From 6c6d2b995b729aac373b9200db6a48338531180d Mon Sep 17 00:00:00 2001 From: Bernat Date: Wed, 25 Jan 2023 16:22:12 +0100 Subject: [PATCH 1/6] Remove 'wp_ajax_safety_net_anonymize_users' hook & fix some phpcs --- includes/admin.php | 104 ++++++++++++++++++++++++--------------------- 1 file changed, 56 insertions(+), 48 deletions(-) diff --git a/includes/admin.php b/includes/admin.php index f4f6f09..2403fbb 100644 --- a/includes/admin.php +++ b/includes/admin.php @@ -15,14 +15,13 @@ * * @return void */ -function add_admin_hooks(){ +function add_admin_hooks() { if ( true !== apply_filters( 'safety_net_hide_admin', false ) ) { // Skip the admin page and options if the `safety_net_hide_admin` filter returns true. add_action( 'admin_enqueue_scripts', __NAMESPACE__ . '\enqueue_scripts' ); add_action( 'admin_menu', __NAMESPACE__ . '\create_options_menu' ); add_action( 'admin_init', __NAMESPACE__ . '\settings_init' ); - add_action( 'wp_ajax_safety_net_anonymize_users', __NAMESPACE__ . '\handle_ajax_anonymize_users' ); add_action( 'wp_ajax_safety_net_scrub_options', __NAMESPACE__ . '\handle_ajax_scrub_options' ); add_action( 'wp_ajax_safety_net_deactivate_plugins', __NAMESPACE__ . '\handle_ajax_deactivate_plugins' ); add_action( 'wp_ajax_safety_net_delete_users', __NAMESPACE__ . '\handle_ajax_delete_users' ); @@ -45,14 +44,14 @@ function enqueue_scripts( string $hook_suffix ) { return; } - wp_enqueue_script( 'safety-net-admin', SAFETY_NET_URL . 'assets/js/safety-net-admin.js', [ 'jquery' ], '1.0', true ); + wp_enqueue_script( 'safety-net-admin', SAFETY_NET_URL . 'assets/js/safety-net-admin.js', array( 'jquery' ), '1.0', true ); wp_localize_script( 'safety-net-admin', 'safety_net_params', - [ + array( 'ajax_url' => admin_url( 'admin-ajax.php' ), - ] + ) ); wp_enqueue_style( 'safety-net-admin-style', SAFETY_NET_URL . 'assets/css/admin.css', array(), '0.0' ); @@ -100,12 +99,12 @@ function settings_init() { __NAMESPACE__ . '\render_field', 'safety_net_options', 'safety_net_option', - [ - 'type' => 'button', - 'id' => 'safety-net-scrub-options', + array( + 'type' => 'button', + 'id' => 'safety-net-scrub-options', 'button_text' => esc_html__( 'Scrub Options', 'safety-net' ), 'description' => esc_html__( 'Clears specific denylisted options, such as API keys, which could cause problems on a development site.', 'safety-net' ), - ] + ) ); add_settings_field( @@ -114,12 +113,12 @@ function settings_init() { __NAMESPACE__ . '\render_field', 'safety_net_options', 'safety_net_option', - [ - 'type' => 'button', - 'id' => 'safety-net-deactivate-plugins', + array( + 'type' => 'button', + 'id' => 'safety-net-deactivate-plugins', 'button_text' => esc_html__( 'Deactivate Plugins', 'safety-net' ), 'description' => esc_html__( 'Deactivates a handful of denylisted plugins. Also, runs through installed Woo payment gateways and deactivates them (deactivates the actual plugin, not from the checkout settings).', 'safety-net' ), - ] + ) ); add_settings_field( @@ -128,12 +127,12 @@ function settings_init() { __NAMESPACE__ . '\render_field', 'safety_net_options', 'safety_net_option', - [ - 'type' => 'button', - 'id' => 'safety-net-delete-users', + array( + 'type' => 'button', + 'id' => 'safety-net-delete-users', 'button_text' => esc_html__( 'Delete', 'safety-net' ), 'description' => esc_html__( 'Deletes all non-admin users, as well as WooCommerce orders and subscriptions.', 'safety-net' ), - ] + ) ); add_settings_field( @@ -158,27 +157,29 @@ function settings_init() { * * @return void */ -function render_field( array $args = [] ) { +function render_field( array $args = array() ) { if ( ! isset( $args['type'] ) ) { return; } ?> - - /> + $checked = ' checked="checked" '; + } + ?> + /> - -

+ +

+ do_settings_sections( 'safety_net_options' ); + ?>
