From 30b5c200239efe5d8a09ac3be54a35e5143a5541 Mon Sep 17 00:00:00 2001
From: Tony Landis <tony.landis@gmail.com>
Date: Fri, 27 Mar 2009 22:59:03 -0600
Subject: [PATCH] Encryption of credit card details bypassed if license key not
 entered.

---
 modules/core/crypt.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/core/crypt.inc.php b/modules/core/crypt.inc.php
index 5510c968..4e720744 100644
--- a/modules/core/crypt.inc.php
+++ b/modules/core/crypt.inc.php
@@ -183,7 +183,7 @@ class CORE_RSA
 
 
 function CORE_encrypt($data)  {
-	if(LICENSE_KEY == '') return false;  
+	if(LICENSE_KEY == '') return $data; // provide a license key in the setup area to enable encryption
 	$rsa 		= new CORE_RSA;
 	$keys 		= explode('-', LICENSE_KEY); 
 	$rsa_data   = $rsa->rsa_encrypt($data, $keys[1], $keys[0]);  
@@ -194,7 +194,7 @@ function CORE_encrypt($data)  {
 
 
 function CORE_decrypt($data)  {
-	if(LICENSE_KEY == '') return false;  
+	if(LICENSE_KEY == '') return $data;  // provide a license key in the setup area to enable encryption
 	$rc4_key	= do_rc4(LICENSE_KEY, 'en', false);    
 	$rc4_data 	= do_rc4($data, 'de', $rc4_key);  
 	$rsa 		= new CORE_RSA;