diff options
Diffstat (limited to 'framework')
| -rw-r--r-- | framework/3rdParty/TinyMCE/tiny_mce.md5 | 2 | ||||
| -rw-r--r-- | framework/3rdParty/TinyMCE/tiny_mce.tar | bin | 3164160 -> 3164160 bytes | |||
| -rw-r--r-- | framework/Exceptions/messages.txt | 4 | ||||
| -rw-r--r-- | framework/Security/TSecurityManager.php | 58 | ||||
| -rw-r--r-- | framework/Web/UI/TThemeManager.php | 8 |
5 files changed, 49 insertions, 23 deletions
diff --git a/framework/3rdParty/TinyMCE/tiny_mce.md5 b/framework/3rdParty/TinyMCE/tiny_mce.md5 index 1ee34468..7e3ff1f8 100644 --- a/framework/3rdParty/TinyMCE/tiny_mce.md5 +++ b/framework/3rdParty/TinyMCE/tiny_mce.md5 @@ -1 +1 @@ -505c2761e878f40d5451115bd5643355 *tiny_mce.tar +92380b28b827c8d569026439abb44142 tiny_mce.tar diff --git a/framework/3rdParty/TinyMCE/tiny_mce.tar b/framework/3rdParty/TinyMCE/tiny_mce.tar Binary files differindex 663abb34..125ee624 100644 --- a/framework/3rdParty/TinyMCE/tiny_mce.tar +++ b/framework/3rdParty/TinyMCE/tiny_mce.tar diff --git a/framework/Exceptions/messages.txt b/framework/Exceptions/messages.txt index ebdbaaea..c57534b1 100644 --- a/framework/Exceptions/messages.txt +++ b/framework/Exceptions/messages.txt @@ -42,6 +42,10 @@ appconfig_serviceid_required = Application configuration <service> element mus appconfig_servicetype_required = Application configuration <service id="{0}"> must have a "class" attribute.
appconfig_parameterid_required = Application configuration <parameter> element must have an "id" attribute.
+securitymanager_validationkey_invalid = TSecurityManager.ValidationKey must not be empty.
+securitymanager_encryptionkey_invalid = TSecurityManager.EncryptionKey must not be empty.
+securitymanager_mcryptextension_required = Mcrypt PHP extension is required in order to use TSecurityManager's encryption feature.
+
uri_format_invalid = '{0}' is not a valid URI.
httpresponse_bufferoutput_unchangeable = THttpResponse.BufferOutput cannot be modified after THttpResponse is initialized.
diff --git a/framework/Security/TSecurityManager.php b/framework/Security/TSecurityManager.php index 46ad4575..b0ea4e95 100644 --- a/framework/Security/TSecurityManager.php +++ b/framework/Security/TSecurityManager.php @@ -43,8 +43,10 @@ class TSecurityManager extends TModule {
const STATE_VALIDATION_KEY='prado:securitymanager:validationkey';
const STATE_ENCRYPTION_KEY='prado:securitymanager:encryptionkey';
- private $_validationKey;
- private $_encryptionKey;
+ const STATE_INIT_VECTOR='prado:securitymanager:initvector';
+ private $_validationKey=null;
+ private $_encryptionKey=null;
+ private $_initVector=null;
private $_validation='SHA1';
private $_encryption='3DES';
@@ -63,19 +65,16 @@ class TSecurityManager extends TModule */
protected function generateRandomKey()
{
- $v1=rand();
- $v2=rand();
- $v3=rand();
- return md5("$v1$v2$v3");
+ return rand().rand().rand().rand();
}
/**
* @return string the private key used to generate HMAC.
- * If the key is not explicitly set, a random one is generated and used.
+ * If the key is not explicitly set, a random one is generated and returned.
*/
public function getValidationKey()
{
- if(empty($this->_validationKey))
+ if($this->_validationKey===null)
{
if(($this->_validationKey=$this->getApplication()->getGlobalState(self::STATE_VALIDATION_KEY))===null)
{
@@ -88,22 +87,23 @@ class TSecurityManager extends TModule /**
* @param string the key used to generate HMAC
- * @throws TInvalidDataValueException if the key is shorter than 8 characters.
