gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2022-11-02 09:00:43 +01:00
commit dc6b153df8
5 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
SeedDMS_Core/Core/inc.ClassDMS.php
View File

@ -3286,7 +3286,15 @@ class SeedDMS_Core_DMS {
* @return string|boolean hash value of false in case of an error * @return string|boolean hash value of false in case of an error
*/ */
function createPasswordRequest($user) { /* {{{ */ function createPasswordRequest($user) { /* {{{ */
$hash = md5(uniqid(time())); $lenght = 32;
if (function_exists("random_bytes")) {
$bytes = random_bytes(ceil($lenght / 2));
} elseif (function_exists("openssl_random_pseudo_bytes")) {
$bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
} else {
return false;
}
$hash = bin2hex($bytes);
$queryStr = "INSERT INTO `tblUserPasswordRequest` (`userID`, `hash`, `date`) VALUES (" . $user->getId() . ", " . $this->db->qstr($hash) .", ".$this->db->getCurrentDatetime().")"; $queryStr = "INSERT INTO `tblUserPasswordRequest` (`userID`, `hash`, `date`) VALUES (" . $user->getId() . ", " . $this->db->qstr($hash) .", ".$this->db->getCurrentDatetime().")";
$resArr = $this->db->getResult($queryStr); $resArr = $this->db->getResult($queryStr);
if (is_bool($resArr) && !$resArr) return false; if (is_bool($resArr) && !$resArr) return false;

1
SeedDMS_Core/package.xml
View File

@ -26,6 +26,7 @@
<notes> <notes>
- fix SeedDMS_Core_User::getDocumentContents() - fix SeedDMS_Core_User::getDocumentContents()
- fix SeedDMS_Core_File::fileExtension() - fix SeedDMS_Core_File::fileExtension()
- SeedDMS_Core_DMS::createPasswordRequest() creates a cryptographically secure hash
</notes> </notes>
<contents> <contents>
<dir baseinstalldir="SeedDMS" name="/"> <dir baseinstalldir="SeedDMS" name="/">

21
inc/inc.Utils.php
View File

@ -695,7 +695,7 @@ function formatComment($an) { /* {{{ */
* @param string $command The command to check * @param string $command The command to check
* @return bool True if the command has been found ; otherwise, false. * @return bool True if the command has been found ; otherwise, false.
*/ */
function commandExists ($command) { function commandExists ($command) { /* {{{ */
$whereIsCommand = (PHP_OS == 'WINNT') ? 'where' : 'command -v'; $whereIsCommand = (PHP_OS == 'WINNT') ? 'where' : 'command -v';
$process = proc_open( $process = proc_open(
@ -718,7 +718,7 @@ function commandExists ($command) {
} }
return false; return false;
} } /* }}} */
/** /**
* Send a file from disk to the browser * Send a file from disk to the browser
@ -880,6 +880,23 @@ function createNonce() { /* {{{ */
return base64_encode($bytes); return base64_encode($bytes);
} /* }}} */ } /* }}} */
/**
* Create a real uniqid for cryptographic purposes
*
* @ return string
*/
function uniqidReal($lenght = 13) {
// uniqid gives 13 chars, but you could adjust it to your needs.
if (function_exists("random_bytes")) {
$bytes = random_bytes(ceil($lenght / 2));
} elseif (function_exists("openssl_random_pseudo_bytes")) {
$bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
} else {
throw new Exception("no cryptographically secure random function available");
}
return substr(bin2hex($bytes), 0, $lenght);
}
/** /**
* Compare function for sorting users by login * Compare function for sorting users by login
* *

2
op/op.PasswordForgotten.php
View File

@ -27,7 +27,7 @@ include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.ClassSession.php"); include("../inc/inc.ClassSession.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassEmailNotify.php"); //include("../inc/inc.ClassEmailNotify.php");
include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc"; include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";

12
webdav/webdav.php
View File

@ -206,7 +206,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
*/ */
function reverseLookup($path) /* {{{ */ function reverseLookup($path) /* {{{ */
{ {
$path = rawurldecode($path); // do not use rawurl[de|en]code anymore, search for rawurlencode
// $path = rawurldecode($path);
if($this->logger) if($this->logger)
$this->logger->log('reverseLookup: path='.$path.'', PEAR_LOG_DEBUG); $this->logger->log('reverseLookup: path='.$path.'', PEAR_LOG_DEBUG);
@ -384,8 +385,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
array_shift($patharr); array_shift($patharr);
$path = ''; $path = '';
foreach($patharr as $pathseg) foreach($patharr as $pathseg)
$path .= '/'.rawurlencode($pathseg->getName()); // $path .= '/'.rawurlencode($pathseg->getName());
// $path .= '/'.$pathseg->getName(); $path .= '/'.$pathseg->getName();
if(!$path) { if(!$path) {
$path = '/'; $path = '/';
$info["props"][] = $this->mkprop("isroot", "true"); $info["props"][] = $this->mkprop("isroot", "true");
@ -407,9 +408,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
array_shift($patharr); array_shift($patharr);
$path = '/'; $path = '/';
foreach($patharr as $pathseg) foreach($patharr as $pathseg)
$path .= rawurlencode($pathseg->getName()).'/'; // $path .= rawurlencode($pathseg->getName()).'/';
// $path .= $pathseg->getName().'/'; $path .= $pathseg->getName().'/';
// $info["path"] = htmlspecialchars($path.rawurlencode($obj->getName()));
if($this->useorgfilename) { if($this->useorgfilename) {
/* Add the document id and version to the display name. /* Add the document id and version to the display name.
* I doesn't harm because for * I doesn't harm because for