obfuscate API key the same way as Mailchimp does in their web interface

dannyvankooten · dannyvankooten · commit 7995c150db9e · 2025-01-10T09:35:00.000+01:00
diff --git a/includes/functions.php b/includes/functions.php
@@ -439,10 +439,11 @@ function _mc4wp_use_sslverify()
  */
 function mc4wp_obfuscate_string($string)
 {
-	$length            = strlen($string);
-	$obfuscated_length = ceil($length / 2);
-	$string            = str_repeat('*', $obfuscated_length) . substr($string, $obfuscated_length);
-	return $string;
+	if (strlen($string) <= 2) return $string;
+	$length = strlen($string);
+	$keep = floor(strlen($string) / 3);
+	$keep = min($keep, 4);
+	return substr($string, 0, $keep) . str_repeat('*', $length - ($keep*2)) . substr($string, -$keep);
 }
 
 /**
diff --git a/includes/views/general-settings.php b/includes/views/general-settings.php
@@ -3,104 +3,102 @@
 ?>
 <div id="mc4wp-admin" class="wrap mc4wp-settings">
 
-    <p class="mc4wp-breadcrumbs">
-        <span class="prefix"><?php echo esc_html__('You are here: ', 'mailchimp-for-wp'); ?></span>
-        <span class="current-crumb"><strong>Mailchimp for WordPress</strong></span>
-    </p>
-
-
-    <div class="mc4wp-row">
-
-        <!-- Main Content -->
-        <div class="main-content mc4wp-col">
-
-            <h1 class="mc4wp-page-title">
-                Mailchimp for WordPress: <?php echo esc_html__('API Settings', 'mailchimp-for-wp'); ?>
-            </h1>
-
-            <h2 style="display: none;"></h2>
-            <?php
-            settings_errors();
-            $this->messages->show();
-            ?>
-
-            <form action="<?php echo admin_url('options.php'); ?>" method="post">
-                <?php settings_fields('mc4wp_settings'); ?>
-
-                <table class="form-table">
-
-                    <tr valign="top">
-                        <th scope="row">
-                            <?php echo esc_html__('Status', 'mailchimp-for-wp'); ?>
-                        </th>
-                        <td>
-                            <?php
-                            if ($connected) {
-                                ?>
-                                <span class="mc4wp-status positive"><?php echo esc_html__('CONNECTED', 'mailchimp-for-wp'); ?></span>
-                                <?php
-                            } else {
-                                ?>
-                                <span class="mc4wp-status neutral"><?php echo esc_html__('NOT CONNECTED', 'mailchimp-for-wp'); ?></span>
-                                <?php
-                            }
-                            ?>
-                        </td>
-                    </tr>
-
-
-                    <tr valign="top">
-                        <th scope="row"><label for="mailchimp_api_key"><?php echo esc_html__('API Key', 'mailchimp-for-wp'); ?></label></th>
-                        <td>
-                            <input type="text" class="widefat" placeholder="<?php echo esc_html__('Your Mailchimp API key', 'mailchimp-for-wp'); ?>" id="mailchimp_api_key" name="mc4wp[api_key]" value="<?php echo esc_attr($obfuscated_api_key); ?>" <?php echo defined('MC4WP_API_KEY') ? 'readonly="readonly"' : ''; ?> />
-                            <p class="description">
-                                <?php echo esc_html__('The API key for connecting with your Mailchimp account.', 'mailchimp-for-wp'); ?>
-                                <a target="_blank" href="https://admin.mailchimp.com/account/api"><?php echo esc_html__('Get your API key here.', 'mailchimp-for-wp'); ?></a>
-                            </p>
-
-                            <?php
-                            if (defined('MC4WP_API_KEY')) {
-                                echo '<p class="description">', wp_kses(__('You defined your Mailchimp API key using the <code>MC4WP_API_KEY</code> constant.', 'mailchimp-for-wp'), array( 'code' => array() )), '</p>';
-                            }
-                            ?>
-                        </td>
+	<p class="mc4wp-breadcrumbs">
+		<span class="prefix"><?php echo esc_html__('You are here: ', 'mailchimp-for-wp'); ?></span>
+		<span class="current-crumb"><strong>Mailchimp for WordPress</strong></span>
+	</p>
+
+	<div class="mc4wp-row">
+		<!-- Main Content -->
+		<div class="main-content mc4wp-col">
+
+			<h1 class="mc4wp-page-title">
+				Mailchimp for WordPress: <?php echo esc_html__('API Settings', 'mailchimp-for-wp'); ?>
+			</h1>
+
+			<h2 style="display: none;"></h2>
+			<?php
+			settings_errors();
+			$this->messages->show();
+			?>
+
+			<form action="<?php echo esc_attr(admin_url('options.php')); ?>" method="post">
+				<?php settings_fields('mc4wp_settings'); ?>
+
+				<table class="form-table">
+
+					<tr valign="top">
+						<th scope="row">
+							<?php echo esc_html__('Status', 'mailchimp-for-wp'); ?>
+						</th>
+						<td>
+							<?php
+							if ($connected) {
+								?>
+								<span class="mc4wp-status positive"><?php echo esc_html__('CONNECTED', 'mailchimp-for-wp'); ?></span>
+								<?php
+							} else {
+								?>
+								<span class="mc4wp-status neutral"><?php echo esc_html__('NOT CONNECTED', 'mailchimp-for-wp'); ?></span>
+								<?php
+							}
+							?>
+						</td>
+					</tr>
+
+
+					<tr valign="top">
+						<th scope="row"><label for="mailchimp_api_key"><?php echo esc_html__('API Key', 'mailchimp-for-wp'); ?></label></th>
+						<td>
+							<input type="text" class="widefat" placeholder="<?php echo esc_attr__('Your Mailchimp API key', 'mailchimp-for-wp'); ?>" id="mailchimp_api_key" name="mc4wp[api_key]" value="<?php echo esc_attr($obfuscated_api_key); ?>" <?php echo defined('MC4WP_API_KEY') ? 'readonly="readonly"' : ''; ?> />
+							<p class="description">
+								<?php echo esc_html__('The API key for connecting with your Mailchimp account.', 'mailchimp-for-wp'); ?>
+								<a target="_blank" href="https://admin.mailchimp.com/account/api"><?php echo esc_html__('Get your API key here.', 'mailchimp-for-wp'); ?></a>
+							</p>
+
+							<?php
+							if (defined('MC4WP_API_KEY')) {
+								echo '<p class="description">', wp_kses(__('You defined your Mailchimp API key using the <code>MC4WP_API_KEY</code> constant.', 'mailchimp-for-wp'), array( 'code' => array() )), '</p>';
+							}
+							?>
+						</td>
 
