Changeset 2848

Timestamp:

05/25/10 10:41:40 (14 years ago)

Author:

amuller

Message:

Ticket #1086 - Utiliza no filemanager a classe RSA implementada na API

Location:

trunk/filemanager

Files:

• inc/class.uifilemanager.inc.php (modified) (3 diffs)
• inc/class.vfs_functions.inc.php (modified) (2 diffs)
• js/common_functions.js (deleted)
• js/config.js (deleted)
• js/connector.js (deleted)
• js/drag_area.js (deleted)
• js/draw_api.js (deleted)
• js/global.js (deleted)
• js/handler.js (deleted)
• js/jscode/common_functions.js (modified) (1 diff)
• js/jscode/draw_api.js (modified) (4 diffs)
• js/load_lang.js (deleted)
• js/main.js (deleted)
• js/refresh.js (deleted)
• templates/default/main.tpl (modified) (1 diff)

trunk/filemanager/inc/class.uifilemanager.inc.php

@@ -601 +601 @@
                                 $vars['css'].='<link rel="stylesheet" type="text/css" href="' . $GLOBALS[ 'phpgw' ] -> link( '/phpgwapi/js/dftree/dftree.css' ) . '">';
                                 $vars[preferences]='<input type="hidden" id="userPreferences" value=\''.serialize($_SESSION['phpgw_info']['user']['preferences']['filemanager']).'\'>';
-                                // Used for important operations that needs security
-                                for ($key = ""; strlen($key) < 150; $key .= chr(rand(48,95)));
-                                $_SESSION['phpgw_info']['filemanager']['user']['sec_key'] = $key;
-                                $vars['sec_key']='<input type="hidden" id="userKey" value=\''.$key.'\'>';
 
                                 $GLOBALS[ 'phpgw_info' ][ 'flags' ][ 'java_script' ] .=  '<script>'
@@ -736 +732 @@
                 function removedir()
                 {
-                        $toRemove = $this->path ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key'];
+                        require_once('phpgwapi/inc/class.rsa.inc.php');
+                        $rsa = new rsa();                       
+                        $toRemove = $rsa->decode($this->path);
                         if ( $this->bo->vfs->rm(array( 'string' => $toRemove,
                                 'relatives' => array (RELATIVE_NONE)
@@ -1000 +998 @@
 
                                 if ($mime_type == 'text/html'){
-                                        $vars[fck_edit] = '<script type="text/javascript" src="filemanager/tp/ckeditor/ckeditor.js"></script>
+                                        $vars[fck_edit] = '<script type="text/javascript" src="filemanager/tp/ckeditor/ckeditor_basic.js"></script>
                                                 <textarea cols="80" id="edit_file_content" name="edit_file_content" rows="10">'.$content.'</textarea>
                                                 <script type="text/javascript"> CKEDITOR.replace( \'edit_file_content\',{

trunk/filemanager/inc/class.vfs_functions.inc.php

@@ -274 +274 @@
                         $zipFilePath=ini_get("session.save_path")."/".$zipFileName;
                         $command = $zipFilePath.$command;
+                        require_once('phpgwapi/inc/class.rsa.inc.php');
+                        $rsa = new rsa();
 
                         if (strlen($this->pswd) > 0){
-                                $command = " -P ".(base64_decode($this->pswd) ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key'])." ".$command;
-                        }
+                                $command = " -P ".$rsa->decode(base64_decode($this->pswd))." ".$command;
+                        }
+                        session_start();
+                        $_SESSION['debug'][] = $_SESSION['phpgw_session']['publ_key'];
+                        $_SESSION['debug'][] = $_SESSION['phpgw_session']['priv_key'];
+                        $_SESSION['debug'][] = $_SESSION['phpgw_session']['modulus'];
+                                                               
+                        $_SESSION['debug'][] = $this->pswd;
+                        $_SESSION['debug'][] = base64_decode($this->pswd);
+                        $_SESSION['debug'][] = $rsa->decode(base64_decode($this->pswd));
+                        $_SESSION['debug'][] = $command;
+
 
                         exec("cd ".$this->bo->vfs->basedir.$this->path.";".escapeshellcmd("nice -n19 zip -9 ".$command),$output,$return_var);
@@ -303 +315 @@
                 function unarchive(){
                         $command = escapeshellarg($this->file);
+                        require_once('phpgwapi/inc/class.rsa.inc.php');
+                        $rsa = new rsa();
+
                         if (strlen($this->pswd) > 0){
-                                $command = " -P ".(base64_decode($this->pswd) ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key'])." ".$command;
+                                $command = " -P ".$rsa->decode(base64_decode($this->pswd))." ".$command;
                         }
 

trunk/filemanager/js/jscode/common_functions.js

@@ -86 +86 @@
         }
 }
-
-(function( )
-{
-        // TODO: use DES, RSA, PGP, or something strong
-        var sec_key = null;
-        function encode( data )
-        {
-                if (data == null)
-                        return null;
-                ret = "";
-                for ( var i=0;(i < data.length && data.charCodeAt(i) > 31); i++ )
-                {
-                        ret += String.fromCharCode(data.charCodeAt(i) ^ sec_key.charCodeAt(i));
-                }
-                return ret;
-        }
-
-        function crypt( input )
-        {
-                sec_key = input;
-        }
-
-        crypt.prototype.encode = encode;
-        window.crypt = crypt;
-})( );
 
 /*

trunk/filemanager/js/jscode/draw_api.js

@@ -149 +149 @@
 
 function initDrawApi(){
-        SecEl = document.getElementById('userKey');
-        crypt = new crypt(SecEl.value);
-        SecEl.parentNode.removeChild(SecEl);
-
         loadPreferences();
         preferences.files_per_page = (preferences.files_per_page != undefined) ? preferences.files_per_page : 10;
@@ -529 +525 @@
                                 }
                         }
-                        var pswd = crypt.encode(password);
+                        var pswd = expresso.crypt.encode(password);
                         cExecute_( URL_SERVER + 'index.php?menuaction=filemanager.vfs_functions.archive&pswd='+base64_encode(pswd.toString())+'&path='+base64_encode(currentPath)+filesUrl,handler.archive);
                         break;
@@ -581 +577 @@
 
 function unarchive(filename){
-        password = crypt.encode(prompt(get_lang('Please, type archive password or leave it empty if it is not encrypted')));
+        password = expresso.crypt.encode(prompt(get_lang('Please, type archive password or leave it empty if it is not encrypted')));
         if (password == null)
                 return;
@@ -626 +622 @@
                         if (confirm(get_lang('Do you really want to remove folder: %1?',Dfolder), ''))
                         {
-                                cExecute_( URL_SERVER + 'index.php?menuaction=filemanager.uifilemanager.removedir&path='+base64_encode(crypt.encode(Dfolder)),handler.refreshDir);
+                                cExecute_( URL_SERVER + 'index.php?menuaction=filemanager.uifilemanager.removedir&path='+base64_encode(expresso.crypt.encode(Dfolder)),handler.refreshDir);
                                 var lastIndex = Dfolder.lastIndexOf('/');
                                 currentPath = Dfolder.substr(0,lastIndex);

trunk/filemanager/templates/default/main.tpl

@@ -65 +65 @@
 </div>
 {preferences}
-{sec_key}
 <!-- END filemanager_footer -->