2099603-webform_encrypt-uses-prerender-hook-custom-working.patch

diff --git a/webform_encrypt.module b/webform_encrypt.module
index 4d5a4d6..72c76fb 100644
--- a/webform_encrypt.module
+++ b/webform_encrypt.module
@@ -34,6 +34,18 @@ function webform_encrypt_form_webform_admin_settings_alter(&$form, $form_state)
     '#description' => t('If enabled, every time webform sends an email, it will attempt to find a user that matches the email address the mail will be sent to in order to correctly determine permissions.'),
     '#default_value' => variable_get('webform_encrypt_match_user', 0),
   );
+  $form['encrypt']['webform_encrypt_hide_encrypted'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Hide encrypted values'),
+    '#description' => t('Checking this will replace all encrypted values with the text "[Value Encrypted]".'),
+    '#default_value' => variable_get('webform_encrypt_hide_encrypted', 0),
+  );
+  $form['encrypt']['webform_encrypt_decrypt_all_components'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Decrypt all component data'),
+    '#description' => t('Some fields may contain encrypted content even if they are not set as encrypted - such as in cases where the field was originally set as encrypted, but was disabled. Enabling this will enable such fields to be decrypted. WARNING: Use at own risk.'),
+    '#default_value' => variable_get('webform_encrypt_decrypt_all_components', 0),
+  );
 }
 
 /**
@@ -63,16 +75,6 @@ function webform_encrypt_form_webform_component_edit_form_alter(&$form, $form_st
 }
 
 /**
- * Implementation of hook_form_alter().
- */
-function webform_encrypt_form_alter(&$form, &$form_state, $form_id) {
-  // When we are editing a webform submission, 
-  if (strpos($form_id, 'webform_client_form_') === 0 && $form['details']['sid']['#value']) {
-    _webform_encrypt_decrypt_nested_values($form['submitted']);
-  }
-}
-
-/**
  * Implementation of hook_webform_component_presave().
  * Save encryption settings for a component.
  */
@@ -80,6 +82,13 @@ function webform_encrypt_webform_component_presave(&$component) {
   if (!empty($component['encryption'])) {
     $component['extra'] = array_merge($component['extra'], $component['encryption']);
     unset($component['encryption']);
+    
+    if ($component['extra']['encrypt']) {
+      webform_encrypt_encrypt_component_data($component['nid'], $component['cid'], $component['extra']);
+    }
+    else {
+      webform_encrypt_decrypt_component_data($component['nid'], $component['cid'], $component['extra']);
+    }
   }
 }
 
@@ -98,83 +107,169 @@ function webform_encrypt_webform_submission_presave($node, &$submission) {
 }
 
 /**
- * Implementation of hook_webform_submission_load().
- * Decrypt values if encrypted
+ * Implements hook_webform_submission_pre_render_alter().
+ *
+ * Decrypt submission values before they are displayed.
+ *
+ * @param array $submission
+ *   Reference to the current Webform submission.
+ * @param object $node
+ *   Reference to the current Webform node.
+ * @param object $account
+ *   Reference to the current Drupal user account.
+ * @param string $action
+ *   Reference to the display action being undertaken.
+ *   Either 'form', 'display', 'print', 'pdf', 'download' or 'mail'.
  */
-function webform_encrypt_webform_submission_load($submissions) {
-  foreach ($submissions as $submission) {
-    $node = node_load($submission->nid);
-    foreach ($submission->data as $cid => $entry) {
-      if (!empty($node->webform['components'][$cid]['extra']['encrypt'])) {
-        foreach ($submission->data[$cid] as $delta => $value) {
-          if (!empty($entry[$delta]) && @unserialize($entry[$delta]) !== FALSE) {
-            $submission->data[$cid][$delta] = user_access('view encrypted values') ? decrypt($entry[$delta], array('base64' => TRUE)) : t('[Value Encrypted]');
-          }
-        }
-      }
+function webform_encrypt_webform_submission_pre_render_alter(&$submission, &$node, &$account, &$mode) {
+  if ($mode == 'mail') {
+    // Always decrypt values if we are sending them out in an email.
+    _webform_encrypt_mutate_data($submission->data, $node, 'decrypt');
+  }
+  elseif ($mode == 'pdf' || $mode == 'print' || $mode == 'display' || $mode == 'form' || $mode == 'download') {
+    // For any other egress, we check to see if
+    // the user can view encrypted content.
+    if (user_access('view encrypted values', $account)) {
+      _webform_encrypt_mutate_data($submission->data, $node, 'decrypt');
+    }
+    elseif (variable_get('webform_encrypt_hide_encrypted')) {
+      _webform_encrypt_mutate_data($submission->data, $node, 'conceal');
     }
   }
 }
 
