Disabling by default the fallback access to openssl from the command line. In the future this feature will be removed permanently.

2 files changed, 9 insertions, 4 deletions

diff --git a/GibberishAES.php b/GibberishAES.php
index 4c5a704..62690db 100644
--- a/GibberishAES.php
+++ b/GibberishAES.php
@@ -67,7 +67,15 @@ class GibberishAES {
     protected static $mcrypt_exists = null;
     protected static $mbstring_func_overload = null;
 
-    protected static $openssl_cli_exists = null;
+    // Modified by Ivan Tcholakov, 16-MAR-2015.
+    //protected static $openssl_cli_exists = null;
+    protected static $openssl_cli_exists = false;
+    // Explanation: Passing encryption/decryption to an external process is not a good idea.
+    // This feature is relevant to old servers (a cutting-edge case), so I am disabling
+    // it by default. You may at your own risk to enable it here (uncomment the previous
+    // value and comment the current one), but it would be better your PHP engine to have
+    // OpenSSL or Mcrypt functions installed.
+    // I am going in a future release to remove this feature permanently.
 
     // This is a static class, instances are disabled.
     final private function __construct() {}
diff --git a/README.markdown b/README.markdown
index dd5549f..6d99bd8 100644
--- a/README.markdown
+++ b/README.markdown
@@ -20,9 +20,6 @@ or
 
 - Mcrypt functions installed.
 
-If none of these functions exist, the class will try to use openssl
-from the command line (avoid this case).
-
 Usage Example:
 -----------------------------------