[shan]

Quote:

Originally Posted by svowl

Here is the result of our investigation (thanks to Shan who provided the details of the problem):

X-Cart's blowfish ecryption procedure uses binary operations like '&', '|' and '>>'. We discovered that these operations were processed incorrectly by PHP internals in some PHP verions (4.0.6, 5.0.2), so we implemented a check-up in include/blowfish.php of X-Cart 4.1.0 RC2 and RC3 that made X-Cart use a special wrapper if the version of PHP being used matched one of the problem PHP version numbers. Investigating the request, we discovered that the issue was also related to such extentions as Zend Optimizer (which was used on the server on the problem case) and, possibly, to some other accelerators as well.

We corrected the check-up procedure so that a wrapper is now used if a string first encrypted and then decrypted does not turn out the same as the authentic string. This check-up is performed once per user session when blowfish encryption routine is called. Unfortunately, using a wrapper requires about twice as much time as the standard procedure.

Please find attached to this message a patch file "patch.diff". It should fix the issue on RC3.

If you choose to apply these changes, please let me know the results.

Thank you

read this