Bug #38628
Password values in plaintext
| Status: | On Hold | Start date: | 2012-07-04 | |
|---|---|---|---|---|
| Priority: | Could have | Due date: | ||
| Assignee: | Alex Kellner | % Done: | 0% |
|
| Category: | Backend Modul | |||
| Target version: | Waiting for Sponsoring | |||
| Votes: | 0 |
Description
Password values are shown in plaintext in the table of answers.
History
Updated by Alex Kellner 11 months ago
- Category set to Backend Modul
- Status changed from New to On Hold
- Assignee set to Alex Kellner
- Priority changed from Should have to Could have
- Target version set to Waiting for Sponsoring
Updated by Arno Dudek 10 months ago
Next some little changes, which makes passwords "invisible". The idea is that sended passwords mostly are saved to a database. In this case, if the extension slatedpasswords is loaded, the password saved as salted password. In sended Mails or in the preview the password is just changed to "*******".
Hope you like it!
For this change the following.
In powermail/Classes/Utility/Div.php line 197
/**
* Generate a new array from POST array with their labels and respect FE language
* before: 123 => value
* after: Your Firstname: => value
*
* @param array piVars from Form Submit
* @return array new array
*/
public function getVariablesWithLabels($fields) {
$variables = array();
foreach ((array) $fields as $uid => $value) { // one loop for every received field
if (!is_numeric($uid)) {
continue;
}
$variables[$this->getLabelFromField($uid)] = $value;
}
return $variables;
}
to
/**
* Generate a new array from POST array with their labels and respect FE language
* before: 123 => value
* after: Your Firstname: => value
*
* @param array piVars from Form Submit
* @return array new array
*/
public function getVariablesWithLabels($fields) {
$fieldsRepository = t3lib_div::makeInstance('Tx_Powermail_Domain_Repository_FieldsRepository');
$variables = array();
foreach ((array) $fields as $uid => $value) { // one loop for every received field
if (!is_numeric($uid)) {
continue;
}
$field = $fieldsRepository->findByUid($uid); // get field
if ($field->getType() == 'password') {
$value = '********';
}
$variables[$this->getLabelFromField($uid)] = $value;
}
return $variables;
}
In powermail/Classes/Controller/FormsController.php line ~361
private function saveMail($field, $form) {
// tx_powermail_domain_model_mails
$marketingInfos = $this->div->getMarketingInfos();
$newMail = t3lib_div::makeInstance('Tx_Powermail_Domain_Model_Mails');
$newMail->setPid($this->div->getStoragePage($this->settings['main']['pid']));
$newMail->setForm($form);
$newMail->setSenderMail($this->div->getSenderMailFromArguments($field));
$newMail->setSenderName($this->div->getSenderNameFromArguments($field));
$newMail->setSubject($this->settings['receiver']['subject']);
$newMail->setBody(t3lib_utility_Debug::viewArray($this->div->getVariablesWithLabels($field)));
$newMail->setReceiverMail($this->settings['receiver']['email']);
if (intval($GLOBALS['TSFE']->fe_user->user['uid']) > 0) {
$newMail->setFeuser($GLOBALS['TSFE']->fe_user->user['uid']);
}
$newMail->setSpamFactor($GLOBALS['TSFE']->fe_user->getKey('ses', 'powermail_spamfactor'));
$newMail->setTime((time() - $this->div->getFormStartFromSession($form)));
if (isset($this->settings['global']['disableIpLog']) && $this->settings['global']['disableIpLog'] == 0) {
$newMail->setSenderIp(t3lib_div::getIndpEnv('REMOTE_ADDR'));
}
$newMail->setUserAgent(t3lib_div::getIndpEnv('HTTP_USER_AGENT'));
$newMail->setMarketingSearchterm($marketingInfos['marketingSearchterm']);
$newMail->setMarketingReferer($marketingInfos['marketingReferer']);
$newMail->setMarketingPayedSearchResult($marketingInfos['marketingPayedSearchResult']);
