Fix mcrypt fatal - Removed on PHP 7.2

includes/class-wp-push-syndication-server.php

@@ -1225,7 +1225,7 @@ public function cron_add_pull_time_interval( $schedules ) {
 
 		// Adds the custom time interval to the existing schedules.
 		$schedules['syn_pull_time_interval'] = array(
-			'interval' => intval( $this->push_syndicate_settings['pull_time_interval'] ),
+			'interval' => isset( $this->push_syndicate_settings ) ? intval( $this->push_syndicate_settings['pull_time_interval'] ) : 0,
 			'display' => __( 'Pull Time Interval', 'push-syndication' )
 		);
 

includes/push-syndicate-encryption.php

@@ -1,18 +1,72 @@
 <?php
 
+function push_syndicate_get_cipher() {
+	$cipher = 'aes-256-cbc';
+
+	if ( version_compare( PHP_VERSION, '7.1', '<' ) ) {
+		return MCRYPT_RIJNDAEL_256;
+	}
+
+	if ( in_array( $cipher, openssl_get_cipher_methods(), true ) ) {
+		return array(
+			'cipher' => $cipher,
+			'iv'     => substr( md5( md5( PUSH_SYNDICATE_KEY ) ), 0, 16 ),
+			'key'    => md5( PUSH_SYNDICATE_KEY ),
+		);
+	}
+
+	return false; // @TODO: return another default cipher? return exception?
+}
+
 function push_syndicate_encrypt( $data ) {
+	// @todo: replace mcrypt with openssl. problem: Rijndael AES is not available on openssl;s AES-256.
+	// Will most likely break backwards compatibility with older keys
+	// https://stackoverflow.com/questions/49997338/mcrypt-rijndael-256-to-openssl-aes-256-ecb-conversion
+
+	// Backwards compatibility with PHP < 7.1. Use mcrypt instead.
+	if ( version_compare( PHP_VERSION, '7.1', '<' ) ) {
+		// @codingStandardsIgnoreStart
+		$data = serialize( $data );
+		return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), $data, MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY))));
+		// @codingStandardsIgnoreEnd
+	}
+
+	$data   = wp_json_encode( $data );
+	$cipher = push_syndicate_get_cipher();
 
-	$data = serialize( $data );
-	return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), $data, MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY))));
+	if ( ! $cipher ) {
+		return $data;
+	}
+
+	$encrypted_data = openssl_encrypt( $data, $cipher['cipher'], $cipher['key'], 0, $cipher['iv'] );
+	return base64_encode( $encrypted_data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
 
 }
 
-function push_syndicate_decrypt( $data ) {
+function push_syndicate_decrypt( $data, $associative = true ) {
 
-	$data = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5(PUSH_SYNDICATE_KEY), base64_decode($data), MCRYPT_MODE_CBC, md5(md5(PUSH_SYNDICATE_KEY))), "\0");
-	if ( !$data )
-		return false;
+	// Backwards compatibility with PHP < 7.1. Use mcrypt instead.
+	if ( version_compare( PHP_VERSION, '7.1', '<' ) ) {
+		// @codingStandardsIgnoreStart
+		$data = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( PUSH_SYNDICATE_KEY ), base64_decode( $data ), MCRYPT_MODE_CBC, md5( md5( PUSH_SYNDICATE_KEY ) ) ), "\0" );
+		if ( ! $data ) {
+			return false;
+		}
+		return @unserialize( $data );
+		// @codingStandardsIgnoreEnd
+	}
+
+	$cipher = push_syndicate_get_cipher();
+
+	if ( ! $cipher ) {
+		return $data;
+	}
 
-	return @unserialize( $data );
+	$data = openssl_decrypt( base64_decode( $data ), $cipher['cipher'], $cipher['key'], 0, $cipher['iv'] ); //phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 
-}
+	if ( ! $data ) {
+		return false;
+	}
+
+	return json_decode( $data, $associative );
+}

