Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix mcrypt fatal - Removed on PHP 7.2 #159

Merged
merged 25 commits into from
Feb 11, 2024
Merged

Fix mcrypt fatal - Removed on PHP 7.2 #159

Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
a844294
Fix mcrypt fatal on data encryption
vaurdan Jul 5, 2021
e89712c
Fix error with unset `push_syndicate_settings`
vaurdan Jul 8, 2021
2997500
Add initial version of a test suite for the encryption functions.
vaurdan Jul 8, 2021
671576d
Make push_syndicate_decrypt return an array by default
vaurdan Jul 8, 2021
f3ad7a1
Use `is_string` if `assertIsString` is not available.
vaurdan Jul 8, 2021
4d5d0f4
Use `is_string` if `assertIsString` is not available.
vaurdan Jul 8, 2021
9927d42
Merge branch 'vip/deprecated-mcrypto' of github.com:Automattic/syndic…
vaurdan Jul 8, 2021
22ae798
Use `is_array` if `assertIsArray` is not available.
vaurdan Jul 8, 2021
ffa394f
Only test with `mcrypt` if the PHP version is < 7.1
vaurdan Jul 8, 2021
1f67318
Extend the PHP 7.1 validation to the encrypt and decrypt functions.
vaurdan Jul 8, 2021
5024eaa
Use yoast/wp-test-utils for compatibility with different phpunit vers…
vaurdan Jul 12, 2021
b1690a9
Refactor encryption to use Syndication_Encryption class
vaurdan Jul 19, 2021
02f0aa8
Fix tests failing on PHP 7.1
vaurdan Jul 19, 2021
8a4d2e7
Move imports and initialization to plugin root file
vaurdan Jul 20, 2021
6f09b04
Refactor tests to have individual tests for each encryptor
vaurdan Jul 20, 2021
1e6d373
Refactor tests to use a abstract test class for Encryptors
vaurdan Jul 20, 2021
8663284
Change Syndication_Encryptor to interface
vaurdan Jul 20, 2021
18fa88c
Remove leftover require_once
vaurdan Jul 20, 2021
fdb506a
Change Syndication_Encryption from a static class to an instantiable …
vaurdan Jul 21, 2021
d418b9c
Add extra validation for older PHP versions (<5.2.7), just in case.
vaurdan Jul 21, 2021
4e3873b
Remove encryptor strategy getters and setters
vaurdan Jul 23, 2021
16ec5b8
Address feedback on Encryption_Test
vaurdan Jul 23, 2021
c9f684e
Correction on the tests PHPDOC
vaurdan Jul 23, 2021
1f6b87c
Change EncryptionTest to test the `encrypt` and `decrypt` methods.
vaurdan Jul 28, 2021
9a3434d
Fix DocBlock
GaryJones Feb 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 61 additions & 7 deletions includes/push-syndicate-encryption.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,72 @@
<?php

function push_syndicate_get_cipher() {
$cipher = 'aes-256-cbc';

if ( function_exists( 'mcrypt_encrypt' ) ) {
return MCRYPT_RIJNDAEL_256;
}

if ( in_array( $cipher, openssl_get_cipher_methods(), true ) ) {
return array(
'cipher' => $cipher,
'iv' => substr( md5( md5( PUSH_SYNDICATE_KEY ) ), 0, 16 ),
'key' => md5( PUSH_SYNDICATE_KEY ),
);
}

return false; // @TODO: return another default cipher? return exception?
}

function push_syndicate_encrypt( $data ) {
vaurdan marked this conversation as resolved.
Show resolved Hide resolved
// @todo: replace mcrypt with openssl. problem: Rijndael AES is not available on openssl;s AES-256.
// Will most likely break backwards compatibility with older keys
// https://stackoverflow.com/questions/49997338/mcrypt-rijndael-256-to-openssl-aes-256-ecb-conversion

// Backwards compatibility with PHP < 7.2.
if ( function_exists( 'mcrypt_encrypt' ) ) {
// @codingStandardsIgnoreStart
$data = serialize( $data );
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), $data, MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY))));
// @codingStandardsIgnoreEnd
GaryJones marked this conversation as resolved.
Show resolved Hide resolved
}

$data = wp_json_encode( $data );
$cipher = push_syndicate_get_cipher();

$data = serialize( $data );
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), $data, MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY))));
if ( ! $cipher ) {
return $data;
}

$encrypted_data = openssl_encrypt( $data, $cipher['cipher'], $cipher['key'], 0, $cipher['iv'] );
return base64_encode( $encrypted_data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode

}

function push_syndicate_decrypt( $data ) {

$data = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), base64_decode($data), MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY))), "\0");
if ( !$data )
return false;
// Backwards compatibility with PHP < 7.2.
if ( function_exists( 'mcrypt_encrypt' ) ) {
// @codingStandardsIgnoreStart
$data = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( PUSH_SYNDICATE_KEY ), base64_decode( $data ), MCRYPT_MODE_CBC, md5( md5( PUSH_SYNDICATE_KEY ) ) ), "\0" );
if ( ! $data ) {
return false;
}
return @unserialize( $data );
// @codingStandardsIgnoreEnd
}

$cipher = push_syndicate_get_cipher();

if ( ! $cipher ) {
return $data;
}

return @unserialize( $data );
$data = openssl_decrypt( base64_decode( $data ), $cipher['cipher'], $cipher['key'], 0, $cipher['iv'] ); //phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode

}
if ( ! $data ) {
return false;
}

return json_decode( $data );
}