From 4089ffa9fe3f46be8f99062a5ad306ad742103c4 Mon Sep 17 00:00:00 2001
From: Deon George <wurley@users.sf.net>
Date: Thu, 6 Oct 2011 10:40:41 +1100
Subject: [PATCH] SF Bug #3392644 - Cannot authenticate if password starts or
 ends with spaces

---
 lib/functions.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/functions.php b/lib/functions.php
index eb160dc..3e8454d 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -648,11 +648,11 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
 function get_request($attr,$type='POST',$die=false,$default=null) {
 	switch($type) {
 		case 'GET':
-			$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : (trim(empty($_GET['nodecode'][$attr]) ? rawurldecode($_GET[$attr]) : $_GET[$attr]))) : $default;
+			$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : (empty($_GET['nodecode'][$attr]) ? rawurldecode($_GET[$attr]) : $_GET[$attr])) : $default;
 			break;
 
 		case 'REQUEST':
-			$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : trim(empty($_REQUEST['nodecode'][$attr]) ? rawurldecode($_REQUEST[$attr]) : $_REQUEST[$attr])) : $default;
+			$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : (empty($_REQUEST['nodecode'][$attr]) ? rawurldecode($_REQUEST[$attr]) : $_REQUEST[$attr])) : $default;
 			break;
 
 		case 'SESSION':
@@ -661,7 +661,7 @@ function get_request($attr,$type='POST',$die=false,$default=null) {
 
 		case 'POST':
 		default:
-			$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : trim(empty($_POST['nodecode'][$attr]) ? rawurldecode($_POST[$attr]) : $_POST[$attr])) : $default;
+			$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : (empty($_POST['nodecode'][$attr]) ? rawurldecode($_POST[$attr]) : $_POST[$attr])) : $default;
 			break;
 	}
 
@@ -745,7 +745,7 @@ function blowfish_encrypt($data,$secret=null) {
 	if (! trim($secret))
 		return $data;
 
-	if (function_exists('mcrypt_module_open') && trim($data)) {
+	if (function_exists('mcrypt_module_open') && ! empty($data)) {
 		$td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
 		$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
 		mcrypt_generic_init($td,substr($secret,0,mcrypt_enc_get_key_size($td)),$iv);
@@ -771,6 +771,7 @@ function blowfish_encrypt($data,$secret=null) {
 
 		$encrypt .= $pma_cipher->encryptBlock($block, $secret);
 	}
+
 	return base64_encode($encrypt);
 }
 
@@ -800,7 +801,7 @@ function blowfish_decrypt($encdata,$secret=null) {
 	if (! trim($secret))
 		return $encdata;
 
-	if (function_exists('mcrypt_module_open') && trim($encdata)) {
+	if (function_exists('mcrypt_module_open') && ! empty($encdata)) {
 		$td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
 		$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
 		mcrypt_generic_init($td,substr($secret,0,mcrypt_enc_get_key_size($td)),$iv);
@@ -822,7 +823,8 @@ function blowfish_decrypt($encdata,$secret=null) {
 	for ($i=0; $i<strlen($data); $i+=8)
 		$decrypt .= $pma_cipher->decryptBlock(substr($data, $i, 8), $secret);
 
-	$return = trim($decrypt);
+	// Strip off our \0's that were added.
+	$return = preg_replace("/\\0*$/",'',$decrypt);
 	$CACHE[$encdata] = $return;
 	return $return;
 }