Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

2025-02-11 09:35:00 +00:00 · 2023-04-18 20:13:45 +02:00 · 2023-04-18 20:13:45 +02:00 · eb2296f814
commit eb2296f814
parent 300bcb2514 ff78380f4b
5 changed files with 115 additions and 80 deletions
--- a/2
+++ b/2
@ -264,6 +264,8 @@
 - comment of document, documentcontent and folder can be rendered as
  markdown
 - fix preview for file in drop folder
+- fix export of search result
+- use openssl instead of mcrypt

 --------------------------------------------------------------------------------
                     Changes in version 5.1.30
--- a/inc/inc.Language.php
+++ b/inc/inc.Language.php
@ -391,6 +391,8 @@ function getAttributeObjectTypeText($attrdef) { /* {{{ */
 		case SeedDMS_Core_AttributeDefinition::objtype_documentcontent:
 			$ot = getMLText("documentcontent");
 			break;
+		default:
+			$ot = getMLText('objtype_unknown');
 	}
 	return $ot;
 } /* }}} */
--- a/inc/inc.Settings.php
+++ b/inc/inc.Settings.php
@ -31,7 +31,7 @@ if(!defined("SEEDDMS_INSTALL") && file_exists($settings->_configFileDir."/ENABLE

 /* Set an encryption key if is not set */
 if(!trim($settings->_encryptionKey)) {
-	$settings->_encryptionKey = md5(uniqid());
+	$settings->_encryptionKey = bin2hex(openssl_random_pseudo_bytes(16));
 	$settings->save();
 }

--- a/inc/inc.Utils.php
+++ b/inc/inc.Utils.php
@ -582,11 +582,28 @@ function checkQuota($user) { /* {{{ */
 * @return string encrypted data
 */
 function encryptData($key, $value) { /* {{{ */
-  $text = $value;
-  $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
-  $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
-  $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
-  return $crypttext;
+	if(function_exists('openssl_cipher_iv_length')) {
+		$nonceSize = openssl_cipher_iv_length('aes-256-ctr');
+		$nonce = openssl_random_pseudo_bytes($nonceSize);
+
+		$ciphertext = openssl_encrypt(
+			$value,
+			'aes-256-ctr',
+			$key,
+			OPENSSL_RAW_DATA,
+			$nonce
+		);
+
+		// Now let's pack the IV and the ciphertext together
+		// Naively, we can just concatenate
+		return $nonce.$ciphertext;
+	} else {	
+		$text = $value;
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
+		return $crypttext;
+	}
 } /* }}} */

 /**
@ -597,11 +614,26 @@ function encryptData($key, $value) { /* {{{ */
 * @return string plain text data
 */
 function decryptData($key, $value) { /* {{{ */
-  $crypttext = $value;
-  $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
-  $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
-  $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_ECB, $iv);
-  return trim($decrypttext);
+	if(function_exists('openssl_cipher_iv_length')) {
+		$nonceSize = openssl_cipher_iv_length('aes-256-ctr');
+		$nonce = mb_substr($value, 0, $nonceSize, '8bit');
+		$ciphertext = mb_substr($value, $nonceSize, null, '8bit');
+		
+		$plaintext = openssl_decrypt(
+			$ciphertext,
+			'aes-256-ctr',
+			$key,
+			OPENSSL_RAW_DATA,
+			$nonce
+		);
+		return $plaintext;
+	} else {
+		$crypttext = $value;
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_ECB, $iv);
+		return trim($decrypttext);
+	}
 } /* }}} */

 /**
--- a/utils/adddoc.php
+++ b/utils/adddoc.php
@ -135,87 +135,86 @@ if($reqversion<1)
 	$reqversion=1;

 include($myincpath."/inc/inc.Settings.php");
+include($myincpath."/inc/inc.LogInit.php");
 include($myincpath."/inc/inc.Init.php");
 include($myincpath."/inc/inc.Extension.php");
 include($myincpath."/inc/inc.DBInit.php");
-include($myincpath."/inc/inc.ClassNotificationService.php");
-include($myincpath."/inc/inc.ClassEmailNotify.php");
 include($myincpath."/inc/inc.ClassController.php");