- true, 'message' => esc_html__( 'You can not run these tools on a production site. Please set the environment type correctly.' ), - ] + ) ); die(); } // Permissions and security checks. check_the_permissions(); - check_the_nonce( $_POST['nonce'],'safety-net-scrub-options' ); + check_the_nonce( $_POST['nonce'], 'safety-net-scrub-options' ); // Checks passed. Scrub the options. scrub_options(); // Send the AJAX response. echo json_encode( - [ + array( 'success' => true, 'message' => esc_html__( 'Options have been scrubbed.' ), - ] + ) ); die(); @@ -261,27 +264,27 @@ function handle_ajax_deactivate_plugins() { if ( is_production() ) { // Send an AJAX warning. echo json_encode( - [ + array( 'warning' => true, 'message' => esc_html__( 'You can not run these tools on a production site. Please set the environment type correctly.' ), - ] + ) ); die(); } // Permissions and security checks. check_the_permissions(); - check_the_nonce( $_POST['nonce'],'safety-net-deactivate-plugins' ); + check_the_nonce( $_POST['nonce'], 'safety-net-deactivate-plugins' ); // Checks passed. Scrub the options. deactivate_plugins(); // Send the AJAX response. echo json_encode( - [ + array( 'success' => true, 'message' => esc_html__( 'Plugins have been deactivated.' ), - ] + ) ); die(); @@ -298,10 +301,10 @@ function handle_ajax_delete_users() { if ( is_production() ) { // Send an AJAX warning. echo json_encode( - [ + array( 'warning' => true, 'message' => esc_html__( 'You can not run these tools on a production site. Please set the environment type correctly.' ), - ] + ) ); die(); } @@ -314,10 +317,10 @@ function handle_ajax_delete_users() { delete_users_and_orders(); echo json_encode( - [ + array( 'success' => true, 'message' => esc_html__( 'Users, orders, and subscriptions have been successfully deleted!' ), - ] + ) ); die(); @@ -331,10 +334,10 @@ function handle_ajax_delete_users() { function check_the_permissions() { if ( ! current_user_can( 'manage_options' ) ) { echo json_encode( - [ + array( 'success' => false, 'message' => esc_html__( 'You do not have permission to do that.' ), - ] + ) ); die(); @@ -352,10 +355,10 @@ function check_the_permissions() { function check_the_nonce( string $nonce, $action ) { if ( ! wp_verify_nonce( $nonce, $action ) ) { echo json_encode( - [ + array( 'success' => false, 'message' => esc_html__( 'Security check failed. Refresh the page and try again.' ), - ] + ) ); die(); @@ -383,9 +386,14 @@ function add_action_links( $actions ) { function pause_renewal_actions() { if ( 'on' === get_option( 'safety_net_pause_renewal_actions_toggle' ) ) { require_once __DIR__ . '/classes/class-actionscheduler-custom-dbstore.php'; - add_filter( 'action_scheduler_store_class', function( $class ) { - return 'SafetyNet\ActionScheduler_Custom_DBStore'; - }, 101, 1 ); + add_filter( + 'action_scheduler_store_class', + function( $class ) { + return 'SafetyNet\ActionScheduler_Custom_DBStore'; + }, + 101, + 1 + ); } } From 3cc90d15d3efa32bfb4bc1fb9c9bad76d6a27367 Mon Sep 17 00:00:00 2001 From: Bernat Date: Wed, 25 Jan 2023 16:25:44 +0100 Subject: [PATCH 2/6] Moved DB operations into new functions --- includes/anonymize.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/includes/anonymize.php b/includes/anonymize.php index a52b5cd..085f0c3 100644 --- a/includes/anonymize.php +++ b/includes/anonymize.php @@ -13,6 +13,22 @@ * @return void */ function anonymize_data() { + + copy_and_clear_user_tables(); + + dispatch_anonymize_users(); + + dispatch_anonymize_orders(); + + dispatch_anonymize_customers(); +} + +/** + * Copy the user and user_meta tables to new temporary tables and delete all the non-admin data from the original tables. + * + * @return void + */ +function copy_and_clear_user_tables() { global $wpdb; // Copy user table to a temporary table that will be anonymized later. @@ -36,6 +52,20 @@ function anonymize_data() { dispatch_anonymize_customers(); } +/** + * Move all the anonymized users and their meta from the temp table to the real ones and remove the temp tables. + * + * @return void + */ +function store_anonymized_user_data() { + global $wpdb; + + $wpdb->query( "INSERT INTO $wpdb->users (SELECT * FROM {$wpdb->users}_temp WHERE id NOT IN (SELECT ID FROM $wpdb->users))" ); + $wpdb->query( "DROP TABLE {$wpdb->users}_temp" ); + $wpdb->query( "INSERT INTO $wpdb->usermeta (SELECT * FROM {$wpdb->usermeta}_temp WHERE user_id NOT IN (SELECT user_id FROM $wpdb->usermeta))" ); + $wpdb->query( "DROP TABLE {$wpdb->usermeta}_temp" ); +} + /** * Dispatches a background process to anonymize users. */ From 573a44da26be1644f66b1c27a3cf4360cccc0284 Mon Sep 17 00:00:00 2001 From: Bernat Date: Wed, 25 Jan 2023 16:27:35 +0100 Subject: [PATCH 3/6] Moved DB operations to store_anonymized_user_data fnc --- includes/classes/background-anonymize-user.