fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved issues with Cryptographic Issues [April 18]

Browse Source
This commit is contained in:
Paula V. Quispe
2015-04-21 12:03:52 -04:00
parent 135211ed71
commit e374f7a550
9 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gulliver/system/class.g.php
View File

@@ -4585,7 +4585,7 @@ class G
$checkSum = '';
foreach ($files as $file) {
if (is_file( $file )) {
$checkSum .= md5_file( $file );
$checkSum .= G::encryptFileOld( $file );
}
}
return G::encryptOld( $checkSum . $key );
@@ -5603,6 +5603,17 @@ class G
return md5($string);
}
/**
* encryptFileOld
*
* @param string $string
*
* @return md5_file($string)
*/
public function encryptFileOld ($string)
{
return md5_file($string);
}
/**
* crc32
*
* @param string $string

2
workflow/engine/classes/model/AddonsManager.php
View File

@@ -61,7 +61,7 @@ class AddonsManager extends BaseAddonsManager
if ($download_md5 == null) {
return null;
}
return (strcasecmp(md5_file($filename), $download_md5) == 0);
return (strcasecmp(G::encryptFileOld($filename), $download_md5) == 0);
}
/**

2
workflow/engine/classes/model/Application.php
View File

@@ -367,7 +367,7 @@ class Application extends BaseApplication
$pin = G::generateCode(4, 'ALPHANUMERIC');
$this->setAppData(serialize(array('PIN' => $pin)));
$this->setAppPin(md5($pin));
$this->setAppPin(G::encryptOld($pin));
$c = new Criteria();
$c->clearSelectColumns();

2
workflow/engine/methods/cases/caseHistory_Ajax.php
View File

@@ -137,7 +137,7 @@ if ($actionAjax == "showDynaformHistoryGetNomDynaform_JXP") {
$dynTitle = $contentObjeto->getConValue();
}
$md5Hash = md5( $idDin . $dynDate );
$md5Hash = G::encryptOld( $idDin . $dynDate );
//assign task
$result = new stdClass();

2
workflow/engine/methods/enterprise/addonsStoreAction.php
View File

@@ -269,7 +269,7 @@ try {
}
///////
$boundary = "---------------------" . substr(md5(rand(0, 32000)), 0, 10);
$boundary = "---------------------" . substr(G::encryptOld(rand(0, 32000)), 0, 10);
$data = null;
$data = $data . "--$boundary\n";

18
workflow/engine/methods/install/r.php
View File

@@ -2,25 +2,25 @@
G::LoadSystem('inputfilter');
$filter = new InputFilter();
if(isset($_GET['srv'])) {
$_GET['srv'] = $filter->xssFilterHard($_GET['srv']);
$srv = $filter->xssFilterHard($_GET['srv']);
}
if(isset($_GET['usr'])) {
$_GET['usr'] = $filter->xssFilterHard($_GET['usr']);
$usr = $filter->xssFilterHard($_GET['usr']);
}
if(isset($_GET['pass'])) {
$_GET['pass'] = $filter->xssFilterHard($_GET['pass']);
$pass = $filter->xssFilterHard($_GET['pass']);
}
if(isset($_GET['gen'])) {
$_GET['gen'] = $filter->xssFilterHard($_GET['gen']);
$gen = $filter->xssFilterHard($_GET['gen']);
}
?>
<form action="r">
Server: <input type="text" name="srv"
value="<?php echo isset($_GET['srv'])?$_GET['srv']:'';?>"> User: <input
value="<?php echo isset($srv)? $srv:'';?>"> User: <input
type="text" name="usr"
value="<?php echo isset($_GET['usr'])?$_GET['usr']:'';?>" /> Passwd: <input
value="<?php echo isset($usr)? $usr:'';?>" /> Passwd: <input
type="text" name="pass"
value="<?php echo isset($_GET['pass'])?$_GET['pass']:'';?>" /> <input
value="<?php echo isset($pass)? $pass:'';?>" /> <input
type="submit" value="Gen" name="gen" /> <input type="submit"
value="Regenerate paths_installed" name="reg" /><br />
</form>
@@ -28,14 +28,18 @@ if(isset($_GET['gen'])) {
if (isset( $_GET['gen'] )) {
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$sh = $filter->xssFilterHard($sh);
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
$h = $filter->xssFilterHard($h);
echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>";
echo "SYSTEM_HASH<br/>";
echo "<textarea cols=120>$sh</textarea>";
} elseif (isset( $_GET['reg'] )) {
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$sh = $filter->xssFilterHard($sh);
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
$h = $filter->xssFilterHard($h);
echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>";
echo "SYSTEM_HASH<br/>";

2
workflow/engine/methods/setup/appCacheViewAjax.php
View File

@@ -302,7 +302,7 @@ switch ($request) {
list($sucess, $msgErr) = testConnection(DB_ADAPTER, $serverName, $user, $passwd, $port);
if ($sucess) {
$sh = md5( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$h = G::encrypt( $_POST['host'] . $sh . $_POST['user'] . $sh . $_POST['password'] . $sh . (1), $sh );
$insertStatements = "define ( 'HASH_INSTALLATION','{$h}' ); \ndefine ( 'SYSTEM_HASH', '{$sh}' ); \n";
$lines = array ();

5
workflow/engine/methods/setup/pluginsRemove.php
View File

@@ -39,7 +39,8 @@ switch ($RBAC->userCanAccess('PM_SETUP_ADVANCE'))
}*/
G::LoadClass( "plugin" );
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$pluginName = $_REQUEST["pluginUid"];
if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) {
@@ -50,5 +51,5 @@ if (file_exists( PATH_PLUGINS . $pluginName . ".php" )) {
$pluginRegistry->unSerializeInstance( file_get_contents( PATH_DATA_SITE . "plugin.singleton" ) );
}
G::auditLog("RemovePlugin","Plugin Name: ".$pluginName);
echo $pluginName . " " . nl2br( G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" ) );
echo $pluginName . " " . nl2br( $filter->xssFilterHard(G::LoadTranslation( "ID_MSG_REMOVE_PLUGIN_SUCCESS" )) );

2
workflow/engine/templates/reportTables/mainLoad.php
View File

@@ -20,7 +20,7 @@ if(isset($_GET['gui'])) {
}
</style>
<body onresize="autoResizeScreen()" onload="autoResizeScreen()">
<iframe name="frameMain" id="frameMain" src ="../reportTables/mainInit?PRO_UID=<?php echo $gui?>" width="99%" height="200" frameborder="0">
<iframe name="frameMain" id="frameMain" src ="../reportTables/mainInit?PRO_UID=<?php echo $filter->xssFilterHard($gui)?>" width="99%" height="200" frameborder="0">
<p>Your browser does not support iframes.</p>
</iframe>
</body>