Edit File by line
/home/barbar84/www/wp-conte.../plugins/ninja-fo.../includes/Admin
File: UserDataRequests.php
<?php if ( ! defined( 'ABSPATH' ) ) exit;
[0] Fix | Delete
[1] Fix | Delete
class NF_Admin_UserDataRequests {
[2] Fix | Delete
[3] Fix | Delete
/**
[4] Fix | Delete
* @var array
[5] Fix | Delete
*/
[6] Fix | Delete
protected $ignored_field_types = array (
[7] Fix | Delete
'html',
[8] Fix | Delete
'submit',
[9] Fix | Delete
'hr',
[10] Fix | Delete
'recaptcha',
[11] Fix | Delete
'spam',
[12] Fix | Delete
'creditcard',
[13] Fix | Delete
'creditcardcvc',
[14] Fix | Delete
'creditcardexpiration',
[15] Fix | Delete
'creditcardfullname',
[16] Fix | Delete
'creditcardnumber',
[17] Fix | Delete
'creditcardzip'
[18] Fix | Delete
);
[19] Fix | Delete
[20] Fix | Delete
/**
[21] Fix | Delete
* @var WP_User
[22] Fix | Delete
*/
[23] Fix | Delete
protected $user;
[24] Fix | Delete
[25] Fix | Delete
/**
[26] Fix | Delete
* @var string
[27] Fix | Delete
*/
[28] Fix | Delete
protected $request_email;
[29] Fix | Delete
[30] Fix | Delete
/** Class constructor */
[31] Fix | Delete
public function __construct() {
[32] Fix | Delete
add_filter( 'wp_privacy_personal_data_exporters', array(
[33] Fix | Delete
$this, 'plugin_register_exporters' ) );
[34] Fix | Delete
[35] Fix | Delete
add_filter( 'wp_privacy_personal_data_erasers', array(
[36] Fix | Delete
$this, 'plugin_register_erasers' ) );
[37] Fix | Delete
}
[38] Fix | Delete
[39] Fix | Delete
/**
[40] Fix | Delete
* Register exporter for Plugin user data.
[41] Fix | Delete
*
[42] Fix | Delete
* @param array $exporters
[43] Fix | Delete
*
[44] Fix | Delete
* @return array
[45] Fix | Delete
*/
[46] Fix | Delete
function plugin_register_exporters( $exporters = array() ) {
[47] Fix | Delete
$exporters[] = array(
[48] Fix | Delete
'exporter_friendly_name' => esc_html__( 'Ninja Forms Submission Data', 'ninja-forms' ),
[49] Fix | Delete
'callback' => array( $this, 'plugin_user_data_exporter' ),
[50] Fix | Delete
);
[51] Fix | Delete
return $exporters;
[52] Fix | Delete
}
[53] Fix | Delete
[54] Fix | Delete
/**
[55] Fix | Delete
* Register eraser for Plugin user data.
