Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

CHANGELOG

@@ -264,6 +264,8 @@
 - comment of document, documentcontent and folder can be rendered as
   markdown
 - fix preview for file in drop folder
+- fix export of search result
+- use openssl instead of mcrypt
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.30

inc/inc.Language.php

@@ -391,6 +391,8 @@ function getAttributeObjectTypeText($attrdef) { /* {{{ */
 		case SeedDMS_Core_AttributeDefinition::objtype_documentcontent:
 			$ot = getMLText("documentcontent");
 			break;
+		default:
+			$ot = getMLText('objtype_unknown');
 	}
 	return $ot;
 } /* }}} */

inc/inc.Settings.php

@@ -31,7 +31,7 @@ if(!defined("SEEDDMS_INSTALL") && file_exists($settings->_configFileDir."/ENABLE
 
 /* Set an encryption key if is not set */
 if(!trim($settings->_encryptionKey)) {
-	$settings->_encryptionKey = md5(uniqid());
+	$settings->_encryptionKey = bin2hex(openssl_random_pseudo_bytes(16));
 	$settings->save();
 }
 

inc/inc.Utils.php

@@ -582,11 +582,28 @@ function checkQuota($user) { /* {{{ */
  * @return string encrypted data
  */
 function encryptData($key, $value) { /* {{{ */
-  $text = $value;
+	if(function_exists('openssl_cipher_iv_length')) {
-  $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$nonceSize = openssl_cipher_iv_length('aes-256-ctr');
-  $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		$nonce = openssl_random_pseudo_bytes($nonceSize);
-  $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
+
-  return $crypttext;
+		$ciphertext = openssl_encrypt(
+			$value,
+			'aes-256-ctr',
+			$key,
+			OPENSSL_RAW_DATA,
+			$nonce
+		);
+
+		// Now let's pack the IV and the ciphertext together
+		// Naively, we can just concatenate
+		return $nonce.$ciphertext;
+	} else {	
+		$text = $value;
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
+		return $crypttext;
+	}
 } /* }}} */
 
 /**
@@ -597,11 +614,26 @@ function encryptData($key, $value) { /* {{{ */
  * @return string plain text data
  */
 function decryptData($key, $value) { /* {{{ */
-  $crypttext = $value;
+	if(function_exists('openssl_cipher_iv_length')) {
-  $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$nonceSize = openssl_cipher_iv_length('aes-256-ctr');
-  $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		$nonce = mb_substr($value, 0, $nonceSize, '8bit');
-  $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_ECB, $iv);
+		$ciphertext = mb_substr($value, $nonceSize, null, '8bit');
-  return trim($decrypttext);
+		
+		$plaintext = openssl_decrypt(
+			$ciphertext,
+			'aes-256-ctr',
+			$key,
+			OPENSSL_RAW_DATA,
+			$nonce
+		);
+		return $plaintext;
+	} else {
+		$crypttext = $value;
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_ECB, $iv);
+		return trim($decrypttext);
+	}
 } /* }}} */
 
 /**

utils/adddoc.php

@@ -135,87 +135,86 @@ if($reqversion<1)
 	$reqversion=1;
 
 include($myincpath."/inc/inc.Settings.php");
+include($myincpath."/inc/inc.LogInit.php");
 include($myincpath."/inc/inc.Init.php");
 include($myincpath."/inc/inc.Extension.php");
 include($myincpath."/inc/inc.DBInit.php");
-include($myincpath."/inc/inc.ClassNotificationService.php");
-include($myincpath."/inc/inc.ClassEmailNotify.php");
 include($myincpath."/inc/inc.ClassController.php");
 
-/* Parse categories {{{ */
+	/* Parse categories {{{ */
-$categories = array();
+	$categories = array();
-if(isset($options['K'])) {
+	if(isset($options['K'])) {
-	$categorynames = explode(',', $options['K']);
+		$categorynames = explode(',', $options['K']);
-	foreach($categorynames as $categoryname) {
+		foreach($categorynames as $categoryname) {
-		$cat = $dms->getDocumentCategoryByName($categoryname);
+			$cat = $dms->getDocumentCategoryByName($categoryname);
-		if($cat) {
+			if($cat) {
-			$categories[] = $cat;
+				$categories[] = $cat;
+			} else {
+				echo "Category '".$categoryname."' not found".PHP_EOL;
+			}
+		}
+	} /* }}} */
+
+	/* Parse document attributes. {{{ */
+	$document_attributes = array();
+	if (isset($options['a'])) {
+		$docattr = array();
+		if (is_array($options['a'])) {
+			$docattr = $options['a'];
 		} else {
-			echo "Category '".$categoryname."' not found".PHP_EOL;
+			$docattr = array($options['a']);
 		}
-	}
-} /* }}} */
 