 /**
- * Implementation of hook_webform_submission_render_alter().
- * Decrypt values when displaying webform submissions.
+ * Decrypt submission data.
+ *
+ * @param array $submission_data
+ *   The raw submission data.
+ * @param object $node
+ *   The Webform node.
+ * @param string $action
+ *   The action to undertake on the data - either 'decrypt' or 'conceal'.
  */
-function webform_encrypt_webform_submission_render_alter(&$renderable) {
-  // First, determine if 1) if we are dealing with an email or a page view, and 2) if user matching
-  // is enabled.
-  if (!empty($renderable['#email']) && variable_get('webform_encrypt_match_user', 0)) {
-    // If we are, then try to match a user to the email address we are sending to.
-    $uid = db_query('SELECT uid FROM {users} WHERE mail = ?', array($renderable['#email']['email']))->fetchField();
-    $account = $uid ? user_load($uid) : NULL;
-  } else {
-    $account = NULL;
+function _webform_encrypt_mutate_data(&$submission_data, &$node, $action) {
+  foreach ($submission_data as $key => &$data_value) {
+    // check if component will allow for decryption
+    $component = $node->webform['components'][$key];
+    if (is_array($data_value)) {
+      foreach ($data_value as &$value) {
+        _webform_encrypt_webform_submission_mutate_component($value, $component, $action);
+      }
+    }
+    else {
+      _webform_encrypt_webform_submission_mutate_component($data_value, $component, $action);
+    }
   }
-
-  // Next, we loop through components and decrypt as necessary.
-  _webform_encrypt_decrypt_nested_values($renderable, '#value', array('account' => $account));
 }
 
+
 /**
- * Preprocess for theme('webform_results_table').
- *
- * Decrypt webform values in the table display.
+ * Encrypt all non-encrypted data of a component.
  */
-function webform_encrypt_preprocess_webform_results_table(&$vars) {
-  foreach ($vars['submissions'] as $sid => &$submission) {
-    foreach ($submission->data as $cid => &$item) {
-      $component = $vars['components'][$cid];
-      if (!empty($component['extra']['encrypt'])) {
-        foreach ($item['value'] as &$value) {
-          $value = user_access('view encrypted values') ? decrypt($value, array('base64' => TRUE)) : t('[Value Encrypted]');
-        }
-      }
+function webform_encrypt_encrypt_component_data($nid = NULL, $cid = NULL, $extra = array()) {
+  $results = db_query('SELECT nid, cid, extra FROM {webform_component} where nid = :nid AND cid = :cid', array(':nid' => $nid, ':cid' => $cid))->fetchAll();
+  
+  foreach ($results as $row) {
+    $components[$row->nid . ':' . $row->cid] = unserialize($row->extra);
+  }
+  $data = db_query('SELECT nid, sid, cid, data FROM {webform_submitted_data} where nid = :nid AND cid = :cid', array(':nid' => $nid, ':cid' => $cid))->fetchAll();
+  foreach ($data as $row) {
+    $key = $row->nid . ':' . $row->cid;
+    if (isset($components[$key]['encrypt']) && !$components[$key]['encrypt']) {
+      db_update('webform_submitted_data')
+        ->fields(array(
+          'data' => encrypt($row->data, array('base64' => TRUE)),
+        ))
+        ->condition('nid', $row->nid)
+        ->condition('sid', $row->sid)
+        ->condition('cid', $row->cid)
+        ->execute();
     }
   }
 }
 
