From 9f348ed411ee7c3f3eb5485c3bf02008c3e66f2e Mon Sep 17 00:00:00 2001
From: dinamiko <e.castells@inpsyde.com>
Date: Tue, 14 Sep 2021 12:46:41 +0200
Subject: [PATCH] Do not log sensible body data

---
 .../src/Endpoint/class-requesttrait.php       |  2 +-
 .../src/Logger/class-woocommercelogger.php    | 23 +++++++++++++++----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/modules/ppcp-api-client/src/Endpoint/class-requesttrait.php b/modules/ppcp-api-client/src/Endpoint/class-requesttrait.php
index 25c97c050..c43166b7d 100644
--- a/modules/ppcp-api-client/src/Endpoint/class-requesttrait.php
+++ b/modules/ppcp-api-client/src/Endpoint/class-requesttrait.php
@@ -41,7 +41,7 @@ trait RequestTrait {
 		$response = wp_remote_get( $url, $args );
 
 		if ( $this->logger instanceof WooCommerceLogger ) {
-			$this->logger->logRequestResponse( $url, $args, $response );
+			$this->logger->logRequestResponse( $url, $args, $response, $this->host );
 		}
 
 		return $response;
diff --git a/modules/woocommerce-logging/src/Logger/class-woocommercelogger.php b/modules/woocommerce-logging/src/Logger/class-woocommercelogger.php
index bef6f1631..1ae4f2f76 100644
--- a/modules/woocommerce-logging/src/Logger/class-woocommercelogger.php
+++ b/modules/woocommerce-logging/src/Logger/class-woocommercelogger.php
@@ -69,9 +69,10 @@ class WooCommerceLogger implements LoggerInterface {
 	 * @param string         $url The request URL.
 	 * @param array          $args The request arguments.
 	 * @param array|WP_Error $response The response or WP_Error on failure.
+	 * @param string         $host The host.
 	 * @return void
 	 */
-	public function logRequestResponse( string $url, array $args, $response ) {
+	public function logRequestResponse( string $url, array $args, $response, string $host ) {
 
 		if ( is_wp_error( $response ) ) {
 			$this->error( $response->get_error_code() . ' ' . $response->get_error_message() );
@@ -81,7 +82,16 @@ class WooCommerceLogger implements LoggerInterface {
 		$method = $args['method'] ?? '';
 		$output = $method . ' ' . $url . "\n";
 		if ( isset( $args['body'] ) ) {
-			$output .= 'Request Body: ' . wc_print_r( $args['body'], true ) . "\n";
+			if ( ! in_array(
+				$url,
+				array(
+					trailingslashit( $host ) . 'v1/oauth2/token/',
+					trailingslashit( $host ) . 'v1/oauth2/token?grant_type=client_credentials',
+				),
+				true
+			) ) {
+				$output .= 'Request Body: ' . wc_print_r( $args['body'], true ) . "\n";
+			}
 		}
 
 		if ( is_array( $response ) ) {
@@ -90,9 +100,12 @@ class WooCommerceLogger implements LoggerInterface {
 			}
 			if ( isset( $response['response'] ) ) {
 				$output .= 'Response: ' . wc_print_r( $response['response'], true ) . "\n";
-			}
-			if ( isset( $response['body'] ) ) {
-				$output .= 'Response Body: ' . wc_print_r( $response['body'], true ) . "\n";
+
+				if ( isset( $response['body'] )
+					&& isset( $response['response']['code'] )
+					&& ! in_array( $response['response']['code'], array( 200, 201, 202, 204 ), true ) ) {
+					$output .= 'Response Body: ' . wc_print_r( $response['body'], true ) . "\n";
+				}
 			}
 		}