+ * @throws TInvalidDataValueException if the key is empty
*/
public function setValidationKey($value)
{
- if(strlen($value)<8)
+ if($value!=='')
+ $this->_validationKey=$value;
+ else
throw new TInvalidDataValueException('securitymanager_validationkey_invalid');
- $this->_validationKey=$value;
}
/**
* @return string the private key used to encrypt/decrypt data.
- * If the key is not explicitly set, a random one is generated and used.
+ * If the key is not explicitly set, a random one is generated and returned.
*/
public function getEncryptionKey()
{
- if(empty($this->_encryptionKey))
+ if($this->_encryptionKey===null)
{
if(($this->_encryptionKey=$this->getApplication()->getGlobalState(self::STATE_ENCRYPTION_KEY))===null)
{
@@ -116,13 +116,14 @@ class TSecurityManager extends TModule /**
* @param string the key used to encrypt/decrypt data.
- * @throws TInvalidDataValueException if the key is shorter than 8 characters.
+ * @throws TInvalidDataValueException if the key is empty
*/
public function setEncryptionKey($value)
{
- if(strlen($value)<8)
+ if($value!=='')
+ $this->_encryptionKey=$value;
+ else
throw new TInvalidDataValueException('securitymanager_encryptionkey_invalid');
- $this->_encryptionKey=$value;
}
/**
@@ -167,7 +168,15 @@ class TSecurityManager extends TModule {
if(function_exists('mcrypt_encrypt'))
{
- return mcrypt_encrypt(MCRYPT_3DES, $this->getEncryptionKey(), $data, MCRYPT_MODE_CBC);
+ $module=mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_CBC, '');
+ $key=substr(md5($this->getEncryptionKey()),0,mcrypt_enc_get_key_size($module));
+ srand();
+ $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND);
+ mcrypt_generic_init($module,$key,$iv);
+ $encrypted=$iv.mcrypt_generic($module,$data);
+ mcrypt_generic_deinit($module);
+ mcrypt_module_close($module);
+ return $encrypted;
}
else
throw new TNotSupportedException('securitymanager_mcryptextension_required');
@@ -183,7 +192,15 @@ class TSecurityManager extends TModule {
if(function_exists('mcrypt_decrypt'))
{
- return mcrypt_decrypt(MCRYPT_3DES, $this->getEncryptionKey(), $data, MCRYPT_MODE_CBC);
+ $module=mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_CBC, '');
+ $key=substr(md5($this->getEncryptionKey()),0,mcrypt_enc_get_key_size($module));
+ $ivSize=mcrypt_enc_get_iv_size($module);
+ $iv=substr($data,0,$ivSize);
+ mcrypt_generic_init($module,$key,$iv);
+ $decrypted=mdecrypt_generic($module,substr($data,$ivSize));
+ mcrypt_generic_deinit($module);
+ mcrypt_module_close($module);
+ return rtrim($decrypted,"\0");
}
else
throw new TNotSupportedException('securitymanager_mcryptextension_required');
@@ -238,10 +255,7 @@ class TSecurityManager extends TModule $func='md5';
}
$key=$this->getValidationKey();
- if (strlen($key) > 64)
- $key = pack($pack, $func($key));
- if (strlen($key) < 64)
- $key = str_pad($key, 64, chr(0));
+ $key=str_pad($func($key), 64, chr(0));
return $func((str_repeat(chr(0x5C), 64) ^ substr($key, 0, 64)) . pack($pack, $func((str_repeat(chr(0x36), 64) ^ substr($key, 0, 64)) . $data)));
}
}
diff --git a/framework/Web/UI/TThemeManager.php b/framework/Web/UI/TThemeManager.php index 7ae36556..c351bcdb 100644 --- a/framework/Web/UI/TThemeManager.php +++ b/framework/Web/UI/TThemeManager.php @@ -301,6 +301,14 @@ class TTheme extends TApplicationComponent implements ITheme }
/**
+ * @return string the URL to the theme folder (without ending slash)
+ */
+ public function getBaseUrl()
+ {
+ return $this->_themeUrl;
+ }
+
+ /**
* Applies the theme to a particular control.
* The control's class name and SkinID value will be used to
* identify which skin to be applied. If the control's SkinID is empty,
|