GDPR Considerations

[bobbingwide]

Most of Oik-bwtrace is not intended for use in a production website. Its primary purpose is to assist problem determination performed by system administrators.
If the Daily Trace Summary report is enabled then the generated files can expose personally identifiable data. I.e. IP addresses.
If tracing is activated then the logs can expose even more detail.
This information could be misused.

Requirement

• Protect sensitive data from viewing by non-authorised users.
• Support WordPress Multisite - subdirectory installs and sub domain installs.
• Do not perform any tracing if the target of the trace output is not explicitly stated.
• Provide tools to delete files when no longer required.

Proposed solution

• Require a Trace files directory option field to be specified.
• This directory should be protected from viewing using the browser.
• No tracing will be performed when this directory name is not set.
• Automatically detect whether or not the folder is outside document root
• Support a variety of mechanisms to determine and validate the Fully Qualified trace files directory from the given path.
• Allow for tracing from WordPress startup.

[bobbingwide]

In order to support the deletion of files when no longer required there'll be a Retention period field and a Purge trace files button.

These fields will be in a separate meta box from the Trace options.

[bobbingwide]

Alpha test results from cwiccer.com

Problems noticed when packing and testing oik-bwtrace v3.0.0-alpha-20180523

1. Daily trace summary files being written unexpectedly, probably by the zip routine.
   The Trace files directory should be validated before any trace files can be written.
   Trace files should not be written to the current directory

2. On a Linux server the message about which folders to avoid included duplicates.

Please specify a Trace files directory. 
Preferably use a directory that's not accessible from the browser. 
Avoid using these folders or subdirectories of them: 
/home/cwiccer/public_html, 
/home/cwiccer/public_html/

Note the trailing slash on the second folder name.

3. Purging files from /home/cwiccer/public_html produced messages

Warning: unlink(/home/cwiccer/public_html/cgi-bin): 
Is a directory in /home/cwiccer/public_html/wp-content/plugins/oik-bwtrace/includes/class-trace-logs.php on line 330

It would appear that the glob() routine lists files it shouldn't. Purging should not be performed when the file name is not set.

4. Trace files produced when Trace files directory is not specified but Trace generation limit is set.

[bobbingwide]

Further problems with v3.0.0-alpha-20180524

• Errors in the PHP error log.

[25-May-2018 06:36:56 UTC] PHP Fatal error:  Uncaught Error: Call to undefined function bw_trace_status_report() in /home/cookie/public_html/wp-content/plugins/oik-bwtrace/admin/class-oik-trace-summary.php:208
Stack trace:
#0 /home/cookie/public_html/wp-content/plugins/oik-bwtrace/admin/class-oik-trace-summary.php(111): OIK_trace_summary->populate_vt_values()
#1 /home/cookie/public_html/wp-includes/class-wp-hook.php(286): OIK_trace_summary->record_vt('')
#2 /home/cookie/public_html/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters(NULL, Array)
#3 /home/cookie/public_html/wp-includes/plugin.php(453): WP_Hook->do_action(Array)
#4 /home/cookie/public_html/wp-includes/load.php(679): do_action('shutdown')
#5 [internal function]: shutdown_action_hook()
#6 {main}
  thrown in /home/cookie/public_html/wp-content/plugins/oik-bwtrace/admin/class-oik-trace-summary.php on line 208

The problem appeared to be related to the value of the trace actions setting Trace 'shutdown' status report.

[bobbingwide]

The trace files directory needs to be trimmed. otherwise, with a leading space, it will appear to be invalid. Even though the directory may be created files will not be written.

[bobbingwide]

In the daily trace summary it appears that the remote IP address is recorded incorrectly, as if it’s been overwritten since the start of the transaction. Needs checking.

[bobbingwide]

Other requirements:

• Remove the ability to enable or disable tracing using shortcodes; delete [bwtron] and [bwtroff]
• Reflect the reduced functionality of the [bwtrace] shortcode in the admin page
  • Update Notes about oik trace
  • Remove Trace options and reset button

[bobbingwide]

I reckon it's nearly time to close this issue. But first, I want to add an extra button to allow daily trace summary files to be purged separately from the other trace files.

[bobbingwide]

v3.0.0 has been released. further work has been identified in issues raised for v3.1.0: #82, #83, #84, #85, #86.