Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)

[2] Fix | Delete

* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)

[3] Fix | Delete

[4] Fix | Delete

* Licensed under The MIT License

[5] Fix | Delete

* For full copyright and license information, please see the LICENSE.txt

[6] Fix | Delete

* Redistributions of files must retain the above copyright notice.

[7] Fix | Delete

[8] Fix | Delete

* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)

[9] Fix | Delete

* @link https://cakephp.org CakePHP(tm) Project

[10] Fix | Delete

* @since 3.1.6

[11] Fix | Delete

* @license https://opensource.org/licenses/mit-license.php MIT License

[12] Fix | Delete

[13] Fix | Delete

namespace Cake\Utility;

[14] Fix | Delete

[15] Fix | Delete

use RuntimeException;

[16] Fix | Delete

[17] Fix | Delete

/**

[18] Fix | Delete

* Cookie Crypt Trait.

[19] Fix | Delete

[20] Fix | Delete

* Provides the encrypt/decrypt logic for the CookieComponent.

[21] Fix | Delete

[22] Fix | Delete

* @link https://book.cakephp.org/3/en/controllers/components/cookie.html

[23] Fix | Delete

[24] Fix | Delete

trait CookieCryptTrait

[25] Fix | Delete

{

[26] Fix | Delete

/**

[27] Fix | Delete

* Valid cipher names for encrypted cookies.

[28] Fix | Delete

[29] Fix | Delete

* @var string[]

[30] Fix | Delete

[31] Fix | Delete

protected $_validCiphers = ['aes', 'rijndael'];

[32] Fix | Delete

[33] Fix | Delete

/**

[34] Fix | Delete

* Returns the encryption key to be used.

[35] Fix | Delete

[36] Fix | Delete

* @return string

[37] Fix | Delete

[38] Fix | Delete

abstract protected function _getCookieEncryptionKey();

[39] Fix | Delete

[40] Fix | Delete

/**

[41] Fix | Delete

* Encrypts $value using public $type method in Security class

[42] Fix | Delete

[43] Fix | Delete

* @param string|array $value Value to encrypt

[44] Fix | Delete

* @param string|false $encrypt Encryption mode to use. False

[45] Fix | Delete

* disabled encryption.

[46] Fix | Delete

* @param string|null $key Used as the security salt if specified.

[47] Fix | Delete

* @return string Encoded values

[48] Fix | Delete

[49] Fix | Delete

protected function _encrypt($value, $encrypt, $key = null)

[50] Fix | Delete

{

[51] Fix | Delete

if (is_array($value)) {

[52] Fix | Delete

$value = $this->_implode($value);

[53] Fix | Delete

}

[54] Fix | Delete

if ($encrypt === false) {

[55] Fix | Delete

return $value;

[56] Fix | Delete

}

[57] Fix | Delete

$this->_checkCipher($encrypt);

[58] Fix | Delete

$prefix = 'Q2FrZQ==.';

[59] Fix | Delete

$cipher = null;

[60] Fix | Delete

if ($key === null) {

[61] Fix | Delete

$key = $this->_getCookieEncryptionKey();

[62] Fix | Delete

}

[63] Fix | Delete

if ($encrypt === 'rijndael') {

[64] Fix | Delete

$cipher = Security::rijndael($value, $key, 'encrypt');

[65] Fix | Delete

}

[66] Fix | Delete

if ($encrypt === 'aes') {

[67] Fix | Delete

$cipher = Security::encrypt($value, $key);

[68] Fix | Delete

}

[69] Fix | Delete

[70] Fix | Delete

return $prefix . base64_encode($cipher);

[71] Fix | Delete

}

[72] Fix | Delete

[73] Fix | Delete

/**

[74] Fix | Delete

* Helper method for validating encryption cipher names.

[75] Fix | Delete

[76] Fix | Delete

* @param string $encrypt The cipher name.

[77] Fix | Delete

* @return void

[78] Fix | Delete

* @throws \RuntimeException When an invalid cipher is provided.

[79] Fix | Delete

[80] Fix | Delete

protected function _checkCipher($encrypt)

[81] Fix | Delete

{

[82] Fix | Delete

if (!in_array($encrypt, $this->_validCiphers)) {

[83] Fix | Delete

$msg = sprintf(

[84] Fix | Delete

'Invalid encryption cipher. Must be one of %s or false.',

[85] Fix | Delete

implode(', ', $this->_validCiphers)

[86] Fix | Delete

);

[87] Fix | Delete

throw new RuntimeException($msg);

[88] Fix | Delete

}

[89] Fix | Delete

}

[90] Fix | Delete

[91] Fix | Delete

/**

[92] Fix | Delete

* Decrypts $value using public $type method in Security class

[93] Fix | Delete

[94] Fix | Delete

* @param string[]|string $values Values to decrypt

[95] Fix | Delete

* @param string|false $mode Encryption mode

[96] Fix | Delete

* @param string|null $key Used as the security salt if specified.

