Skip to content

Commit

Permalink
Merge pull request #1356 from stakovicz/feat-905-mcrypt-cbc-replace-o…
Browse files Browse the repository at this point in the history
…penssl

feat (#905): mcrypt CBC replace by openssl
  • Loading branch information
stakovicz authored Nov 21, 2023
2 parents de58252 + 1f6035d commit 3e57ae9
Show file tree
Hide file tree
Showing 5 changed files with 84 additions and 4 deletions.
1 change: 1 addition & 0 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"ext-json": "*",
"ext-dom": "*",
"ext-libxml": "*",
"ext-openssl": "*",
"beberlei/assert": "^2.9",
"league/oauth2-github": "^0.2.1",
"symfony/symfony": "^3.4",
Expand Down
3 changes: 2 additions & 1 deletion htdocs/pages/administration/compta_facture.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
use Afup\Site\Comptabilite\Facture;
use Afup\Site\Utils\Pays;
use Afup\Site\Utils\Logs;
use Afup\Site\Utils\Utils;

/** @var \AppBundle\Controller\LegacyController $this */
if (!defined('PAGE_LOADED_USING_INDEX')) {
Expand All @@ -30,7 +31,7 @@
if ($action == 'lister') {
$ecritures = $comptaFact->obtenirFacture();
foreach ($ecritures as &$e) {
$e['link'] = urlencode(base64_encode(mcrypt_cbc(MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', $e['id'], MCRYPT_ENCRYPT, '@PaiFact')));;
$e['link'] = urlencode(Utils::cryptFromText($e['id']));
}
$smarty->assign('ecritures', $ecritures);
} elseif ($action == 'telecharger_facture') {
Expand Down
2 changes: 1 addition & 1 deletion htdocs/pages/paiement/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

$comptaFact = new Facture($bdd);

$ref = trim(mcrypt_cbc (MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', base64_decode(str_replace(' ', '+', urldecode($_GET['ref']))), MCRYPT_DECRYPT, '@PaiFact'));
$ref = \Afup\Site\Utils\Utils::decryptFromText(urldecode($_GET['ref']));

$facture = $comptaFact->obtenir($ref);
if ($facture) {
Expand Down
28 changes: 26 additions & 2 deletions sources/Afup/Utils/Utils.php
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,30 @@ public static function get_gravatar($email, $s = 80, $d = 'mm', $r = 'g', $img =
}
return $url;
}
}

?>
public static function cryptFromText($text)
{
// return base64_encode(mcrypt_cbc(MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', $text, MCRYPT_ENCRYPT, '@PaiFact'));

if (strlen($text) % 8) {
$text = str_pad($text, strlen($text) + 8 - strlen($text) % 8, "\0");
}

$key = 'PaiementFactureAFUP_AFUP';
$iv = '@PaiFact';

return base64_encode(openssl_encrypt($text, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv));
}

public static function decryptFromText($text)
{
// return trim(mcrypt_cbc(MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', base64_decode(str_replace(' ', '+', $text)), MCRYPT_DECRYPT, '@PaiFact'));

$ref = base64_decode(str_replace(' ', '+', $text));

$key = 'PaiementFactureAFUP_AFUP';
$iv = '@PaiFact';

return trim(openssl_decrypt($ref, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv));
}
}
54 changes: 54 additions & 0 deletions tests/units/Afup/Utils/Utils.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
<?php

namespace Afup\Site\Utils\tests\units;

use Afup\Site\Utils\Utils as UtilsToTest;

class Utils extends \atoum
{
protected function dataProvider()
{
return [
[
'decrypted' => 1,
'encrypted' => '03bITNI5Ono=',
],
[
'decrypted' => '1',
'encrypted' => '03bITNI5Ono=',
],
[
'decrypted' => '12345',
'encrypted' => 'EIx0Y/wJQ+I=',
],
[
'decrypted' => 'abcdef',
'encrypted' => 'UvM1BUAJ5jQ=',
],
[
'decrypted' => 'L\'AFUP est trop mortelle !',
'encrypted' => '6MSKdnJmUMW7YrnxXDe/5mKySbAiO2C9ubfR3NcG/fc=',
],
];
}

/**
* @dataProvider dataProvider
*/
public function testCryptFromText($decrypted, $encrypted)
{
$this
->string(UtilsToTest::cryptFromText($decrypted))
->isEqualTo($encrypted);
}

/**
* @dataProvider dataProvider
*/
public function testDecryptFromText($decrypted, $encrypted)
{
$this
->string(UtilsToTest::decryptFromText($encrypted))
->isEqualTo($decrypted);
}
}

0 comments on commit 3e57ae9

Please sign in to comment.