fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved Cryptographic Issues

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-26 11:22:37 -04:00
parent ef261316b0
commit 055082cec2
18 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gulliver/methods/genericAjax.php
View File

@@ -180,7 +180,7 @@ if( isset($request) ){
$gKey = (int)$row['lastId'] + 1;
} else {
$gKey = md5(date('Y-m-d H:i:s').'@'.rand());
$gKey = G::encryptOld(date('Y-m-d H:i:s').'@'.rand());
}
$rs = $con->executeQuery("INSERT INTO {$_GET['table']} ({$_GET['pk']}, {$_GET['fld']}) VALUES ('$gKey', '{$_GET['value']}');");

2
gulliver/system/class.xmlform.php
View File

@@ -5439,7 +5439,7 @@ class XmlForm
}
$filesToDelete = substr( (defined( 'PATH_C' ) ? PATH_C : PATH_DATA) . 'xmlform/', 0, - 1 ) . $realPath . '.*.js';
$auxPath = explode( PATH_SEP, $realPath );
$auxPath[count( $auxPath ) - 1] = $auxPath[count( $auxPath ) - 1] . '.' . md5( filemtime( $this->fileName ) );
$auxPath[count( $auxPath ) - 1] = $auxPath[count( $auxPath ) - 1] . '.' . G::encryptOld( filemtime( $this->fileName ) );
$realPath = implode( PATH_SEP, $auxPath );
// Improvement for the js cache - End
$this->parsedFile = $parsedFilePath;

6
workflow/engine/classes/class.Upgrade.php
View File

@@ -104,11 +104,11 @@ class Upgrade
$archiveMD5 = $checksum;
if (strcasecmp($archiveMD5, $installedMD5) != 0) {
$changedFiles[] = $filename;
if (!is_dir(dirname("$backupDir/$filename"))) {
mkdir(dirname("$backupDir/$filename"), 0777, true);
if (!is_dir(dirname($backupDir.'/'.$filename))) {
mkdir(dirname($backupDir.'/'.$filename), 0777, true);
}
if (file_exists($installedFile) && is_file($installedFile)) {
copy($installedFile, "$backupDir/$filename");
copy($installedFile, $backupDir.'/'.$filename);
}
if (!is_dir(dirname($installedFile))) {
mkdir(dirname($installedFile), 0777, true);

4
workflow/engine/classes/model/Event.php
View File

@@ -196,7 +196,7 @@ class Event extends BaseEvent
$oEvent->setTriUid( $oTrigger->getTriUid() );
$parameters = new StdClass();
$parameters->hash = md5( $oTrigger->getTriWebbot() );
$parameters->hash = G::encryptOld( $oTrigger->getTriWebbot() );
if (isset( $aData['EVN_ACTION_PARAMETERS']->SUBJECT )) {
$parameters->SUBJECT = $aData['EVN_ACTION_PARAMETERS']->SUBJECT;
@@ -327,7 +327,7 @@ class Event extends BaseEvent
$aTrigger['TRI_WEBBOT'] = $sTrigger;
$oTrigger->update( $aTrigger );
$oParameters = new StdClass();
$oParameters->hash = md5( $sTrigger );
$oParameters->hash = G::encryptOld( $sTrigger );
$oParameters->SUBJECT = $aData['EVN_ACTION_PARAMETERS']['SUBJECT'];
$oParameters->TO = $aData['EVN_ACTION_PARAMETERS']['TO'];
$oParameters->CC = $aData['EVN_ACTION_PARAMETERS']['CC'];

2
workflow/engine/classes/model/FieldCondition.php
View File

@@ -150,7 +150,7 @@ class FieldCondition extends BaseFieldCondition
if (sizeof( $aRows ) != 0) {
foreach ($aRows as $aRow) {
$hashCond = md5( $aRow['FCD_UID'] );
$hashCond = G::encryptOld( $aRow['FCD_UID'] );
$sCondition = $this->parseCondition( $aRow['FCD_CONDITION'] );
$sCondition = addslashes( $sCondition );

2
workflow/engine/classes/model/Translation.php
View File

@@ -638,7 +638,7 @@ class Translation extends BaseTranslation
include PATH_TRUNK .'vendor/colosa/MichelangeloFE/' . 'labels.php';
foreach ($labels as $key => $row) {
$this->addTranslation ('LABEL', 'ID_MAFE_'.MD5($row), $lang, $row);
$this->addTranslation ('LABEL', 'ID_MAFE_'.G::encryptOld($row), $lang, $row);
}
}
}

