fix(instanda): content-based dedupe, resubmit guards, PII retention
- F-01: derive the dedupe key from submission content (form id + mapped values) instead of a per-request token, so identical re-POSTs / retry-after-error collapse to the existing quote. Keeps the per-request lock; adds a content lock race guard and a 30-min recent_delivered_by_dedupe short-circuit. - F-12: refuse resubmit of an already-delivered transaction (AJAX + worker). - F-18: scope the resubmit self-recovery guard to the content dedupe key so a customer's different event is no longer skipped. - F-05: anonymize PII on stale failed/pending rows via the cron; add delete_by_email and wire WP's Erase Personal Data eraser. - F-13: exempt stranded delivered rows (no entry_id) from the retention purge. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -28,5 +28,12 @@ final class Cron_Cleanup {
|
||||
if ($deleted > 0) {
|
||||
Logger::debug("Retention purge removed {$deleted} delivered transaction(s) older than {$days} day(s).");
|
||||
}
|
||||
|
||||
// Scrub PII from unresolved (failed/pending) rows past the window; they are never
|
||||
// timer-deleted, so this bounds how long customer PII is retained on them.
|
||||
$scrubbed = $store->anonymize_stale_unresolved($days);
|
||||
if ($scrubbed > 0) {
|
||||
Logger::debug("Retention scrub anonymized PII on {$scrubbed} unresolved transaction(s) older than {$days} day(s).");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user