From 17a8e61d2ae9e938aaf60292666b6ccf5cb09067 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sat, 7 Jan 2017 14:25:46 +0300
Subject: deprecate encrypted feed passwords because mcrypt is getting removed
 from php 7.1

1. transparent decryption for existing installs stays for the time being
2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined
3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords
4. updated install to not auto-generate crypt key
5. added warning to config.php-dist
---
 config.php-dist | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'config.php-dist')

diff --git a/config.php-dist b/config.php-dist
index 2eaaab617..c86af943b 100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -25,6 +25,11 @@
 	// including PUSH, bookmarklets and browser integration will not work properly.
 
 	define('FEED_CRYPT_KEY', '');
+	// WARNING: mcrypt is deprecated in php 7.1. This directive exists for backwards
+	// compatibility with existing installs, new passwords are NOT going to be encrypted.
+	// Use update.php --decrypt-feeds to decrypt existing passwords in the database while
+	// mcrypt is still available.
+
 	// Key used for encryption of passwords for password-protected feeds
 	// in the database. A string of 24 random characters. If left blank, encryption
 	// is not used. Requires mcrypt functions.
-- 
cgit v1.2.3