$newMail->setMarketingLanguage($marketingInfos['marketingLanguage']);
$newMail->setMarketingBrowserLanguage($marketingInfos['marketingBrowserLanguage']);
$newMail->setMarketingFunnel($marketingInfos['marketingFunnel']);
if ($this->settings['main']['optin'] || $this->settings['db']['hidden']) {
$newMail->setHidden(1);
}
$this->mailsRepository->add($newMail);
$persistenceManager = t3lib_div::makeInstance('Tx_Extbase_Persistence_Manager');
$persistenceManager->persistAll();
// tx_powermail_domain_model_answers
foreach ((array) $field as $uid => $value) { // one loop for every received field
if (!is_numeric($uid)) {
continue;
}
$newAnswer = t3lib_div::makeInstance('Tx_Powermail_Domain_Model_Answers');
$newAnswer->setPid($this->div->getStoragePage($this->settings['main']['pid']));
$newAnswer->setValue($value);
$newAnswer->setField($uid);
$newAnswer->setMail($newMail->getUid());
$this->answersRepository->add($newAnswer);
}
return $newMail;
}
to
private function saveMail($fields, $form) { // NOTE: Changed $field to $fields
// tx_powermail_domain_model_mails
$marketingInfos = $this->div->getMarketingInfos();
$newMail = t3lib_div::makeInstance('Tx_Powermail_Domain_Model_Mails');
$newMail->setPid($this->div->getStoragePage($this->settings['main']['pid']));
$newMail->setForm($form);
$newMail->setSenderMail($this->div->getSenderMailFromArguments($fields));
$newMail->setSenderName($this->div->getSenderNameFromArguments($fields));
$newMail->setSubject($this->settings['receiver']['subject']);
$newMail->setBody(t3lib_utility_Debug::viewArray($this->div->getVariablesWithLabels($fields)));
$newMail->setReceiverMail($this->settings['receiver']['email']);
if (intval($GLOBALS['TSFE']->fe_user->user['uid']) > 0) {
$newMail->setFeuser($GLOBALS['TSFE']->fe_user->user['uid']);
}
$newMail->setSpamFactor($GLOBALS['TSFE']->fe_user->getKey('ses', 'powermail_spamfactor'));
$newMail->setTime((time() - $this->div->getFormStartFromSession($form)));
if (isset($this->settings['global']['disableIpLog']) && $this->settings['global']['disableIpLog'] == 0) {
$newMail->setSenderIp(t3lib_div::getIndpEnv('REMOTE_ADDR'));
}
$newMail->setUserAgent(t3lib_div::getIndpEnv('HTTP_USER_AGENT'));
$newMail->setMarketingSearchterm($marketingInfos['marketingSearchterm']);
$newMail->setMarketingReferer($marketingInfos['marketingReferer']);
$newMail->setMarketingPayedSearchResult($marketingInfos['marketingPayedSearchResult']);
$newMail->setMarketingLanguage($marketingInfos['marketingLanguage']);
$newMail->setMarketingBrowserLanguage($marketingInfos['marketingBrowserLanguage']);
$newMail->setMarketingFunnel($marketingInfos['marketingFunnel']);
if ($this->settings['main']['optin'] || $this->settings['db']['hidden']) {
$newMail->setHidden(1);
}
$this->mailsRepository->add($newMail);
$persistenceManager = t3lib_div::makeInstance('Tx_Extbase_Persistence_Manager');
$persistenceManager->persistAll();
// tx_powermail_domain_model_answers
$fieldsRepository = t3lib_div::makeInstance('Tx_Powermail_Domain_Repository_FieldsRepository');
$salt = t3lib_extMgm::isLoaded('saltedpasswords');
foreach ((array) $fields as $uid => $value) { // one loop for every received field
if (!is_numeric($uid)) {
continue;
}
if ($salt) {
$field = $fieldsRepository->findByUid($uid); // get field
if ($field->getType() == 'password') {
$objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL);
$value = $objInstanceSaltedPW->getHashedPassword($value);
}
}
$newAnswer = t3lib_div::makeInstance('Tx_Powermail_Domain_Model_Answers');
$newAnswer->setPid($this->div->getStoragePage($this->settings['main']['pid']));
$newAnswer->setValue($value);
$newAnswer->setField($uid);
$newAnswer->setMail($newMail->getUid());
$this->answersRepository->add($newAnswer);
}
return $newMail;
}