- Issue created by @dilpreet_singh
Automatically closed - issue fixed for 2 weeks with no activity.
The issue involves a deprecation notice in the ldap_servers_encrypt() function located in the ldap_servers.encryption.inc file. The deprecation arises from passing a null value to the parameter $iv (initialization vector) of type string in the openssl_decrypt() function. PHP versions 7.1 and above discourage passing null for this parameter, and it now expects a valid string for the initialization vector.
This issue could potentially cause security vulnerabilities or errors when trying to decrypt sensitive information using the LDAP module.
Type: PHP
Location: /var/www/sites/all/modules/contrib/ldap/ldap_servers/ldap_servers.encryption.inc (Line 98)
Message: Deprecated function: openssl_decrypt(): Passing null to parameter #5 ($iv) of type string is deprecated.
Error Log: Seen in the Drupal watchdog logs during admin access to the background reports page.
Modify the code in ldap_servers.encryption.inc at line 98 to ensure a valid initialization vector is passed instead of null.
If the initialization vector (IV) is not available, generate a secure IV using openssl_random_pseudo_bytes() or a similar method.
No API changes are expected. The change only ensures that the deprecated use of openssl_decrypt() is fixed to prevent warnings or errors in future PHP versions.
No changes to the data model are expected.
Active
2.6
Code
Automatically closed - issue fixed for 2 weeks with no activity.