50-feat-webform-Proper-Decryption.patch

From 60695df7db47ddef036d25ab96ceb72574f5cb31 Mon Sep 17 00:00:00 2001
From: William Hearn <[email protected]>
Date: Tue, 30 Mar 2021 22:58:56 -0400
Subject: [PATCH] feat(webform): Proper Decryption

---
 webform_encrypt.install |  18 ++++++
 webform_encrypt.module  | 134 ++++++++++++++++++++++++++++++++++++----
 2 files changed, 141 insertions(+), 11 deletions(-)

diff --git a/webform_encrypt.install b/webform_encrypt.install
index dc37dff..29179b1 100644
--- a/webform_encrypt.install
+++ b/webform_encrypt.install
@@ -6,6 +6,14 @@
  * module.
  */
 
+/**
+ * Implements hook_install().
+ */
+function webform_encrypt_install() {
+  variable_set('webform_encrypt_decrypt_all_components', FALSE);
+  variable_set('webform_encrypt_hide_encrypted', FALSE);
+}
+
 /**
  * Implementation of hook_disable().
  */
@@ -20,6 +28,8 @@ function webform_encrypt_disable() {
  */
 function webform_encrypt_uninstall() {
   variable_del('webform_encrypt_match_user');
+  variable_del('webform_encrypt_decrypt_all_components');
+  variable_del('webform_encrypt_hide_encrypted');
 
   // Decrypt all encrypted form values.
   $components = array();
@@ -42,3 +52,11 @@ function webform_encrypt_uninstall() {
     }
   }
 }
+
+/**
+ * Sets initial "Decrypt all component data" variable.
+ */
+function webform_encrypt_update_7001() {
+  variable_set('webform_encrypt_decrypt_all_components', FALSE);
+  variable_set('webform_encrypt_hide_encrypted', FALSE);
+}
diff --git a/webform_encrypt.module b/webform_encrypt.module
index ea2d4cc..51e9c18 100644
--- a/webform_encrypt.module
+++ b/webform_encrypt.module
@@ -34,6 +34,18 @@ function webform_encrypt_form_webform_admin_settings_alter(&$form, $form_state)
     '#description' => t('If enabled, every time webform sends an email, it will attempt to find a user that matches the email address the mail will be sent to in order to correctly determine permissions.'),
     '#default_value' => variable_get('webform_encrypt_match_user', 0),
   );
+  $form['encrypt']['webform_encrypt_hide_encrypted'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Hide encrypted values'),
+    '#description' => t('Checking this will replace all encrypted values with the text "[Value Encrypted]".'),
+    '#default_value' => variable_get('webform_encrypt_hide_encrypted', 0),
+  );
+  $form['encrypt']['webform_encrypt_decrypt_all_components'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Decrypt all component data'),
+    '#description' => t('Some fields may contain encrypted content even if they are not set as encrypted - such as in cases where the field was originally set as encrypted, but was disabled. Enabling this will enable such fields to be decrypted. WARNING: Use at own risk.'),
+    '#default_value' => variable_get('webform_encrypt_decrypt_all_components', 0),
+  );
 }
 
 /**
@@ -94,10 +106,43 @@ function webform_encrypt_webform_submission_presave($node, &$submission) {
   }
 }
 
+/**
+ * Implements hook_webform_submission_pre_render_alter().
+ *
+ * Decrypt submission values before they are displayed.
+ *
+ * @param array $submission
+ *   Reference to the current Webform submission.
+ * @param object $node
+ *   Reference to the current Webform node.
+ * @param object $account
+ *   Reference to the current Drupal user account.
+ * @param string $action
+ *   Reference to the display action being undertaken.
+ *   Either 'form', 'display', 'print', 'pdf', 'download' or 'mail'.
+ */
+function webform_encrypt_webform_submission_pre_render_alter(&$submission, &$node, &$account, &$mode) {
+  if ($mode == 'mail') {
+    // Always decrypt values if we are sending them out in an email.
+    _webform_encrypt_mutate_data($submission->data, $node, 'decrypt');
+  }
+  elseif ($mode == 'pdf' || $mode == 'print' || $mode == 'display' || $mode == 'form' || $mode == 'download') {
+    // For any other egress, we check to see if
+    // the user can view encrypted content.
+    if (user_access('view encrypted values', $account)) {
+      _webform_encrypt_mutate_data($submission->data, $node, 'decrypt');
+    }
+    elseif (variable_get('webform_encrypt_hide_encrypted')) {
+      _webform_encrypt_mutate_data($submission->data, $node, 'conceal');
+    }
+  }
+}
+
 /**
  * Implementation of hook_webform_submission_load().
  * Decrypt values if encrypted
  */
+/*
 function webform_encrypt_webform_submission_load($submissions) {
   foreach ($submissions as $submission) {
     $node = node_load($submission->nid);
@@ -112,25 +157,34 @@ function webform_encrypt_webform_submission_load($submissions) {
     }
   }
 }
+*/
 
