Mcrypt Deprication - help?

trellis
1

Hi - this may not be fully related to sage/ trellis, and may be more related to Gravity forms - but here goes.

Running sage 9.0.0-beta.4 (currently)
On Trellis dev environment

I’m running into a deprication notice
Deprecated: Function mcrypt_get_iv_size() is deprecated
and
Deprecated: Function mcrypt_decrypt()

(coming from Gravity forms):

		$use_mcrypt = apply_filters( 'gform_use_mcrypt', function_exists( 'mcrypt_decrypt' ) );

		if ( $use_mcrypt ) {
			$mcrypt_cipher_name = $mcrypt_cipher_name === false ? MCRYPT_RIJNDAEL_256 : $mcrypt_cipher_name;
			$iv_size            = mcrypt_get_iv_size( $mcrypt_cipher_name, MCRYPT_MODE_ECB );
			$key                = ! is_null( $key ) ? $key : substr( md5( wp_salt( 'nonce' ) ), 0, $iv_size );

			$decrypted_value = trim( mcrypt_decrypt( $mcrypt_cipher_name, $key, base64_decode( $text ), MCRYPT_MODE_ECB, mcrypt_create_iv( $iv_size, MCRYPT_RAND ) ) );
		} else {
			$decrypted_value = EncryptDB::decrypt( $text, wp_salt( 'nonce' ) );
		}

		return $decrypted_value;
	}

As I understand it MCRYPT is depricated since php 7.1
I’ve googled around and have come across Laravel posts that say the cipher should be updated to AES-256-CBC

but then run php artisan key:generate - I’m not 100% sure where. (tried to ssh to vagrant but I get Could not open input file: artisan)

I’ve also set $use_mcrypt to false, but that does not generate a decrypted value

Could anyone give me a pointer? Thanks in advance!

2

Is the code you posted coming directly from inside the Gravity Forms plugin? If so, it’s probably best to ask them about updating the deprecated functions.

With regard to trying to run php artisan - that’s a Laravel specific command line tool and although Sage uses some packages from Laravel (Blade templating), artisan isn’t included and isn’t really relevant. The php artisan key:generate command would generate the an application key and store it in the .env file for a Laravel app. Since WordPress handles these things differently, the key it appears to use according to the code above is the ‘nonce’ key/salt (see the reference to wp_salt( 'nonce' )). Look in your wp-config.php file to see the keys and salts defined for your site.

I’m not sure if that really helps solve anything but hopefully it gives some insight :slight_smile:

3

Thanks Stephen,

I think I got this to work actually by setting the use Mcrypt to false and relying on the EncryptDB::decrypt class from wordpress - I had neglected to encrypt and decrypt using the same method so no - wonder it wasn’t working - DOH!

Thanks for the reply though - saved me wandering down a random path

1 Like