fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved issues with Cryptographic Issues [April 18]

Browse Source
This commit is contained in:
Paula V. Quispe
2015-04-21 12:03:52 -04:00
parent 135211ed71
commit e374f7a550
9 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gulliver/system/class.g.php
View File

@@ -4585,7 +4585,7 @@ class G
$checkSum = ''; $checkSum = '';
foreach ($files as $file) { foreach ($files as $file) {
if (is_file( $file )) { if (is_file( $file )) {
$checkSum .= md5_file( $file ); $checkSum .= G::encryptFileOld( $file );
} }
} }
return G::encryptOld( $checkSum . $key ); return G::encryptOld( $checkSum . $key );
@@ -5603,6 +5603,17 @@ class G
return md5($string); return md5($string);
} }
/** /**
* encryptFileOld
*
* @param string $string
*
* @return md5_file($string)
*/
public function encryptFileOld ($string)
{
return md5_file($string);
}
/**
* crc32 * crc32
* *
* @param string $string * @param string $string

2
workflow/engine/classes/model/AddonsManager.php
View File

@@ -61,7 +61,7 @@ class AddonsManager extends BaseAddonsManager
if ($download_md5 == null) { if ($download_md5 == null) {
return null; return null;
} }
return (strcasecmp(md5_file($filename), $download_md5) == 0); return (strcasecmp(G::encryptFileOld($filename), $download_md5) == 0);
} }
/** /**

2
workflow/engine/classes/model/Application.php
View File

@@ -367,7 +367,7 @@ class Application extends BaseApplication
$pin = G::generateCode(4, 'ALPHANUMERIC'); $pin = G::generateCode(4, 'ALPHANUMERIC');
$this->setAppData(serialize(array('PIN' => $pin))); $this->setAppData(serialize(array('PIN' => $pin)));
$this->setAppPin(md5($pin)); $this->setAppPin(G::encryptOld($pin));
$c = new Criteria(); $c = new Criteria();
$c->clearSelectColumns(); $c->clearSelectColumns();

2
workflow/engine/methods/cases/caseHistory_Ajax.php
View File

@@ -137,7 +137,7 @@ if ($actionAjax == "showDynaformHistoryGetNomDynaform_JXP") {
$dynTitle = $contentObjeto->getConValue(); $dynTitle = $contentObjeto->getConValue();
} }
$md5Hash = md5( $idDin . $dynDate ); $md5Hash = G::encryptOld( $idDin . $dynDate );
//assign task //assign task
$result = new stdClass(); $result = new stdClass();

2
workflow/engine/methods/enterprise/addonsStoreAction.php
View File

@@ -269,7 +269,7 @@ try {
} }
/////// ///////
$boundary = "---------------------" . substr(md5(rand(0, 32000)), 0, 10); $boundary = "---------------------" . substr(G::encryptOld(rand(0, 32000)), 0, 10);
$data = null; $data = null;
$data = $data . "--$boundary\n"; $data = $data . "--$boundary\n";

