[wp-trac] [WordPress Trac] #43545: Helper functions: Anonymizing data in a standardized way

Thu Apr 12 11:05:47 UTC 2018

#43545: Helper functions: Anonymizing data in a standardized way
--------------------------------+---------------------
 Reporter:  dejliglama          |       Owner:  (none)
     Type:  enhancement         |      Status:  new
 Priority:  normal              |   Milestone:  5.0
Component:  Options, Meta APIs  |     Version:  trunk
 Severity:  normal              |  Resolution:
 Keywords:  needs-patch gdpr    |     Focuses:
--------------------------------+---------------------

Comment (by birgire):

 I was testing various IP address inputs, when I noticed that for e.g.:

 {{{
 $ip_addr = ':::';
 echo inet_pton( $ip_addr );

 }}}

 gives a PHP warning:

 {{{
 Warning:  inet_pton(): Unrecognized address ::: in [...][...] on line 3

 }}}

 We could handle it with e.g.:

 {{{
 try {
         $ip_addr = inet_ntop( inet_pton( $ip_addr ) & inet_pton( $netmask
 ) );
         if( false === $ip_addr ) {
                 return '::';
         }
 } catch( Exception $error ) {
         return '::';
 }

 }}}

 where we also handle the possible {{{false}}} output of {{{inet_ntop()}}}.

 I checked and these warnings will be removed in PHP 7.1+

 https://github.com/php/php-src/pull/3200

 The [attachment:43545.6.diff] patch includes suggestions that:

 **tests part**:

 - Declares visibility and adds doc comments for
         - {{{test_anonymize_email()}}},
         - {{{test_anonymize_url()}}},
         - {{{test_anonymize_date()}}},
         - {{{test_anonymize_text()}}},
         - {{{test_anonymize_long_text()}}}.
 - Adds misisng full-stops to inline comments.
 - Adds doc parameter for "$raw_ip" and "$expected_result".
 - Makes the tests explicit in "test_anonymize_text",
 "test_anonymize_long_text", i.e. use assertEquals instead of
 assertNotEquals.
 - Detailed {{{@return}}} for {{{data_wp_privacy_anonymize_ip()}}}.
 - Adds a file doc comment.
 - Adds short doc comment for the class.
 - Adds the invalid IP testcase: {{{::: -> ::}}} that would give a PHP
 warning if unhandled.
 - Adds the invalid IP testcase: {{{null -> 0.0.0.0}}}.
 - Adds the netmask testcase: {{{10.20.30.45/24 -> 10.20.30.0}}}.
 - Adds markTestSkipped in test_wp_privacy_anonymize_ip() if
 {{{inet_pton}}} and {{{inet_pton}}} are not available.
   Otherwise most of the IPv6 testcases, provided by
 {{{data_wp_privacy_anonymize_ip()}}}, would fail.
   Another approach would be to adjust the testcases to to handle that.
 - Replaces: {{{Test that get_unsafe_client_ip() properly anonymizes all
 possible address formats.}}} with: {{{Test that wp_privacy_anonymize_ip()
 properly anonymizes all possible IP address formats.}}}

 **src part:**

 - Adds  {{{@uses inet_ntop and inet_pton if available, to handle IPv6
 addresses.}}}
 - Handle a possible PHP warning from {{{inet_pton}}} and {{{inet_pton}}}
 for an unrecognized address.
 - Handle a possible {{{false}}} output of {{{inet_ntop()}}}.

 **To consider:**

 Check if IPv4 contains two adjacent dots {{{..}}}, then return
 {{{'0.0.0.0'}}}.

 Example:

 {{{
 echo wp_privacy_anonymize_data( 'ip', '...' );

 }}}

 outputs: {{{'...0'}}} instead of {{{0.0.0.0}}}.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43545#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform