Merge pull request from GHSA-hrgx-p36p-89q4

Crypt/decrypt smarty cache in DB
PrestaShop · Jul 25, 2022 · b6d96e7 · b6d96e7
2 parents dc8dc1f + f342765
commit b6d96e7
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/classes/Smarty/SmartyCacheResourceMysql.php b/classes/Smarty/SmartyCacheResourceMysql.php
@@ -25,6 +25,14 @@
  */
 class Smarty_CacheResource_Mysql extends Smarty_CacheResource_Custom
 {
+    /** @var PhpEncryption */
+    private $phpEncryption;
+
+    public function __construct()
+    {
+        $this->phpEncryption = new PhpEncryption(_NEW_COOKIE_KEY_);
+    }
+
     /**
      * fetch cached content and its modification time from data source.
      *
@@ -39,7 +47,7 @@ protected function fetch($id, $name, $cache_id, $compile_id, &$content, &$mtime)
     {
         $row = Db::getInstance()->getRow('SELECT modified, content FROM ' . _DB_PREFIX_ . 'smarty_cache WHERE id_smarty_cache = "' . pSQL($id, true) . '"');
         if ($row) {
-            $content = $row['content'];
+            $content = $this->phpEncryption->decrypt($row['content']);
             $mtime = strtotime($row['modified']);
         } else {
             $content = null;
@@ -87,7 +95,7 @@ protected function save($id, $name, $cache_id, $compile_id, $exp_time, $content)
 			"' . pSQL($id, true) . '",
 			"' . pSQL(sha1($name)) . '",
 			"' . pSQL($cache_id, true) . '",
-			"' . pSQL($content, true) . '"
+			"' . $this->phpEncryption->encrypt($content) . '"
 		)');
 
         return (bool) Db::getInstance()->Affected_Rows();