18
workflow/engine/methods/install/r.php
View File

@@ -2,25 +2,25 @@
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
if(isset($_GET['srv'])) { if(isset($_GET['srv'])) {
$_GET['srv'] = $filter->xssFilterHard($_GET['srv']); $srv = $filter->xssFilterHard($_GET['srv']);
} }
if(isset($_GET['usr'])) { if(isset($_GET['usr'])) {
$_GET['usr'] = $filter->xssFilterHard($_GET['usr']); $usr = $filter->xssFilterHard($_GET['usr']);
} }
if(isset($_GET['pass'])) { if(isset($_GET['pass'])) {
$_GET['pass'] = $filter->xssFilterHard($_GET['pass']); $pass = $filter->xssFilterHard($_GET['pass']);
} }
if(isset($_GET['gen'])) { if(isset($_GET['gen'])) {
$_GET['gen'] = $filter->xssFilterHard($_GET['gen']); $gen = $filter->xssFilterHard($_GET['gen']);
} }
?> ?>
<form action="r"> <form action="r">
Server: <input type="text" name="srv" Server: <input type="text" name="srv"
value="<?php echo isset($_GET['srv'])?$_GET['srv']:'';?>"> User: <input value="<?php echo isset($srv)? $srv:'';?>"> User: <input
type="text" name="usr" type="text" name="usr"
value="<?php echo isset($_GET['usr'])?$_GET['usr']:'';?>" /> Passwd: <input value="<?php echo isset($usr)? $usr:'';?>" /> Passwd: <input
type="text" name="pass" type="text" name="pass"
value="<?php echo isset($_GET['pass'])?$_GET['pass']:'';?>" /> <input value="<?php echo isset($pass)? $pass:'';?>" /> <input
type="submit" value="Gen" name="gen" /> <input type="submit" type="submit" value="Gen" name="gen" /> <input type="submit"
value="Regenerate paths_installed" name="reg" /><br /> value="Regenerate paths_installed" name="reg" /><br />
</form> </form>
@@ -28,14 +28,18 @@ if(isset($_GET['gen'])) {
if (isset( $_GET['gen'] )) { if (isset( $_GET['gen'] )) {
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) ); $sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$sh = $filter->xssFilterHard($sh);
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh ); $h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
$h = $filter->xssFilterHard($h);
echo "HASH_INSTALLATION<br/>"; echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>"; echo "<textarea cols=120>$h</textarea><br/>";
echo "SYSTEM_HASH<br/>"; echo "SYSTEM_HASH<br/>";
echo "<textarea cols=120>$sh</textarea>"; echo "<textarea cols=120>$sh</textarea>";
} elseif (isset( $_GET['reg'] )) { } elseif (isset( $_GET['reg'] )) {
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) ); $sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$sh = $filter->xssFilterHard($sh);
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh ); $h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
$h = $filter->xssFilterHard($h);
echo "HASH_INSTALLATION<br/>"; echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>"; echo "<textarea cols=120>$h</textarea><br/>";
echo "SYSTEM_HASH<br/>"; echo "SYSTEM_HASH<br/>";

2
workflow/engine/methods/setup/appCacheViewAjax.php
View File

@@ -302,7 +302,7 @@ switch ($request) {
list($sucess, $msgErr) = testConnection(DB_ADAPTER, $serverName, $user, $passwd, $port); list($sucess, $msgErr) = testConnection(DB_ADAPTER, $serverName, $user, $passwd, $port);
if ($sucess) { if ($sucess) {
$sh = md5( filemtime( PATH_GULLIVER . "/class.g.php" ) ); $sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$h = G::encrypt( $_POST['host'] . $sh . $_POST['user'] . $sh . $_POST['password'] . $sh . (1), $sh ); $h = G::encrypt( $_POST['host'] . $sh . $_POST['user'] . $sh . $_POST['password'] . $sh . (1), $sh );
$insertStatements = "define ( 'HASH_INSTALLATION','{$h}' ); \ndefine ( 'SYSTEM_HASH', '{$sh}' ); \n"; $insertStatements = "define ( 'HASH_INSTALLATION','{$h}' ); \ndefine ( 'SYSTEM_HASH', '{$sh}' ); \n";
$lines = array (); $lines = array ();

5
workflow/engine/methods/setup/pluginsRemove.php
View File

@@ -39,7 +39,8 @@ switch ($RBAC->userCanAccess('PM_SETUP_ADVANCE'))
}*/ }*/
G::LoadClass( "plugin" ); G::LoadClass( "plugin" );
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$pluginName = $_REQUEST["pluginUid"]; $pluginName = $_REQUEST["pluginUid"];
if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) { if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) {
@@ -50,5 +51,5 @@ if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) {
$pluginRegistry->unSerializeInstance( file_get_contents( PATH_DATA_SITE . "plugin.singleton" ) ); $pluginRegistry->unSerializeInstance( file_get_contents( PATH_DATA_SITE . "plugin.singleton" ) );
} }
G::auditLog("RemovePlugin","Plugin Name: ".$pluginName); G::auditLog("RemovePlugin","Plugin Name: ".$pluginName);
echo $pluginName . " " . nl2br( G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" ) ); echo $pluginName . " " . nl2br( $filter->xssFilterHard(G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" )) );

2
workflow/engine/templates/reportTables/mainLoad.php
View File

@@ -20,7 +20,7 @@ if(isset($_GET['gui'])) {
} }
</style> </style>
<body onresize="autoResizeScreen()" onload="autoResizeScreen()"> <body onresize="autoResizeScreen()" onload="autoResizeScreen()">
<iframe name="frameMain" id="frameMain" src ="../reportTables/mainInit?PRO_UID=<?php echo $gui?>" width="99%" height="200" frameborder="0"> <iframe name="frameMain" id="frameMain" src ="../reportTables/mainInit?PRO_UID=<?php echo $filter->xssFilterHard($gui)?>" width="99%" height="200" frameborder="0">
<p>Your browser does not support iframes.</p> <p>Your browser does not support iframes.</p>
</iframe> </iframe>
</body> </body>