extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 09:04:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

attempt fix in class crypto, data manipulation in encrypt and decrypt should mirror each other

Browse Source
This commit is contained in:
angles 2001-12-14 21:38:40 +00:00
parent 80162794d8
commit d4b52f9fcb
1 changed files with 44 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
phpgwapi/inc/class.crypto.inc.php
View File

@ -1,28 +1,28 @@
<?php <?php
/**************************************************************************\ /**************************************************************************\
* phpGroupWare API - Crypto * * phpGroupWare API - Crypto *
* This file written by Joseph Engo <jengo@phpgroupware.org> * * This file written by Joseph Engo <jengo@phpgroupware.org> *
* Handles encrypting strings based on various encryption schemes * * Handles encrypting strings based on various encryption schemes *
* Copyright (C) 2000, 2001 Dan Kuykendall * * Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------- *
* This library is part of the phpGroupWare API * * This library is part of the phpGroupWare API *
* http://www.phpgroupware.org/api * * http://www.phpgroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
* This library is free software; you can redistribute it and/or modify it * * This library is free software; you can redistribute it and/or modify it *
* under the terms of the GNU Lesser General Public License as published by * * under the terms of the GNU Lesser General Public License as published by *
* the Free Software Foundation; either version 2.1 of the License, * * the Free Software Foundation; either version 2.1 of the License, *
* or any later version. * * or any later version. *
* This library is distributed in the hope that it will be useful, but * * This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of * * WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. * * See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License * * You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, * * along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/ \**************************************************************************/
/* $Id$ */ /* $Id$ */
class crypto class crypto
{ {
var $enabled = False; var $enabled = False;
@ -41,7 +41,7 @@
$this->mcrypt_version = $GLOBALS['phpgw_info']['server']['versions']['mcrypt']; $this->mcrypt_version = $GLOBALS['phpgw_info']['server']['versions']['mcrypt'];
if ($this->mcrypt_version == 'old') if ($this->mcrypt_version == 'old')
{ {
$this->td = false; $this->td = False;
if (phpversion() > '4.0.2pl1') if (phpversion() > '4.0.2pl1')
{ {
$keysize = mcrypt_get_key_size(MCRYPT_TRIPLEDES); $keysize = mcrypt_get_key_size(MCRYPT_TRIPLEDES);
@ -99,12 +99,13 @@
function encrypt($data) function encrypt($data)
{ {
$data = serialize($data);
$data = addslashes($data);
// Disable all encryption if the admin didn't set it up // Disable all encryption if the admin didn't set it up
if ($this->enabled) if ($this->enabled)
{ {
// ONLY manipulate data if we are going to encrypt it
// question: why do we sreialize and add slashes before encrypting?? (ed: Angles)
$data = serialize($data);
$data = addslashes($data);
switch ($this->mcrypt_version) switch ($this->mcrypt_version)
{ {
// The old code, only works with mcrypt <= 2.2.x // The old code, only works with mcrypt <= 2.2.x
@ -124,7 +125,9 @@
return $encrypteddata; return $encrypteddata;
} }
else else
{ // No mcrypt == insecure ! {
// No mcrypt == insecure !
// Data should be returned *unmolested* if encryption is not enabled
return $data; return $data;
} }
} }
@ -147,12 +150,21 @@
$data = mdecrypt_generic($this->td, $data); $data = mdecrypt_generic($this->td, $data);
break; break;
} }
// hey -- since the encrypt() function calls serialize and then addslashes,
// we should always do the reverse -- correct? (ed: Del)
$data = stripslashes($data);
$data = unserialize($data);
// question: was it necessary to serialize and addslashes *before* encryption in the first place? (ed: Angles)
} }
else else
{ {
$data = $encrypteddata; // Data should be returned *unmolested* if encryption is not enabled
return $data;
} }
/*
// this is apparently intended to allow encryption of objects
// at this point Dec 14, 2001, we simply need to handle strings correctly
// which was broken previously (ed: Angles)
if(!strpos(' '.$data,'O:8:"stdClass"')) if(!strpos(' '.$data,'O:8:"stdClass"'))
{ {
return unserialize($data); return unserialize($data);
@ -162,6 +174,7 @@
$data = stripslashes($data); $data = stripslashes($data);
return $data; return $data;
} }
*/
} }
} // class crypto } // class crypto
?> ?>