From 8848464bd3534a9f831a02c022c94c1d42a4f6e2 Mon Sep 17 00:00:00 2001 From: xue <> Date: Sun, 14 May 2006 01:28:44 +0000 Subject: Merge from 3.0 branch till 1063. --- HISTORY | 3 ++ framework/3rdParty/TinyMCE/tiny_mce.md5 | 2 +- framework/3rdParty/TinyMCE/tiny_mce.tar | Bin 3164160 -> 3164160 bytes framework/Exceptions/messages.txt | 4 ++ framework/Security/TSecurityManager.php | 58 +++++++++++++++--------- framework/Web/UI/TThemeManager.php | 8 ++++ requirements/index.php | 76 +++++++++++++++++++++++++++----- requirements/messages-zh.txt | 8 ++++ requirements/messages.txt | 10 ++++- 9 files changed, 135 insertions(+), 34 deletions(-) diff --git a/HISTORY b/HISTORY index 630b291f..1d610ca0 100644 --- a/HISTORY +++ b/HISTORY @@ -9,12 +9,15 @@ NEW: SQLMap (Wei) Version 3.0.1 June 1, 2006 ========================== +BUG: Ticket#44 - THtmlArea (tiny_mce) not working on some systems (Qiang) +BUG: Ticket#167 - TSecurityManager issues warning when trying to encrypt/decrypt strings (Qiang) ENH: Ticket#150 - TDataGrid and TDataList now render table section tags (Qiang) ENH: Ticket#152 - constituent parts of TWizard are exposed (Qiang) ENH: added sanity check to calling event handlers (Qiang) ENH: added search for quickstart tutorials (Wei) ENH: added support to property tags for template owner control (Qiang) ENH: added Bulgarian requirement checker messages (StanProg) +ENH: added TTheme.BaseUrl property (Qiang) CHG: Ticket#151 - URL format is modified to handle empty GET values (Qiang) CHG: Ticket#153 - TAssetManager now ignores .svn directories (Qiang) NEW: TTableHeaderRow, TTableFooterRow and table section support (Qiang) diff --git a/framework/3rdParty/TinyMCE/tiny_mce.md5 b/framework/3rdParty/TinyMCE/tiny_mce.md5 index 1ee34468..7e3ff1f8 100644 --- a/framework/3rdParty/TinyMCE/tiny_mce.md5 +++ b/framework/3rdParty/TinyMCE/tiny_mce.md5 @@ -1 +1 @@ -505c2761e878f40d5451115bd5643355 *tiny_mce.tar +92380b28b827c8d569026439abb44142 tiny_mce.tar diff --git a/framework/3rdParty/TinyMCE/tiny_mce.tar b/framework/3rdParty/TinyMCE/tiny_mce.tar index 663abb34..125ee624 100644 Binary files a/framework/3rdParty/TinyMCE/tiny_mce.tar and b/framework/3rdParty/TinyMCE/tiny_mce.tar differ diff --git a/framework/Exceptions/messages.txt b/framework/Exceptions/messages.txt index ebdbaaea..c57534b1 100644 --- a/framework/Exceptions/messages.txt +++ b/framework/Exceptions/messages.txt @@ -42,6 +42,10 @@ appconfig_serviceid_required = Application configuration element mus appconfig_servicetype_required = Application configuration must have a "class" attribute. appconfig_parameterid_required = Application configuration element must have an "id" attribute. +securitymanager_validationkey_invalid = TSecurityManager.ValidationKey must not be empty. +securitymanager_encryptionkey_invalid = TSecurityManager.EncryptionKey must not be empty. +securitymanager_mcryptextension_required = Mcrypt PHP extension is required in order to use TSecurityManager's encryption feature. + uri_format_invalid = '{0}' is not a valid URI. httpresponse_bufferoutput_unchangeable = THttpResponse.BufferOutput cannot be modified after THttpResponse is initialized. diff --git a/framework/Security/TSecurityManager.php b/framework/Security/TSecurityManager.php index 46ad4575..b0ea4e95 100644 --- a/framework/Security/TSecurityManager.php +++ b/framework/Security/TSecurityManager.php @@ -43,8 +43,10 @@ class TSecurityManager extends TModule { const