[56] Fix | Delete
*
[57] Fix | Delete
* @param array $erasers
[58] Fix | Delete
*
[59] Fix | Delete
* @return array
[60] Fix | Delete
*/
[61] Fix | Delete
function plugin_register_erasers( $erasers = array() ) {
[62] Fix | Delete
$erasers[] = array(
[63] Fix | Delete
'eraser_friendly_name' => esc_html__( 'Ninja Forms Submissions Data', 'ninja-forms' ),
[64] Fix | Delete
'callback' => array( $this, 'plugin_user_data_eraser' ),
[65] Fix | Delete
);
[66] Fix | Delete
return $erasers;
[67] Fix | Delete
}
[68] Fix | Delete
[69] Fix | Delete
/**
[70] Fix | Delete
* Adds Ninja Forms Submission data to the default HTML export file that
[71] Fix | Delete
* WordPress creates on converted request
[72] Fix | Delete
*
[73] Fix | Delete
* @param $email_address
[74] Fix | Delete
* @param int $page
[75] Fix | Delete
*
[76] Fix | Delete
* @return array
[77] Fix | Delete
*/
[78] Fix | Delete
function plugin_user_data_exporter( $email_address, $page = 1 ) {
[79] Fix | Delete
$export_items = array();
[80] Fix | Delete
[81] Fix | Delete
// get the user
[82] Fix | Delete
$this->user = get_user_by( 'email', $email_address );
[83] Fix | Delete
$this->request_email = $email_address;
[84] Fix | Delete
[85] Fix | Delete
if( $this->user && $this->user->ID ) {
[86] Fix | Delete
$item_id = "ninja-forms-" . $this->user->ID;
[87] Fix | Delete
} else {
[88] Fix | Delete
$item_id = "ninja-forms";
[89] Fix | Delete
}
[90] Fix | Delete
[91] Fix | Delete
$group_id = 'ninja-forms';
[92] Fix | Delete
[93] Fix | Delete
$group_label = esc_html__( 'Ninja Forms Submission Data', 'ninja-forms' );
[94] Fix | Delete
[95] Fix | Delete
$subs = $this->get_related_subs( $email_address );
[96] Fix | Delete
[97] Fix | Delete
foreach($subs as $sub) {
[98] Fix | Delete
$data = array();
[99] Fix | Delete
// get the field values from postmeta
[100] Fix | Delete
$sub_meta = get_post_meta( $sub->ID );
[101] Fix | Delete
[102] Fix | Delete
// make sure we have a form submission
[103] Fix | Delete
if ( isset( $sub_meta[ '_form_id' ] ) ) {
[104] Fix | Delete
$form = Ninja_Forms()->form( $sub_meta[ '_form_id' ][ 0 ] )
[105] Fix | Delete
->get();
[106] Fix | Delete
$fields = Ninja_Forms()->form( $sub_meta[ '_form_id' ][ 0 ] )
[107] Fix | Delete
->get_fields();
[108] Fix | Delete
[109] Fix | Delete
foreach ( $fields as $field_id => $field ) {
[110] Fix | Delete
// we don't care about submit, hr, divider, html fields
[111] Fix | Delete
if ( ! in_array( $field->get_setting( 'type' ),
[112] Fix | Delete
$this->ignored_field_types ) ) {
[113] Fix | Delete
// make sure there is a value
[114] Fix | Delete
if ( isset( $sub_meta[ '_field_' . $field_id ] ) ) {
[115] Fix | Delete
[116] Fix | Delete
//multi-value fields may need to be unserialized
[117] Fix | Delete
if( in_array( $field->get_setting( 'type' ),
[118] Fix | Delete
array( 'listcheckbox', 'listmultiselect' ) ) ){
[119] Fix | Delete
[120] Fix | Delete
//implode the unserialized array
[121] Fix | Delete
$value = implode( ',', maybe_unserialize(
[122] Fix | Delete
$sub_meta[ '_field_' . $field_id ][ 0 ] ) );
[123] Fix | Delete
} else {
[124] Fix | Delete
$value = $sub_meta[ '_field_' . $field_id ][ 0 ];
[125] Fix | Delete
}
[126] Fix | Delete
// Add label/value pairs to data array
[127] Fix | Delete
$data[] = array(
[128] Fix | Delete
'name' => $field->get_setting( 'label' ),
[129] Fix | Delete
'value' => $value
[130] Fix | Delete
);
[131] Fix | Delete
}
[132] Fix | Delete
}
[133] Fix | Delete
}
[134] Fix | Delete
[135] Fix | Delete
// Add this group of items to the exporters data array.
[136] Fix | Delete
$export_items[] = array(
[137] Fix | Delete
'group_id' => $group_id . '-' . $sub->ID,
[138] Fix | Delete
'group_label' => $group_label . '-' .
[139] Fix | Delete
$form->get_setting( 'title' ),
[140] Fix | Delete
'item_id' => $item_id . '-' . $sub->ID,
[141] Fix | Delete
'data' => $data,
[142] Fix | Delete
);
[143] Fix | Delete
}
[144] Fix | Delete
}
[145] Fix | Delete
// Returns an array of exported items for this pass, but also a boolean whether this exporter is finished.
