From 8bc241b54296751c2884cb309182fd28a71490ae Mon Sep 17 00:00:00 2001
From: ThijsFeryn <thijs@feryn.eu>
Date: Mon, 7 Jan 2019 11:35:00 +0100
Subject: [PATCH 1/2] Making this module compatible with PHP 7.3 and newer by
 replacing  mcrypt with openssl

---
 .../model/filelister/filelister.class.php     | 43 +++++++------------
 1 file changed, 15 insertions(+), 28 deletions(-)

diff --git a/core/components/filelister/model/filelister/filelister.class.php b/core/components/filelister/model/filelister/filelister.class.php
index 8a6d800..b415175 100644
--- a/core/components/filelister/model/filelister/filelister.class.php
+++ b/core/components/filelister/model/filelister/filelister.class.php
@@ -179,20 +179,14 @@ private function _encrypt($str) {
         srand((double)microtime() * 1000000); /* for MCRYPT_RAND */
         $key = md5($key); /* to improve variance */
 
-        /* open module, create IV */
-        $td = mcrypt_module_open('des','','cfb','');
-        $key = substr($key,0,mcrypt_enc_get_key_size($td));
-        $iv_size = mcrypt_enc_get_iv_size($td);
-        $iv = mcrypt_create_iv($iv_size,MCRYPT_RAND);
-
-        /* initialize encryption handle */
-        if (mcrypt_generic_init($td,$key,$iv) != -1) {
-            /* Encrypt data */
-            $c_t = mcrypt_generic($td,$str);
-            mcrypt_generic_deinit($td);
-            mcrypt_module_close($td);
-            $c_t = $iv.$c_t;
-            return urlencode($c_t);
+        $cipher = "DES-CFB";
+        if (in_array($cipher, openssl_get_cipher_methods()))
+        {
+            $ivlen = openssl_cipher_iv_length($cipher);
+            $iv = openssl_random_pseudo_bytes($ivlen);
+            $ciphertext = openssl_encrypt($str, $cipher, $key, 0, $iv);
+            $ciphertext = $iv . $ciphertext;
+            return urlencode($ciphertext);
         }
     }
 
@@ -209,20 +203,13 @@ private function _decrypt($str) {
 
         $key = md5($key);
 
-        /* open module, create IV */
-        $td = mcrypt_module_open('des','','cfb','');
-        $key = substr($key,0,mcrypt_enc_get_key_size($td));
-        $iv_size = mcrypt_enc_get_iv_size($td);
-        $iv = substr($str,0,$iv_size);
-        $str = substr($str,$iv_size);
-
-        /* initialize encryption handle */
-        if (mcrypt_generic_init($td,$key,$iv) != -1) {
-            /* decrypt data */
-            $c_t = mdecrypt_generic($td,$str);
-            mcrypt_generic_deinit($td);
-            mcrypt_module_close($td);
-            return $c_t;
+        $cipher = "DES-CFB";
+        if (in_array($cipher, openssl_get_cipher_methods()))
+        {
+            $ivlen = openssl_cipher_iv_length($cipher);
+            $iv = substr($str,0,$ivlen);
+            $str = substr($str,$ivlen);
+            return openssl_decrypt($str, $cipher, $key, 0, $iv);
         }
     }
 

From 3a0f0cdffa2e4ad6b5df02b571147b40187f71b0 Mon Sep 17 00:00:00 2001
From: Mark Hamstra <hamstra.mark@gmail.com>
Date: Fri, 5 Jun 2020 14:14:24 +0200
Subject: [PATCH 2/2] Make cipher checking case-insensitive

---
 .../model/filelister/filelister.class.php      | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/core/components/filelister/model/filelister/filelister.class.php b/core/components/filelister/model/filelister/filelister.class.php
index b415175..9e7f46a 100644
--- a/core/components/filelister/model/filelister/filelister.class.php
+++ b/core/components/filelister/model/filelister/filelister.class.php
@@ -180,14 +180,18 @@ private function _encrypt($str) {
         $key = md5($key); /* to improve variance */
 
         $cipher = "DES-CFB";
-        if (in_array($cipher, openssl_get_cipher_methods()))
-        {
+        $available = openssl_get_cipher_methods();
+        $available = array_map('strtoupper', $available);
+        if (in_array($cipher, $available)) {
             $ivlen = openssl_cipher_iv_length($cipher);
             $iv = openssl_random_pseudo_bytes($ivlen);
             $ciphertext = openssl_encrypt($str, $cipher, $key, 0, $iv);
             $ciphertext = $iv . $ciphertext;
             return urlencode($ciphertext);
         }
+        else {
+            $this->modx->log(modX::LOG_LEVEL_ERROR, "Cipher {$cipher} is not available on the server, FileLister cannot encrypt string.");
+        }
     }
 
     /**
@@ -204,13 +208,17 @@ private function _decrypt($str) {
         $key = md5($key);
 
         $cipher = "DES-CFB";
-        if (in_array($cipher, openssl_get_cipher_methods()))
-        {
+        $available = openssl_get_cipher_methods();
+        $available = array_map('strtoupper', $available);
+        if (in_array($cipher, $available)) {
             $ivlen = openssl_cipher_iv_length($cipher);
             $iv = substr($str,0,$ivlen);
             $str = substr($str,$ivlen);
             return openssl_decrypt($str, $cipher, $key, 0, $iv);
         }
+        else {
+            $this->modx->log(modX::LOG_LEVEL_ERROR, "Cipher {$cipher} is not available on the server, FileLister cannot decrypt string.");
+        }
     }
 
     /**
@@ -294,4 +302,4 @@ public function renderFile($path) {
             readfile($absolutePath);
         }
     }
-}
\ No newline at end of file
+}