Hotfix/random crypt test fail #3492
Conversation
ghost
assigned 
|
@Maks3w see my comment above. |
|
The correct way to check for base64 is to apply my fix, the check with "strlen() % 4" is not enough. |
|
@ezimuel Then I think that we need a different aproach. Decode + Encode sounds a waste of resources. I suggest to have two methods one for base64 encode and another one without base64 de encode or to have an argument which specify if the input is or not base64 |
|
I don't think that this approach is a waste of resource. I only added a base64_encode() in the code. Moreover, the usage of the decrypt() or encrypt() method in the Rsa class is only for small strings, see http://zf2.readthedocs.org/en/latest/modules/zend.crypt.public-key.html#encrypt-and-decrypt-a-string for more details. |
|
From my point of view the method
That means it's unknown and should be up to the consumer to know how (Sorry for my poor English) |
|
We have discussed with @Maks3w and we decided to propose an alternative signature for the decrypt method. public function decrypt ($data, $key = null, $mode = self::MODE_AUTO)where $mode can be MODE_AUTO with the automatic recognition of base64 (with my suggested change), MODE_BASE64 with the decode of the $data in base64 and MODE_RAW without any decoding. |
…r avoid magic detection
|
@ezimuel done |
| if (false !== $output) { | ||
| $data = $output; | ||
| switch ($mode) { | ||
| case self::MODE_AUTO: |
There was a problem hiding this comment.
Should we deprecate this mode and trigger an E_USER_DEPRECATED error ?
|
done |
The problem is that base64_decode strict check is not enough for ensure base64 encoding detection.
See http://stackoverflow.com/questions/2556345/detect-base64-encoding-in-php