[146] Fix | Delete
//If not it will be called again with $page increased by 1.
[147] Fix | Delete
return array(
[148] Fix | Delete
'data' => $export_items,
[149] Fix | Delete
'done' => true,
[150] Fix | Delete
);
[151] Fix | Delete
}
[152] Fix | Delete
[153] Fix | Delete
/**
[154] Fix | Delete
* Eraser for Plugin user data. This will completely erase all Ninja Form
[155] Fix | Delete
* submission data for the user when converted by the admin.
[156] Fix | Delete
*
[157] Fix | Delete
* @param $email_address
[158] Fix | Delete
* @param int $page
[159] Fix | Delete
*
[160] Fix | Delete
* @return array
[161] Fix | Delete
*/
[162] Fix | Delete
function plugin_user_data_eraser( $email_address, $page = 1 ) {
[163] Fix | Delete
[164] Fix | Delete
if ( empty( $email_address ) ) {
[165] Fix | Delete
return array(
[166] Fix | Delete
'items_removed' => false,
[167] Fix | Delete
'items_retained' => false,
[168] Fix | Delete
'messages' => array(),
[169] Fix | Delete
'done' => true,
[170] Fix | Delete
);
[171] Fix | Delete
}
[172] Fix | Delete
[173] Fix | Delete
// get the user
[174] Fix | Delete
$this->user = get_user_by( 'email', $email_address );
[175] Fix | Delete
$this->request_email = $email_address;
[176] Fix | Delete
[177] Fix | Delete
if (!isset($_REQUEST['id']) || empty($_REQUEST['id'])) {
[178] Fix | Delete
return array();
[179] Fix | Delete
}
[180] Fix | Delete
$request_id = absint($_REQUEST[ 'id' ]);
[181] Fix | Delete
[182] Fix | Delete
$make_anonymous = get_post_meta( $request_id, 'nf_anonymize_data',
[183] Fix | Delete
true);
[184] Fix | Delete
[185] Fix | Delete
$messages = array();
[186] Fix | Delete
$items_removed = false;
[187] Fix | Delete
$items_retained = false;
[188] Fix | Delete
[189] Fix | Delete
$subs = $this->get_related_subs( $email_address );
[190] Fix | Delete
[191] Fix | Delete
if( 0 < sizeof( $subs ) ) {
[192] Fix | Delete
$items_removed = true;
[193] Fix | Delete
}
[194] Fix | Delete
[195] Fix | Delete
if( '1' != $make_anonymous ) {
[196] Fix | Delete
$this->delete_submissions( $subs );
[197] Fix | Delete
$items_removed = true;
[198] Fix | Delete
} else {
[199] Fix | Delete
$this->anonymize_submissions( $subs, $email_address );
[200] Fix | Delete
}
[201] Fix | Delete
[202] Fix | Delete
/**
[203] Fix | Delete
* Returns an array of exported items for this pass, but also a boolean
[204] Fix | Delete
* whether this exporter is finished.
[205] Fix | Delete
* If not it will be called again with $page increased by 1.