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/includes/classes/background-anonymize-user.php b/includes/classes/background-anonymize-user.php index 04a241b..f6a31ab 100644 --- a/includes/classes/background-anonymize-user.php +++ b/includes/classes/background-anonymize-user.php @@ -8,6 +8,7 @@ namespace SafetyNet; use function SafetyNet\Anonymize\anonymize_users; +use function SafetyNet\Anonymize\store_anonymized_user_data; /** * Background Anonymize User class @@ -51,10 +52,8 @@ protected function complete() { // Have to call complete function in the parent's class. parent::complete(); - $wpdb->query( "INSERT INTO $wpdb->users (SELECT * FROM {$wpdb->users}_temp WHERE id NOT IN (SELECT ID FROM $wpdb->users))" ); - $wpdb->query( "DROP TABLE {$wpdb->users}_temp" ); - $wpdb->query( "INSERT INTO $wpdb->usermeta (SELECT * FROM {$wpdb->usermeta}_temp WHERE user_id NOT IN (SELECT user_id FROM $wpdb->usermeta))" ); - $wpdb->query( "DROP TABLE {$wpdb->usermeta}_temp" ); + // Store the anonymized users to the default tables. + store_anonymized_user_data(); // Flush the cache. wp_cache_flush(); From 5a36139712b417bafb45549b9b309b0daef54c6a Mon Sep 17 00:00:00 2001 From: Bernat Date: Wed, 25 Jan 2023 16:30:20 +0100 Subject: [PATCH 4/6] Create and delete the tmp tables before anonymizing --- includes/cli/anonymize.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/includes/cli/anonymize.php b/includes/cli/anonymize.php index 3a03a94..d37003a 100644 --- a/includes/cli/anonymize.php +++ b/includes/cli/anonymize.php @@ -1,6 +1,8 @@ Date: Wed, 25 Jan 2023 16:31:02 +0100 Subject: [PATCH 5/6] Add feedback lines and ask for confirmation --- includes/cli/anonymize.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/includes/cli/anonymize.php b/includes/cli/anonymize.php index d37003a..6f6e765 100644 --- a/includes/cli/anonymize.php +++ b/includes/cli/anonymize.php @@ -22,14 +22,26 @@ class SafetyNet_CLI extends WP_CLI_Command { */ public function anonymize( $args ) { + $info = WP_CLI::colorize( '%pThis process will anonymize your current users, orders and customers with dummy data.%n ' ); + WP_CLI::log( $info ); + + WP_CLI::warning( 'Please proceed with caution if you have a site with a large number of users/orders/customers' ); + + WP_CLI::confirm( 'Are you sure you want to do this?' ); + + WP_CLI::log( '- Copying users to temporary tables ...' ); copy_and_clear_user_tables(); + WP_CLI::log( '- Anonymizing users ... ' ); anonymize_users(); + WP_CLI::log( '- Storing the anonymized users to the default tables ... ' ); store_anonymized_user_data(); + WP_CLI::log( '- Anonymizing orders ... ' ); anonymize_orders(); + WP_CLI::log( '- Anonymizing customers ... ' ); anonymize_customers(); update_option( 'anonymized_status', true, false ); From 349e9a700931129b9e65938ae226ee95ab6e3d7c Mon Sep 17 00:00:00 2001 From: Bernat Date: Tue, 7 Mar 2023 12:31:42 +0100 Subject: [PATCH 6/6] Added script versioning (filetime) --- includes/admin.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/includes/admin.php b/includes/admin.php index 2403fbb..5111a4c 100644 --- a/includes/admin.php +++ b/includes/admin.php @@ -44,7 +44,8 @@ function enqueue_scripts( string $hook_suffix ) { return; } - wp_enqueue_script( 'safety-net-admin', SAFETY_NET_URL . 'assets/js/safety-net-admin.js', array( 'jquery' ), '1.0', true ); + $admin_script_path = SAFETY_NET_URL . 'assets/js/safety-net-admin.js'; + wp_enqueue_script( 'safety-net-admin', $admin_script_path, array( 'jquery' ), filemtime( $admin_script_path ), true ); wp_localize_script( 'safety-net-admin',