Fixed EncryptWithMachineKey to handle values longer than FormsAuthentication.Encrypt max length limit

http://issues.umbraco.org/issue/U4-1455

src/Umbraco.Core/StringExtensions.cs

@@ -22,23 +22,60 @@ namespace Umbraco.Core
 		/// <summary>
 		/// Encrypt the string using the MachineKey in medium trust
 		/// </summary>
-		/// <param name="toEncrypt"></param>
+		/// <param name="value">The string value to be encrypted.</param>
 		/// <returns></returns>
-		public static string EncryptWithMachineKey(this string toEncrypt)
+		public static string EncryptWithMachineKey(this string value)
 		{
-			var output = FormsAuthentication.Encrypt(new FormsAuthenticationTicket(0, "temp", DateTime.Now, DateTime.MaxValue, false, toEncrypt));
-			return output;
+			if (value == null)
+				return null;
+
+			string valueToEncrypt = value;
+			List<string> parts = new List<string>();
+
+			const int EncrpytBlockSize = 500;
+
+			while (valueToEncrypt.Length > EncrpytBlockSize)
+			{
+				parts.Add(valueToEncrypt.Substring(0, EncrpytBlockSize));
+				valueToEncrypt = valueToEncrypt.Remove(0, EncrpytBlockSize);
+			}
+
+			if (valueToEncrypt.Length > 0)
+			{
+				parts.Add(valueToEncrypt);
+			}
+
+			StringBuilder encrpytedValue = new StringBuilder();
+
+			foreach (var part in parts)
+			{
+				var encrpytedBlock = FormsAuthentication.Encrypt(new FormsAuthenticationTicket(1, string.Empty, DateTime.Now, DateTime.Now, false, part));
+				encrpytedValue.AppendLine(encrpytedBlock);
+			}
+
+			return encrpytedValue.ToString().TrimEnd();
 		}
 
 		/// <summary>
 		/// Decrypt the encrypted string using the Machine key in medium trust
 		/// </summary>
-		/// <param name="encrypted"></param>
+		/// <param name="value">The string value to be decrypted</param>
 		/// <returns></returns>
-		public static string DecryptWithMachineKey(this string encrypted)
+		public static string DecryptWithMachineKey(this string value)
 		{
-			var output = FormsAuthentication.Decrypt(encrypted);
-			return output.UserData;
+			if (value == null)
+				return null;
+
+			string[] parts = value.Split('\n');
+
+			StringBuilder decryptedValue = new StringBuilder();
+
+			foreach (var part in parts)
+			{
+				decryptedValue.Append(FormsAuthentication.Decrypt(part.TrimEnd()).UserData);
+			}
+
+			return decryptedValue.ToString();
 		}
 
 		//this is from SqlMetal and just makes it a bit of fun to allow pluralisation

src/Umbraco.Web/HtmlHelperRenderExtensions.cs

@@ -119,7 +119,7 @@ namespace Umbraco.Web
 
 				if (!string.IsNullOrWhiteSpace(surfaceRouteParams))
 				{
-					_base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(surfaceRouteParams));
+					_encryptedString = surfaceRouteParams.EncryptWithMachineKey();
 				}
 
 				_textWriter = viewContext.Writer;
@@ -127,7 +127,7 @@ namespace Umbraco.Web
 
 
 			private bool _disposed;
-			private readonly string _base64String;
+			private readonly string _encryptedString;
 			private readonly TextWriter _textWriter;
 
 			protected override void Dispose(bool disposing)
@@ -137,7 +137,7 @@ namespace Umbraco.Web
 				this._disposed = true;
 
 				//write out the hidden surface form routes
-				_textWriter.Write("<input name='uformpostroutevals' type='hidden' value='" + _base64String + "' />");
+				_textWriter.Write("<input name='uformpostroutevals' type='hidden' value='" + _encryptedString + "' />");
 
 				base.Dispose(disposing);
 			}

src/Umbraco.Web/Mvc/RenderRouteHandler.cs

@@ -115,8 +115,8 @@ namespace Umbraco.Web.Mvc
 				return null;
 
 			var encodedVal = requestContext.HttpContext.Request["uformpostroutevals"];
-			var decodedString = Encoding.UTF8.GetString(Convert.FromBase64String(encodedVal));
-			var parsedQueryString = HttpUtility.ParseQueryString(decodedString);
+			var decryptedString = encodedVal.DecryptWithMachineKey();
+			var parsedQueryString = HttpUtility.ParseQueryString(decryptedString);
 
 			var decodedParts = new Dictionary<string, string>();