From 9bde72fe20d2ef52b9cfad1b01dde60ddd7adcf7 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 18 Apr 2023 10:00:29 +0200 Subject: [PATCH 1/6] add change for 5.1.31 --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index bb4ba53f9..66e196afa 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -5,6 +5,7 @@ - comment of document, documentcontent and folder can be rendered as markdown - fix preview for file in drop folder +- fix export of search result -------------------------------------------------------------------------------- Changes in version 5.1.30 From 7fcb8da8600a6010fb731344ab0bb96245d83fd7 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 18 Apr 2023 12:48:20 +0200 Subject: [PATCH 2/6] do not include inc/inc.ClassNotificationService.php and inc.ClassEmailNotify.php --- utils/adddoc.php | 137 +++++++++++++++++++++++------------------------ 1 file changed, 68 insertions(+), 69 deletions(-) diff --git a/utils/adddoc.php b/utils/adddoc.php index 9ff44051f..d6800970c 100644 --- a/utils/adddoc.php +++ b/utils/adddoc.php @@ -135,87 +135,86 @@ if($reqversion<1) $reqversion=1; include($myincpath."/inc/inc.Settings.php"); +include($myincpath."/inc/inc.LogInit.php"); include($myincpath."/inc/inc.Init.php"); include($myincpath."/inc/inc.Extension.php"); include($myincpath."/inc/inc.DBInit.php"); -include($myincpath."/inc/inc.ClassNotificationService.php"); -include($myincpath."/inc/inc.ClassEmailNotify.php"); include($myincpath."/inc/inc.ClassController.php"); -/* Parse categories {{{ */ -$categories = array(); -if(isset($options['K'])) { - $categorynames = explode(',', $options['K']); - foreach($categorynames as $categoryname) { - $cat = $dms->getDocumentCategoryByName($categoryname); - if($cat) { - $categories[] = $cat; + /* Parse categories {{{ */ + $categories = array(); + if(isset($options['K'])) { + $categorynames = explode(',', $options['K']); + foreach($categorynames as $categoryname) { + $cat = $dms->getDocumentCategoryByName($categoryname); + if($cat) { + $categories[] = $cat; + } else { + echo "Category '".$categoryname."' not found".PHP_EOL; + } + } + } /* }}} */ + + /* Parse document attributes. {{{ */ + $document_attributes = array(); + if (isset($options['a'])) { + $docattr = array(); + if (is_array($options['a'])) { + $docattr = $options['a']; } else { - echo "Category '".$categoryname."' not found".PHP_EOL; + $docattr = array($options['a']); } - } -} /* }}} */ -/* Parse document attributes. {{{ */ -$document_attributes = array(); -if (isset($options['a'])) { - $docattr = array(); - if (is_array($options['a'])) { - $docattr = $options['a']; - } else { - $docattr = array($options['a']); - } - - foreach ($docattr as $thisAttribute) { - $attrKey = strstr($thisAttribute, '=', true); - $attrVal = substr(strstr($thisAttribute, '='), 1); - if (empty($attrKey) || empty($attrVal)) { - echo "Document attribute $thisAttribute not understood".PHP_EOL; - exit(1); + foreach ($docattr as $thisAttribute) { + $attrKey = strstr($thisAttribute, '=', true); + $attrVal = substr(strstr($thisAttribute, '='), 1); + if (empty($attrKey) || empty($attrVal)) { + echo "Document attribute $thisAttribute not understood".PHP_EOL; + exit(1); + } + $attrdef = $dms->getAttributeDefinitionByName($attrKey); + if (!$attrdef) { + echo "Document attribute $attrKey unknown".PHP_EOL; + exit(1); + } + $document_attributes[$attrdef->getID()] = $attrVal; } - $attrdef = $dms->getAttributeDefinitionByName($attrKey); - if (!$attrdef) { - echo "Document attribute $attrKey unknown".PHP_EOL; - exit(1); - } - $document_attributes[$attrdef->getID()] = $attrVal; - } -} /* }}} */ + } /* }}} */ -/* Parse version attributes. {{{ */ -$version_attributes = array(); -if (isset($options['A'])) { - $verattr = array(); - if (is_array($options['A'])) { - $verattr = $options['A']; - } else { - $verattr = array($options['A']); - } - - foreach ($verattr as $thisAttribute) { - $attrKey = strstr($thisAttribute, '=', true); - $attrVal = substr(strstr($thisAttribute, '='), 1); - if (empty($attrKey) || empty($attrVal)) { - echo "Version attribute $thisAttribute not understood".PHP_EOL; - exit(1); + /* Parse version attributes. {{{ */ + $version_attributes = array(); + if (isset($options['A'])) { + $verattr = array(); + if (is_array($options['A'])) { + $verattr = $options['A']; + } else { + $verattr = array($options['A']); } - $attrdef = $dms->getAttributeDefinitionByName($attrKey); - if (!$attrdef) { - echo "Version attribute $attrKey unknown".PHP_EOL; - exit(1); - } - $version_attributes[$attrdef->getID()] = $attrVal; - } -} /* }}} */ -/* Create a global user object {{{ */ -if($username) { - if(!($user = $dms->getUserByLogin($username))) { - echo "No such user '".$username."'