2
workflow/engine/methods/enterprise/processMakerAjax.php
View File

@@ -129,7 +129,7 @@ switch ($option) {
}
///////
$boundary = "---------------------" . substr(md5(rand(0, 32000)), 0, 10);
$boundary = "---------------------" . substr(G::encryptOld(rand(0, 32000)), 0, 10);
$data = null;
$data = $data . "--$boundary\n";

2
workflow/engine/methods/events/eventsEditAction.php
View File

@@ -45,7 +45,7 @@ $parameters = unserialize( $oEvent->getEvnActionParameters() );
//g::pr($parameters); die;
$aTrigger = $oTrigger->load( $aFields['TRI_UID'] );
$hash = md5( $oTrigger->getTriWebbot() );
$hash = G::encryptOld( $oTrigger->getTriWebbot() );
//var_dump($hash,$parameters->hash);die;
//if the hash is different, the script was edited , so we will show the trigger editor.
if ((isset( $parameters->hash ) && $hash != $parameters->hash) || $aFields['EVN_ACTION'] == 'EXECUTE_TRIGGER' || $aFields['EVN_ACTION'] == 'EXECUTE_CONDITIONAL_TRIGGER') {

4
workflow/engine/methods/install/r.php
View File

@@ -27,14 +27,14 @@ if(isset($_GET['gen'])) {
<?php
if (isset( $_GET['gen'] )) {
$sh = md5( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>";
echo "SYSTEM_HASH<br/>";
echo "<textarea cols=120>$sh</textarea>";
} elseif (isset( $_GET['reg'] )) {
$sh = md5( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>";

2
workflow/engine/methods/login/login.php
View File

@@ -146,7 +146,7 @@ if (!class_exists('pmLicenseManager')) {
G::LoadClass('pmLicenseManager');
}
$licenseManager =& pmLicenseManager::getSingleton();
if (in_array(md5($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/licenseExpired', '', array(), 'licenseUpdate');
G::RenderPage('publish');

10
workflow/engine/methods/roles/roles_Ajax.php
View File

@@ -31,7 +31,7 @@ switch ($REQUEST) {
G::RenderPage( 'publish', 'raw' );
break;
case 'saveNewRole':
$newid = md5( $_POST['code'] . date( "d-M-Y_H:i:s" ) );
$newid = G::encryptOld( $_POST['code'] . date( "d-M-Y_H:i:s" ) );
$aData['ROL_UID'] = $newid;
//$aData['ROL_PARENT'] = $_POST['parent'];
$aData['ROL_SYSTEM'] = '00000000000000000000000000000002';
@@ -162,13 +162,13 @@ switch ($REQUEST) {
foreach ($aUserIuds as $key => $val) {
$sData['USR_UID'] = $val;
$sData['ROL_UID'] = $ROL_UID;
if ($sData['USR_UID'] == '00000000000000000000000000000001') {
if ($sData['USR_UID'] == '00000000000000000000000000000001') {
if ($sData['ROL_UID'] != 'PROCESSMAKER_ADMIN') {
$response = new stdclass();
$response->userRole = true;
echo G::json_encode($response);
break;
}
echo G::json_encode($response);
break;
}
}
$RBAC->assignUserToRole( $sData );
}

2
workflow/engine/methods/services/demoSoap.php
View File

@@ -178,7 +178,7 @@ ini_set( "soap.wsdl_cache_enabled", "0" ); // disabling WSDL cache
switch ($action) {
case 'login':
$user = $_POST["user"];
$pass = md5( $_POST["pass"] );
$pass = G::encryptOld( $_POST["pass"] );
$wsdl = $endpoint;
//$client = new SoapClient( $endpoint );
$client = new SoapClient( null, array ('location' => $endpoint,'uri' => 'http://www.sugarcrm.com/sugarcrm','soap_version' => SOAP_1_1, //SOAP_1_2 - 1.2 not supported by sugar nusoap

2
workflow/engine/methods/triggers/triggers_Edit.php
View File

@@ -40,7 +40,7 @@ if (isset( $_GET['TRI_UID'] )) {
if ($aFields['TRI_PARAM'] != '' && ! $editWizardSource) {
$aTriggerData = unserialize( $aFields['TRI_PARAM'] );
// if the trigger has been modified manually, it cant be edited with the wizard.
if (md5( $aFields['TRI_WEBBOT'] ) == $aTriggerData['hash']) {
if (G::encryptOld( $aFields['TRI_WEBBOT'] ) == $aTriggerData['hash']) {
$triUid = $_GET['TRI_UID'];
$STEP_UID = isset($_GET['STEP_UID'])?$_GET['STEP_UID']:'';
$ST_TYPE = isset($_GET['ST_TYPE'])?$_GET['ST_TYPE']:'';

