Compatability with Encrypt 7.x-2.x

On one of my test sites I use a modified version of webform encrypt. It seems to work properly with encrypt 7.x-2.0-rc1 and webform 7.x-4.0-rc6. Please review the attached patch. Maybe it's something to start with.

I applied the patch but got an error message below.

Error message:
PDOException: in drupal_write_record() (line 7202 of /Users/test/includes/common.inc).

Config:
Drupal-7.31
Webform-7.x-4.0
Webform Encrypt 7.x-1.0+10-dev
Encrypt 7.x-2.0-rc1

Seems to work for me.

Config:
Drupal-7.32
Webform-7.x-4.1
Webform Encrypt 7.x-1.0+10-dev
Encrypt 7.x-2.0

I'm just guessing, but I doubt I'm the only one taking an extra interest in encrypt and webform_encrypt since #drupageddon.

It would be good to get this patch integrated and a release version out that works with encrypt 2.0.

How can I help?

I updated my config, applied the patch, and still got the same error message after submitting the form.

PDOException: in drupal_write_record() (line 7202 of /Users/test/includes/common.inc).

Even though the site produce the error, the form is still being saved and the encrypted field is shown blank.

Config:
Drupal-7.32
Webform-7.x-4.1
Webform Encrypt 7.x-1.0+10-dev
Encrypt 7.x-2.0

Before applying the patch, this is the error message that I got

Notice: Undefined index: value in webform_encrypt_webform_submission_presave() (line 62 of /Users/test/sites/all/modules/webform_encrypt/webform_encrypt.module).
Notice: Array to string conversion in drupal_write_record() (line 7165 of /Users/test/includes/common.inc).

@badrun When you get the PDO Exception does it give you any more information about the database error? Did you create an entirely new webform, or are you working on a form that already exists? If it exists, does it have data in it? What kinds of webform fields are you using? I'd suggest, for debugging purposes, now you've got rid of the warnings about the 'value' index (by applying this patch), creating an entirely new form, using just text field types, and seeing if you still get the PDO error.

@badrun Sorry, one more question: which type of encryption have you enabled for the webform field in question?

@nickholden Thank you for asking me more. You may ask me more questions anytime. I really want this module to work out for everyone.

The first and second tests above was done on a preexisting webform with no data in it. It uses many field types (textfield, email, select list, etc.). For encryption, I didn't change the encryption module configuration. So, it was using the default configuration.

Today, I tested webform encrypt module again with a clean drupal-7.33 installation. No changes in encryption configuration, using the default config. I still get the same error (picture attached), only PDO Exception error, nothing else.

Config:
Drupal-7.33
Webform-7.x-4.1
Webform Encrypt 7.x-1.0+10-dev
Encrypt 7.x-2.0

The test is using only one field with a field type of textfield.

The first scenario, I make the field as required.
The second scenario, the field is not required.
Both produce the same error.

Another interesting thing that I found.
The field result is blank, shows nothing, when the form is created by user 1 (super admin) and viewed by all users.
The field result is showing the result when the form is created by user 2 (administrator role) or user with authenticated user role, the form is being viewed by user 1 and 2.
The field result is showing "[Value Encrypted] " when the form is being viewed by user with authenticated user role.

I think this is the module design. It won't be a problem since user 1 most likely is not going to participate on using the form. But, when user 1 is editing form result, the input will be blank.

@badrun

Can you try using a different encryption method? It's fine to leave it using the 'default' method from the encrypt module, but if you change the settings in the encrypt module so that the default method uses mcrypt/AES 256 with a file key instead of the drupal key, what happens? mcrypt/AES 256 is the encryption method I use, and I haven't seen the PDO error at all.

I'm asking because there's a thread here - https://www.drupal.org/node/1479128 - that suggests that with default encryption method, the encrypted data sometimes becomes too big for MySQL to write into the column because the data column in webform_submitted_data is of type mediumtext (the webform module doesn't expect to have to write encrypted data). The solution proposed is to change the column type to BLOB, but I think changing the encryption method should work better.

You could, of course, try changing the column type, if you prefer. But this might get broken with later upgrades to the webform module. Possibly the webform_encrypt module should change the column type at install time, but changing the database schema of another module's table is probably considered rude.

Good luck

Nick

@nickholden Thank you, it works, no more error message.

I changed the "Encryption method settings" into "Mcrypt AES 256" and leave the rest of the configuration the same. The error message is gone. The blank result is also gone. The module works perfectly.

