Update the encrypt algorithm to not escape slashes in json to provide…

… deterministic encryption sizes. (#31721)
laravel · Mar 8, 2020 · 19c9830 · 19c9830
1 parent 6495758
commit 19c9830
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php
@@ -100,7 +100,7 @@ public function encrypt($value, $serialize = true)
         // its authenticity. Then, we'll JSON the data into the "payload" array.
         $mac = $this->hash($iv = base64_encode($iv), $value);
 
-        $json = json_encode(compact('iv', 'value', 'mac'));
+        $json = json_encode(compact('iv', 'value', 'mac'), JSON_UNESCAPED_SLASHES);
 
         if (json_last_error() !== JSON_ERROR_NONE) {
             throw new EncryptException('Could not encrypt the data.');

diff --git a/tests/Encryption/EncrypterTest.php b/tests/Encryption/EncrypterTest.php
@@ -33,6 +33,16 @@ public function testEncryptionUsingBase64EncodedKey()
         $this->assertSame('foo', $e->decrypt($encrypted));
     }
 
+    public function testEncryptedLengthIsFixed()
+    {
+        $e = new Encrypter(str_repeat('a', 16));
+        $lengths = [];
+        for ($i = 0; $i < 100; $i++) {
+            $lengths[] = strlen($e->encrypt('foo'));
+        }
+        $this->assertSame(min($lengths), max($lengths));
+    }
+
     public function testWithCustomCipher()
     {
         $e = new Encrypter(str_repeat('b', 32), 'AES-256-CBC');