HOR-4122 When "Manager_Approval" is set like a variable name, this breaks the url encode/decode function used by ABE

- Change sign plus in function encrypt and decrypt
2017-11-24 13:39:33 -04:00
parent 0c22077c4d
commit 9cff70c5b3
3 changed files with 59 additions and 44 deletions
--- a/gulliver/system/class.g.php
+++ b/gulliver/system/class.g.php
@@ -390,62 +390,77 @@ class G
    /**
     * * Encrypt and decrypt functions ***
     */
+
    /**
     * Encrypt string
     *
-     * @author Fernando Ontiveros Lira <fernando@colosa.com>
     * @access public
+     * 
     * @param string $string
     * @param string $key
+     * @param bool $urlSafe if it is used in url
+     *
     * @return string
     */
-    public static function encrypt ($string, $key)
+    public static function encrypt ($string, $key, $urlSafe = false)
    {
-        //print $string;
-        //    if ( defined ( 'ENABLE_ENCRYPT' ) && ENABLE_ENCRYPT == 'yes' ) {
-        if (strpos( $string, '|', 0 ) !== false) {
+        if (strpos($string, '|', 0) !== false) {
            return $string;
        }
        $result = '';
-        for ($i = 0; $i < strlen( $string ); $i ++) {
-            $char = substr( $string, $i, 1 );
-            $keychar = substr( $key, ($i % strlen( $key )) - 1, 1 );
-            $char = chr( ord( $char ) + ord( $keychar ) );
+        for ($i = 0; $i < strlen($string); $i++) {
+            $char = substr($string, $i, 1);
+            $keychar = substr($key, ($i % strlen($key)) - 1, 1);
+            $char = chr(ord($char) + ord($keychar));
            $result .= $char;
        }

-        $result = base64_encode( $result );
-        $result = str_replace( '/', '°', $result );
-        $result = str_replace( '=', '', $result );
-        return $result;
+        $result = base64_encode($result);
+        $search = ['/', '='];
+        $replace = ['°', ''];
+
+        if ($urlSafe) {
+            $search[] = '+';
+            $replace[] = '_';
+        }
+
+        return str_replace($search, $replace, $result);
    }

    /**
     * Decrypt string
     *
-     * @author Fernando Ontiveros Lira <fernando@colosa.com>
     * @access public
+     * 
     * @param string $string
     * @param string $key
+     * @param bool $urlSafe if it is used in url
+     *
     * @return string
     */
-    public static function decrypt($string, $key)
+    public static function decrypt($string, $key, $urlSafe = false)
    {
-        //   if ( defined ( 'ENABLE_ENCRYPT' ) && ENABLE_ENCRYPT == 'yes' ) {
-        //if (strpos($string, '|', 0) !== false) return $string;
        $result = '';
-        $string = str_replace( '°', '/', $string );
-        $string_jhl = explode( "?", $string );
-        $string = base64_decode( $string );
-        $string = base64_decode( $string_jhl[0] );
+        $search = ['°'];
+        $replace = ['/'];

-        for ($i = 0; $i < strlen( $string ); $i ++) {
-            $char = substr( $string, $i, 1 );
-            $keychar = substr( $key, ($i % strlen( $key )) - 1, 1 );
-            $char = chr( ord( $char ) - ord( $keychar ) );
+        if ($urlSafe) {
+            $search[] = '_';
+            $replace[] = '+';
+        }
+
+        $string = str_replace($search, $replace, $string);
+        $string_jhl = explode("?", $string);
+        $string = base64_decode($string);
+        $string = base64_decode($string_jhl[0]);
+
+        for ($i = 0; $i < strlen($string); $i++) {
+            $char = substr($string, $i, 1);
+            $keychar = substr($key, ($i % strlen($key)) - 1, 1);
+            $char = chr(ord($char) - ord($keychar));
            $result .= $char;
        }
-        if (! empty( $string_jhl[1] )) {
+        if (!empty($string_jhl[1])) {
            $result .= '?' . $string_jhl[1];
        }
        return $result;