From 2e9459598f012d4199ed9ba7927b39ecc4bf4201 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Thu, 26 Apr 2018 11:06:10 +0200
Subject: [PATCH] LSdefault : encode LSjsConfig data in Base64

---
 .../includes/class/class.LSsession.php        |  2 +-
 public_html/includes/js/LSdefault.js          |  2 +-
 public_html/includes/js/functions.js          | 90 +++++++++++++++++++
 public_html/templates/default/LSdefault.tpl   |  4 +-
 4 files changed, 93 insertions(+), 5 deletions(-)

diff --git a/public_html/includes/class/class.LSsession.php b/public_html/includes/class/class.LSsession.php
index 304e4c48..5b5af697 100644
--- a/public_html/includes/class/class.LSsession.php
+++ b/public_html/includes/class/class.LSsession.php
@@ -1364,7 +1364,7 @@ class LSsession {
       self :: addJSconfigParam('keepLSsessionActive',ini_get('session.gc_maxlifetime'));
     }
 
-    LStemplate :: assign('LSjsConfig',json_encode(self :: $_JSconfigParams));
+    LStemplate :: assign('LSjsConfig',base64_encode(json_encode(self :: $_JSconfigParams)));
     
     if (LSdebug) {
       $JSscript_txt.="<script type='text/javascript'>LSdebug_active = 1;</script>\n";
diff --git a/public_html/includes/js/LSdefault.js b/public_html/includes/js/LSdefault.js
index 3a1b6478..2d42b180 100644
--- a/public_html/includes/js/LSdefault.js
+++ b/public_html/includes/js/LSdefault.js
@@ -24,7 +24,7 @@ var LSdefault = new Class({
       // LSjsConfig
       this.LSjsConfigEl = $('LSjsConfig');
       if ($type(this.LSjsConfigEl)) {
-        this.LSjsConfig = JSON.decode(this.LSjsConfigEl.innerHTML);
+        this.LSjsConfig = JSON.decode(atob(this.LSjsConfigEl.innerHTML));
       }
       else {
         this.LSjsConfig = [];
diff --git a/public_html/includes/js/functions.js b/public_html/includes/js/functions.js
index 3ba04543..a3d1fa72 100644
--- a/public_html/includes/js/functions.js
+++ b/public_html/includes/js/functions.js
@@ -244,3 +244,93 @@ function urlAddVar(url,name,value) {
   }
   return url;
 }
+
+/*
+ * Base64 compatibility
+ *
+ * Source : http://ntt.cc/2008/01/19/base64-encoder-decoder-with-javascript.html
+ */
+if ($type(atob) != 'function') {
+  B64keyStr = "ABCDEFGHIJKLMNOP" +
+              "QRSTUVWXYZabcdef" +
+              "ghijklmnopqrstuv" +
+              "wxyz0123456789+/" +
+              "=";
+
+  function btoa(input) {
+     input = escape(input);
+     var output = "";
+     var chr1, chr2, chr3 = "";
+     var enc1, enc2, enc3, enc4 = "";
+     var i = 0;
+
+     do {
+        chr1 = input.charCodeAt(i++);
+        chr2 = input.charCodeAt(i++);
+        chr3 = input.charCodeAt(i++);
+
+        enc1 = chr1 >> 2;
+        enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+        enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
+        enc4 = chr3 & 63;
+
+        if (isNaN(chr2)) {
+           enc3 = enc4 = 64;
+        } else if (isNaN(chr3)) {
+           enc4 = 64;
+        }
+
+        output = output +
+           B64keyStr.charAt(enc1) +
+           B64keyStr.charAt(enc2) +
+           B64keyStr.charAt(enc3) +
+           B64keyStr.charAt(enc4);
+        chr1 = chr2 = chr3 = "";
+        enc1 = enc2 = enc3 = enc4 = "";
+     } while (i < input.length);
+
+     return output;
+  }
+
+  function atob(input) {
+     var output = "";
+     var chr1, chr2, chr3 = "";
+     var enc1, enc2, enc3, enc4 = "";
+     var i = 0;
+
+     // remove all characters that are not A-Z, a-z, 0-9, +, /, or =
+     var base64test = /[^A-Za-z0-9\+\/\=]/g;
+     if (base64test.exec(input)) {
+        alert("There were invalid base64 characters in the input text.\n" +
+              "Valid base64 characters are A-Z, a-z, 0-9, '+', '/',and '='\n" +
+              "Expect errors in decoding.");
+     }
+     input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
+
+     do {
+        enc1 = B64keyStr.indexOf(input.charAt(i++));
+        enc2 = B64keyStr.indexOf(input.charAt(i++));
+        enc3 = B64keyStr.indexOf(input.charAt(i++));
+        enc4 = B64keyStr.indexOf(input.charAt(i++));
+
+        chr1 = (enc1 << 2) | (enc2 >> 4);
+        chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+        chr3 = ((enc3 & 3) << 6) | enc4;
+
+        output = output + String.fromCharCode(chr1);
+
+        if (enc3 != 64) {
+           output = output + String.fromCharCode(chr2);
+        }
+        if (enc4 != 64) {
+           output = output + String.fromCharCode(chr3);
+        }
+
+        chr1 = chr2 = chr3 = "";
+        enc1 = enc2 = enc3 = enc4 = "";
+
+     } while (i < input.length);
+
+     return unescape(output);
+  }
+}
diff --git a/public_html/templates/default/LSdefault.tpl b/public_html/templates/default/LSdefault.tpl
index 881ee909..44eecf06 100644
--- a/public_html/templates/default/LSdefault.tpl
+++ b/public_html/templates/default/LSdefault.tpl
@@ -1,6 +1,4 @@
-<div id='LSjsConfig'>
-{$LSjsConfig}
-</div>
+<div id='LSjsConfig'>{$LSjsConfig}</div>
 
 <div id='LSinfos_txt'>{$LSinfos}</div>