues
–
show
|
|||
359 | $response = array( |
||
360 | 'items_removed' => false, |
||
361 | 'items_retained' => false, |
||
362 | 'messages' => array(), |
||
363 | 'done' => true, |
||
364 | ); |
||
365 | |||
366 | $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. |
||
367 | |||
368 | if ( ! $user instanceof WP_User ) { |
||
0 ignored issues
–
show
The class
WP_User does not exist. Did you forget a USE statement, or did you not list all dependencies?
This error could be the result of: 1. Missing dependenciesPHP Analyzer uses your Are you sure this class is defined by one of your dependencies, or did you maybe
not list a dependency in either the 2. Missing use statementPHP does not complain about undefined classes in if ($x instanceof DoesNotExist) {
// Do something.
}
If you have not tested against this specific condition, such errors might go unnoticed.
Loading history...
|
|||
369 | return $response; |
||
370 | } |
||
371 | |||
372 | $tokens = WC_Payment_Tokens::get_tokens( array( |
||
373 | 'user_id' => $user->ID, |
||
374 | ) ); |
||
375 | |||
376 | if ( empty( $tokens ) ) { |
||
377 | return $response; |
||
378 | } |
||
379 | |||
380 | foreach ( $tokens as $token ) { |
||
381 | WC_Payment_Tokens::delete( $token->get_id() ); |
||
382 | |||
383 | /* Translators: %s Prop name. */ |
||
384 | $response['messages'][] = sprintf( __( 'Removed payment token "%d"', 'woocommerce' ), $token->get_id() ); |
||
385 | $response['items_removed'] = true; |
||
386 | } |
||
387 | |||
388 | /** |
||
389 | * Allow extensions to remove data for tokens and adjust the response. |
||
390 | * |
||
391 | * @since 3.4.0 |
||
392 | * @param array $response Array resonse data. Must include messages, num_items_removed, num_items_retained, done. |
||
393 | * @param array $tokens Array of tokens. |
||
394 | */ |
||
395 | return apply_filters( 'woocommerce_privacy_erase_personal_data_tokens', $response, $tokens ); |
||
396 | } |
||
397 | } |
||
398 |
This check looks from parameters that have been defined for a function or method, but which are not used in the method body.