lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: A little clean of dol_hash usage.

Browse Source
This commit is contained in:
Laurent Destailleur 2014-10-18 16:08:15 +02:00
parent 873f8a6f27
commit 13590a876b
9 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/class/CMailFile.class.php
View File

@ -118,10 +118,10 @@ class CMailFile
$this->mixed_boundary = "multipart_x." . time() . ".x_boundary";
// On defini related_boundary
$this->related_boundary = 'mul_'.dol_hash(uniqid("dolibarr2"));
$this->related_boundary = 'mul_'.dol_hash(uniqid("dolibarr2"), 3); // Force md5 hash (does not contains special chars)
// On defini alternative_boundary
$this->alternative_boundary = 'mul_'.dol_hash(uniqid("dolibarr3"));
$this->alternative_boundary = 'mul_'.dol_hash(uniqid("dolibarr3"), 3); // Force md5 hash (does not contains special chars)
// If ending method not defined
if (empty($conf->global->MAIN_MAIL_SENDMODE)) $conf->global->MAIN_MAIL_SENDMODE='mail';
@ -971,7 +971,7 @@ class CMailFile
}
// cid
$this->html_images[$i]["cid"] = dol_hash(uniqid(time()));
$this->html_images[$i]["cid"] = dol_hash(uniqid(time()), 3); // Force md5 hash (does not contains special chars)
$this->html = preg_replace("/src=\"$src\"|src='$src'/i", "src=\"cid:".$this->html_images[$i]["cid"]."\"", $this->html);
}
$i++;

2
htdocs/core/class/html.form.class.php
View File

@ -4401,7 +4401,7 @@ class Form
{
global $dolibarr_main_url_root;
$ret.='<!-- Put link to gravatar -->';
$ret.='<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email '.$email.'" border="0" width="'.$width.'" src="http://www.gravatar.com/avatar/'.dol_hash($email).'?s='.$width.'&d='.urlencode(dol_buildpath('/theme/common/nophoto.jpg',2)).'">';
$ret.='<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email '.$email.'" border="0" width="'.$width.'" src="http://www.gravatar.com/avatar/'.dol_hash($email,3).'?s='.$width.'&d='.urlencode(dol_buildpath('/theme/common/nophoto.jpg',2)).'">'; // gravatar need md5 hash
}
else
{

2
htdocs/core/class/rssparser.class.php
View File

@ -194,7 +194,7 @@ class RssParser
}
$this->_urlRSS = $urlRSS;
$newpathofdestfile=$cachedir.'/'.dol_hash($this->_urlRSS);
$newpathofdestfile=$cachedir.'/'.dol_hash($this->_urlRSS,3); // Force md5 hash (does not contains special chars)
$newmask='0644';
//dol_syslog("RssPArser::parser parse url=".$urlRSS." => cache file=".$newpathofdestfile);

10
htdocs/core/class/smtps.class.php
View File

@ -1159,7 +1159,7 @@ class SMTPs
$this->_msgContent[$strType]['data'] = $strContent;
if ( $this->getMD5flag() )
$this->_msgContent[$strType]['md5'] = dol_hash($strContent);
$this->_msgContent[$strType]['md5'] = dol_hash($strContent, 3);
//}
}
@ -1329,7 +1329,7 @@ class SMTPs
$this->_msgContent['attachment'][$strFileName]['data'] = $strContent;
if ( $this->getMD5flag() )
$this->_msgContent['attachment'][$strFileName]['md5'] = dol_hash($strContent);
$this->_msgContent['attachment'][$strFileName]['md5'] = dol_hash($strContent, 3);
}
}
@ -1356,7 +1356,7 @@ class SMTPs
$this->_msgContent['image'][$strImageName]['data'] = $strContent;
if ( $this->getMD5flag() )
$this->_msgContent['image'][$strImageName]['md5'] = dol_hash($strContent);
$this->_msgContent['image'][$strImageName]['md5'] = dol_hash($strContent, 3);
}
}
// END DOL_CHANGE LDR
@ -1487,8 +1487,8 @@ class SMTPs
function _setBoundary()
{
$this->_smtpsBoundary = "multipart_x." . time() . ".x_boundary";
$this->_smtpsRelatedBoundary = 'mul_'.dol_hash(uniqid("dolibarr2"));
$this->_smtpsAlternativeBoundary = 'mul_'.dol_hash(uniqid("dolibarr3"));
$this->_smtpsRelatedBoundary = 'mul_'.dol_hash(uniqid("dolibarr2"), 3);
$this->_smtpsAlternativeBoundary = 'mul_'.dol_hash(uniqid("dolibarr3"), 3);
}
/**

11
htdocs/core/lib/security.lib.php
View File

@ -70,11 +70,11 @@ function dol_decode($chain)
/**
* Returns a hash of a string.
* If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function (md5 by default)
* If constant MAIN_SECURITY_SALT is defined, we use it as a salt
* If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function.
* If constant MAIN_SECURITY_SALT is defined, we use it as a salt.
*
* @param string $chain String to hash
* @param int $type Type of hash (0:auto, 1:sha1, 2:sha1+md5)
* @param int $type Type of hash (0:auto, 1:sha1, 2:sha1+md5, 3:md5)
* @return string Hash of string
*/
function dol_hash($chain,$type=0)
@ -86,9 +86,12 @@ function dol_hash($chain,$type=0)
if ($type == 1) return sha1($chain);
else if ($type == 2) return sha1(md5($chain));
else if ($type == 3) return md5($chain);
else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') return sha1($chain);
else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') return sha1(md5($chain));
else return md5($chain);
// No enconding defined
return md5($chain);
}

2
htdocs/core/lib/security2.lib.php
View File

@ -440,7 +440,7 @@ function encodedecode_dbpassconf($level=0)
/**
* Return a generated password using default module
*
* @param boolean $generic true=Create generic password (a MD5 string), false=Use the configured password generation module
* @param boolean $generic true=Create generic password (use default crypt function), false=Use the configured password generation module
* @return string New value for password
*/
function getRandomPassword($generic=false)

4
htdocs/user/class/user.class.php
View File

@ -1154,7 +1154,7 @@ class User extends CommonObject
$this->error = $langs->trans("ErrorBadEMail",$this->email);
return -1;
}
$this->db->begin();
// Mise a jour autres infos
@ -1539,7 +1539,7 @@ class User extends CommonObject
$mesg.= $outputlangs->transnoentitiesnoconv("Password")." = ".$password."\n\n";
$mesg.= "\n";
$mesg.= $outputlangs->transnoentitiesnoconv("YouMustClickToChange")." :\n";
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".dol_hash($password);
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordhash=".dol_hash($password);
$mesg.= $url."\n\n";
$mesg.= $outputlangs->transnoentitiesnoconv("ForgetIfNothing")."\n\n";
dol_syslog(get_class($this)."::send_password url=".$url);

6
htdocs/user/passwordforgotten.php
View File

@ -49,7 +49,7 @@ $mode=$dolibarr_main_authentication;
if (! $mode) $mode='http';
$username = GETPOST('username');
$passwordmd5 = GETPOST('passwordmd5');
$passwordhash = GETPOST('passwordhash');
$conf->entity = (GETPOST('entity') ? GETPOST('entity') : 1);
// Instantiate hooks of thirdparty module only if not already define
@ -68,7 +68,7 @@ if (GETPOST('dol_use_jmobile') || ! empty($_SESSION['dol_use_jmobile']))
*/
// Validate new password
if ($action == 'validatenewpassword' && $username && $passwordmd5)
if ($action == 'validatenewpassword' && $username && $passwordhash)
{
$edituser = new User($db);
$result=$edituser->fetch('',$_GET["username"]);
@ -78,7 +78,7 @@ if ($action == 'validatenewpassword' && $username && $passwordmd5)
}
else
{
if (dol_hash($edituser->pass_temp) == $passwordmd5)
if (dol_hash($edituser->pass_temp) == $passwordhash)
{
$newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");

2
test/phpunit/SecurityTest.php
View File

@ -227,7 +227,7 @@ class SecurityTest extends PHPUnit_Framework_TestCase
{
global $conf;
$genpass1=getRandomPassword(true); // Should be a MD5 string return by dol_hash
$genpass1=getRandomPassword(true); // Should be a string return by dol_hash (if no option set, will be md5)
print __METHOD__." genpass1=".$genpass1."\n";
$this->assertEquals(strlen($genpass1),32);