From c854f340ec365c80a59c42c62f2d4b8a88c31282 Mon Sep 17 00:00:00 2001 From: tom-- Date: Tue, 10 Feb 2015 17:43:55 -0500 Subject: [PATCH] workaround for openssl using base64 input to decrypt function --- framework/base/Security.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/framework/base/Security.php b/framework/base/Security.php index 32d660ea0b..9aed8382e8 100644 --- a/framework/base/Security.php +++ b/framework/base/Security.php @@ -69,8 +69,6 @@ class Security extends Component */ public $passwordHashStrategy = 'crypt'; - private $_cryptModule; - /** * Encrypts data using a password. @@ -217,8 +215,8 @@ class Security extends Component $ivSize = 16; $iv = StringHelper::byteSubstr($data, 0, $ivSize); - $encrypted = StringHelper::byteSubstr($data, $ivSize, null); - $decrypted = openssl_decrypt($encrypted, $this->opensslCipher(), $key, OPENSSL_RAW_DATA, $iv); + $encrypted = base64_encode(StringHelper::byteSubstr($data, $ivSize, null)); + $decrypted = openssl_decrypt($encrypted, $this->opensslCipher(), $key, OPENSSL_ZERO_PADDING, $iv); return $this->stripPadding($decrypted); }