PLUGINS-5615 use literal string when no salt is defined

Ecwid · Feb 14, 2019 · f74fd1d · f74fd1d
1 parent ee8f145
commit f74fd1d
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/lib/ecwid_platform.php b/lib/ecwid_platform.php
@@ -126,7 +126,18 @@ static public function slugify( $string ) {
 
 	static protected function _init_crypt()
 	{
-		self::$crypt->setIV( substr( md5( SECURE_AUTH_SALT . get_option('ecwid_store_id') ), 0, 16 ) );
+		$salt = '';
+
+		// It turns out sometimes there is no salt is wp-config. And since it is already seeded
+		// with the SECURE_AUTH_KEY, and to avoid breaking someones encryption
+		// we use 'SECURE_AUTH_SALT' as string
+		if ( defined( 'SECURE_AUTH_SALT' ) ) {
+			$salt = SECURE_AUTH_SALT;
+		} else {
+			$salt = 'SECURE_AUTH_SALT';
+		}
+
+		self::$crypt->setIV( substr( md5( $salt . get_option('ecwid_store_id') ), 0, 16 ) );
 		self::$crypt->setKey( SECURE_AUTH_KEY );
 	}