Support » Plugin: Pardot » Version 1.1.2 is breaking my dashboard

  • Resolved Alex_Be



    I seem to be having a problem with this block of code in the pardot-settings-class.php file:

    function pardot_decrypt($encrypted_input_string, $key='pardot_key'){
    	    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    	    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    	    $h_key = hash('sha256', $key, TRUE);
    	    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $h_key, base64_decode($encrypted_input_string), MCRYPT_MODE_ECB, $iv));}

    This code lies on lines 734 – 739 of the file. When I updated to 1.1.2 from 1.1.1 this morning, this error message now appears in place of my dashboard content on every page or section of my dashboard:

    Fatal error: Call to undefined function mcrypt_get_iv_size() in /mnt/attstor/tru-www-new/wp-content/plugins/pardot/includes/pardot-settings-class.php on line 735

    I found this website as a solution:

    When I applied this to the function on line 735, I received another “Fatal Error” message referencing the “mycrypt_create_iv” function on line 736. So I applied it there as well. After that, I received another Fatal Error in reference to “mycrypt_decrypt” on line 738.

    Is there another solution for this issue to help define these functions? If not, is the plugin stable and safe with this solution that was posted on this website above? This is being used on a corporate website and we have sensitive customer and prospect data being exchanged through the site and do not want to compromise any info if these functions are necessary as they seem to be part of the encrypt/decrypt process of the plugin. If it is not stable and safe, how do I downgrade to version 1.1.1 of the plugin until this issue is resolved?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Cliff Seal


    We updated the encryption method to use mcrypt, which may not be installed by your host. We’ll have an update out ASAP that tests for this.

    For now, you can either talk to your host to see if they’ll enable mcrypt, or download 1.1.1 here and re-upload:

    Plugin Author Cliff Seal


    In fact, the fix is live now. You should be seeing it in your Dashboard soon, or you can download the new version directly:

    Sorry for your inconvenience, but thanks for bringing this to our attention! It helped us push a fix fast.

    Plugin Author Cliff Seal


    And to clarify: there was never any real risk involved. We simply go above-and-beyond the call of duty to keep data secure in the plugin.

    Thanks for the quick follow up Cliff! (and excuse my slow response)

    I wasn’t too concerned that there was a “security” threat, I just wanted to be able to confidently report to my supervisor that fact. I really appreciate the quick turnaround on this!

    Plugin Author Cliff Seal


    Certainly! Thanks again for reporting it.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Version 1.1.2 is breaking my dashboard’ is closed to new replies.