[206] Fix | Delete
* */
[207] Fix | Delete
return array(
[208] Fix | Delete
'items_removed' => $items_removed,
[209] Fix | Delete
'items_retained' => $items_retained,
[210] Fix | Delete
'messages' => $messages,
[211] Fix | Delete
'done' => true,
[212] Fix | Delete
);
[213] Fix | Delete
}
[214] Fix | Delete
[215] Fix | Delete
/**
[216] Fix | Delete
* Retrieve all submissions related(by author id or email address) to the
[217] Fix | Delete
* given email address
[218] Fix | Delete
*
[219] Fix | Delete
* @param $email_address
[220] Fix | Delete
*
[221] Fix | Delete
* @return array
[222] Fix | Delete
*/
[223] Fix | Delete
private function get_related_subs( $email_address ) {
[224] Fix | Delete
[225] Fix | Delete
// array if subs where user is author
[226] Fix | Delete
$logged_in_subs = array();
[227] Fix | Delete
[228] Fix | Delete
if ( $this->user && $this->user->ID ) {
[229] Fix | Delete
// get submission ids the old-fashioned way if user is author
[230] Fix | Delete
$logged_in_subs = get_posts(
[231] Fix | Delete
array(
[232] Fix | Delete
'author' => $this->user->ID,
[233] Fix | Delete
'post_type' => 'nf_sub',
[234] Fix | Delete
'posts_per_page' => - 1,
[235] Fix | Delete
'fields' => 'ids'
[236] Fix | Delete
)
[237] Fix | Delete
);
[238] Fix | Delete
}
[239] Fix | Delete
[240] Fix | Delete
// get submission ids where email address is a field value
[241] Fix | Delete
$anon_sub_ids = $this->get_subs_by_email( $email_address );
[242] Fix | Delete
[243] Fix | Delete
// merge anonymous and author submissions ids and get unique
[244] Fix | Delete
$sub_ids = array_unique( array_merge( $logged_in_subs, $anon_sub_ids ) );
[245] Fix | Delete
[246] Fix | Delete
// return empty array if $sub_ids is empty
[247] Fix | Delete
if( 1 > count( $sub_ids ) ) {
[248] Fix | Delete
return array();
[249] Fix | Delete
}
[250] Fix | Delete
[251] Fix | Delete
// get post objects related to the email address
[252] Fix | Delete
return get_posts(
[253] Fix | Delete
array(
[254] Fix | Delete
'include' => implode(',', $sub_ids),
[255] Fix | Delete
'post_type' => 'nf_sub',
[256] Fix | Delete
'posts_per_page' => -1,
[257] Fix | Delete
)
[258] Fix | Delete
);
[259] Fix | Delete
}
[260] Fix | Delete
[261] Fix | Delete
/**
[262] Fix | Delete
* Get submission ids where the submission has the give email address as
[263] Fix | Delete
* data
[264] Fix | Delete
*
[265] Fix | Delete
* @param $email_address
[266] Fix | Delete
*
[267] Fix | Delete
* @return array
[268] Fix | Delete
*/
[269] Fix | Delete
private function get_subs_by_email( $email_address ) {
[270] Fix | Delete
global $wpdb;
[271] Fix | Delete
[272] Fix | Delete
// query to find any submission with our requester's email as value
[273] Fix | Delete
$anon_subs_query = "SELECT DISTINCT(m.post_id) FROM `" . $wpdb->prefix
[274] Fix | Delete
. "postmeta` m
[275] Fix | Delete
JOIN `" . $wpdb->prefix . "posts` p ON p.id = m.post_id
[276] Fix | Delete
WHERE m.meta_value = '" . $email_address . "'
[277] Fix | Delete
AND p.post_type = 'nf_sub'";
[278] Fix | Delete
[279] Fix | Delete
$anon_subs = $wpdb->get_results( $anon_subs_query );
[280] Fix | Delete
[281] Fix | Delete
$sub_id_array = array();
[282] Fix | Delete
// let's get the integer value of those submission ids
[283] Fix | Delete
if( 0 < sizeof( $anon_subs ) ) {
[284] Fix | Delete
foreach( $anon_subs as $sub ) {
[285] Fix | Delete
$sub_id_array[] = intval( $sub->post_id );
