lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Serious bug with encrypt and decrypt function.

Browse Source
This commit is contained in:
Laurent Destailleur 2009-09-07 19:33:21 +00:00
parent 493fa2d724
commit 7fedb8890a
7 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/includes/modules/DolibarrModules.class.php
View File

@ -386,8 +386,8 @@ class DolibarrModules
$this->db->query($sql);
$sql = "INSERT INTO ".MAIN_DB_PREFIX."const (name,value,visible,entity) VALUES";
$sql.= " (".$this->db->encrypt("'".$this->const_name."'",$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey);
$sql.= ",".$this->db->encrypt('1',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey);
$sql.= " (".$this->db->encrypt($this->const_name,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1);
$sql.= ",".$this->db->encrypt('1',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1);
$sql.= ",0,".$entity.")";
dol_syslog("DolibarrModules::_active sql=".$sql, LOG_DEBUG);

8
htdocs/install/etape5.php
View File

@ -188,7 +188,7 @@ if ($_POST["action"] == "set" || eregi('upgrade',$_POST["action"]))
$db->begin();
dolibarr_install_syslog('install/etape5.php set MAIN_VERSION_LAST_INSTALL const to '.$targetversion, LOG_DEBUG);
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_VERSION_LAST_INSTALL'");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_VERSION_LAST_INSTALL'");
if (! $resql) dol_print_error($db,'Error in setup program');
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",".$db->encrypt($targetversion,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",'chaine',0,'Dolibarr version when install',0)");
if (! $resql) dol_print_error($db,'Error in setup program');
@ -197,7 +197,7 @@ if ($_POST["action"] == "set" || eregi('upgrade',$_POST["action"]))
if ($usedoliwamp)
{
dolibarr_install_syslog('install/etape5.php set MAIN_REMOVE_INSTALL_WARNING const to 1', LOG_DEBUG);
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_REMOVE_INSTALL_WARNING'");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_REMOVE_INSTALL_WARNING'");
if (! $resql) dol_print_error($db,'Error in setup program');
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",".$db->encrypt(1,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",'chaine',1,'Disable install warnings',0)");
if (! $resql) dol_print_error($db,'Error in setup program');
@ -205,7 +205,7 @@ if ($_POST["action"] == "set" || eregi('upgrade',$_POST["action"]))
}
dolibarr_install_syslog('install/etape5.php Remove MAIN_NOT_INSTALLED const', LOG_DEBUG);
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_NOT_INSTALLED'");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_NOT_INSTALLED'");
if (! $resql) dol_print_error($db,'Error in setup program');
$db->commit();
@ -236,7 +236,7 @@ if ($_POST["action"] == "set" || eregi('upgrade',$_POST["action"]))
if ($tagdatabase)
{
dolibarr_install_syslog('install/etape5.php set MAIN_VERSION_LAST_UPGRADE const to value '.$targetversion, LOG_DEBUG);
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_VERSION_LAST_UPGRADE'");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_VERSION_LAST_UPGRADE'");
if (! $resql) dol_print_error($db,'Error in setup program');
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_UPGRADE',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",".$db->encrypt($targetversion,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",'chaine',0,'Dolibarr version for last upgrade',0)");
if (! $resql) dol_print_error($db,'Error in setup program');

4
htdocs/lib/admin.lib.php
View File

@ -390,8 +390,8 @@ function dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $not
{
$sql = "INSERT INTO llx_const(name,value,type,visible,note,entity)";
$sql.= " VALUES (";
$sql.= $db->encrypt("'".$name."'",$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey);
$sql.= ",".$db->encrypt("'".addslashes($value)."'",$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey);
$sql.= "'".addslashes($db->encrypt($name,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0))."'";
$sql.= ",'".addslashes($db->encrypt($value,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0))."'";
$sql.= ",'".$type."',".$visible.",'".addslashes($note)."',".$entity.")";
dol_syslog("admin.lib::dolibarr_set_const sql=".$sql, LOG_DEBUG);

6
htdocs/lib/databases/mssql.lib.php
View File

@ -696,13 +696,13 @@ class DoliDb
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \param isAValue String in field can be a field name or a value
* \param withQuotes Return string with quotes
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $withQuotes=0)
{
$return = $fieldorvalue;
return ($isAValue?"'":"").$return.($isAValue?"'":"");
return ($withQuotes?"'":"").$return.($withQuotes?"'":"");
}
/**

10
htdocs/lib/databases/mysql.lib.php
View File

@ -683,10 +683,10 @@ class DoliDb
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \param isAValue String in field can be a field name or a value
* \param withQuotes Return string with quotes
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $withQuotes=0)
{
$return = $fieldorvalue;
@ -694,15 +694,15 @@ class DoliDb
{
if ($cryptType == 2)
{
$return = 'AES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
$return = 'AES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
}
else if ($cryptType == 1)
{
$return = 'DES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
$return = 'DES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
}
}
return ($isAValue?"'":"").$return.($isAValue?"'":"");
return ($withQuotes?"'":"").$return.($withQuotes?"'":"");
}
/**

10
htdocs/lib/databases/mysqli.lib.php
View File

@ -693,10 +693,10 @@ class DoliDb
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \param isAValue String in field can be a field name or a value
* \param withQuotes Return string with quotes
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $withQuotes=0)
{
$return = $fieldorvalue;
@ -704,15 +704,15 @@ class DoliDb
{
if ($cryptType == 2)
{
$return = 'AES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
$return = 'AES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
}
else if ($cryptType == 1)
{
$return = 'DES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
$return = 'DES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
}
}
return ($isAValue?"'":"").$return.($isAValue?"'":"");
return ($withQuotes?"'":"").$return.($withQuotes?"'":"");
}
/**

6
htdocs/lib/databases/pgsql.lib.php
View File

@ -787,13 +787,13 @@ class DoliDb
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \param isAValue String in field can be a field name or a value
* \param withQuotes Return string with quotes
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $withQuotes=0)
{
$return = $fieldorvalue;
return ($isAValue?"'":"").$return.($isAValue?"'":"");
return ($withQuotes?"'":"").$return.($withQuotes?"'":"");
}