Crypto token string not parsing correctly for saved passwords
Overview
I'm having an issue with 5.36.1. Notice: Undefined index: t in parse() (line 204 of /sites/all/modules/civicrm/Civi/Crypto/CryptoToken.php).
The token string is in the format
"^CTK?k=<ID>&t=<base64>" instead of "^CTK?k=<ID>&t=<base64>".
So the array keys are "k" and "amp;t" instead of "k" and "t";
Reproduction steps
- at civicrm/admin/setting/smtp?reset=1 I added my smtp username, password.
- Save and Test correctly sent a test email.
- I went to a contact record and chose Actions: Send an Email.
- I got the following error: "authentication failure [SMTP: Invalid response code received from SMTP server while sending email. This is often caused by a misconfiguration in Outbound Email settings. Please verify the settings at Administer CiviCRM >> Global Settings >> Outbound Email"
- at admin/reports/dblog I got the following error:
Notice: Undefined index: t in parse() (line 204 of /sites/all/modules/civicrm/Civi/Crypto/CryptoToken.php).
Current behaviour
In the civicrm_setting table the smtpPassword is being saved as
CTK?k=<ID>&t=<base64>
/**
* Parse the content of a token (without decrypting it).
*
* @param string $token
*
* @return array
* @throws \Civi\Crypto\Exception\CryptoException
*/
public function parse($token): array {
$fmt = substr($token, 1, 4);
switch ($fmt) {
case self::FMT_QUERY:
dpm($token);
$tokenData = [];
parse_str(substr($token, 5), $tokenData);
dpm($tokenData);
$tokenData['t'] = \CRM_Utils_String::base64UrlDecode($tokenData['t']);
break;
default:
throw new CryptoException("Cannot decrypt token. Invalid format.");
}
return $tokenData;
}
parse_str is returning the following keys: "k" and "amp;t".
Expected behaviour
parse_str should return "k" and "t" keys.
In the above parse function I made the following change:
parse_str(substr(html_entity_decode($token), 5), $tokenData);
based off of https://www.php.net/manual/en/function.parse-str.php#74818
And it worked as expected.
Environment information
- CiviCRM: 5.36.1
- PHP: 7.3.27
- CMS: Drupal 7.80
- Database: 5.5.5-10.5.9-MariaDB
- Web Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.3.27