Provide configuration to filter out all POSTed form data.

MindscapeHQ · Nov 29, 2021 · ea9cf55 · ea9cf55
1 parent fd1b917
commit ea9cf55
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -290,6 +290,11 @@ $raygunClient->setFilterParams([
 // Example output: ['Email' => 'test@...']
 ```
 
+If you want to ensure all form submission data is filtered out irrespective of field names for situations where there are a lot of forms that might request private information, you can do that too. The field names will still be transmitted, but the values will be filtered out.
+```php
+$raygunClient->setFilterAllFormValues(true);
+```
+
 Note that when any filters are defined, the Raygun error will no longer contain the raw HTTP data, since there's no effective way to filter it.
 
 ### Updating Cookie options

diff --git a/src/Raygun4php/RaygunClient.php b/src/Raygun4php/RaygunClient.php
@@ -37,6 +37,11 @@ class RaygunClient
      */
     protected $filterParams = array();
 
+    /**
+     * @var boolean If true, all values from the $_POST array will be filtered out.
+     */
+    protected $filterAllFormValues = false;
+
     /**
      * Creates a new RaygunClient instance.
      *
@@ -383,17 +388,18 @@ public function filterParamsFromMessage($message, $replace = '[filtered]')
     {
         $filterParams = $this->getFilterParams();
 
-      // Skip checks if none are defined
-        if (!$filterParams) {
+        // Skip checks if none are defined
+        if (!$filterParams && !$this->getFilterAllFormValues()) {
             return $message;
         }
 
-      // Ensure all filters are callable
+        // Ensure all filters are callable
+        $defaultFn = function ($key, $val) use ($replace) {
+            return $replace;
+        };
         foreach ($filterParams as $filterKey => $filterFn) {
             if (!is_callable($filterFn)) {
-                $filterParams[$filterKey] = function ($key, $val) use ($replace) {
-                    return $replace;
-                };
+                $filterParams[$filterKey] = $defaultFn;
             }
         }
 
@@ -408,8 +414,18 @@ public function filterParamsFromMessage($message, $replace = '[filtered]')
             }
         };
 
+        // Filter form values
         if ($message->Details->Request->Form) {
-            array_walk_recursive($message->Details->Request->Form, $walkFn);
+            if ($this->getFilterAllFormValues()) {
+                // Filter out ALL form values.
+                $filterAllDataFn = function (&$val, $key) use ($defaultFn) {
+                    $val = $defaultFn($key, $val);
+                };
+                array_walk_recursive($message->Details->Request->Form, $filterAllDataFn);
+            } else {
+                // Filter only form values that match a filter param.
+                array_walk_recursive($message->Details->Request->Form, $walkFn);
+            }
         }
 
         if ($message->Details->Request->Headers) {
@@ -424,7 +440,7 @@ public function filterParamsFromMessage($message, $replace = '[filtered]')
             array_walk_recursive($message->Details->UserCustomData, $walkFn);
         }
 
-      // Unset raw HTTP data since we can't accurately filter it
+        // Unset raw HTTP data since we can't accurately filter it
         if ($message->Details->Request->RawData) {
             $message->Details->Request->RawData = null;
         }
@@ -450,6 +466,24 @@ public function getFilterParams()
         return $this->filterParams;
     }
 
+    /**
+     * @param boolean $filterAll
+     * @return $this
+     */
+    public function setFilterAllFormValues(bool $filterAll)
+    {
+        $this->filterAllFormValues = $filterAll;
+        return $this;
+    }
+
+    /**
+     * @return boolean
+     */
+    public function getFilterAllFormValues()
+    {
+        return $this->filterAllFormValues;
+    }
+
     /**
      * Sets the given cookie options
      *

diff --git a/tests/RaygunClientTest.php b/tests/RaygunClientTest.php
@@ -138,6 +138,49 @@ public function testGetFilteredParamsParsesRegex()
         );
     }
 
+    public function testFilterAllFormValues()
+    {
+        $this->client->setFilterParams(array());
+        $this->client->setFilterAllFormValues(true);
+        $message = $this->getEmptyMessage();
+        $message->Details->Request->Form = array(
+            'MyParam' => 'some val',
+            'MyRegexParam' => 'secret',
+        );
+
+        $filteredMessage = $this->client->filterParamsFromMessage($message);
+        $this->assertEquals(
+            $filteredMessage->Details->Request->Form,
+            array(
+                'MyParam' => '[filtered]',
+                'MyRegexParam' => '[filtered]',
+            )
+        );
+    }
+
+    public function testFilterFormValuesDoesntFilterOtherValues()
+    {
+        $this->client->setFilterParams(array());
+        $this->client->setFilterAllFormValues(true);
+        $message = $this->getEmptyMessage();
+        $message->Details->Request->Headers = array(
+            'MyParam' => 'secret',
+        );
+        $message->Details->Request->Data = array(
+            'MyParam' => 'secret',
+        );
+
+        $filteredMessage = $this->client->filterParamsFromMessage($message);
+        $this->assertEquals(
+            $filteredMessage->Details->Request->Headers,
+            array('MyParam' => 'secret',)
+        );
+        $this->assertEquals(
+            $filteredMessage->Details->Request->Data,
+            array('MyParam' => 'secret',)
+        );
+    }
+
     protected function getEmptyMessage()
     {
         $requestMessage = new RaygunRequestMessage();