0

I have checked this before posting the question.

this is a small part of a code that uses create_function

$lambda_functions[$code_hash] = create_function('$action, &$self, $text', 'if ($action == "encrypt") { '.$encrypt.' } else { '.$decrypt.' }');

tried using this way 

$lambda_functions[$code_hash] = function ( $action, &$self, $text ) use ( $encrypt, $decrypt ) {
                if ($action == "encrypt") {
                    return $encrypt;
                } else {
                    return $decrypt;
                }
            };

but doesn't work as expected $encrypt or $decrypt will contain code that looks something like this 

$encrypt = $init_encryptBlock . '
           $ciphertext = "";
           $text = $self->_pad($text);
           $plaintext_len = strlen($text);

           $in = $self->encryptIV;

             for ($i = 0; $i < $plaintext_len; $i+= '.$block_size.') {
              $in = substr($text, $i, '.$block_size.') ^ $in;
                        '.$_encryptBlock.'
                        $ciphertext.= $in;
             }

             if ($self->continuousBuffer) {
               $self->encryptIV = $in;
             }

             return $ciphertext;
             ';

It is working fine with create_function but not with anonymous function not sure where I am going wrong?

Cœur
  • 37,241
  • 25
  • 195
  • 267
3gth
  • 550
  • 5
  • 23
  • have you tried to check the value returned by the lambda code you created? you are assigning string to $encrypt you should use eval function before submitting it to the lambda function like @philipp said create_function is evaluating the strings as php function. – Christopher Pelayo Apr 27 '18 at 09:02
  • 1
    @ChristopherPelayo thanks for your input, the output of `create_function` is `�lambda_1` also i need a way without using `eval` or `create_function` 'coz of the caution [here](@ChristopherPelayo thanks for your input, the output of `create_function` is `�lambda_1` also i need a way without using `eval` or `create_function` 'coz of the [caution](http://php.net/manual/en/function.eval.php) – 3gth Apr 27 '18 at 10:21

1 Answers1

1

The difference is, that with create_function() your code was submitted as a string and interpreted as code, but with an anonymous function the string is interpreted as a string, not as the code it contains.

You can just extract the code you have from the string that you have in $encrypt and $decrypt. This would look like this:

/*
 * Removed the "use ($encrypt, $decrypt)" part, 
 * because those were the strings that contained the code, 
 * but now the code itself is part of the anonymous function.
 * 
 * Instead, i added "use ($block_size)", because this is a vairable,
 * which is not defined inside of your function, but still used in it.
 * The other code containing variables might include such variables as
 * well, which you need to provide in the use block, too.
 */
$lambda_functions[$code_hash] = function ( $action, &$self, $text ) use ($block_size) {
    if ($action == "encrypt") {
        //Extract $init_encryptBlock here
        $ciphertext = "";
        $text = $self->_pad($text);
        $plaintext_len = strlen($text);

        $in = $self->encryptIV;

        for ($i = 0; $i < $plaintext_len; $i+= $block_size) {
            $in = substr($text, $i, $block_size) ^ $in;
            // Extract $_encryptBlock here
            $ciphertext.= $in;
        }

        if ($self->continuousBuffer) {
            $self->encryptIV = $in;
        }

         return $ciphertext;
    } else {
        //Extract $decrypt here
    }
};

Please keep in mind, that this is not a complete answer. You find numerous // Extract $variable here comments in the code, which stand for each code containing variable, that you have in your code and which needs to be extracted just in the way, in which i etracted the code from $encrypt.

Philipp Maurer
  • 2,480
  • 6
  • 18
  • 25