Merge pull request #3111 from hregis/3.7_photos

Fix: change encrypt/decrypt method for avoid division by zero

Merge pull request #3111 from hregis/3.7_photos
a220a869 · Laurent Destailleur · 22a2038a · 5efea745 · a220a869
Commit a220a869 authored 10 years ago by Laurent Destailleur
--- a/htdocs/core/class/cookie.class.php
+++ b/htdocs/core/class/cookie.class.php
 <?php
-/* Copyright (C) 2009  Regis Houssin  <regis.houssin@capnetworks.com>
+/* Copyright (C) 2009-2015  Regis Houssin  <regis.houssin@capnetworks.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -28,14 +28,15 @@
 */
 class DolCookie
 {
-	var $myKey;
+	private $_myKey;
+	private $_iv;
 	var $myCookie;
 	var $myValue;
 	var $myExpire;
 	var $myPath;
 	var $myDomain;
 	var	$mySecure;
-	var $cookiearray;
 	var $cookie;
 	/**
@@ -45,8 +46,8 @@ class DolCookie
 	 */
 	function __construct($key = '')
 	{
-		$this->myKey = $key;
+		$this->_myKey = hash('sha256', $key, TRUE);
-		$this->cookiearray = array();
+		$this->_iv = md5(md5($this->_myKey));
 		$this->cookie = "";
 		$this->myCookie = "";
 		$this->myValue = "";
@@ -58,16 +59,12 @@ class DolCookie
 	 *
 	 * @return	void
 	 */
-	function cryptCookie()
+	private function _cryptCookie()
 	{
-		if (!empty($this->myKey))
+		if (!empty($this->_myKey) && !empty($this->_iv))
 		{
 			$valuecrypt = base64_encode($this->myValue);
-			$max=dol_strlen($valuecrypt)-1;
+			$this->cookie = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->_myKey, $valuecrypt, MCRYPT_MODE_CBC, $this->_iv));
-			for ($f=0 ; $f <= $max; $f++)
-			{
-				$this->cookie .= intval(ord($valuecrypt[$f]))*$this->myKey."|";
-			}
 		}
 		else
 		{
@@ -82,19 +79,12 @@ class DolCookie
 	 *
 	 * @return	string
 	 */
-	function decryptCookie()
+	private function _decryptCookie()
 	{
-		if (!empty($this->myKey))
+		if (!empty($this->_myKey) && !empty($this->_iv))
 		{
-			$this->cookiearray = explode("|",$_COOKIE[$this->myCookie]);
+			$this->cookie = $_COOKIE[$this->myCookie];
-			$this->myValue = "" ;
+			$this->myValue = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->_myKey, base64_decode($this->cookie), MCRYPT_MODE_CBC, $this->_iv));
-			$num = (count($this->cookiearray) - 2);
-			for ($f = 0; $f <= $num; $f++)
-			{
-				if (!empty($this->myKey)) {
-					$this->myValue .= strval(chr($this->cookiearray[$f]/$this->myKey));
-				}
-			}
 			return(base64_decode($this->myValue));
 		}
@@ -115,7 +105,7 @@ class DolCookie
 	 * @param	int			$secure		0 or 1
 	 * @return	void
 	 */
-	function _setCookie($cookie, $value, $expire=0, $path="/", $domain="", $secure=0)
+	public function setCookie($cookie, $value, $expire=0, $path="/", $domain="", $secure=0)
 	{
 		$this->myCookie = $cookie;
 		$this->myValue = $value;
@@ -126,7 +116,7 @@ class DolCookie
 		//print 'key='.$this->myKey.' name='.$this->myCookie.' value='.$this->myValue.' expire='.$this->myExpire;
-		$this->cryptCookie();
+		$this->_cryptCookie();
 	}
 	/**
@@ -135,11 +125,11 @@ class DolCookie
 	 *  @param   	string		$cookie         Cookie name
 	 *  @return  	string						Decrypted value
 	 */
-	function _getCookie($cookie)
+	public function getCookie($cookie)
 	{
 		$this->myCookie = $cookie;
-		$decryptValue = $this->decryptCookie();
+		$decryptValue = $this->_decryptCookie();
 		return $decryptValue;
 	}