STATE_VALIDATION_KEY='prado:securitymanager:validationkey'; const STATE_ENCRYPTION_KEY='prado:securitymanager:encryptionkey'; - private $_validationKey; - private $_encryptionKey; + const STATE_INIT_VECTOR='prado:securitymanager:initvector'; + private $_validationKey=null; + private $_encryptionKey=null; + private $_initVector=null; private $_validation='SHA1'; private $_encryption='3DES'; @@ -63,19 +65,16 @@ class TSecurityManager extends TModule */ protected function generateRandomKey() { - $v1=rand(); - $v2=rand(); - $v3=rand(); - return md5("$v1$v2$v3"); + return rand().rand().rand().rand(); } /** * @return string the private key used to generate HMAC. - * If the key is not explicitly set, a random one is generated and used. + * If the key is not explicitly set, a random one is generated and returned. */ public function getValidationKey() { - if(empty($this->_validationKey)) + if($this->_validationKey===null) { if(($this->_validationKey=$this->getApplication()->getGlobalState(self::STATE_VALIDATION_KEY))===null) { @@ -88,22 +87,23 @@ class TSecurityManager extends TModule /** * @param string the key used to generate HMAC - * @throws TInvalidDataValueException if the key is shorter than 8 characters. + * @throws TInvalidDataValueException if the key is empty */ public function setValidationKey($value) { - if(strlen($value)<8) + if($value!=='') + $this->_validationKey=$value; + else throw new TInvalidDataValueException('securitymanager_validationkey_invalid'); - $this->_validationKey=$value; } /** * @return string the private key used to encrypt/decrypt data. - * If the key is not explicitly set, a random one is generated and used. + * If the key is not explicitly set, a random one is generated and returned. */ public function getEncryptionKey() { - if(empty($this->_encryptionKey)) + if($this->_encryptionKey===null) { if(($this->_encryptionKey=$this->getApplication()->getGlobalState(self::STATE_ENCRYPTION_KEY))===null) { @@ -116,13 +116,14 @@ class TSecurityManager extends TModule /** * @param string the key used to encrypt/decrypt data. - * @throws TInvalidDataValueException if the key is shorter than 8 characters. + * @throws TInvalidDataValueException if the key is empty */ public function setEncryptionKey($value) { - if(strlen($value)<8) + if($value!=='') + $this->_encryptionKey=$value; + else throw new TInvalidDataValueException('securitymanager_encryptionkey_invalid'); - $this->_encryptionKey=$value; } /** @@ -167,7 +168,15 @@ class TSecurityManager extends TModule { if(function_exists('mcrypt_encrypt')) { - return mcrypt_encrypt(MCRYPT_3DES, $this->getEncryptionKey(), $data, MCRYPT_MODE_CBC); + $module=mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_CBC, ''); + $key=substr(md5($this->getEncryptionKey()),0,mcrypt_enc_get_key_size($module)); + srand(); + $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND); + mcrypt_generic_init($module,$key,$iv); + $encrypted=$iv.mcrypt_generic($module,$data); + mcrypt_generic_deinit($module); + mcrypt_module_close($module); + return $encrypted; } else throw new TNotSupportedException('securitymanager_mcryptextension_required'); @@ -183,7 +192,15 @@ class TSecurityManager extends TModule { if(function_exists('mcrypt_decrypt')) { - return