-/* Parse categories {{{ */
-$categories = array();
-if(isset($options['K'])) {
-	$categorynames = explode(',', $options['K']);
-	foreach($categorynames as $categoryname) {
-		$cat = $dms->getDocumentCategoryByName($categoryname);
-		if($cat) {
-			$categories[] = $cat;
+	/* Parse categories {{{ */
+	$categories = array();
+	if(isset($options['K'])) {
+		$categorynames = explode(',', $options['K']);
+		foreach($categorynames as $categoryname) {
+			$cat = $dms->getDocumentCategoryByName($categoryname);
+			if($cat) {
+				$categories[] = $cat;
+			} else {
+				echo "Category '".$categoryname."' not found".PHP_EOL;
+			}
+		}
+	} /* }}} */
+
+	/* Parse document attributes. {{{ */
+	$document_attributes = array();
+	if (isset($options['a'])) {
+		$docattr = array();
+		if (is_array($options['a'])) {
+			$docattr = $options['a'];
 		} else {
-			echo "Category '".$categoryname."' not found".PHP_EOL;
+			$docattr = array($options['a']);
 		}
-	}
-} /* }}} */

-/* Parse document attributes. {{{ */
-$document_attributes = array();
-if (isset($options['a'])) {
-	$docattr = array();
-	if (is_array($options['a'])) {
-		$docattr = $options['a'];
-	} else {
-		$docattr = array($options['a']);
-	}
-
-	foreach ($docattr as $thisAttribute) {
-		$attrKey = strstr($thisAttribute, '=', true);
-		$attrVal = substr(strstr($thisAttribute, '='), 1);
-		if (empty($attrKey) || empty($attrVal)) {
-			echo "Document attribute $thisAttribute not understood".PHP_EOL;
-			exit(1);
+		foreach ($docattr as $thisAttribute) {
+			$attrKey = strstr($thisAttribute, '=', true);
+			$attrVal = substr(strstr($thisAttribute, '='), 1);
+			if (empty($attrKey) || empty($attrVal)) {
+				echo "Document attribute $thisAttribute not understood".PHP_EOL;
+				exit(1);
+			}
+			$attrdef = $dms->getAttributeDefinitionByName($attrKey);
+			if (!$attrdef) {
+				echo "Document attribute $attrKey unknown".PHP_EOL;
+				exit(1);
+			}
+			$document_attributes[$attrdef->getID()] = $attrVal;
 		}
-		$attrdef = $dms->getAttributeDefinitionByName($attrKey);
-		if (!$attrdef) {
-			echo "Document attribute $attrKey unknown".PHP_EOL;
-			exit(1);
-		}
-		$document_attributes[$attrdef->getID()] = $attrVal;
-	}
-} /* }}} */
+	} /* }}} */

-/* Parse version attributes. {{{ */
-$version_attributes = array();
-if (isset($options['A'])) {
-	$verattr = array();
-	if (is_array($options['A'])) {
-		$verattr = $options['A'];
-	} else {
-		$verattr = array($options['A']);
-	}
-
-	foreach ($verattr as $thisAttribute) {
-		$attrKey = strstr($thisAttribute, '=', true);
-		$attrVal = substr(strstr($thisAttribute, '='), 1);
-		if (empty($attrKey) || empty($attrVal)) {
-			echo "Version attribute $thisAttribute not understood".PHP_EOL;
-			exit(1);
+	/* Parse version attributes. {{{ */
+	$version_attributes = array();
+	if (isset($options['A'])) {
+		$verattr = array();
+		if (is_array($options['A'])) {
+			$verattr = $options['A'];
+		} else {
+			$verattr = array($options['A']);
 		}
-		$attrdef = $dms->getAttributeDefinitionByName($attrKey);
-		if (!$attrdef) {
-			echo "Version attribute $attrKey unknown".PHP_EOL;
-			exit(1);
-		}
-		$version_attributes[$attrdef->getID()] = $attrVal;
-	}
-} /* }}} */

-/* Create a global user object {{{ */
-if($username) {
-	if(!($user = $dms->getUserByLogin($username))) {
-		echo "No such user '".$username."'.";
-		exit;
-	}
-} else
-	$user = $dms->getUser(1);
+		foreach ($verattr as $thisAttribute) {
+			$attrKey = strstr($thisAttribute, '=', true);
+			$attrVal = substr(strstr($thisAttribute, '='), 1);
+			if (empty($attrKey) || empty($attrVal)) {
+				echo "Version attribute $thisAttribute not understood".PHP_EOL;
+				exit(1);
+			}
+			$attrdef = $dms->getAttributeDefinitionByName($attrKey);
+			if (!$attrdef) {
+				echo "Version attribute $attrKey unknown".PHP_EOL;
+				exit(1);
+			}
+			$version_attributes[$attrdef->getID()] = $attrVal;
+		}
+	} /* }}} */
+
+	/* Create a global user object {{{ */
+	if($username) {
+		if(!($user = $dms->getUserByLogin($username))) {
+			echo "No such user '".$username."'.";
+			exit;
+		}
+	} else
+		$user = $dms->getUser(1);

 $dms->setUser($user);
 /* }}} */