There is still a fix needed to latest version in the svn of catalog\controller\payment\sagepay.php.
The 3 utf8_strlen in the simpleXor function need to be changed to just strlen. As $string will contain characters greater then 127 utf8_strlen will return the wrong length.
find:
Code: Select all
for ($i = 0; $i < utf8_strlen($password); $i++) {
$data[$i] = ord(substr($password, $i, 1));
}
$output = '';
for ($i = 0; $i < utf8_strlen($string); $i++) {
$output .= chr(ord(substr($string, $i, 1)) ^ ($data[$i % utf8_strlen($password)]));
Code: Select all
for ($i = 0; $i < strlen($password); $i++) {
$data[$i] = ord(substr($password, $i, 1));
}
$output = '';
for ($i = 0; $i < strlen($string); $i++) {
$output .= chr(ord(substr($string, $i, 1)) ^ ($data[$i % strlen($password)]));
find:
Code: Select all
$output = $this->simpleXor($string, $password);
Code: Select all
$output = utf8_encode($this->simpleXor($string, $password));