mcrypt_decrypt(MCRYPT_3DES, $this->getEncryptionKey(), $data, MCRYPT_MODE_CBC); + $module=mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_CBC, ''); + $key=substr(md5($this->getEncryptionKey()),0,mcrypt_enc_get_key_size($module)); + $ivSize=mcrypt_enc_get_iv_size($module); + $iv=substr($data,0,$ivSize); + mcrypt_generic_init($module,$key,$iv); + $decrypted=mdecrypt_generic($module,substr($data,$ivSize)); + mcrypt_generic_deinit($module); + mcrypt_module_close($module); + return rtrim($decrypted,"\0"); } else throw new TNotSupportedException('securitymanager_mcryptextension_required'); @@ -238,10 +255,7 @@ class TSecurityManager extends TModule $func='md5'; } $key=$this->getValidationKey(); - if (strlen($key) > 64) - $key = pack($pack, $func($key)); - if (strlen($key) < 64) - $key = str_pad($key, 64, chr(0)); + $key=str_pad($func($key), 64, chr(0)); return $func((str_repeat(chr(0x5C), 64) ^ substr($key, 0, 64)) . pack($pack, $func((str_repeat(chr(0x36), 64) ^ substr($key, 0, 64)) . $data))); } } diff --git a/framework/Web/UI/TThemeManager.php b/framework/Web/UI/TThemeManager.php index 7ae36556..c351bcdb 100644 --- a/framework/Web/UI/TThemeManager.php +++ b/framework/Web/UI/TThemeManager.php @@ -300,6 +300,14 @@ class TTheme extends TApplicationComponent implements ITheme return $this->_name; } + /** + * @return string the URL to the theme folder (without ending slash) + */ + public function getBaseUrl() + { + return $this->_themeUrl; + } + /** * Applies the theme to a particular control. * The control's class name and SkinID value will be used to diff --git a/requirements/index.php b/requirements/index.php index 8bb40418..a94c92cf 100644 --- a/requirements/index.php +++ b/requirements/index.php @@ -30,15 +30,70 @@ * @var array List of requirements (required or not, check item, hint) */ $requirements = array( - array(true,'version_compare(PHP_VERSION,"5.0.4",">=")','PHP version check','PHP 5.0.4 or higher required'), - array(false,'version_compare(PHP_VERSION,"5.1.0",">=")','PHP version check','PHP 5.1.0 or higher preferred'), - array(true,'class_exists("DOMDocument",false)','DOM extension check','DOM extension required'), - array(false,'function_exists("iconv")','ICONV extension check','ICONV extension optional'), - array(false,'extension_loaded("zlib")','Zlib extension check','Zlib extension optional'), - array(false,'extension_loaded("sqlite")','SQLite extension check','SQLite extension optional'), - array(false,'extension_loaded("memcache")','Memcache extension check','Memcache extension optional'), - array(false,'extension_loaded("apc")','APC extension check','APC extension optional'), - array(false,'extension_loaded("mcrypt")','Mcrypt extension check','Mcrypt extension optional'), + array( + true, + version_compare(PHP_VERSION,"5.0.4",">="), + 'PHP version check', + 'PHP 5.0.4 or higher required'), + array( + false, + version_compare(PHP_VERSION,"5.1.0",">="), + 'PHP version check','PHP 5.1.0 or higher preferred'), + array( + true, + isset($_SERVER["HTTP_ACCEPT"]), + '$_SERVER["HTTP_ACCEPT"] check', + 'HTTP_ACCEPT required'), + array( + true, + isset($_SERVER["SCRIPT_FILENAME"]) && realpath($_SERVER["SCRIPT_FILENAME"])===realpath(__FILE__), + '$_SERVER["SCRIPT_FILENAME"] check', + 'SCRIPT_FILENAME required'), + array( + true, + isset($_SERVER["REQUEST_URI"]) || isset($_SERVER["QUERY_STRING"]), + '$_SERVER["REQUEST_URI"] check', + 'REQUEST_URI required'), + array( + true, + isset($_SERVER["PATH_INFO"]) || strpos($_SERVER["PHP_SELF"],$_SERVER["SCRIPT_NAME"])===0, + '$_SERVER["PATH_INFO"] check', + 'PATH_INFO required'), + array( + true, + class_exists("DOMDocument",false), + 'DOM extension check', + 'DOM