Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#52253 new enhancement

New filter on wp-db.php

Reported by: guelben's profile guelben Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Database Keywords: reporter-feedback
Focuses: Cc:

Description

I need to filter the database returned rows for a plugin I am developping. I cannot accomplish the functionality with current filters. I think that other devs may benefit from these couples of filters I propose. These lines of code placed in substitution of lines 2001 to 2006 of wp-db.php do the job.

		$this->last_result[ $num_rows ] = $row;
		/**
		 * Filters the database returned row in a mysqli context.
		 *
		 * @since 5.6.1
		 * @param object $row Database fetched row.
		 * @param string $query Database query.
		 */
		$row = apply_filters( 'returned_row_mysqli', $row, $query );
		$num_rows++;
	}
} elseif ( is_resource( $this->result ) ) {
	while ( $row = mysql_fetch_object( $this->result ) ) {
		$this->last_result[ $num_rows ] = $row;
		/**
		 * Filters the database returned row in a mysql context.
		 *
		 * @since 5.6.1
		 * @param object $row Database fetched row.
		 * @param string $query Database query.
		 */
		$row = apply_filters( 'returned_row_mysql', $row, $query );
		$num_rows++;

Thanks in advance.

Change History (3)

#1 @guelben
3 years ago

I think that the code should be instead:

			/**
			 * Filters the database returned row in a mysqli context.
			 *
			 * @since 5.6.1
			 * @param object $row Database fetched row.
			 * @param string $query Database query.
			 */
			$row = apply_filters( 'returned_row_mysqli', $row, $query );
			$this->last_result[ $num_rows ] = $row;
			
			$num_rows++;
		}
	} elseif ( is_resource( $this->result ) ) {
		while ( $row = mysql_fetch_object( $this->result ) ) {
			
			/**
			 * Filters the database returned row in a mysql context.
			 *
			 * @since 5.6.1
			 * @param object $row Database fetched row.
			 * @param string $query Database query.
			 */
			$row = apply_filters( 'returned_row_mysql', $row, $query );
			$this->last_result[ $num_rows ] = $row;
			$num_rows++;

Here I place the lines: $this->last_result[ $num_rows ] = $row; after the filters. But strangefully, the first code submitted worked nice, equally to the second one.

#2 @johnbillion
3 years ago

  • Keywords reporter-feedback added
  • Version 5.6 deleted

Thanks for the report @guelben and welcome to WordPress Trac.

What exactly is the need for this filter please? What does your plugin do?

Before introducing new filters it's always good to understand the use case in order to help decide on the best approach, whether there's enough context, etc. Cheers.

#3 @guelben
3 years ago

Hi John,

Thank you for your reply. That would be the description of the plugin:

"Encrypts your Users Personal Data in your database, and decrypts them when they need to be displayed or accesed. Helps you comply with the EU GDPR law and CCPA regulations. We recommend to use this plugin in combination with a system backup. That way, in case you suffer a MySQL Ransomware Attack you do not have to inform the government neither your users."

So the plugin helps to reduce the impact of such kind of malware which are unfortunately increasing.

As far the plugin works nicely in my testings. When the admin installs the plugin he can encrypt the data using a AES 128 cypher of a large amount of users via ajax utilities. Then the subsequent records are automatically encrypted. I have implemented measures like marcage of cypered data (only being cyphered once, not being decyphered if not encrypted), storage of the keys in a safe place, decrypting the whole database when needed, data stats displayed in admin etc ..

The problem is that right now it works perfectly because I have edited the wp-db.php file. Of course I need to avoid this as I want my plugin to be an official one. I tried really hard to find an alternative using more than a dozen of existing filters but even so not all of the values could be intercepted. I ended up using deciphering on cache which of course is an horrible solution cause it does not cover many contexts. I found specially problematic filtering the values coming from users table (had more luck with usermeta).

With the filters I propose I am able to intercept all cyphered values and decrypt the personal data in a strict and secure way.

Since version 2.1.0 the filter ‘query’ is located at wp-db.php. It makes sense to also have a hook for filtering the returned raw data.

Thanks,

Javier

Note: See TracTickets for help on using tickets.