Project

General

Profile

Bug #19834 » 10154_4-2_v2.diff

Administrator Admin, 2009-01-16 02:57

View differences:

t3lib/class.t3lib_div.php (working copy)
return strtr((string)$str, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
}
/**
* Returns a string of highly randomized bytes (over the full 8-bit range).
*
* @copyright Drupal CMS
* @license GNU General Public License version 2
* @param integer Number of characters (bytes) to return
* @return string Random Bytes
*/
public static function generateRandomBytes($count) {
$output = '';
// /dev/urandom is available on many *nix systems and is considered
// the best commonly available pseudo-random source.
if (TYPO3_OS != 'WIN' && ($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
}
// fallback if /dev/urandom is not available
if (!isset($output{$count - 1})) {
// We initialize with the somewhat random.
$randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']
. microtime() . getmypid();
while (!isset($output{$count - 1})) {
$randomState = md5(microtime() . mt_rand() . $randomState);
$output .= md5(mt_rand() . $randomState, true);
}
$output = substr($output, strlen($output) - $count, $count);
}
return $output;
}
typo3/sysext/install/ext_localconf.php (working copy)
// remove pagetype "advanced" since TYPO3 4.2
// this is merged with doctype "standard" with tab view to edit
$TYPO3_CONF_VARS['SC_OPTIONS']['ext/install']['update']['mergeAdvancedDoktypeConversion'] = 'tx_coreupdates_mergeadvanced';
// ajax functionality since TYPO3 4.2
$TYPO3_CONF_VARS['BE']['AJAX']['tx_install_ajax::dispatch'] = 'EXT:install/mod/class.tx_install_ajax.php:tx_install_ajax->dispatch';
?>
typo3/sysext/install/mod/class.tx_install.php (working copy)
if ($this->mode!='123') {
$out.=$this->wrapInCells('Site name:', '<input type="text" name="TYPO3_INSTALL[localconf.php][sitename]" value="'.htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']).'">');
$out.=$this->wrapInCells('', '<br />');
$out.='<script type="text/javascript" src="../md5.js"></script><script type="text/javascript">function generateEncryptionKey(key) {time=new Date(); key=MD5(time.getMilliseconds().toString());while(key.length<66){key=key+MD5(key)};return key;}</script>';
$out.=$this->wrapInCells('Encryption key:', '<a name="set_encryptionKey"></a><input type="text" name="TYPO3_INSTALL[localconf.php][encryptionKey]" value="'.htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']).'"><br /><input type="button" onclick="document.forms[\'setupGeneral\'].elements[\'TYPO3_INSTALL[localconf.php][encryptionKey]\'].value=generateEncryptionKey(document.forms[\'setupGeneral\'].elements[\'TYPO3_INSTALL[localconf.php][encryptionKey]\'].value);" value="Generate random key">');
$out.='<script type="text/javascript" src="' . t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . 'sysext/install/mod/install.js"></script>';
$out.='<script type="text/javascript" src="' . t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . 'contrib/prototype/prototype.js"></script>';
$out.=$this->wrapInCells('Encryption key:', '<a name="set_encryptionKey"></a><input type="text" name="TYPO3_INSTALL[localconf.php][encryptionKey]" value="'.htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']).'"><br /><input type="button" onclick="EncryptionKey.load(this)" value="Generate random key">');
$out.=$this->wrapInCells('', '<br />');
// Other
typo3/sysext/install/mod/class.tx_install_ajax.php (revision 0)
<?php
/***************************************************************
* Copyright notice
*
* (c) 2009 Marcus Krause (security@typo3.org)
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
* A copy is found in the textfile GPL.txt and important notices to the license
* from the author is found in LICENSE.txt distributed with these scripts.
*
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
require_once(PATH_t3lib.'class.t3lib_div.php');
/**
* This is the ajax handler for backend login after timeout.
*
* @author Marcus Krause <security@typo3.org>
*/
class tx_install_ajax {
/********************************************
*
* Init method for this class
*
********************************************/
/**
* The constructor of this class
*
* @return Void
*/
public function __construct() {
// Configuration, variable assignment
$this->conf['action'] = t3lib_div::_GET('action');
}
/********************************************
*
* Main dispatcher method
*
********************************************/
/**
* The main dispatcher function. Collect data and prepare HTML output.
*
* @param array $params: array of parameters from the AJAX interface, currently unused
* @param TYPO3AJAX $ajaxObj: object of type TYPO3AJAX
* @return Void
*/
public function dispatch($params = array(), TYPO3AJAX &$ajaxObj = null) {
$content = '';
if( t3lib_div::_GP('action')) {
switch ($this->conf['action']) {
case 'createEncryptionKey':
$content = $this->ajaxCreateEncryptionKey();
break;
default:
break;
}
} else {
$ajaxObj->setError('This script cannot be called directly.');
}
$ajaxObj->addContent($this->conf['action'], $content);
}
/**********************************
*
* AJAX Calls
*
**********************************/
/**
* Returns a newly created TYPO3 encryption key with a given length.
*
* @param integer $keyLength desired key length
* @return string
*/
public function ajaxCreateEncryptionKey($keyLength = 96) {
$bytes = t3lib_div::generateRandomBytes($keyLength);
return substr(bin2hex($bytes), -96);
}
}
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/sysext/install/mod/class.tx_install_ajax.php']) {
include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/sysext/install/mod/class.tx_install_ajax.php']);
}
?>
typo3/sysext/install/mod/install.js (revision 0)
/***************************************************************
* Copyright notice
*
* (c) Marcus Krause (security@typo3.org)
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
* A copy is found in the textfile GPL.txt and important notices to the license
* from the author is found in LICENSE.txt distributed with these scripts.
*
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
/**
* handles AJAX requests for encryption key generation
*/
var EncryptionKey = {
thisScript: '../ajax.php',
ajaxID: 'tx_install_ajax::dispatch',
frameSetModule: null,
activateDragDrop: true,
highlightClass: 'active',
pageID: 0,
// reloads a part of the page tree (useful when "expand" / "collapse")
load: function(obj) {
// fallback if AJAX is not possible (e.g. IE < 6)
if (typeof Ajax.getTransport() != 'object') {
window.location.href = this.thisScript + '?ajaxID=' + this.ajaxID + '&action=createEncryptionKey';
return;
}
new Ajax.Request(this.thisScript, {
method: 'get',
parameters: 'ajaxID=' + this.ajaxID + '&action=createEncryptionKey',
onComplete: function(xhr) {
document.getElementsByName('TYPO3_INSTALL[localconf.php][encryptionKey]').item(0).value=xhr.responseText;
}.bind(this),
onT3Error: function(xhr) {
// if this is not a valid ajax response, the whole page gets refreshed
this.refresh();
}.bind(this)
});
},
};
(3-3/9)