-/* Parse document attributes. {{{ */
+		foreach ($docattr as $thisAttribute) {
-$document_attributes = array();
+			$attrKey = strstr($thisAttribute, '=', true);
-if (isset($options['a'])) {
+			$attrVal = substr(strstr($thisAttribute, '='), 1);
-	$docattr = array();
+			if (empty($attrKey) || empty($attrVal)) {
-	if (is_array($options['a'])) {
+				echo "Document attribute $thisAttribute not understood".PHP_EOL;
-		$docattr = $options['a'];
+				exit(1);
-	} else {
+			}
-		$docattr = array($options['a']);
+			$attrdef = $dms->getAttributeDefinitionByName($attrKey);
-	}
+			if (!$attrdef) {
-
+				echo "Document attribute $attrKey unknown".PHP_EOL;
-	foreach ($docattr as $thisAttribute) {
+				exit(1);
-		$attrKey = strstr($thisAttribute, '=', true);
+			}
-		$attrVal = substr(strstr($thisAttribute, '='), 1);
+			$document_attributes[$attrdef->getID()] = $attrVal;
-		if (empty($attrKey) || empty($attrVal)) {
-			echo "Document attribute $thisAttribute not understood".PHP_EOL;
-			exit(1);
 		}
-		$attrdef = $dms->getAttributeDefinitionByName($attrKey);
+	} /* }}} */
-		if (!$attrdef) {
-			echo "Document attribute $attrKey unknown".PHP_EOL;
-			exit(1);
-		}
-		$document_attributes[$attrdef->getID()] = $attrVal;
-	}
-} /* }}} */
 
-/* Parse version attributes. {{{ */
+	/* Parse version attributes. {{{ */
-$version_attributes = array();
+	$version_attributes = array();
-if (isset($options['A'])) {
+	if (isset($options['A'])) {
-	$verattr = array();
+		$verattr = array();
-	if (is_array($options['A'])) {
+		if (is_array($options['A'])) {
-		$verattr = $options['A'];
+			$verattr = $options['A'];
-	} else {
+		} else {
-		$verattr = array($options['A']);
+			$verattr = array($options['A']);
-	}
-
-	foreach ($verattr as $thisAttribute) {
-		$attrKey = strstr($thisAttribute, '=', true);
-		$attrVal = substr(strstr($thisAttribute, '='), 1);
-		if (empty($attrKey) || empty($attrVal)) {
-			echo "Version attribute $thisAttribute not understood".PHP_EOL;
-			exit(1);
 		}
-		$attrdef = $dms->getAttributeDefinitionByName($attrKey);
-		if (!$attrdef) {
-			echo "Version attribute $attrKey unknown".PHP_EOL;
-			exit(1);
-		}
-		$version_attributes[$attrdef->getID()] = $attrVal;
-	}
-} /* }}} */
 
-/* Create a global user object {{{ */
+		foreach ($verattr as $thisAttribute) {
-if($username) {
+			$attrKey = strstr($thisAttribute, '=', true);
-	if(!($user = $dms->getUserByLogin($username))) {
+			$attrVal = substr(strstr($thisAttribute, '='), 1);
-		echo "No such user '".$username."'.";
+			if (empty($attrKey) || empty($attrVal)) {
-		exit;
+				echo "Version attribute $thisAttribute not understood".PHP_EOL;
-	}
+				exit(1);
-} else
+			}
-	$user = $dms->getUser(1);
+			$attrdef = $dms->getAttributeDefinitionByName($attrKey);
+			if (!$attrdef) {
+				echo "Version attribute $attrKey unknown".PHP_EOL;
+				exit(1);
+			}
+			$version_attributes[$attrdef->getID()] = $attrVal;
+		}
+	} /* }}} */
+
+	/* Create a global user object {{{ */
+	if($username) {
+		if(!($user = $dms->getUserByLogin($username))) {
+			echo "No such user '".$username."'.";
+			exit;
+		}
+	} else
+		$user = $dms->getUser(1);
 
 $dms->setUser($user);
 /* }}} */