Bug #9438: Be less restrictive about the input to Horde_Secret::read/write()

I originally assumed that it makes sense to pull the is_string() check
from Crypt_Blowfish into Horde_Secret (as Crypt_Blowfish would die on
anything not a string). I overlooked however that we had a strlen()
check before delegating to Crypt_Blowfish. As strlen(null) or
strlen(false) is int(0) both can be passed into
Horde_Secret::read/write() without causing problems.

Type casting the input into a string instead of checking the type
should fix the problems.

diff --git a/framework/Secret/lib/Horde/Secret.php b/framework/Secret/lib/Horde/Secret.php
index 862e9ec..5674291 100644 (file)
--- a/framework/Secret/lib/Horde/Secret.php
+++ b/framework/Secret/lib/Horde/Secret.php
@@ -70,10 +70,7 @@ class Horde_Secret
      */
     public function write($key, $message)
     {
-        if (!is_string($message)) {
-            throw new Horde_Secret_Exception('Plain text must be a string', 0);
-        }
-
+        $message = (string) $message;
         if (strlen($key) && strlen($message)) {
             return $this->_getCipherOb($key)->encrypt($message);
         } else {
@@ -92,10 +89,7 @@ class Horde_Secret
      */
     public function read($key, $ciphertext)
     {
-        if (!is_string($ciphertext)) {
-            throw new Horde_Secret_Exception('Chiper text must be a string', 1);
-        }
-
+        $ciphertext = (string) $ciphertext;
         if (strlen($key) && strlen($ciphertext)) {
             return rtrim($this->_getCipherOb($key)->decrypt($ciphertext), "\0");
         } else {

diff --git a/framework/Secret/test/Horde/Secret/Unit/SecretTest.php b/framework/Secret/test/Horde/Secret/Unit/SecretTest.php
index 8b529fb..7472aa7 100644 (file)
--- a/framework/Secret/test/Horde/Secret/Unit/SecretTest.php
+++ b/framework/Secret/test/Horde/Secret/Unit/SecretTest.php
@@ -81,24 +81,6 @@ class Horde_Secret_Unit_SecretTest extends PHPUnit_Framework_TestCase
     /**
      * @expectedException Horde_Secret_Exception
      */
-    public function testWriteException()
-    {
-        $secret = new Horde_Secret();
-        $secret->write("\x88", array());
-    }
-
-    /**
-     * @expectedException Horde_Secret_Exception
-     */
-    public function testReadException()
-    {
-        $secret = new Horde_Secret();
-        $secret->read("\x88", array());
-    }
-
-    /**
-     * @expectedException Horde_Secret_Exception
-     */
     public function testKeyException()
     {
         $secret = new Horde_Secret();