Jump to content
thirty bees forum
  • 0

Possible bug with 'Use the PHP Encryption library with the openssl extension (highest security)'


Chandra

Question

Error 500 on sign in page when Ciphering algorithm is set to Use the PHP Encryption library with the openssl extension (highest security) on TB1.0.8 'Use the custom BlowFish class' works fine. Interestingly the PHP encryption option works fine on a new site with the same setting.

Reckon this is a bug? Thanks.

``` [ThirtyBeesException]

String expected for argument 1. Boolean given instead. at line 98 in file vendor/defuse/php-encryption/src/Crypto.php

    • @return string
  1. */
  2. public static function decrypt($ciphertext, $key, $raw_binary = false)
  3. {
  4. if (!\is_string($ciphertext)) {
  5. throw new \TypeError(
  6. 'String expected for argument 1. ' . \ucfirst(\gettype($ciphertext)) . ' given instead.'
  7. );
  8. }
  9. if (!($key instanceof Key)) {
  10.          throw new \TypeError(
    

    Defuse\Crypto\Crypto::decrypt - [line 76 - classes/PhpEncryption.php] - [2 Arguments] PhpEncryptionCore->decrypt - [line 601 - modules/referralprogram/referralprogram.php] - [1 Arguments] ReferralProgram->hookCreateAccountForm - [line 776 - classes/Hook.php] - [1 Arguments] HookCore::coreCallHook - [line 486 - classes/Hook.php] - [3 Arguments] HookCore::execWithoutCache - [line 288 - classes/Hook.php] - [7 Arguments] HookCore::exec - [line 173 - controllers/front/AuthController.php] - [1 Arguments] AuthControllerCore->initContent - [line 262 - classes/controller/Controller.php] ControllerCore->run - [line 253 - classes/controller/FrontController.php] FrontControllerCore->run - [line 837 - classes/Dispatcher.php] DispatcherCore->dispatch - [line 33 - index.php]

```

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • 0

This problem originates from referralprogram module. I'm pretty sure this exception will be thrown even on tb1.0.7, if this module is installed and url does not contain &sponsor=xxx parameter.

The reason this exception is thrown is because Tools::getValue('sponsor') returns false when 'sponsor' parameter is not part of the request. This invalid value is then passed to cipher tool for decryption. Blowfish would return null for invalid input (boolean type), while PhpEncryption will throws exception. This should be fixed in the core -- the behaviour should be consistent.

But the module itself should be fixed as well -- there's no need for decryption call, if we don't have anything to decrypt.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...