Thank you again for your help.

See my comments at #1788042-15: Compatibility with Webform 4.x

Just rerolled the patch in #1 against version 1.1.

Thanks +1 (#1patch) works for me.

Works great for me too! Thanks for the patch.

My site is using Webform-3.x, which has a slightly different $submission->data array structure. I'm re-rolling this patch so it can work with the older version of webform.

This attached patch works for me and I am using:
* Drupal-7.43
* Webform-7.x-3.24
* Encrypt 7.x-2.3
* Webform Encrypt 7.x-1.1

Thanks voskuh and geoffreyr for your patches!

My patch in #17 had an error (it made an unnecessary change to the webform_encrypt_webform_submission_presave() function).

Attaching an updated patch for Webform-3.x

@kylesmith why didn't you update your Webform to the stable version 7.x-4.x for your patch

Patch in #1 worked for me.
Drupal 7.44
Webform 7.x-4.12
Encrypt 7.x-2.3
Webform Encrypt 7.x-1.0+10-dev (2013-Oct-25)

Patch #1 is not sufficient when there's data already in the field to be encrypted. It does not encrypt the fields when enabling encryption, only on save, but always tries to decrypt them when loaded. Ideally it should encrypt on enable, but I've created a workaround, by changing
if (!empty($entry[$delta])) { to if (!empty($entry[$delta]) && FALSE !== @unserialize($entry[$delta])) { in the function webform_encrypt_webform_submission_load

Tested patch #1 with

• Drupal 7.44
• Webform 7.x-4.14
• Encrypt 7.x-2.3
• Webform Encrypt 7.x-1.1

Although @jasonschweb has valid point in #21 I changed status to RTBC because without this patch one cannot get encryption to work with recommended Webform+Encrypt contrib releases.

I have a problem with the use of webform_encrypt_webform_submission_load(). This will effectively decrypt or show "value encrypted" everywhere a submission is loaded. Seems great, except on the edit form: if a user doesn't have access to see the encrypted values but can edit webform results, he/she will see [Value encrypted] in the textfield. Upon saving "[Value encrypted]" will be encrypted and saved in the db as the new value.

Only using webform_encrypt_webform_submission_render_alter() makes more sense, as this gets fired in all places except the edit form. Exactly what we need. I will post a patch later.

EDIT: only using webform_encrypt_webform_submission_render_alter() is not fired for the csv and table display ... looking into a solution

Wrote an extra check in the hook_submission_load where we check if we're on a submission/edit page. It's not 100% failsafe (what if people have custom own edit pages) but it's better than nothing.

This patch also incorporates the fix from issue #2370289, and includes some general code rewriting.

It also addresses an issue with sending encrypted values in emails, even though that fix is not complete.

Patch from #1 worked for me except the case explained in #21 as when we already have data and then if we enable encrypt it breaks.
So, Updating patch #1 for current release and also incorporating #21.

As, this need to be commited to module ASAP as this module doesnt works w/o it, I feel #23 and #24 are add-ons;
as allowing to update submissions are rare and can be incorporated later.

@nileshlohar: patch #1 will cause incorrect data when editing and re-saving a submission, see my comment in #23

Patch #24 causes error when trying to change field order by just dragging it when webform already has submitted values.
This patch fixes it. Also tweaked submission/edit form for users that do not have access to view encrypted data, now it shows [Value Encrypted] instead of serialized text but still won't overwrite original value, so after editing submission encrypted value is untouched.
Also patches one small hole when user with permission to edit webform component but not having access to view encrypted values could just uncheck encrypt field checkbox so decrypting submitted values and then viewing them.

Patch in #27 gives "FATAL ERROR: Uncaught crypto exception. Suppressing output."
to users having "View Encrypted Values in Webform Results" permission.

I also see the error "FATAL ERROR: Uncaught crypto exception. Suppressing output." for users with access to view encrypted values, even for the admin user. After applying the patch in #27 the error goes away and users are able to view encrypted data. I had to apply it manually since there have been some updates to the module. I'm including the re-roll of #27.

I am using:
Drupal 7.54
Encrypt 7.x-2.3
Webform 7.x-4.15
Webform Encrypt 7.x-1.2

Also using these but they should not have any impact
Key 7.x-3.4
Key Encrypt 7.x-3.4 (needed for Encrypt 2.x)
Lockr 7.x-2.3
Real AES 7.x-1.2

Please use the latest release, 7.x-1.3 version