[#18579] - [FOF] Deprecated notices on mcrypt* functions
- Closed
- 30 Nov 2017
- Medium
- Build: staging
- # 18579
Steps to reproduce the issue
- install on PHP 7.1.6
- Enable totp
- set error level to development
Expected result
No errors / warnings etc.
Actual result
Deprecated: Function mcrypt_list_algorithms() is deprecated in JROOT/libraries/fof/utils/phpfunc/phpfunc.php on line 37
Deprecated: Function mcrypt_get_iv_size() is deprecated in JROOT/libraries/fof/encrypt/aes/mcrypt.php on line 155
Deprecated: Function mcrypt_get_iv_size() is deprecated in JROOT/libraries/fof/encrypt/aes/mcrypt.php on line 155
Deprecated: Function mcrypt_get_iv_size() is deprecated in JROOT/libraries/fof/encrypt/aes/mcrypt.php on line 155
Deprecated: Function mcrypt_decrypt() is deprecated in JROOT/libraries/fof/encrypt/aes/mcrypt.php on line 74
Additional comments
What is the plan? Hacking the EOL Framework ourself or reporting & waiting for a upstream fix?
As we are told in the readme notes the following:
Framework on Framework 2.x is End Of Life since June 2016
If you are still using it, too bad for you. We told you to update your components to FOF 3.x back in early 2015.
Don't cry if it's broken. Don't ask us to fix it. It's DISCONTINUED, remember?
joomla-cms-bot
- | Labels |
Added:
?
|
||
franz-wohlkoenig
- | Category | ⇒ | Administration |
| Status | New | ⇒ | Discussion |
Atleast there are still explizite calls to mcrypt: https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_users/models/user.php#L1014 Looks like they are only used incase we us a broken totp call as described in #18559
The explicit call I see there is just to convert people currently on mcrypt over to ssl?
looks like a broken envoirment than.
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-11-30 12:15:08 |
| Closed_By | ⇒ | zero-24 |
Not really. I mean basically this code converts from mcrypt to openssl. so to do that we need to actually call the mcrypt version first to decrypt the legacy string. then openssl to re-encrypt. so these deprecated functions are being called. But it's a one time only call per user who has a 'legacy' string
It isn't not an issue as those method calls exist in places where there are already checks happening. IIRC mcrypt is only used when OpenSSL is unavailable in that code.