Merged in bugfix/PMCORE-2298 (pull request #7713)

PMCORE-2298 Password is stored in plain text when is hashed via G::encrypt and it contains a pipe (|) Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
2021-02-05 13:14:12 +00:00
parent 2c812929d6 4711d6687d
commit 7c156aa2ca
10 changed files with 81 additions and 65 deletions
--- a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php
@@ -198,9 +198,9 @@ class DataBaseConnection
                $dataDBConnection['DBS_PASSWORD'] = '';
            } else {
                if ($flagTns == 0) {
-                    $pass = G::encrypt( $dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_DATABASE_NAME"]) . "_2NnV3ujj3w";
+                    $pass = G::encrypt( $dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_DATABASE_NAME"], false, false) . "_2NnV3ujj3w";
                } else {
-                    $pass = G::encrypt($dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_TNS"]) . "_2NnV3ujj3w";
+                    $pass = G::encrypt($dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_TNS"], false, false) . "_2NnV3ujj3w";
                }

                $dataDBConnection['DBS_PASSWORD'] = $pass;