 					</tr>
 
-                </table>
+				</table>
 
-                <?php submit_button(); ?>
+				<?php submit_button(); ?>
 
-            </form>
+			</form>
 
-            <?php
+			<?php
 
-            /**
-             * Runs right after general settings are outputted in admin.
-             *
-             * @since 3.0
-             * @ignore
-             */
+			/**
+			 * Runs right after general settings are outputted in admin.
+			 *
+			 * @since 3.0
+			 * @ignore
+			 */
 
-            do_action('mc4wp_admin_after_general_settings');
+			do_action('mc4wp_admin_after_general_settings');
 
-            if (! empty($opts['api_key'])) {
-                echo '<hr />';
-                include __DIR__ . '/parts/lists-overview.php';
-            }
+			if (! empty($opts['api_key'])) {
+				echo '<hr />';
+				include __DIR__ . '/parts/lists-overview.php';
+			}
 
-            require __DIR__ . '/parts/admin-footer.php';
+			require __DIR__ . '/parts/admin-footer.php';
 
-            ?>
-        </div>
+			?>
+		</div>
 
-        <!-- Sidebar -->
-        <div class="mc4wp-sidebar mc4wp-col">
-            <?php require __DIR__ . '/parts/admin-sidebar.php'; ?>
-        </div>
+		<!-- Sidebar -->
+		<div class="mc4wp-sidebar mc4wp-col">
+			<?php require __DIR__ . '/parts/admin-sidebar.php'; ?>
+		</div>
 
