From 30b5c200239efe5d8a09ac3be54a35e5143a5541 Mon Sep 17 00:00:00 2001 From: Tony Landis Date: Fri, 27 Mar 2009 22:59:03 -0600 Subject: [PATCH] Encryption of credit card details bypassed if license key not entered. --- modules/core/crypt.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/core/crypt.inc.php b/modules/core/crypt.inc.php index 5510c968..4e720744 100644 --- a/modules/core/crypt.inc.php +++ b/modules/core/crypt.inc.php @@ -183,7 +183,7 @@ class CORE_RSA function CORE_encrypt($data) { - if(LICENSE_KEY == '') return false; + if(LICENSE_KEY == '') return $data; // provide a license key in the setup area to enable encryption $rsa = new CORE_RSA; $keys = explode('-', LICENSE_KEY); $rsa_data = $rsa->rsa_encrypt($data, $keys[1], $keys[0]); @@ -194,7 +194,7 @@ function CORE_encrypt($data) { function CORE_decrypt($data) { - if(LICENSE_KEY == '') return false; + if(LICENSE_KEY == '') return $data; // provide a license key in the setup area to enable encryption $rc4_key = do_rc4(LICENSE_KEY, 'en', false); $rc4_data = do_rc4($data, 'de', $rc4_key); $rsa = new CORE_RSA;