WordPress.org

Ready to get started?Download WordPress

Forums

Pardot
[resolved] Version 1.1.2 is breaking my dashboard (6 posts)

  1. Alex_Be
    Member
    Posted 1 year ago #

    Hello,

    I seem to be having a problem with this block of code in the pardot-settings-class.php file:

    function pardot_decrypt($encrypted_input_string, $key='pardot_key'){
    	    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    	    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    	    $h_key = hash('sha256', $key, TRUE);
    	    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $h_key, base64_decode($encrypted_input_string), MCRYPT_MODE_ECB, $iv));}

    This code lies on lines 734 - 739 of the file. When I updated to 1.1.2 from 1.1.1 this morning, this error message now appears in place of my dashboard content on every page or section of my dashboard:

    Fatal error: Call to undefined function mcrypt_get_iv_size() in /mnt/attstor/tru-www-new/wp-content/plugins/pardot/includes/pardot-settings-class.php on line 735

    I found this website as a solution:

    http://www.themelab.com/2008/06/01/fix-wordpress-fatal-error-call-to-undefined-function/

    When I applied this to the function on line 735, I received another "Fatal Error" message referencing the "mycrypt_create_iv" function on line 736. So I applied it there as well. After that, I received another Fatal Error in reference to "mycrypt_decrypt" on line 738.

    Is there another solution for this issue to help define these functions? If not, is the plugin stable and safe with this solution that was posted on this website above? This is being used on a corporate website and we have sensitive customer and prospect data being exchanged through the site and do not want to compromise any info if these functions are necessary as they seem to be part of the encrypt/decrypt process of the plugin. If it is not stable and safe, how do I downgrade to version 1.1.1 of the plugin until this issue is resolved?

    http://wordpress.org/extend/plugins/pardot/

  2. Cliff Seal
    Member
    Plugin Author

    Posted 1 year ago #

    We updated the encryption method to use mcrypt, which may not be installed by your host. We'll have an update out ASAP that tests for this.

    For now, you can either talk to your host to see if they'll enable mcrypt, or download 1.1.1 here and re-upload: http://downloads.wordpress.org/plugin/pardot.1.1.1.zip

  3. Cliff Seal
    Member
    Plugin Author

    Posted 1 year ago #

    In fact, the fix is live now. You should be seeing it in your Dashboard soon, or you can download the new version directly: http://downloads.wordpress.org/plugin/pardot.zip

    Sorry for your inconvenience, but thanks for bringing this to our attention! It helped us push a fix fast.

  4. Cliff Seal
    Member
    Plugin Author

    Posted 1 year ago #

    And to clarify: there was never any real risk involved. We simply go above-and-beyond the call of duty to keep data secure in the plugin.

  5. Alex_Be
    Member
    Posted 1 year ago #

    Thanks for the quick follow up Cliff! (and excuse my slow response)

    I wasn't too concerned that there was a "security" threat, I just wanted to be able to confidently report to my supervisor that fact. I really appreciate the quick turnaround on this!

  6. Cliff Seal
    Member
    Plugin Author

    Posted 1 year ago #

    Certainly! Thanks again for reporting it.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic