fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I solved issues with Cryptographic Issues

Browse Source
This commit is contained in:
Paula V. Quispe
2015-03-26 10:19:43 -04:00
parent f402d00446
commit ef261316b0
7 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gulliver/system/class.headPublisher.php
View File

@@ -536,7 +536,7 @@ class headPublisher
$cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js'; $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js';
file_put_contents($cacheFilename, file_get_contents($jsFilename)); file_put_contents($cacheFilename, file_get_contents($jsFilename));
} else { } else {
$cacheName = md5($mtime . $jsFilename); $cacheName = G::encryptOld($mtime . $jsFilename);
$cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js'; $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js';
if (!file_exists($cacheFilename)) { if (!file_exists($cacheFilename)) {
@@ -581,7 +581,7 @@ class headPublisher
} }
if (file_exists(PATH_PLUGINS . $pluginJsFile)) { if (file_exists(PATH_PLUGINS . $pluginJsFile)) {
$mtime = filemtime(PATH_PLUGINS . $pluginJsFile); $mtime = filemtime(PATH_PLUGINS . $pluginJsFile);
$jsPluginCacheName = md5($mtime . $pluginJsFile); $jsPluginCacheName = G::encryptOld($mtime . $pluginJsFile);
$cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $jsPluginCacheName . '.js'; $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $jsPluginCacheName . '.js';
if (!file_exists($cacheFilename)) { if (!file_exists($cacheFilename)) {

2
gulliver/system/class.rbac.php
View File

@@ -320,7 +320,7 @@ class RBAC
G::LoadClass('pmLicenseManager'); G::LoadClass('pmLicenseManager');
} }
$licenseManager =& pmLicenseManager::getSingleton(); $licenseManager =& pmLicenseManager::getSingleton();
if (in_array(md5($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) { if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
return -7; return -7;
} }
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/

6
gulliver/thirdparty/pear/class.soap_transport_http.php vendored
View File

@@ -317,13 +317,13 @@ class soap_transport_http extends nusoap_base {
$A1 = $username. ':' . (isset($digestRequest['realm']) ? $digestRequest['realm'] : '') . ':' . $password; $A1 = $username. ':' . (isset($digestRequest['realm']) ? $digestRequest['realm'] : '') . ':' . $password;
// H(A1) = MD5(A1) // H(A1) = MD5(A1)
$HA1 = md5($A1); $HA1 = G::encryptOld($A1);
// A2 = Method ":" digest-uri-value // A2 = Method ":" digest-uri-value
$A2 = 'POST:' . $this->digest_uri; $A2 = 'POST:' . $this->digest_uri;
// H(A2) // H(A2)
$HA2 = md5($A2); $HA2 = G::encryptOld($A2);
// KD(secret, data) = H(concat(secret, ":", data)) // KD(secret, data) = H(concat(secret, ":", data))
// if qop == auth: // if qop == auth:
@@ -345,7 +345,7 @@ class soap_transport_http extends nusoap_base {
$unhashedDigest = $HA1 . ':' . $nonce . ':' . $HA2; $unhashedDigest = $HA1 . ':' . $nonce . ':' . $HA2;
} }
$hashedDigest = md5($unhashedDigest); $hashedDigest = G::encryptOld($unhashedDigest);
$this->outgoing_headers['Authorization'] = 'Digest username="' . $username . '", realm="' . $digestRequest['realm'] . '", nonce="' . $nonce . '", uri="' . $this->digest_uri . '", cnonce="' . $cnonce . '", nc=' . sprintf("%08x", $digestRequest['nc']) . ', qop="' . $digestRequest['qop'] . '", response="' . $hashedDigest . '"'; $this->outgoing_headers['Authorization'] = 'Digest username="' . $username . '", realm="' . $digestRequest['realm'] . '", nonce="' . $nonce . '", uri="' . $this->digest_uri . '", cnonce="' . $cnonce . '", nc=' . sprintf("%08x", $digestRequest['nc']) . ', qop="' . $digestRequest['qop'] . '", response="' . $hashedDigest . '"';
} }

4
workflow/engine/classes/class.Installer.php
View File

@@ -443,12 +443,12 @@ class Installer
// The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0. // The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
// $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', // $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
// "Add 'admin' user in ProcessMaker (wf)"); // "Add 'admin' user in ProcessMaker (wf)");
$this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . md5($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)"); $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
mysql_select_db($this->rbac_site_name, $this->connection_database); mysql_select_db($this->rbac_site_name, $this->connection_database);
// The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0. // The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
// $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', // $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
// "Add 'admin' user in ProcessMaker (rb)"); // "Add 'admin' user in ProcessMaker (rb)");
$this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . md5($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)"); $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
} }
/** /**

4
workflow/engine/classes/class.license.app.php
View File

@@ -420,7 +420,7 @@ class license_application extends padl
$DATA = $this->_unwrap_license($dat_str); $DATA = $this->_unwrap_license($dat_str);
if (is_array($DATA)) { if (is_array($DATA)) {
# missing / incorrect id therefore it has been tampered with # missing / incorrect id therefore it has been tampered with
if ($DATA['ID'] != md5($this->ID1)) { if ($DATA['ID'] != G::encryptOld($this->ID1)) {
$DATA['RESULT'] = 'CORRUPT'; $DATA['RESULT'] = 'CORRUPT';
} }
if ($this->USE_TIME) { if ($this->USE_TIME) {
@@ -463,7 +463,7 @@ class license_application extends padl
# create the details to send to the home server # create the details to send to the home server
$stuff_to_send = array(); $stuff_to_send = array();
$stuff_to_send['LICENSE_DATA'] = $DATA; $stuff_to_send['LICENSE_DATA'] = $DATA;
$stuff_to_send['LICENSE_DATA']['KEY'] = md5($dat_str); $stuff_to_send['LICENSE_DATA']['KEY'] = G::encryptOld($dat_str);
# dial home # dial home
$DATA['RESULT'] = $this->_call_home($stuff_to_send, $dialhost, $dialpath, $dialport); $DATA['RESULT'] = $this->_call_home($stuff_to_send, $dialhost, $dialpath, $dialport);
} else { } else {

2
workflow/engine/classes/class.pmFunctions.php
View File

@@ -2234,7 +2234,7 @@ function setCaseTrackerCode ($sApplicationUID, $sCode, $sPIN = '')
$aFields['APP_PROC_CODE'] = $sCode; $aFields['APP_PROC_CODE'] = $sCode;
if ($sPIN != '') { if ($sPIN != '') {
$aFields['APP_DATA']['PIN'] = $sPIN; $aFields['APP_DATA']['PIN'] = $sPIN;
$aFields['APP_PIN'] = md5( $sPIN ); $aFields['APP_PIN'] = G::encryptOld( $sPIN );
} }
$oCase->updateCase( $sApplicationUID, $aFields ); $oCase->updateCase( $sApplicationUID, $aFields );
if (isset($_SESSION['APPLICATION'])) { if (isset($_SESSION['APPLICATION'])) {

4
workflow/engine/classes/triggers/class.pmSugarFunctions.php
View File

@@ -1,4 +1,4 @@
<?php <?php
/** /**
* class.pmSugar.pmFunctions.php * class.pmSugar.pmFunctions.php
@@ -51,7 +51,7 @@ function getSoapClientOptions ()
function sugarLogin ($sugarSoap, $user, $password) function sugarLogin ($sugarSoap, $user, $password)
{ {
$client = new SoapClient( $sugarSoap, getSoapClientOptions() ); $client = new SoapClient( $sugarSoap, getSoapClientOptions() );
$auth_array = array ('user_auth' => array ('user_name' => $user,'password' => md5( $password ),'version' => '1.0') ); $auth_array = array ('user_auth' => array ('user_name' => $user,'password' => G::encryptOld( $password ),'version' => '1.0') );
$login_results = $client->__SoapCall( 'login', $auth_array ); $login_results = $client->__SoapCall( 'login', $auth_array );
$session_id = $login_results->id; $session_id = $login_results->id;
$user_guid = $client->__SoapCall( 'get_user_id', array ($session_id) ); $user_guid = $client->__SoapCall( 'get_user_id', array ($session_id) );