From 798de6b1b916e9d49ebc7363cc0056ba49912c68 Mon Sep 17 00:00:00 2001
From: enured <enis.nuredini@uzh.ch>
Date: Wed, 2 Nov 2022 15:37:00 +0100
Subject: [PATCH] B8891: Implemented feature for user given doNotLogColumn list
 in qfq config and form parameter. Value of any column in list will logged be
 as '*hide in log*'. List default is 'password'.

---
 Documentation/Form.rst                    |  2 ++
 Documentation/Installation.rst            |  2 ++
 extension/Classes/Core/Constants.php      |  2 ++
 extension/Classes/Core/QuickFormQuery.php | 19 ++++++++++++++++++-
 extension/Classes/Core/Store/Config.php   |  1 +
 extension/ext_conf_template.txt           |  2 ++
 6 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/Documentation/Form.rst b/Documentation/Form.rst
index 0f6609708..308cb9512 100644
--- a/Documentation/Form.rst
+++ b/Documentation/Form.rst
@@ -514,6 +514,8 @@ Form.parameter
 +-----------------------------+--------+----------------------------------------------------------------------------------------------------------+
 | rememberLastPill            | 0 / 1  | Overwrite default from :ref:`configuration`. On form load, bring last used pill to front                 |
 +-----------------------------+--------+----------------------------------------------------------------------------------------------------------+
+| doNotLogColumn              | string | Overwrite default from :ref:`configuration` . Comma separated list possible.                                      |
++-----------------------------+--------+----------------------------------------------------------------------------------------------------------+
 
 * Example in field Form.parameter::
 
diff --git a/Documentation/Installation.rst b/Documentation/Installation.rst
index 1794567de..de709929c 100644
--- a/Documentation/Installation.rst
+++ b/Documentation/Installation.rst
@@ -656,6 +656,8 @@ Extension Manager: QFQ Configuration
 +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
 | rememberLastPill                  | 0 (off), 1 (on)                                       | On form load, bring last used pill to front. Default is on.                |
 +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
+| doNotLogColumn                    | password                                              | Do not log column after form save. Default is password.                    |
++-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
 | **Form-Layout**                                                                                                                                                        |
 +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
 | labelAlign                        | left                                                  | Label align (left/center/right)/ Default: left. Will be inherited to Form. |
diff --git a/extension/Classes/Core/Constants.php b/extension/Classes/Core/Constants.php
index 89e764516..576f467b9 100644
--- a/extension/Classes/Core/Constants.php
+++ b/extension/Classes/Core/Constants.php
@@ -750,6 +750,7 @@ const CSS_REQUIRED_LEFT = 'required-left';
 //const SYSTEM_FORM_ELEMENT_FIELD = 'formElementField'; // Type: SANITIZE_ALNUMX / String. Fieldname of processed Formelement. Useful for error reporting.
 
 const SYSTEM_QFQ_PROJECT_PATH = 'qfqProjectPath';
+const SYSTEM_DO_NOT_LOG_COLUMN = 'doNotLogColumn';
 
 const MODE_HTML = 'html';
 const MODE_JSON = 'json';
@@ -1154,6 +1155,7 @@ const CLIENT_REST_ID = '_id';
 const CLIENT_REST_FORM = '_form';
 
 const F_REMEMBER_LAST_PILL = SYSTEM_REMEMBER_LAST_PILL;
+const F_DO_NOT_LOG_COLUMN = SYSTEM_DO_NOT_LOG_COLUMN;
 
 // Form Columns: Only in form file
 const F_FILE_FORM_ELEMENT = 'FormElement_ff'; // Key for FormElements array saved in Form File
diff --git a/extension/Classes/Core/QuickFormQuery.php b/extension/Classes/Core/QuickFormQuery.php
index 21c9664ee..c6af25a04 100644
--- a/extension/Classes/Core/QuickFormQuery.php
+++ b/extension/Classes/Core/QuickFormQuery.php
@@ -815,13 +815,30 @@ class QuickFormQuery {
 
         $formData = $_POST;
         unset($formData[CLIENT_SIP]);
+        $recordId = $this->store->getVar(SIP_RECORD_ID, STORE_SIP);
+
+        // Do not log specific columns
+        $recordIdPhrase = '-' . $recordId;
+        $doNotLogColumnList = $this->formSpec[F_DO_NOT_LOG_COLUMN];
+        if (!isset($doNotLogColumnList) || $doNotLogColumnList === '') {
+            $doNotLogColumnList = $this->store->getVar(SYSTEM_DO_NOT_LOG_COLUMN, STORE_SYSTEM);
+        }
+
+        if (isset($doNotLogColumnList) && $doNotLogColumnList != '') {
+            $doNotLogColumnListArray = explode(',', $doNotLogColumnList);
+            foreach ($doNotLogColumnListArray as $column) {
+                if (isset($formData[$column.$recordIdPhrase])) {
+                    $formData[$column.$recordIdPhrase] = '*hide in log*';
+                }
+            }
+        }
+
         $formData = json_encode($formData, JSON_UNESCAPED_UNICODE);
         $clientIp = $_SERVER[CLIENT_REMOTE_ADDRESS] ?? '';
         $userAgent = $_SERVER[CLIENT_HTTP_USER_AGENT] ?? '';
         $sipData = json_encode($this->store->getStore(STORE_SIP), JSON_UNESCAPED_UNICODE);
         $formId = $this->formSpec[F_ID];
         $formName = $this->formSpec[F_NAME];
-        $recordId = $this->store->getVar(SIP_RECORD_ID, STORE_SIP);
         $feUser = $this->store->getVar(TYPO3_FE_USER, STORE_TYPO3, SANITIZE_ALLOW_ALNUMX);
         $pageId = $this->store->getVar(TYPO3_PAGE_ID, STORE_TYPO3, SANITIZE_ALLOW_ALNUMX);
         $sessionId = session_id();
diff --git a/extension/Classes/Core/Store/Config.php b/extension/Classes/Core/Store/Config.php
index 4b0f9d7af..33ebe9291 100644
--- a/extension/Classes/Core/Store/Config.php
+++ b/extension/Classes/Core/Store/Config.php
@@ -500,6 +500,7 @@ class Config {
             SYSTEM_DOCUMENTATION_QFQ => SYSTEM_DOCUMENTATION_QFQ_URL,
             SYSTEM_ENTER_AS_SUBMIT => 1,
             SYSTEM_REMEMBER_LAST_PILL => 1,
+            SYSTEM_DO_NOT_LOG_COLUMN => 'password',
 
             SYSTEM_CMD_WKHTMLTOPDF => '/opt/wkhtmltox/bin/wkhtmltopdf',
             SYSTEM_CMD_QFQPDF => '/opt/qfqpdf/qfqpdf',
diff --git a/extension/ext_conf_template.txt b/extension/ext_conf_template.txt
index 82c1fd9c7..73f728359 100644
--- a/extension/ext_conf_template.txt
+++ b/extension/ext_conf_template.txt
@@ -202,6 +202,8 @@ clearMe = 0
 # cat=form-config/config; type=boolean; label=On form load, bring last used pill to front
 rememberLastPill = 1
 
+# cat=form-config/config; type=string; label=Do not log column:Default is 'password'. Comma separated more than one column possible.
+doNotLogColumn =
 
 
 # cat=form-layout/layout; type=string; label=FormElement label align:Default is 'left'. Possible values: 'left', 'center', 'right'.
-- 
GitLab