 /**
- * Helper function to recursively decrypt values in a webform structure.
+ * Decrypt all encrypted data of a component.
  */
-function _webform_encrypt_decrypt_nested_values(&$element, $key = '#default_value', $restrict = array()) {
-  // Determine if we are checking access.
-  $access = empty($restrict) ? TRUE : user_access('view encrypted values', $restrict['account']);
-
-  // Loop through each item and decrypt the value.
-  foreach (element_children($element) as $name) {
-    $component = &$element[$name];
-    if (!empty($component['#webform_component']['extra']['encrypt'])) {
-      if (is_array($component[$key])) {
-        foreach ($component[$key] as &$value) {
-          $value = $access ? decrypt($value, array('base64' => TRUE)) : t('[Value Encrypted]');
-        }
-      }
-      else {
-        $component[$key] = $access ? decrypt($component[$key], array('base64' => TRUE)) : t('[Value Encrypted]');
-      }
+function webform_encrypt_decrypt_component_data($nid = NULL, $cid = NULL, $extra = array()) {
+  $results = db_query('SELECT nid, cid, extra FROM {webform_component} where nid = :nid AND cid = :cid', array(':nid' => $nid, ':cid' => $cid))->fetchAll();
+  
+  foreach ($results as $row) {
+    $components[$row->nid . ':' . $row->cid] = unserialize($row->extra);
+  }
+  $data = db_query('SELECT nid, sid, cid, data FROM {webform_submitted_data} where nid = :nid AND cid = :cid', array(':nid' => $nid, ':cid' => $cid))->fetchAll();
+  foreach ($data as $row) {
+    $key = $row->nid . ':' . $row->cid;
+    
+    if (!empty($components[$key]['encrypt']) && is_array(@unserialize($row->data))) {
+      //echo "<pre>";print_R(decrypt($row->data, array('base64' => TRUE)));exit;
+      db_update('webform_submitted_data')
+        ->fields(array(
+          'data' => decrypt($row->data, array('base64' => TRUE)),
+        ))
+        ->condition('nid', $row->nid)
+        ->condition('sid', $row->sid)
+        ->condition('cid', $row->cid)
+        ->execute();
     }
+  }
+}
 
-    // Recurse if the current item has children.
-    _webform_encrypt_decrypt_nested_values($component, $key, $restrict);
+/**
+ * Decrypts an individual value.
+ *
+ * @param mixed $submission_data
+ *   A raw submission value.
+ * @param array $component
+ *   The current component.
+ * @param string $action
+ *   The action to undertake on the data - either 'decrypt' or 'conceal'.
+ */
+function _webform_encrypt_webform_submission_mutate_component(&$value, &$component, $action) {
+  if (!_webform_encrypt_value_is_encrypted($value)) {
+    return;
   }
+  $to_decrypt = (
+    $action == 'decrypt' && (
+      variable_get('webform_encrypt_decrypt_all_components') ||
+      $component['extra']['encrypt']
+    )
+  );
+  if ($to_decrypt) {
+    try {
+      $value = decrypt($value, array('base64' => TRUE));
+    }
+    catch (Exception $e) {
+      $value = t('[Value Encrypted]');
+    }
+  }
+  else if ($action == 'conceal') {
+    $value = t('[Value Encrypted]');
+  }
+}
+ 
+/**
+ * Analyses a value to determine if it is encrypted.
+ *
+ * @param mixed $v
+ *   A value that may or may not be encrypted.
+ *
+ * @return bool
+ *   TRUE if the value is encrypted, FALSE if not.
+ */
+function _webform_encrypt_value_is_encrypted($v) {
+  $un_v = @unserialize($v);
+  if (!is_null($v)) {
+    return (
+      is_array($un_v) &&
+      array_key_exists('text', $un_v) &&
+      array_key_exists('method', $un_v) &&
+      array_key_exists('key_provider', $un_v) &&
+      array_key_exists('options', $un_v) &&
+      array_key_exists('method_settings', $un_v) &&
+      array_key_exists('provider_settings', $un_v)
+    );
+   }
+  return FALSE;
 }