-/**
- * Preprocess for theme('webform_results_table').
+ /**
+ * Decrypt submission data.
  *
- * Decrypt webform values in the table display.
+ * @param array $submission_data
+ *   The raw submission data.
+ * @param object $node
+ *   The Webform node.
+ * @param string $action
+ *   The action to undertake on the data - either 'decrypt' or 'conceal'.
  */
-function webform_encrypt_preprocess_webform_results_table(&$vars) {
-  foreach ($vars['submissions'] as $sid => &$submission) {
-    foreach ($submission->data as $cid => &$item) {
-      $component = $vars['components'][$cid];
-      if (!empty($component['extra']['encrypt'])) {
-        foreach ($item['value'] as &$value) {
-          $value = user_access('view encrypted values') ? decrypt($value, array('base64' => TRUE)) : t('[Value Encrypted]');
-        }
+function _webform_encrypt_mutate_data(&$submission_data, &$node, $action) {
+  foreach ($submission_data as $key => &$data_value) {
+    // check if component will allow for decryption
+    $component = $node->webform['components'][$key];
+    if (is_array($data_value)) {
+      foreach ($data_value as &$value) {
+        _webform_encrypt_webform_submission_mutate_component($value, $component, $action);
       }
     }
+    else {
+      _webform_encrypt_webform_submission_mutate_component($data_value, $component, $action);
+    }
   }
 }
 
+
 /**
  * Encrypt all non-encrypted data of a component.
  */
@@ -182,3 +236,61 @@ function webform_encrypt_decrypt_component_data($nid = NULL, $cid = NULL, $extra
     }
   }
 }
+
+/**
+ * Decrypts an individual value.
+ *
+ * @param mixed $submission_data
+ *   A raw submission value.
+ * @param array $component
+ *   The current component.
+ * @param string $action
+ *   The action to undertake on the data - either 'decrypt' or 'conceal'.
+ */
+function _webform_encrypt_webform_submission_mutate_component(&$value, &$component, $action) {
+  if (!_webform_encrypt_value_is_encrypted($value)) {
+    return;
+  }
+  $to_decrypt = (
+    $action == 'decrypt' && (
+      variable_get('webform_encrypt_decrypt_all_components') ||
+      $component['extra']['encrypt']
+    )
+  );
+  if ($to_decrypt) {
+    try {
+      $value = decrypt($value, array('base64' => TRUE));
+    }
+    catch (Exception $e) {
+      $value = t('[Value Encrypted]');
+    }
+  }
+  else if ($action == 'conceal') {
+    $value = t('[Value Encrypted]');
+  }
+}
+ 
+/**
+ * Analyses a value to determine if it is encrypted.
+ *
+ * @param mixed $v
+ *   A value that may or may not be encrypted.
+ *
+ * @return bool
+ *   TRUE if the value is encrypted, FALSE if not.
+ */
+function _webform_encrypt_value_is_encrypted($v) {
+  $un_v = @unserialize($v);
+  if (!is_null($v)) {
+    return (
+      is_array($un_v) &&
+      array_key_exists('text', $un_v) &&
+      array_key_exists('method', $un_v) &&
+      array_key_exists('key_provider', $un_v) &&
+      array_key_exists('options', $un_v) &&
+      array_key_exists('method_settings', $un_v) &&
+      array_key_exists('provider_settings', $un_v)
+    );
+   }
+  return FALSE;
+}
-- 
2.21.0 (Apple Git-122)