PluginProbe ʕ •ᴥ•ʔ
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More / 1.8.1.3
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More v1.8.1.3
1.10.1.1 1.10.1 1.10.0.5 trunk 1.1.4 1.1.4.2 1.1.5 1.1.5.1 1.1.6 1.1.6.1 1.1.7 1.1.7.1 1.1.7.2 1.1.8 1.1.8.1 1.1.8.2 1.1.8.3 1.1.8.4 1.10.0.1 1.10.0.2 1.10.0.3 1.10.0.4 1.2.0 1.2.0.1 1.2.1 1.2.2 1.2.2.1 1.2.2.2 1.2.3 1.2.3.1 1.2.3.2 1.2.4 1.2.4.1 1.2.5 1.2.5.1 1.2.6 1.2.7 1.2.8 1.2.8.1 1.2.9 1.3.0 1.3.1 1.3.1.1 1.3.1.2 1.3.2 1.3.3 1.3.5 1.3.6 1.3.6.1 1.3.6.2 1.3.7.2 1.3.7.3 1.3.7.4 1.3.8 1.3.9.1 1.4.0.1 1.4.1.1 1.4.2 1.4.2.1 1.4.2.2 1.4.3 1.4.4 1.4.4.1 1.4.5 1.4.5.1 1.4.5.2 1.4.5.3 1.4.6 1.4.7.1 1.4.7.2 1.4.8.1 1.4.9 1.5.0.1 1.5.0.3 1.5.0.4 1.5.1 1.5.1.1 1.5.1.3 1.5.2.1 1.5.2.2 1.5.2.3 1.5.3 1.5.3.1 1.5.4.1 1.5.4.2 1.5.5 1.5.5.1 1.5.6 1.5.6.2 1.5.7 1.5.8.2 1.5.9.1 1.5.9.4 1.5.9.5 1.6.0.1 1.6.0.2 1.6.1 1.6.2.2 1.6.2.3 1.6.3.1 1.6.4 1.6.4.1 1.6.5 1.6.6 1.6.7 1.6.7.1 1.6.7.2 1.6.7.3 1.6.8 1.6.8.1 1.6.9 1.7.0 1.7.1.1 1.7.1.2 1.7.2 1.7.2.1 1.7.3 1.7.4 1.7.4.1 1.7.4.2 1.7.5.1 1.7.5.2 1.7.5.3 1.7.5.5 1.7.6 1.7.7 1.7.7.1 1.7.7.2 1.7.8 1.7.9 1.7.9.1 1.8.0.1 1.8.0.2 1.8.1.1 1.8.1.2 1.8.1.3 1.8.2.1 1.8.2.2 1.8.2.3 1.8.3 1.8.3.1 1.8.4 1.8.4.1 1.8.5.2 1.8.5.3 1.8.5.4 1.8.6.2 1.8.6.3 1.8.6.4 1.8.7.2 1.8.8.2 1.8.8.3 1.8.9.1 1.8.9.2 1.8.9.4 1.8.9.5 1.8.9.6 1.9.0.1 1.9.0.2 1.9.0.3 1.9.0.4 1.9.1.1 1.9.1.2 1.9.1.3 1.9.1.4 1.9.1.5 1.9.1.6 1.9.2.1 1.9.2.2 1.9.2.3 1.9.3.1 1.9.3.2 1.9.4.1 1.9.4.2 1.9.5 1.9.5.1 1.9.5.2 1.9.6 1.9.6.1 1.9.6.2 1.9.7.1 1.9.7.2 1.9.7.3 1.9.8.1 1.9.8.2 1.9.8.4 1.9.8.7 1.9.9.2 1.9.9.3 1.9.9.4
wpforms-lite / src / Helpers / Crypto.php
wpforms-lite / src / Helpers Last commit date
CacheBase.php 3 years ago Chain.php 3 years ago Crypto.php 3 years ago File.php 3 years ago PluginSilentUpgrader.php 3 years ago PluginSilentUpgraderSkin.php 3 years ago Templates.php 3 years ago Transient.php 3 years ago
Crypto.php
131 lines
1 <?php
2
3 namespace WPForms\Helpers;
4
5 /**
6 * Class for encryption functionality.
7 *
8 * @since 1.6.1.2
9 *
10 * @link https://www.php.net/manual/en/intro.sodium.php
11 */
12 class Crypto {
13
14 /**
15 * Get a secret key for encrypt/decrypt.
16 *
17 * @since 1.6.1.2
18 *
19 * @return string
20 */
21 public static function get_secret_key() {
22
23 $secret_key = get_option( 'wpforms_crypto_secret_key' );
24
25 // If we already have the secret, send it back.
26 if ( false !== $secret_key ) {
27 return base64_decode( $secret_key ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
28 }
29
30 // We don't have a secret, so let's generate one.
31 $secret_key = sodium_crypto_secretbox_keygen();
32 add_option( 'wpforms_crypto_secret_key', base64_encode( $secret_key ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
33
34 return $secret_key;
35 }
36
37 /**
38 * Encrypt a message.
39 *
40 * @since 1.6.1.2
41 *
42 * @param string $message Message to encrypt.
43 * @param string $key Encryption key.
44 *
45 * @return string
46 */
47 public static function encrypt( $message, $key = '' ) {
48
49 // Create a nonce for this operation. It will be stored and recovered in the message itself.
50 $nonce = random_bytes(
51 SODIUM_CRYPTO_SECRETBOX_NONCEBYTES
52 );
53
54 if ( empty( $key ) ) {
55 $key = self::get_secret_key();
56 }
57
58 // Encrypt message and combine with nonce.
59 $cipher = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
60 $nonce .
61 sodium_crypto_secretbox(
62 $message,
63 $nonce,
64 $key
65 )
66 );
67
68 try {
69 sodium_memzero( $message );
70 sodium_memzero( $key );
71 } catch ( \Exception $e ) {
72 return $cipher;
73 }
74
75 return $cipher;
76 }
77
78 /**
79 * Decrypt a message.
80 *
81 * @since 1.6.1.2
82 *
83 * @param string $encrypted Encrypted message.
84 * @param string $key Encryption key.
85 *
86 * @return string
87 */
88 public static function decrypt( $encrypted, $key = '' ) {
89
90 // Unpack base64 message.
91 $decoded = base64_decode( $encrypted ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
92
93 if ( false === $decoded ) {
94 return false;
95 }
96
97 if ( mb_strlen( $decoded, '8bit' ) < ( SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES ) ) {
98 return false;
99 }
100
101 // Pull nonce and ciphertext out of unpacked message.
102 $nonce = mb_substr( $decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit' );
103 $ciphertext = mb_substr( $decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit' );
104
105 if ( empty( $key ) ) {
106 $key = self::get_secret_key();
107 }
108
109 // Decrypt it.
110 $message = sodium_crypto_secretbox_open(
111 $ciphertext,
112 $nonce,
113 $key
114 );
115
116 // Check for decrpytion failures.
117 if ( false === $message ) {
118 return false;
119 }
120
121 try {
122 sodium_memzero( $ciphertext );
123 sodium_memzero( $key );
124 } catch ( \Exception $e ) {
125 return $message;
126 }
127
128 return $message;
129 }
130 }
131