New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use defuse/php-encryption v1.1 (which wasn't available through Composer) #8406
Conversation
Huh. Whitespace issues. |
Don't mind that. PHPCS is set up to ignore known third party libraries, that path isn't one in the exclude list. |
I can move it to vendor/ if that will help. |
I'll send you a PR in a few minutes (wrapping up paid work tasks). That'll take care of everything. |
Do we actually need to add this? If the only reason to add it is to provide a secure alternative to JCrypt, that if I understand correctly, we're not using in the core, for extensions isn't it enough just to have the readme like in #8407 recommending that the extensions use defuse/php-encryption and telling them where to get it so that they can bundle it with their extension. Adding a library just in case someone might need to use it for their extension just doesnt seem right to me |
Getting defuse/php-encryption 1.1 (which is the only one that works with PHP 5.3) isn't as simple as That said, if you'd rather not want to maintain this code, you're right to not merge the PR. |
Joomla extensions typically do not install through composer On 12 November 2015 at 22:21, Scott notifications@github.com wrote:
Brian Teeman |
My suggestion is to put it in and look at a way to proxy JCrypt into it (even if means adding a new Cipher class that does the trick). Step one if this is going to be the encryption library going forward is to merge it now instead of wait for 4.0 and rip it all out at once. |
Shuffle around the php-encryption library setup
@brianteeman I sent @paragonie-scott paragonie-scott#2 which implements the library as a new |
Add an implementation of JCryptCipher using the Crypto class
I should probably update the text/example code in #8407 to match this usage. |
OK I've pinged this in our maintainers chat to test. Otherwise I'll get this tested tomorrow evening when I'm next free! |
I have tested this item ✅ successfully on be3e3d2
A key was generated, the ciphertext was generated and the message was decrypted again. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8406. |
I have tested this item ✅ successfully on be3e3d2
Result
Thanks. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8406. |
RTC This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8406. |
Use defuse/php-encryption v1.1 (which wasn't available through Composer)
Excellent. 👍 |
Fixes #8328 #8329