1

We use a booking plugin in our Wordpress site which uses Sage Pay libraries for the payment processing. Recently we were advised to upgrade to PHP version 7.1, however, when running a compatibility check, an mcrypt error was revealed:

> The following plugins/themes are not compatible with PHP 7.1. Booking
> Calendar See Errors
> --------------------------------------------------------------------------------- FILE: /home/ . . .
> /public_html/wp-content/plugins/booking.bl.7.1/inc/gateways/sage/wpbc-gw-sage.php
> --------------------------------------------------------------------------------- FOUND 0 ERRORS AND 4 WARNINGS AFFECTING 2 LINES
> --------------------------------------------------------------------------------- 1205 | WARNING | Function mcrypt_encrypt() is deprecated since PHP
> 7.1; use OpenSSL instead 1205 | WARNING | Extension 'mcrypt' is deprecated since PHP 7.1 - use openssl (preferred) or pecl/mcrypt once
> available instead. 1237 | WARNING | Function mcrypt_decrypt() is
> deprecated since PHP 7.1; use OpenSSL instead 1237 | WARNING |
> Extension 'mcrypt' is deprecated since PHP 7.1 - use openssl
> (preferred) or pecl/mcrypt once available instead.
> ---------------------------------------------------------------------------------

As you can see there is a deprecated function in the current version of the plugin. After contacting the plugin coders about the issue, I was told that the offending code is part of the "Sage Pay" libraries and that they, the plugin coders, must wait for the upstream coders, i.e. Sage Pay, to fix their libraries before making modifications on their end.

I realize that the deprecated function has been signaled elsewhere on this forum, both here and here with the main feedback saying that mcrypt will be removed in PHP 7.2 and that users of this code should migrate to openssl_encrypt. In fact, the warning does not prevent users from migrating to PHP 7.1 since if I understand correctly, the deprecated function hasn't been removed yet and therefore is still functional.

So why am I posting this post. Well since none of the previous threads notified this as a potential problem for Sage Pay users and their downstream plugins, I believed that a notification to Sage Pay support through this forum should be made.

Vega
  • 27,856
  • 27
  • 95
  • 103
John Wells
  • 11
  • 2
  • I can confirm that after moving to PHP 7.1 on our website, the Business Large SingleSite 7.1 widget that uses the Sage Pay mcrypt function on the backend of our site has resulted in no problems that we have noticed. So for the time being this issue is not a problem. – John Wells Aug 17 '18 at 21:21
  • `mcrypt_decrypt()` is still available on PHP 7.2, but the deprecation warnings are usually enough to throw an exception in most modern frameworks. I have recently updated the Sage Pay Omnipay driver to support Sage Pay Form using `open_ssl` and the code there for decrypting may be of use (assuming you don't use Omnipay itself): https://github.com/thephpleague/omnipay-sagepay/blob/master/src/Message/Form/CompleteAuthorizeRequest.php#L57 The official Sage Pay SDKs are embarrassingly old now, still using the deprecated functions. – Jason Oct 14 '18 at 10:19

0 Answers0