[286] Fix | Delete
}
[287] Fix | Delete
}
[288] Fix | Delete
[289] Fix | Delete
return $sub_id_array;
[290] Fix | Delete
}
[291] Fix | Delete
[292] Fix | Delete
/**
[293] Fix | Delete
* Delete Submissions
[294] Fix | Delete
*
[295] Fix | Delete
* @param $subs
[296] Fix | Delete
*/
[297] Fix | Delete
private function delete_submissions( $subs ) {
[298] Fix | Delete
if( 0 < sizeof( $subs ) ) {
[299] Fix | Delete
// iterate and delete the submissions
[300] Fix | Delete
foreach($subs as $sub) {
[301] Fix | Delete
wp_delete_post( $sub->ID, true );
[302] Fix | Delete
}
[303] Fix | Delete
}
[304] Fix | Delete
}
[305] Fix | Delete
[306] Fix | Delete
/**
[307] Fix | Delete
* This will (redact) personal data and anonymize submissions
[308] Fix | Delete
*
[309] Fix | Delete
* @param $subs
[310] Fix | Delete
*/
[311] Fix | Delete
private function anonymize_submissions( $subs ) {
[312] Fix | Delete
$form_id_array = array();
[313] Fix | Delete
$submitter_field = '';
[314] Fix | Delete
[315] Fix | Delete
if( 0 < sizeof( $subs ) ) {
[316] Fix | Delete
$anonymize_data = false;
[317] Fix | Delete
foreach( $subs as $sub ) {
[318] Fix | Delete
// get the form id
[319] Fix | Delete
$form_id = get_post_meta( $sub->ID, '_form_id', true );
[320] Fix | Delete
[321] Fix | Delete
$form = Ninja_Forms()->form( $form_id );
[322] Fix | Delete
[323] Fix | Delete
/*
[324] Fix | Delete
* Do we have a use, if so does the post(submission) author
[325] Fix | Delete
* match the user. If so, then anonymize
[326] Fix | Delete
*/
[327] Fix | Delete
if( $this->user && $this->user->ID
[328] Fix | Delete
&& $sub->post_author == $this->user->ID ) {
[329] Fix | Delete
$anonymize_data = true;
[330] Fix | Delete
} else {
[331] Fix | Delete
/*
[332] Fix | Delete
* Otherwise, does the submitter email for the submission
[333] Fix | Delete
* equal the email for the request
[334] Fix | Delete
*/
[335] Fix | Delete
$form_submitter_email = '';
[336] Fix | Delete
if( in_array( $form_id, array_keys( $form_id_array ) ) ) {
[337] Fix | Delete
/*
[338] Fix | Delete
* if we already have the submitter field key, no
[339] Fix | Delete
* need to iterate over the actions again
[340] Fix | Delete
*/
[341] Fix | Delete
$submitter_field = $form_id_array[ $form_id ];
[342] Fix | Delete
} else {
[343] Fix | Delete
$actions = $form->get_actions();
[344] Fix | Delete
if ( 0 < sizeof( $actions ) ) {
[345] Fix | Delete
foreach ( $actions as $action ) {
[346] Fix | Delete
// we only care about the save action
[347] Fix | Delete
if ( 'save' == $action->get_setting( 'type' )
[348] Fix | Delete
&& null != $action->get_setting( 'submitter_email' )
[349] Fix | Delete
&& '' != $action->get_setting( 'submitter_email' ) ) {
[350] Fix | Delete
// get the submitter field
[351] Fix | Delete
$submitter_field = $action->get_setting( 'submitter_email' );
[352] Fix | Delete
/*
[353] Fix | Delete
* Add the form id and submitter field to
[354] Fix | Delete
* this array so we don't have to load
[355] Fix | Delete
* the form again if we have multiple
[356] Fix | Delete
* submissions for the same form
[357] Fix | Delete
*/
[358] Fix | Delete
$form_id_array[ $form_id ] = $submitter_field;
[359] Fix | Delete
break;
[360] Fix | Delete
}
[361] Fix | Delete
}
[362] Fix | Delete
}
[363] Fix | Delete
}
[364] Fix | Delete
[365] Fix | Delete
/*
[366] Fix | Delete
* If the submitter field is not empty, then let's