tests/test-encryption.php

@@ -0,0 +1,121 @@
+<?php
+
+/**
+ * Class EncryptionTest
+ */
+class EncryptionTest extends WP_UnitTestCase {
+	private $simple_string;
+	private $complex_array;
+
+	/**
+	 * Runs before the test, set-up.
+	 */
+	public function setUp() {
+		$this->simple_string = 'this is a simple string!';
+		$this->complex_array = array(
+			'element' => 'this is a element',
+			'group'   => array(
+				'another',
+				'sub',
+				'array',
+				'info' => 'test',
+			),
+			'',
+			145,
+			1         => 20.04,
+			3         => true,
+		);
+	}
+
+	/**
+	 * Runs after the test, clean-up
+	 */
+	public function tearDown() {
+		// Nothing yet.
+	}
+
+	/**
+	 * Tests if the cipher is available on PHP < 7.1 and if the function is returning the correct cipher.
+	 *
+	 * If using a PHP version older than 7.1, it will expect a mcrypt cipher.
+	 *
+	 * @requires PHP < 7.1
+	 */
+	public function test_cypher_pre_72() {
+		// phpcs:ignore PHPCompatibility.Constants.RemovedConstants.mcrypt_rijndael_256DeprecatedRemoved
+		$expected_cipher = MCRYPT_RIJNDAEL_256;
+
+		// Test the cipher.
+		$cipher = push_syndicate_get_cipher();
+		$this->assertSame( $expected_cipher, $cipher );
+	}
+
+	/**
+	 * Tests if the cipher is available on PHP >= 7.1 and if the function is returning the correct cipher.
+	 *
+	 * If using a PHP 7.1 or later, it should use openssl instead of mcrypt.
+	 *
+	 * @requires PHP >= 7.1
+	 */
+	public function test_cypher() {
+		// Test the cipher.
+		$cipher_data = push_syndicate_get_cipher();
+
+		// Test if is an array.
+		$this->assertIsArray( $cipher_data, 'assert if the cipher data is array' );
+		$this->assertCount( 3, $cipher_data, 'assert if cipher data have three elements' );
+
+		$cipher = $cipher_data['cipher'];
+		$iv     = $cipher_data['iv'];
+		$key    = $cipher_data['key'];
+
+		// test cipher.
+		$expected_cipher = 'aes-256-cbc';
+		$this->assertEquals( $expected_cipher, $cipher, 'assert if cipher is available' );
+
+		// test key.
+		$this->assertEquals( $key, md5( PUSH_SYNDICATE_KEY ), 'assert if the key is generated as expected' );
+
+		// test iv.
+		$this->assertEquals( 16, strlen( $iv ), 'assert iv size (must be 16)' );
+		$generated_iv = substr( md5( md5( PUSH_SYNDICATE_KEY ) ), 0, 16 );
+		$this->assertEquals( $generated_iv, $iv, 'assert if generated iv is as expected' );
+	}
+
+	/**
+	 * Tests the encryption and decryption methods.
+	 */
+	public function test_encryption() {
+		$encrypted_simple           = push_syndicate_encrypt( $this->simple_string );
+		$encrypted_simple_different = push_syndicate_encrypt( $this->simple_string . '1' );
+		$encrypted_complex          = push_syndicate_encrypt( $this->complex_array );
+
+		// Because older WP versions might use older phpunit versions, assertIsString() might not be available.
+		if ( method_exists( $this, 'assertIsString' ) ) {
+			$this->assertIsString( $encrypted_simple, 'assert if the string is encrypted' );
+			$this->assertIsString( $encrypted_complex, 'assert if the array is encrypted' );
+		} else {
+			$this->assertTrue( is_string( $encrypted_simple ), 'assert if the string is encrypted (is_string)' );
+			$this->assertTrue( is_string( $encrypted_complex ), 'assert if the array is encrypted (is_string)' );
+		}
+
+		$this->assertNotEquals( $encrypted_simple, $encrypted_complex, 'assert that the two different objects have different results' );
+		$this->assertNotEquals( $encrypted_simple, $encrypted_simple_different, 'assert that the two different strings have different results' );
+
+		$decrypted_simple        = push_syndicate_decrypt( $encrypted_simple );
+		$decrypted_complex_array = push_syndicate_decrypt( $encrypted_complex );
+
+		$this->assertEquals( $this->simple_string, $decrypted_simple, 'asserts if the decrypted string is the same as the original' );
+
+		// Because older WP versions might use older phpunit versions, assertIsArray() might not be available.
+		if ( method_exists( $this, 'assertIsArray' ) ) {
+			$this->assertIsArray( $decrypted_complex_array, 'asserts if the decrypted complex data was decrypted as an array' );
+		} else {
+			$this->assertTrue( is_array( $decrypted_complex_array ), 'asserts if the decrypted complex data was decrypted as an array (is_array)' );
+		}
+
+		$this->assertEquals( $this->complex_array, $decrypted_complex_array, 'check if the decrypted array is the same as the original' );
+	}
+
+
+}