Changeset 2848
- Timestamp:
- 05/25/10 10:41:40 (14 years ago)
- Location:
- trunk/filemanager
- Files:
-
- 10 deleted
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/filemanager/inc/class.uifilemanager.inc.php
r2608 r2848 601 601 $vars['css'].='<link rel="stylesheet" type="text/css" href="' . $GLOBALS[ 'phpgw' ] -> link( '/phpgwapi/js/dftree/dftree.css' ) . '">'; 602 602 $vars[preferences]='<input type="hidden" id="userPreferences" value=\''.serialize($_SESSION['phpgw_info']['user']['preferences']['filemanager']).'\'>'; 603 // Used for important operations that needs security604 for ($key = ""; strlen($key) < 150; $key .= chr(rand(48,95)));605 $_SESSION['phpgw_info']['filemanager']['user']['sec_key'] = $key;606 $vars['sec_key']='<input type="hidden" id="userKey" value=\''.$key.'\'>';607 603 608 604 $GLOBALS[ 'phpgw_info' ][ 'flags' ][ 'java_script' ] .= '<script>' … … 736 732 function removedir() 737 733 { 738 $toRemove = $this->path ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key']; 734 require_once('phpgwapi/inc/class.rsa.inc.php'); 735 $rsa = new rsa(); 736 $toRemove = $rsa->decode($this->path); 739 737 if ( $this->bo->vfs->rm(array( 'string' => $toRemove, 740 738 'relatives' => array (RELATIVE_NONE) … … 1000 998 1001 999 if ($mime_type == 'text/html'){ 1002 $vars[fck_edit] = '<script type="text/javascript" src="filemanager/tp/ckeditor/ckeditor .js"></script>1000 $vars[fck_edit] = '<script type="text/javascript" src="filemanager/tp/ckeditor/ckeditor_basic.js"></script> 1003 1001 <textarea cols="80" id="edit_file_content" name="edit_file_content" rows="10">'.$content.'</textarea> 1004 1002 <script type="text/javascript"> CKEDITOR.replace( \'edit_file_content\',{ -
trunk/filemanager/inc/class.vfs_functions.inc.php
r2362 r2848 274 274 $zipFilePath=ini_get("session.save_path")."/".$zipFileName; 275 275 $command = $zipFilePath.$command; 276 require_once('phpgwapi/inc/class.rsa.inc.php'); 277 $rsa = new rsa(); 276 278 277 279 if (strlen($this->pswd) > 0){ 278 $command = " -P ".(base64_decode($this->pswd) ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key'])." ".$command; 279 } 280 $command = " -P ".$rsa->decode(base64_decode($this->pswd))." ".$command; 281 } 282 session_start(); 283 $_SESSION['debug'][] = $_SESSION['phpgw_session']['publ_key']; 284 $_SESSION['debug'][] = $_SESSION['phpgw_session']['priv_key']; 285 $_SESSION['debug'][] = $_SESSION['phpgw_session']['modulus']; 286 287 $_SESSION['debug'][] = $this->pswd; 288 $_SESSION['debug'][] = base64_decode($this->pswd); 289 $_SESSION['debug'][] = $rsa->decode(base64_decode($this->pswd)); 290 $_SESSION['debug'][] = $command; 291 280 292 281 293 exec("cd ".$this->bo->vfs->basedir.$this->path.";".escapeshellcmd("nice -n19 zip -9 ".$command),$output,$return_var); … … 303 315 function unarchive(){ 304 316 $command = escapeshellarg($this->file); 317 require_once('phpgwapi/inc/class.rsa.inc.php'); 318 $rsa = new rsa(); 319 305 320 if (strlen($this->pswd) > 0){ 306 $command = " -P ". (base64_decode($this->pswd) ^ $_SESSION['phpgw_info']['filemanager']['user']['sec_key'])." ".$command;321 $command = " -P ".$rsa->decode(base64_decode($this->pswd))." ".$command; 307 322 } 308 323 -
trunk/filemanager/js/jscode/common_functions.js
r2610 r2848 86 86 } 87 87 } 88 89 (function( )90 {91 // TODO: use DES, RSA, PGP, or something strong92 var sec_key = null;93 function encode( data )94 {95 if (data == null)96 return null;97 ret = "";98 for ( var i=0;(i < data.length && data.charCodeAt(i) > 31); i++ )99 {100 ret += String.fromCharCode(data.charCodeAt(i) ^ sec_key.charCodeAt(i));101 }102 return ret;103 }104 105 function crypt( input )106 {107 sec_key = input;108 }109 110 crypt.prototype.encode = encode;111 window.crypt = crypt;112 })( );113 88 114 89 /* -
trunk/filemanager/js/jscode/draw_api.js
r2746 r2848 149 149 150 150 function initDrawApi(){ 151 SecEl = document.getElementById('userKey');152 crypt = new crypt(SecEl.value);153 SecEl.parentNode.removeChild(SecEl);154 155 151 loadPreferences(); 156 152 preferences.files_per_page = (preferences.files_per_page != undefined) ? preferences.files_per_page : 10; … … 529 525 } 530 526 } 531 var pswd = crypt.encode(password);527 var pswd = expresso.crypt.encode(password); 532 528 cExecute_( URL_SERVER + 'index.php?menuaction=filemanager.vfs_functions.archive&pswd='+base64_encode(pswd.toString())+'&path='+base64_encode(currentPath)+filesUrl,handler.archive); 533 529 break; … … 581 577 582 578 function unarchive(filename){ 583 password = crypt.encode(prompt(get_lang('Please, type archive password or leave it empty if it is not encrypted')));579 password = expresso.crypt.encode(prompt(get_lang('Please, type archive password or leave it empty if it is not encrypted'))); 584 580 if (password == null) 585 581 return; … … 626 622 if (confirm(get_lang('Do you really want to remove folder: %1?',Dfolder), '')) 627 623 { 628 cExecute_( URL_SERVER + 'index.php?menuaction=filemanager.uifilemanager.removedir&path='+base64_encode( crypt.encode(Dfolder)),handler.refreshDir);624 cExecute_( URL_SERVER + 'index.php?menuaction=filemanager.uifilemanager.removedir&path='+base64_encode(expresso.crypt.encode(Dfolder)),handler.refreshDir); 629 625 var lastIndex = Dfolder.lastIndexOf('/'); 630 626 currentPath = Dfolder.substr(0,lastIndex); -
trunk/filemanager/templates/default/main.tpl
r2608 r2848 65 65 </div> 66 66 {preferences} 67 {sec_key}68 67 <!-- END filemanager_footer -->
Note: See TracChangeset
for help on using the changeset viewer.