dinislage/PrestaShop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[-] Classes : #PSCFI-3880 : BugFix mbstring overload on Rijndael encrypt-decrypt

Browse Source 
git-svn-id: http://dev.prestashop.com/svn/v1/branches/1.5.x@11019 b9a71923-0436-4b27-9f14-aed3839534dd
This commit is contained in:
fGaillard
2011-12-07 09:21:05 +00:00
parent 3d1176686f
commit c8fc8d1733
2 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
classes/Cookie.php
+6 -3
View File
@@ -254,10 +254,12 @@ class CookieCore
{
/* Decrypt cookie content */
$content = $this->_cipherTool->decrypt($_COOKIE[$this->_name]);
//printf("\$content = %s<br />", $content);
/* Get cookie checksum */
$checksum = crc32($this->_iv.substr($content, 0, strrpos($content, '¤') + 2));
//printf("\$checksum = %s<br />", $checksum);
/* Unserialize cookie content */
$tmpTab = explode('¤', $content);
foreach ($tmpTab as $keyAndValue)
@@ -269,7 +271,8 @@ class CookieCore
/* Blowfish fix */
if (isset($this->_content['checksum']))
$this->_content['checksum'] = (int)($this->_content['checksum']);
//printf("\$this->_content['checksum'] = %s<br />", $this->_content['checksum']);
//die();
/* Check if cookie has not been modified */
if (!isset($this->_content['checksum']) || $this->_content['checksum'] != $checksum)
$this->logout();
classes/Rijndael.php
+15 -4
View File
@@ -39,16 +39,27 @@ class RijndaelCore
// Base64 is not required, but it is be more compact than urlencode
public function encrypt($plaintext)
{
if (($length = strlen($plaintext)) >= 1048576)
$length = (ini_get('mbstring.func_overload') & 2) ? mb_strlen($plaintext, ini_get('default_charset')) : strlen($plaintext);
if ($length >= 1048576)
return false;
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->_key, $plaintext, MCRYPT_MODE_ECB, $this->_iv)).sprintf('%06d', $length);
}
public function decrypt($ciphertext)
{
$plainTextLength = intval(substr($ciphertext, -6));
$ciphertext = substr($ciphertext, 0, -6);
return substr(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->_key, base64_decode($ciphertext), MCRYPT_MODE_ECB, $this->_iv), 0, $plainTextLength);
if (ini_get('mbstring.func_overload') & 2)
{
$plainTextLength = intval(mb_substr($ciphertext, -6, 6, ini_get('default_charset')));
$ciphertext = mb_substr($ciphertext, 0, -6, ini_get('default_charset'));
return mb_substr(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->_key, base64_decode($ciphertext), MCRYPT_MODE_ECB, $this->_iv), 0, $plainTextLength, ini_get('default_charset'));
}
else
{
$plainTextLength = intval(substr($ciphertext, -6));
$ciphertext = substr($ciphertext, 0, -6);
return substr(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->_key, base64_decode($ciphertext), MCRYPT_MODE_ECB, $this->_iv), 0, $plainTextLength);
}
}
}