Merge "Bug #1694342: clean password from event_log takes long time" into 16.10_STABLE

0afc1a25 · Robert Lyon · Gerrit Code Review · af207c8f · b13178e7 · 0afc1a25
Commit 0afc1a25 authored Sep 04, 2017 by Robert Lyon Committed by Gerrit Code Review Sep 04, 2017
--- a/htdocs/lib/db/upgrade.php
+++ b/htdocs/lib/db/upgrade.php
@@ -4885,28 +4885,49 @@ function xmldb_core_upgrade($oldversion=0) {
    }

    if ($oldversion < 2016090223) {
-        if ($records = get_records_sql_array("SELECT event, data, time FROM {event_log} WHERE event = ?", array('createuser'))) {
-            log_debug('Remove sensitive data from event_log');
-            $count = 0;
-            $limit = 1000;
-            $total = count($records);
-            foreach ($records as $record) {
-                $where = clone $record;
-                $data = json_decode($record->data);
-                if (isset($data->password)) {
-                    unset($data->password);
-                    $cleandata = json_encode($data);
-                    $record->data = $cleandata;
-                    update_record('event_log', $record, $where);
-                    set_field('usr', 'passwordchange', 1, 'username', $data->username);
-                }
-                $count++;
-                if (($count % $limit) == 0 || $count == $total) {
-                    log_debug("$count/$total");
-                    set_time_limit(30);
-                }
-            }
-        }
+        // These are the records with passwords in the data.
+        if ($records = get_records_sql_array("SELECT event, data, time
+                                              FROM {event_log}
+                                              WHERE event = ?
+                                              AND position(',\"password\":\"\",' in data) = 0
+                                             ", array('createuser'))) {
+             log_debug('Remove sensitive data from event_log');
+             $count = 0;
+             $limit = 1000;
+             $total = count($records);
+             foreach ($records as $record) {
+                 $where = clone $record;
+                 $data = json_decode($record->data);
+                 if (isset($data->password)) {
+                     unset($data->password);
+                     $cleandata = json_encode($data);
+                     $record->data = $cleandata;
+                     update_record('event_log', $record, $where);
+                     set_field('usr', 'passwordchange', 1, 'username', $data->username);
+                 }
+                 $count++;
+                 if (($count % $limit) == 0 || $count == $total) {
+                     log_debug("$count/$total");
+                     set_time_limit(30);
+                 }
+             }
+        }
+        // These are the records with empty passwords in the data.
+        // No need for them to reset the password.
+        log_debug('Update sensitive data from event_log');
+        $sql_count = "SELECT COUNT(*)
+                      FROM {event_log}
+                      WHERE event = ?
+                      AND position(',\"password\":\"\",' in data) > 0";
+        $count = get_field_sql($sql_count, array('createuser'));
+        if ($count > 0) {
+            $sql = "UPDATE {event_log}
+                    SET data = replace(data, ',\"password\":\"\"', '')
+                    WHERE event = ?
+                    AND position(',\"password\":\"\",' in data) > 0";
+            execute_sql($sql,array('createuser'));
+        }
+        log_debug("$count records updated.");
    }

    if ($oldversion < 2016090226) {