Working on fixing serialize() with encryption, seems to work on 3.0.16

This commit is contained in:
jengo 2000-12-29 09:56:04 +00:00
parent 0c5e127b53
commit 19a79c9735
3 changed files with 15 additions and 10 deletions

View File

@ -53,9 +53,13 @@
$phpgw_info_temp["user"]["preferences"] = $phpgw_info["user"]["preferences"];
$phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the
// database for security.
$db->query("update phpgw_sessions set session_info='" . $phpgw->crypto->encrypt($phpgw_info_temp)
. "' where session_id='" . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__);
if ($PHP_VERSION < "4.0.0") {
$info_string = addslashes($phpgw->crypto->encrypt($phpgw_info_temp));
} else {
$info_string = $phpgw->crypto->encrypt($phpgw_info_temp);
}
$db->query("update phpgw_sessions set session_info='$info_string' where session_id='"
. $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__);
}
function add_app($appname,$rebuild = False)

View File

@ -89,9 +89,8 @@
$encrypteddata = mcrypt_generic($this->td, $data);
}
}
$encrypteddata = bin2hex($encrypteddata);
return $encrypteddata;
return $encrypteddata;
} else { // No mcrypt == insecure !
return $data;
}

View File

@ -32,9 +32,10 @@
$db = $phpgw->db;
$db2 = $phpgw->db;
$phpgw->common->key = $kp3;
$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
$phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
// PHP 3 complains that these are not defined when the already are defined.
@$phpgw->common->key = $kp3;
@$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
$phpgw->crypto = new crypto(@$phpgw->common->key,@$phpgw->common->iv);
$db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__);
$db->next_record();
@ -77,8 +78,9 @@
if (! $phpgw_info["user"]["userid"] ) {
return False;
} else {
$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"];
$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"];
// PHP 3 complains that these are not defined when the already are defined.
@$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"];
@$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"];
return True;
}
}