Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Update encryption.php #6326
The current encryption class contains some legacy code and fails to implement an iv in such a way to satisfy the openssl functions. Because of this, most modern versions of php will throw a warning which is visible to the admin user: "Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended"
This is more or less a complete rewrite using all openssl library functions, sha256 digest and (currently) the strongest encryption cipher I know of 'aes-256-ctr'. Both the cipher and digest are now class properties which should make this easy to update in the future should these become obsolete.
I've tested this on php 5.6, 7.0 and 7.1 with success.
Update - tested on PHP 7.2 and no conflicts.
For the sake of anyone still on OC1.5, here's a drop in replacement of the version provided here that will work on older versions of Opencart: https://forum.opencart.com/viewtopic.php?f=181&t=199924&p=722688#p722648