[97] Fix | Delete

* @return string|array Decrypted values

[98] Fix | Delete

[99] Fix | Delete

protected function _decrypt($values, $mode, $key = null)

[100] Fix | Delete

{

[101] Fix | Delete

if (is_string($values)) {

[102] Fix | Delete

return $this->_decode($values, $mode, $key);

[103] Fix | Delete

}

[104] Fix | Delete

[105] Fix | Delete

$decrypted = [];

[106] Fix | Delete

foreach ($values as $name => $value) {

[107] Fix | Delete

$decrypted[$name] = $this->_decode($value, $mode, $key);

[108] Fix | Delete

}

[109] Fix | Delete

[110] Fix | Delete

return $decrypted;

[111] Fix | Delete

}

[112] Fix | Delete

[113] Fix | Delete

/**

[114] Fix | Delete

* Decodes and decrypts a single value.

[115] Fix | Delete

[116] Fix | Delete

* @param string $value The value to decode & decrypt.

[117] Fix | Delete

* @param string|false $encrypt The encryption cipher to use.

[118] Fix | Delete

* @param string|null $key Used as the security salt if specified.

[119] Fix | Delete

* @return string|array Decoded values.

[120] Fix | Delete

[121] Fix | Delete

protected function _decode($value, $encrypt, $key)

[122] Fix | Delete

{

[123] Fix | Delete

if (!$encrypt) {

[124] Fix | Delete

return $this->_explode($value);

[125] Fix | Delete

}

[126] Fix | Delete

$this->_checkCipher($encrypt);

[127] Fix | Delete

$prefix = 'Q2FrZQ==.';

[128] Fix | Delete

$prefixLength = strlen($prefix);

[129] Fix | Delete

[130] Fix | Delete

if (strncmp($value, $prefix, $prefixLength) !== 0) {

[131] Fix | Delete

return '';

[132] Fix | Delete

}

[133] Fix | Delete

[134] Fix | Delete

$value = base64_decode(substr($value, $prefixLength), true);

[135] Fix | Delete

[136] Fix | Delete

if ($value === false || $value === '') {

[137] Fix | Delete

return '';

[138] Fix | Delete

}

[139] Fix | Delete

[140] Fix | Delete

if ($key === null) {

[141] Fix | Delete

$key = $this->_getCookieEncryptionKey();

[142] Fix | Delete

}

[143] Fix | Delete

if ($encrypt === 'rijndael') {

[144] Fix | Delete

$value = Security::rijndael($value, $key, 'decrypt');

[145] Fix | Delete

}

[146] Fix | Delete

if ($encrypt === 'aes') {

[147] Fix | Delete

$value = Security::decrypt($value, $key);

[148] Fix | Delete

}

[149] Fix | Delete

[150] Fix | Delete

if ($value === false) {

[151] Fix | Delete

return '';

[152] Fix | Delete

}

[153] Fix | Delete

[154] Fix | Delete

return $this->_explode($value);

[155] Fix | Delete

}

[156] Fix | Delete

[157] Fix | Delete

/**

[158] Fix | Delete

* Implode method to keep keys are multidimensional arrays

[159] Fix | Delete

[160] Fix | Delete

* @param array $array Map of key and values

[161] Fix | Delete

* @return string A json encoded string.

[162] Fix | Delete

[163] Fix | Delete

protected function _implode(array $array)

[164] Fix | Delete

{

[165] Fix | Delete

return json_encode($array);

[166] Fix | Delete

}

[167] Fix | Delete

[168] Fix | Delete

/**

[169] Fix | Delete

* Explode method to return array from string set in CookieComponent::_implode()

[170] Fix | Delete

* Maintains reading backwards compatibility with 1.x CookieComponent::_implode().

[171] Fix | Delete

[172] Fix | Delete

* @param string $string A string containing JSON encoded data, or a bare string.

[173] Fix | Delete

* @return string|array Map of key and values

[174] Fix | Delete

[175] Fix | Delete

protected function _explode($string)

[176] Fix | Delete

{

[177] Fix | Delete

$first = substr($string, 0, 1);

[178] Fix | Delete

if ($first === '{' || $first === '[') {

[179] Fix | Delete

$ret = json_decode($string, true);

[180] Fix | Delete

[181] Fix | Delete

return ($ret !== null) ? $ret : $string;

[182] Fix | Delete

}

[183] Fix | Delete

$array = [];

[184] Fix | Delete

foreach (explode(',', $string) as $pair) {

[185] Fix | Delete

$key = explode('|', $pair);

[186] Fix | Delete

if (!isset($key[1])) {

[187] Fix | Delete

return $key[0];

[188] Fix | Delete

}

[189] Fix | Delete

$array[$key[0]] = $key[1];

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete

return $array;

[193] Fix | Delete

}

[194] Fix | Delete

}

[195] Fix | Delete

[196] Fix | Delete