extension required'), + array( + false, + function_exists("iconv"), + 'ICONV extension check', + 'ICONV extension optional'), + array( + false, + extension_loaded("zlib"), + 'Zlib extension check', + 'Zlib extension optional'), + array( + false, + extension_loaded("sqlite"), + 'SQLite extension check', + 'SQLite extension optional'), + array( + false, + extension_loaded("memcache"), + 'Memcache extension check', + 'Memcache extension optional'), + array( + false, + extension_loaded("apc"), + 'APC extension check', + 'APC extension optional'), + array( + false, + extension_loaded("mcrypt"), + 'Mcrypt extension check', + 'Mcrypt extension optional'), array(false,'extension_loaded("xsl")','XSL extension check','XSL extension optional'), ); @@ -47,7 +102,8 @@ $conclusion = 0; foreach($requirements as $requirement) { list($required,$expression,$aspect,$hint)=$requirement; - eval('$ret='.$expression.';'); + //eval('$ret='.$expression.';'); + $ret=$expression; if($required) { if($ret) diff --git a/requirements/messages-zh.txt b/requirements/messages-zh.txt index bb832a4c..b86d96cf 100644 --- a/requirements/messages-zh.txt +++ b/requirements/messages-zh.txt @@ -20,3 +20,11 @@ Mcrypt extension check = Mcrypt模块检查 Mcrypt extension optional = Mcrypt模块是可选的。如果它不存在,某些敏感数据,例如viewstate,将无法被加密。 XSL extension check = XSL模块检查 XSL extension optional = XSL模块是可选的。如果它不存在,您将无法使用TXmlTransform。 +$_SERVER["HTTP_ACCEPT"] check = $_SERVER["HTTP_ACCEPT"]检查 +HTTP_ACCEPT required = $_SERVER["HTTP_ACCEPT"]是必须的。如果它不存在,一些多语言功能可能出错。 +$_SERVER["SCRIPT_FILENAME"] check = $_SERVER["SCRIPT_FILENAME"]检查 +SCRIPT_FILENAME required = $_SERVER["SCRIPT_FILENAME"]必须指向本程序文件路径。 +$_SERVER["REQUEST_URI"] check = $_SERVER["REQUEST_URI"]检查 +REQUEST_URI required = $_SERVER["REQUEST_URI"]或$_SERVER["QUERY_STRING"]是必须的。如果它们都不存在,用户请求将无法被正确解析。 +$_SERVER["PATH_INFO"] check = $_SERVER["PATH_INFO"]检查 +PATH_INFO required = $_SERVER["PATH_INFO"]或$_SERVER["PHP_SELF"]和$_SERVER["SCRIPT_NAME"]是必须的。如果它们都不存在,URL的pathinfo将无法被正确解析。 diff --git a/requirements/messages.txt b/requirements/messages.txt index 405231df..ccda04b2 100644 --- a/requirements/messages.txt +++ b/requirements/messages.txt @@ -19,4 +19,12 @@ ICONV extension optional = ICONV extension is optional. If it is absent, some Mcrypt extension check = Mcrypt extension check Mcrypt extension optional = Mcrypt extension is optional. If it is absent, sensitive data, such as viewstate, cannot be encrypted. XSL extension check = XSL extension check -XSL extension optional = XSL extension is optional. If it is absent, you will not be able to use TXmlTransform. \ No newline at end of file +XSL extension optional = XSL extension is optional. If it is absent, you will not be able to use TXmlTransform. +$_SERVER["HTTP_ACCEPT"] check = $_SERVER["HTTP_ACCEPT"] check +HTTP_ACCEPT required = $_SERVER["HTTP_ACCEPT"] is required by multilanguage support. +$_SERVER["SCRIPT_FILENAME"] check = $_SERVER["SCRIPT_FILENAME"] check +SCRIPT_FILENAME required = $_SERVER["SCRIPT_FILENAME"] must point to the file path of this checker script. +$_SERVER["REQUEST_URI"] check = $_SERVER["REQUEST_URI"] check +REQUEST_URI required = Either $_SERVER["REQUEST_URI"] or $_SERVER["QUERY_STRING"] must be available for resolving user requests. +$_SERVER["PATH_INFO"] check = $_SERVER["PATH_INFO"] check +PATH_INFO required = $_SERVER["PATH_INFO"] or $_SERVER["PHP_SELF"] and $_SERVER["SCRIPT_NAME"] are required for determining URL pathinfo. -- cgit v1.2.3