[367] Fix | Delete
* get the value given in the form submission for
[368] Fix | Delete
* that field
[369] Fix | Delete
*/
[370] Fix | Delete
if ( '' != $submitter_field ) {
[371] Fix | Delete
$fields = $form->get_fields();
[372] Fix | Delete
foreach ( $fields as $field ) {
[373] Fix | Delete
$key = $field->get_setting( 'key' );
[374] Fix | Delete
// we only care about email fields
[375] Fix | Delete
if ( 'email' == $field->get_setting( 'type' )
[376] Fix | Delete
&& $submitter_field == $key ) {
[377] Fix | Delete
// if we have a match, get the value
[378] Fix | Delete
$form_submitter_email = get_post_meta(
[379] Fix | Delete
$sub->ID,
[380] Fix | Delete
'_field_' . $field->get_id(),
[381] Fix | Delete
true );
[382] Fix | Delete
break;
[383] Fix | Delete
}
[384] Fix | Delete
}
[385] Fix | Delete
}
[386] Fix | Delete
// if form submitter email matches requester's email
[387] Fix | Delete
if( $form_submitter_email === $this->request_email ) {
[388] Fix | Delete
$anonymize_data = true;
[389] Fix | Delete
}
[390] Fix | Delete
}
[391] Fix | Delete
[392] Fix | Delete
if( $anonymize_data ) {
[393] Fix | Delete
// anonymize the actual submitted for values
[394] Fix | Delete
$this->anonymize_fields($sub, $form->get_fields() );
[395] Fix | Delete
}
[396] Fix | Delete
}
[397] Fix | Delete
}
[398] Fix | Delete
}
[399] Fix | Delete
[400] Fix | Delete
/**
[401] Fix | Delete
* This will anonymize personally identifiable fields and anonymize
[402] Fix | Delete
* submissions submitted by the user with the provided email address
[403] Fix | Delete
*
[404] Fix | Delete
* @param $sub
[405] Fix | Delete
* @param $fields
[406] Fix | Delete
*/
[407] Fix | Delete
private function anonymize_fields( $sub, $fields ) {
[408] Fix | Delete
foreach( $fields as $field ) {
[409] Fix | Delete
$type = $field->get_setting( 'type' );
[410] Fix | Delete
[411] Fix | Delete
// ignore fields that aren't saved
[412] Fix | Delete
if( ! in_array( $type, $this->ignored_field_types ) ) {
[413] Fix | Delete
$is_personal = $field->get_setting( 'personally_identifiable' );
[414] Fix | Delete
[415] Fix | Delete
/**
[416] Fix | Delete
* If this is personally identifiable, redact it
[417] Fix | Delete
*/
[418] Fix | Delete
if( null != $is_personal && '1' == $is_personal ) {
[419] Fix | Delete
$field_id = $field->get_id();
[420] Fix | Delete
[421] Fix | Delete
// make sure we have that field saved.
[422] Fix | Delete
$field_value = get_post_meta(
[423] Fix | Delete
$sub->ID,
[424] Fix | Delete
'_field_' . $field_id,
[425] Fix | Delete
true
[426] Fix | Delete
);
[427] Fix | Delete
if( '' != $field_value ) {
[428] Fix | Delete
update_post_meta(
[429] Fix | Delete
$sub->ID,
[430] Fix | Delete
'_field_' . $field_id,
[431] Fix | Delete
'(redacted)'
[432] Fix | Delete
);
[433] Fix | Delete
}
[434] Fix | Delete
}
[435] Fix | Delete
}
[436] Fix | Delete
}
[437] Fix | Delete
[438] Fix | Delete
// Remove the author id if the the email address belongs to the author
[439] Fix | Delete
if( $this->user && $this->user->ID &&
[440] Fix | Delete
$this->user->ID == $sub->post_author ) {
[441] Fix | Delete
wp_update_post(
[442] Fix | Delete
array(
[443] Fix | Delete
'ID' => $sub->ID,
[444] Fix | Delete
'post_author' => 0
[445] Fix | Delete
)
[446] Fix | Delete
);
[447] Fix | Delete
}
[448] Fix | Delete
}
[449] Fix | Delete
}
[450] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function