."; - exit; - } -} else - $user = $dms->getUser(1); + foreach ($verattr as $thisAttribute) { + $attrKey = strstr($thisAttribute, '=', true); + $attrVal = substr(strstr($thisAttribute, '='), 1); + if (empty($attrKey) || empty($attrVal)) { + echo "Version attribute $thisAttribute not understood".PHP_EOL; + exit(1); + } + $attrdef = $dms->getAttributeDefinitionByName($attrKey); + if (!$attrdef) { + echo "Version attribute $attrKey unknown".PHP_EOL; + exit(1); + } + $version_attributes[$attrdef->getID()] = $attrVal; + } + } /* }}} */ + + /* Create a global user object {{{ */ + if($username) { + if(!($user = $dms->getUserByLogin($username))) { + echo "No such user '".$username."'."; + exit; + } + } else + $user = $dms->getUser(1); $dms->setUser($user); /* }}} */ From 2d9297c668e4860e23c1d24d5e15a3f940b0b3d2 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 18 Apr 2023 12:50:53 +0200 Subject: [PATCH 3/6] handle unknown objtype in getAttributeObjectTypeText() --- inc/inc.Language.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inc/inc.Language.php b/inc/inc.Language.php index 47e32c6e9..64489d93e 100644 --- a/inc/inc.Language.php +++ b/inc/inc.Language.php @@ -320,6 +320,8 @@ function getAttributeObjectTypeText($attrdef) { /* {{{ */ case SeedDMS_Core_AttributeDefinition::objtype_documentcontent: $ot = getMLText("documentcontent"); break; + default: + $ot = getMLText('objtype_unknown'); } return $ot; } /* }}} */ From 63ee505c0fbeab236282ee9343b46e187b7a6707 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 18 Apr 2023 20:08:44 +0200 Subject: [PATCH 4/6] use openssl to create encryption key --- inc/inc.Settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/inc.Settings.php b/inc/inc.Settings.php index b19345afb..90b26ac24 100644 --- a/inc/inc.Settings.php +++ b/inc/inc.Settings.php @@ -31,7 +31,7 @@ if(!defined("SEEDDMS_INSTALL") && file_exists($settings->_configFileDir."/ENABLE /* Set an encryption key if is not set */ if(!trim($settings->_encryptionKey)) { - $settings->_encryptionKey = md5(uniqid()); + $settings->_encryptionKey = bin2hex(openssl_random_pseudo_bytes(16)); $settings->save(); } From a43a09a0e275c9c61352426971bb9418bf824c64 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 18 Apr 2023 20:09:03 +0200 Subject: [PATCH 5/6] use openssl to encrypt and decrypt data with key --- inc/inc.Utils.php | 52 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/inc/inc.Utils.php b/inc/inc.Utils.php index 444cded70..8c4534a1e 100644 --- a/inc/inc.Utils.php +++ b/inc/inc.Utils.php @@ -582,11 +582,28 @@ function checkQuota($user) { /* {{{ */ * @return string encrypted data */ function encryptData($key, $value) { /* {{{ */ - $text = $value; - $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); - $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); - $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv); - return $crypttext; + if(function_exists('openssl_cipher_iv_length')) { + $nonceSize = openssl_cipher_iv_length('aes-256-ctr'); + $nonce = openssl_random_pseudo_bytes($nonceSize); + + $ciphertext = openssl_encrypt( + $value, + 'aes-256-ctr', + $key, + OPENSSL_RAW_DATA, + $nonce + ); + + // Now let's pack the IV and the ciphertext together + // Naively, we can just concatenate + return $nonce.$ciphertext; + } else { + $text = $value; + $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); + $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); + $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv); + return $crypttext; + } } /* }}} */ /** @@ -597,11 +614,26 @@ function encryptData($key, $value) { /* {{{ */ * @return string plain text data */ function decryptData($key, $value) { /* {{{ */ - $crypttext = $value; - $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); - $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); - $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_ECB, $iv); - return trim($decrypttext); + if(function_exists('openssl_cipher_iv_length')) { + $nonceSize = openssl_cipher_iv_length('aes-256-ctr'); + $nonce = mb_substr($value, 0, $nonceSize, '8bit'); + $ciphertext = mb_substr($value, $nonceSize, null, '8bit'); + + $plaintext = openssl_decrypt( + $ciphertext, + 'aes-256-ctr', + $key, + OPENSSL_RAW_DATA, + $nonce + ); + return $plaintext; + } else { + $crypttext = $value; + $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); + $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); + $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_ECB, $iv); + return trim($decrypttext); + } } /* }}} */ /** From ff78380f4bef9ecf2fcceb34e99959c556f15c10 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 18 Apr 2023 20:09:45 +0200 Subject: [PATCH 6/6] add changes for 5.1.31 --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 66e196afa..3b0cfc5c2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,7 @@ markdown - fix preview for file in drop folder - fix export of search result +- use openssl instead of mcrypt -------------------------------------------------------------------------------- Changes in version 5.1.30