From 1d0e5797b00a76e411eda0b39c6134d2d31c712c Mon Sep 17 00:00:00 2001 From: Brady Miller Date: Thu, 25 Apr 2024 22:23:07 -0700 Subject: [PATCH] Fix: Revert "Fix: OpenEMR logs sensitive information such as payment details (#7341)" (#7396) This reverts commit 9be12b810b88fb7e4d046bb7ec7d172bcd4ca7fa. --- src/Common/Logging/EventAuditLogger.php | 29 ------------------------- 1 file changed, 29 deletions(-) diff --git a/src/Common/Logging/EventAuditLogger.php b/src/Common/Logging/EventAuditLogger.php index cdf457ad073..eafb7e98463 100644 --- a/src/Common/Logging/EventAuditLogger.php +++ b/src/Common/Logging/EventAuditLogger.php @@ -144,14 +144,6 @@ class EventAuditLogger MSG; - - /** - * Keep track of the tables and the fields in each table that contains sensitive information - */ - private const SENSITIVE_RECORDS = [ - "ar_session" => array("reference") - ]; - /** * @param $event * @param $user @@ -640,27 +632,6 @@ public function auditSQLEvent($statement, $outcome, $binds = null) } } - /** - * Avoid logging sensitive information in logs. - * For any insert operation, if the current table contains any field containing sensitive information, - * the value for that field is masked to match its length. - */ - if ($querytype == "insert") { - foreach (self::SENSITIVE_RECORDS as $table => $fields) { - if (strpos($comments, $table) !== false) { - foreach ($fields as $field) { - $pattern = "/($field)\s*=\s*'([^']+)'/"; - $comments = preg_replace_callback($pattern, function ($matches) { - $field_name = $matches[1]; - $field_value = $matches[2]; - $masked_value = str_repeat('X', strlen($field_value)); - return "$field_name = '$masked_value'"; - }, $comments); - } - } - } - } - /* Avoid filling the audit log with trivial SELECT statements. * Skip SELECTs from unknown tables. */