2
workflow/engine/methods/triggers/triggers_WizardSave.php
View File

@@ -99,7 +99,7 @@ $sPMfunction .= $aDataTriggers['PMFUNTION_NAME'] . " (" . implode(",", $methodPa
//Create Trigger
$aDataTriggers['TRI_WEBBOT'] = $sPMfunction;
$aDataTriggersParams = array();
$aDataTriggersParams['hash'] = md5($sPMfunction);
$aDataTriggersParams['hash'] = G::encryptOld($sPMfunction);
$aDataTriggersParams['params'] = $aDataTriggers;
$aDataTriggers['TRI_PARAM'] = serialize($aDataTriggersParams);

2
workflow/engine/methods/triggers/triggers_WizardUpdate.php
View File

@@ -102,7 +102,7 @@ $sPMfunction .= $aDataTriggers['PMFUNTION_NAME'] . " (" . implode(",", $methodPa
//Create Trigger
$aDataTriggers['TRI_WEBBOT'] = $sPMfunction;
$aDataTriggersParams = array();
$aDataTriggersParams['hash'] = md5($sPMfunction);
$aDataTriggersParams['hash'] = G::encryptOld($sPMfunction);
$aDataTriggersParams['params'] = $aDataTriggers;
$aDataTriggers['TRI_PARAM'] = serialize($aDataTriggersParams);

4
workflow/engine/methods/users/myInfo_Save.php
View File

@@ -68,7 +68,7 @@ try {
$aData['USR_PASSWORD'] = $_POST['form']['USR_PASSWORD'];
require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $_POST['form']['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (md5( $_POST['form']['USR_NEW_PASS'] )
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $_POST['form']['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (G::encryptOld( $_POST['form']['USR_NEW_PASS'] )
) )
) );
$aErrors = $oUserProperty->validatePassword( $_POST['form']['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'] );
@@ -120,7 +120,7 @@ try {
$aData['USR_DUE_DATE'] = $_POST['form']['USR_DUE_DATE'];
$aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$RBAC->updateUser( $aData );
$aData['USR_PASSWORD'] = md5( $_POST['form']['USR_USERNAME'] ); //fake :p
$aData['USR_PASSWORD'] = G::encryptOld( $_POST['form']['USR_USERNAME'] ); //fake :p
$aData['USR_COUNTRY'] = $_POST['form']['USR_COUNTRY'];
$aData['USR_CITY'] = $_POST['form']['USR_CITY'];
$aData['USR_LOCATION'] = $_POST['form']['USR_LOCATION'];

4
workflow/engine/methods/users/users_Save.php
View File

@@ -91,7 +91,7 @@ try {
$sUserUID = $RBAC->createUser( $aData, $form['USR_ROLE'] );
$aData['USR_STATUS'] = $statusWF;
$aData['USR_UID'] = $sUserUID;
$aData['USR_PASSWORD'] = md5( $sUserUID ); //fake :p
$aData['USR_PASSWORD'] = G::encryptOld( $sUserUID ); //fake :p
$aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
$aData['USR_CITY'] = $form['USR_CITY'];
$aData['USR_LOCATION'] = $form['USR_LOCATION'];
@@ -130,7 +130,7 @@ try {
$aData['USR_PASSWORD'] = $form['USR_PASSWORD'];
require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $form['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (md5( $form['USR_PASSWORD'] )
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $form['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (G::encryptOld( $form['USR_PASSWORD'] )
) )
) );

4
workflow/public_html/sysGeneric.php
View File

@@ -151,7 +151,7 @@ if (file_exists($requestFile)) {
header ( 'Pragma: cache' );
$mtime = filemtime ( $requestFile );
$gmt_mtime = gmdate ( "D, d M Y H:i:s", $mtime ) . " GMT";
header ( 'ETag: "' . md5 ( $mtime . $requestFile ) . '"' );
header ( 'ETag: "' . G::encryptOld ( $mtime . $requestFile ) . '"' );
header ( "Last-Modified: " . $gmt_mtime );
header ( 'Cache-Control: public' );
$userAgent = strtolower ( $_SERVER ['HTTP_USER_AGENT'] );
@@ -165,7 +165,7 @@ if (file_exists($requestFile)) {
}
}
if (isset ( $_SERVER ['HTTP_IF_NONE_MATCH'] )) {
if (str_replace ( '"', '', stripslashes ( $_SERVER ['HTTP_IF_NONE_MATCH'] ) ) == md5 ( $mtime . $requestFile )) {
if (str_replace ( '"', '', stripslashes ( $_SERVER ['HTTP_IF_NONE_MATCH'] ) ) == G::encryptOld ( $mtime . $requestFile )) {
header ( "HTTP/1.1 304 Not Modified" );
}
}