 
-    </div>
+	</div>
 
 </div>
 
diff --git a/tests/FunctionsTest.php b/tests/FunctionsTest.php
@@ -7,97 +7,102 @@
  */
 class FunctionsTest extends TestCase
 {
-    public $tests = array(
-        array(
-            'input' => array(),
-            'output' => array(),
-        ),
-        array(
-            'input' => array(
-                'SOME_FIELD' => 'Some value',
-                'SOME_OTHER_FIELD' => 'Some other value'
-            ),
-            'output' => array(
-                'SOME_FIELD' => 'Some value',
-                'SOME_OTHER_FIELD' => 'Some other value'
-            ),
-        ),
-        array(
-            'input' => array(
-                'NAME' => 'Danny van Kooten'
-            ),
-            'output' => array(
-                'NAME' => 'Danny van Kooten',
-                'FNAME' => 'Danny',
-                'LNAME' => 'van Kooten'
-            ),
-        ),
-        array(
-            'input' => array(
-                'NAME' => 'Danny'
-            ),
-            'output' => array(
-                'NAME' => 'Danny',
-                'FNAME' => 'Danny',
-            ),
-        ),
-    );
-
-
-    /**
-     * @covers mc4wp_obfuscate_email_addresses()
-     */
-    public function test_mc4wp_obfuscate_email_addresses()
-    {
-
-        // by no means should the two strings be similar
-        $string = 'Mailchimp API error: Recipient "johnnydoe@gmail.com" has too many recent signup requests';
-        $obfuscated = mc4wp_obfuscate_email_addresses($string);
-        self::assertNotEquals($string, $obfuscated);
-
-        // less than 70% of the string should be similar
-        $string = 'johnnydoe@gmail.com';
-        $obfuscated = mc4wp_obfuscate_email_addresses($string);
-        similar_text($string, $obfuscated, $percentage);
-        self::assertTrue($percentage <= 70);
-    }
-
-    /**
-     * @covers mc4wp_obfuscate_string
-     */
-    public function test_mc4wp_obfuscate_string()
-    {
-
-        // by no means should the two strings be similar
-        $string = 'super-secret-string';
-        $obfuscated = mc4wp_obfuscate_string($string);
-        self::assertNotEquals($string, $obfuscated);
-
-        // less than 50% of the string should be similar
-        similar_text($string, $obfuscated, $percentage);
-        self::assertTrue($percentage <= 50);
-    }
-
-    /**
-     * @covers mc4wp_add_name_data
-     */
-    public function test_mc4wp_add_name_data()
-    {
-        foreach ($this->tests as $test) {
-            self::assertEquals(mc4wp_add_name_data($test['input']), $test['output']);
-        }
-    }
-
-    /**
-     * @covers mc4wp_array_get
-     */
-    public function test_mc4wp_array_get()
-    {
-        self::assertEquals(mc4wp_array_get(array( 'foo' => 'bar' ), 'foo'), 'bar');
-        self::assertEquals(mc4wp_array_get(array( 'foo' => 'bar' ), 'foofoo', 'default'), 'default');
-        self::assertEquals(mc4wp_array_get(array( 'foo' => array( 'bar' => 'foobar' ) ), 'foo.bar'), 'foobar');
-        self::assertEquals(mc4wp_array_get(array( 'foo' => array( 'bar' => 'foobar' ) ), 'foo.foo', 'default'), 'default');
-    }
+	public $tests = array(
+		array(
+			'input' => array(),
+			'output' => array(),
+		),
+		array(
+			'input' => array(
+				'SOME_FIELD' => 'Some value',
+				'SOME_OTHER_FIELD' => 'Some other value'
+			),
+			'output' => array(
+				'SOME_FIELD' => 'Some value',
+				'SOME_OTHER_FIELD' => 'Some other value'
+			),
+		),
+		array(
+			'input' => array(
+				'NAME' => 'Danny van Kooten'
+			),
+			'output' => array(
+				'NAME' => 'Danny van Kooten',
+				'FNAME' => 'Danny',
+				'LNAME' => 'van Kooten'
+			),
+		),
+		array(
+			'input' => array(
+				'NAME' => 'Danny'
+			),
+			'output' => array(
+				'NAME' => 'Danny',
+				'FNAME' => 'Danny',
+			),
+		),
+	);
+
+
+	/**
+	 * @covers mc4wp_obfuscate_email_addresses()
+	 */
+	public function test_mc4wp_obfuscate_email_addresses()
+	{
+		// by no means should the two strings be similar
+		$string = 'Mailchimp API error: Recipient "johnnydoe@gmail.com" has too many recent signup requests';
+		$obfuscated = mc4wp_obfuscate_email_addresses($string);
+		self::assertNotEquals($string, $obfuscated);
+
+		// less than 70% of the string should be similar
+		$string = 'johnnydoe@gmail.com';
+		$obfuscated = mc4wp_obfuscate_email_addresses($string);
+		similar_text($string, $obfuscated, $percentage);
+		self::assertTrue($percentage <= 70);
+	}
+
+	/**
+	 * @covers mc4wp_obfuscate_string
+	 */
+	public function test_mc4wp_obfuscate_string()
+	{
+		self::assertEquals('', mc4wp_obfuscate_string(''));
+		self::assertEquals('a', mc4wp_obfuscate_string('a'));
+		self::assertEquals('aa', mc4wp_obfuscate_string('aa'));
+		self::assertEquals('a*a', mc4wp_obfuscate_string('aaa'));
+		self::assertEquals('a**a', mc4wp_obfuscate_string('aaaa'));
+		self::assertEquals('abcd****************************-us1', mc4wp_obfuscate_string('abcdefghijklmnopqrstuvwxyzabcdef-us1'));
+
+		// by no means should the two strings be similar
+		$string = 'super-secret-string';
+		$obfuscated = mc4wp_obfuscate_string($string);
+		self::assertNotEquals($string, $obfuscated);
+
+		// less than 50% of the string should be similar
+		similar_text($string, $obfuscated, $percentage);
+		self::assertTrue($percentage <= 50);
+	}
+
+	/**
+	 * @covers mc4wp_add_name_data
+	 */
+	public function test_mc4wp_add_name_data()
+	{
+		foreach ($this->tests as $test) {
+			self::assertEquals(mc4wp_add_name_data($test['input']), $test['output']);
+		}
+	}
+
+	/**
+	 * @covers mc4wp_array_get
+	 */
+	public function test_mc4wp_array_get()
+	{
+		self::assertEquals(mc4wp_array_get(array( 'foo' => 'bar' ), 'foo'), 'bar');
+		self::assertEquals(mc4wp_array_get(array( 'foo' => 'bar' ), 'foofoo', 'default'), 'default');
+		self::assertEquals(mc4wp_array_get(array( 'foo' => array( 'bar' => 'foobar' ) ), 'foo.bar'), 'foobar');
+		self::assertEquals(mc4wp_array_get(array( 'foo' => array( 'bar' => 'foobar' ) ), 'foo.foo', 'default'), 'default');
+	}
 
 	public function test_mc4wp_get_request_ip_address()
 	{
