All Links Were Breaking (had to patch includes/helpers/short.php file!)
hi my openssl_decrypt / encrypt was complaining about the following in the logs:
stderr: PHP Warning: openssl_encrypt() expects at most 4 parameters, 5 given
i tracked this down and noticed every single one of my links were not being decrypted correctly. afterwards i started looking into short.php and realized if i combined the api key with the salt when encrypting / decrypting, it seemed to work (to satisfy the error in the log while trying to combine the api key with the salt to encrypt / decrypt).
im wondering why my openssl_encrypt wont work with the default sendy way. please take a look at my script here:
http://pastie.org/private/ni0afgdxxzwwe8jxpe2fqg
my php version:
PHP 5.3.6-13ubuntu3.1 with Suhosin-Patch (cli) (built: Aug 29 2011 23:39:16)
running on ubuntu 10.06
according to http://php.net/manual/en/function.openssl-decrypt.php i should be able to use the 5 params, as iv parameter was added in php 5.3.3
Comments
Hi Dennis,
Did this happen out of a sudden?
I tested your script, if I used your method with only 4 parameters (without the
iv), I'll get this warning:openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended
Which means Sendy's current way of encryption is correct and secure. I'm not sure why yours does not work even though you're using PHP 5.3.6 (higher than 5.3.0).
What do you get when you decrypt using 5 parameters (with
vi) using your test script?Thanks.
Ben
its blank when i use the 5 parameters.
im wondering if my php is updated, but somehow my openssl library is outdated?
i just checked my version of openssl: OpenSSL 0.9.8k 25 Mar 2009
Could be. My version of OpenSSL is →
OpenSSL 1.0.1e-fips 11 Feb 2013