Replace deprecated usages of (en|de)crypt methods; fix password escaping

Author: cedric-anne

ajax/ajax.php

@@ -85,7 +85,7 @@
          $ws->getConnexion($_POST['host'],
                            $_POST['url'],
                            $_POST['login'],
-                           Toolbox::sodiumDecrypt($_POST['pwd']));
+                           (new GLPIKey())->decrypt($_POST['pwd']));
          $result = $ws->getStateMantis();
 
          if (! $result) {

front/config.form.php

@@ -37,6 +37,11 @@
 $PluginMantisConfig = new PluginMantisConfig();
 
 if (isset($_POST["update"])) {
+   if (array_key_exists('pwd', $_POST)) {
+      // Password must not be altered, it will be encrypted and never displayed, so sanitize is not necessary.
+      $_POST['pwd'] = $_UPOST['pwd'];
+   }
+
    $PluginMantisConfig->check($_POST["id"], UPDATE);
    $PluginMantisConfig->update($_POST);
    Html::back();

inc/config.class.php

@@ -50,8 +50,8 @@ static function getTypeName($nb = 0) {
    **/
    function prepareInputForUpdate($input) {
 
-      if (isset($input["pwd"]) AND !empty($input["pwd"])) {
-         $input["pwd"] = Toolbox::sodiumEncrypt(stripslashes($input["pwd"]));
+      if (isset($input["pwd"]) && !empty($input["pwd"])) {
+         $input["pwd"] = (new GLPIKey())->encrypt($input["pwd"]);
       }
       return $input;
    }
@@ -117,7 +117,7 @@ function showForm($ID, $options = []) {
       echo "<tr class='tab_bg_1'>";
       echo "<td>" . __("MantisBT user password", "mantis") . "</td>";
       echo "<td><input id='pwd' name='pwd' type='password' size='30'
-                  value='" . Toolbox::sodiumDecrypt($this->fields["pwd"]) . "' /></td>";
+                  value='" . Html::entities_deep((new GLPIKey())->decrypt($this->fields["pwd"])) . "' /></td>";
       echo "<td></td>";
       echo "</tr>";
 
@@ -296,12 +296,7 @@ static function install(Migration $migration) {
                   $DB->buildUpdate(
                      'glpi_plugin_mantis_configs',
                      [
-                        'pwd' => Toolbox::sodiumEncrypt(
-                           $key->decryptUsingLegacyKey(
-                              $config->fields['pwd'],
-                              $key->getLegacyKey()
-                           )
-                        )
+                        'pwd' => $key->encrypt($key->decryptUsingLegacyKey($config->fields['pwd']))
                      ],
                      [
                         'id' => 1,

inc/mantis.class.php

@@ -492,7 +492,7 @@ public function showForm($item) {
       if ($ws->testConnectionWS($conf->getField('host'),
                                 $conf->getField('url'),
                                 $conf->getField('login'),
-                                Toolbox::sodiumDecrypt($conf->getField('pwd')))) {
+                                (new GLPIKey())->decrypt($conf->getField('pwd')))) {
 
          if ($item->fields['status'] == $conf->fields['neutralize_escalation']
                || $item->fields['status'] > $conf->fields['neutralize_escalation']) {

inc/mantisws.class.php

@@ -63,7 +63,7 @@ function initializeConnection() {
          $this->_host = $conf->fields["host"];
          $this->_url = $conf->fields["url"];
          $this->_login = $conf->fields["login"];
-         $this->_password = Toolbox::sodiumDecrypt($conf->fields["pwd"]);
+         $this->_password = (new GLPIKey())->decrypt($conf->fields["pwd"]);
 
          $this->_client = new SoapClient($this->_host . "/" . $this->_url, self::getOptionsStreamContext());
          return true;