ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed mcrypt_encode using key with invalid size

Browse source
This commit is contained in:
Marcin Kurczewski 2014-10-08 17:14:44 +02:00
parent 330f5c344c
commit f2dd8cecb4
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/Helpers/TextHelper.php
View file

@ -218,24 +218,24 @@ class TextHelper
public static function encrypt($text) public static function encrypt($text)
{ {
$salt = Core::getConfig()->main->salt; $key = self::getEncryptionKey();
$alg = MCRYPT_RIJNDAEL_256; $alg = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_CBC; $mode = MCRYPT_MODE_CBC;
$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND); $iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND);
return base64_encode($iv) . '|' . base64_encode(mcrypt_encrypt($alg, $salt, $text, $mode, $iv)); return base64_encode($iv) . '|' . base64_encode(mcrypt_encrypt($alg, $key, $text, $mode, $iv));
} }
public static function decrypt($text) public static function decrypt($text)
{ {
try try
{ {
$salt = Core::getConfig()->main->salt; $key = self::getEncryptionKey();
list ($iv, $hash) = explode('|', $text, 2); list ($iv, $hash) = explode('|', $text, 2);
$iv = base64_decode($iv); $iv = base64_decode($iv);
$hash = base64_decode($hash); $hash = base64_decode($hash);
$alg = MCRYPT_RIJNDAEL_256; $alg = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_CBC; $mode = MCRYPT_MODE_CBC;
$ret = mcrypt_decrypt($alg, $salt, $hash, $mode, $iv); $ret = mcrypt_decrypt($alg, $key, $hash, $mode, $iv);
$pos = strpos($ret, "\0"); $pos = strpos($ret, "\0");
if ($pos !== false) if ($pos !== false)
$ret = substr($ret, 0, $pos); $ret = substr($ret, 0, $pos);
@ -354,4 +354,10 @@ class TextHelper
? $mimeTypes[$mimeType] ? $mimeTypes[$mimeType]
: null; : null;
} }
private static function getEncryptionKey()
{
$salt = Core::getConfig()->main->salt;
return hex2bin(md5($salt));
}
} }