gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-11-28 10:30:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-6.0.x' into seeddms-6.1.x

Browse Source
This commit is contained in:
Uwe Steinmann 2022-11-02 09:01:56 +01:00
commit a66537b747
4 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
SeedDMS_Core/Core/inc.ClassDMS.php
View File

@ -3334,7 +3334,15 @@ class SeedDMS_Core_DMS {
* @return string|boolean hash value of false in case of an error * @return string|boolean hash value of false in case of an error
*/ */
function createPasswordRequest($user) { /* {{{ */ function createPasswordRequest($user) { /* {{{ */
$hash = md5(uniqid(time())); $lenght = 32;
if (function_exists("random_bytes")) {
$bytes = random_bytes(ceil($lenght / 2));
} elseif (function_exists("openssl_random_pseudo_bytes")) {
$bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
} else {
return false;
}
$hash = bin2hex($bytes);
$queryStr = "INSERT INTO `tblUserPasswordRequest` (`userID`, `hash`, `date`) VALUES (" . $user->getId() . ", " . $this->db->qstr($hash) .", ".$this->db->getCurrentDatetime().")"; $queryStr = "INSERT INTO `tblUserPasswordRequest` (`userID`, `hash`, `date`) VALUES (" . $user->getId() . ", " . $this->db->qstr($hash) .", ".$this->db->getCurrentDatetime().")";
$resArr = $this->db->getResult($queryStr); $resArr = $this->db->getResult($queryStr);
if (is_bool($resArr) && !$resArr) return false; if (is_bool($resArr) && !$resArr) return false;

1
SeedDMS_Core/package.xml
View File

@ -2443,6 +2443,7 @@ better error checking in SeedDMS_Core_Document::cancelCheckOut()
<notes> <notes>
- fix SeedDMS_Core_User::getDocumentContents() - fix SeedDMS_Core_User::getDocumentContents()
- fix SeedDMS_Core_File::fileExtension() - fix SeedDMS_Core_File::fileExtension()
- SeedDMS_Core_DMS::createPasswordRequest() creates a cryptographically secure hash
</notes> </notes>
</release> </release>
</changelog> </changelog>

2
op/op.PasswordForgotten.php
View File

@ -27,7 +27,7 @@ include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.ClassSession.php"); include("../inc/inc.ClassSession.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassEmailNotify.php"); //include("../inc/inc.ClassEmailNotify.php");
include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc"; include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";

12
webdav/webdav.php
View File

@ -206,7 +206,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
*/ */
function reverseLookup($path) /* {{{ */ function reverseLookup($path) /* {{{ */
{ {
$path = rawurldecode($path); // do not use rawurl[de|en]code anymore, search for rawurlencode
// $path = rawurldecode($path);
if($this->logger) if($this->logger)
$this->logger->log('reverseLookup: path='.$path.'', PEAR_LOG_DEBUG); $this->logger->log('reverseLookup: path='.$path.'', PEAR_LOG_DEBUG);
@ -384,8 +385,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
array_shift($patharr); array_shift($patharr);
$path = ''; $path = '';
foreach($patharr as $pathseg) foreach($patharr as $pathseg)
$path .= '/'.rawurlencode($pathseg->getName()); // $path .= '/'.rawurlencode($pathseg->getName());
// $path .= '/'.$pathseg->getName(); $path .= '/'.$pathseg->getName();
if(!$path) { if(!$path) {
$path = '/'; $path = '/';
$info["props"][] = $this->mkprop("isroot", "true"); $info["props"][] = $this->mkprop("isroot", "true");
@ -407,9 +408,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
array_shift($patharr); array_shift($patharr);
$path = '/'; $path = '/';
foreach($patharr as $pathseg) foreach($patharr as $pathseg)
$path .= rawurlencode($pathseg->getName()).'/'; // $path .= rawurlencode($pathseg->getName()).'/';
// $path .= $pathseg->getName().'/'; $path .= $pathseg->getName().'/';
// $info["path"] = htmlspecialchars($path.rawurlencode($obj->getName()));
if($this->useorgfilename) { if($this->useorgfilename) {
/* Add the document id and version to the display name. /* Add the document id and version to the display name.
* I doesn't harm because for * I doesn't harm because for