The module requires plugins to either return encrypted or decrypted text as the return of a plugin's encrypt or decrypt methods. Since this code has been around before PHP8, the interface doesn't require any specific return type (which should be string), and many modules have been simply returning FALSE.
See encrypt_kms or the issue where real_aes 🐛 Decrypt and encrypt returns false Fixed stopped doing that, with multiple users now reporting problems with that.
In light of the fact that many modules have been getting away with simply returning FALSE, which in turn is returned by the encrypt module to the calller of the encrypt service, the encrypt module should add a try/catch around the calls to the decrypt/encrypt plugin methods, log the caught exception in the log and return FALSE to the caller.
One option might be to make this behaviour configurable: a strict version where, after logging the exception, the module simply re-throws it to be handled by the calling code; and a looser version where the code simply returns FALSE after the logging.
Implement, review and commit.
None
The return type of encrypt and decrypt would be changed to string | boolean.
None
Active
3.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
No activities found.