How to hide 'EXPDATE' & 'CVV2' from Log.

Is this information needed in the PayPal API Log? I just fee this information should not be stored anywhere.

Is there a way to eliminate this or at least replace it with ‘XXX’

Thank you :)

Hi Deyson.

I can understand. You can disable logging, or you’ll have to edit the source files.

I did a search for the string [hilite mono]paypal-api.log[/hilite] in the files and found it in s2member/includes/classes/paypal-utilities.inc.php. As you can see there, the log just gets an export of all the vars available. You’ll need to edit those before they get put in the log.

So the edited file doesn’t get overwritten on update, you can work on a copy of the file in your must-use plugins directory. /wp-content/mu-plugins/

I hope that helps. :)

Thank you for your help! :)

No problem. :)

By the way, here’s something Jason told me related to securing logs:

Aside from disabling logs completely, another thing a site owner can do to improve security is to move their log directory to a more secure location (i.e. to a folder outside of the web space).

Please create this directory and file:
/wp-content/mu-plugins/s2-hacks.php
See: http://www.s2member.com/kb/hacking-s2member/

<?php
add_filter('ws_plugin__s2member_logs_dir', 's2_logs_dir');
function s2_logs_dir($what_s2_says)
{
    return '/absolute/path/to/my/secure/logs/dir';
}