Bug #19875 » 10212.diff
| typo3/sysext/install/mod/class.tx_install_eid.php (revision 0) | ||
|---|---|---|
|
<?php
|
||
|
/***************************************************************
|
||
|
* Copyright notice
|
||
|
*
|
||
|
* (c) 2009 Marcus Krause, Helmut Hummel (security@typo3.org)
|
||
|
* All rights reserved
|
||
|
*
|
||
|
* This script is part of the TYPO3 project. The TYPO3 project is
|
||
|
* free software; you can redistribute it and/or modify
|
||
|
* it under the terms of the GNU General Public License as published by
|
||
|
* the Free Software Foundation; either version 2 of the License, or
|
||
|
* (at your option) any later version.
|
||
|
*
|
||
|
* The GNU General Public License can be found at
|
||
|
* http://www.gnu.org/copyleft/gpl.html.
|
||
|
* A copy is found in the textfile GPL.txt and important notices to the license
|
||
|
* from the author is found in LICENSE.txt distributed with these scripts.
|
||
|
*
|
||
|
*
|
||
|
* This script is distributed in the hope that it will be useful,
|
||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
* GNU General Public License for more details.
|
||
|
*
|
||
|
* This copyright notice MUST APPEAR in all copies of the script!
|
||
|
***************************************************************/
|
||
|
// *******************************
|
||
|
// Set error reporting
|
||
|
// *******************************
|
||
|
error_reporting (E_ALL ^ E_NOTICE);
|
||
|
// ***********************
|
||
|
// Paths are setup
|
||
|
// ***********************
|
||
|
define('TYPO3_OS', stristr(PHP_OS,'win')&&!stristr(PHP_OS,'darwin')?'WIN':'');
|
||
|
define('TYPO3_MODE','FE');
|
||
|
if (!defined('PATH_thisScript')) define('PATH_thisScript',str_replace('//','/', str_replace('\\','/', (php_sapi_name()=='cgi'||php_sapi_name()=='isapi' ||php_sapi_name()=='cgi-fcgi')&&($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED'])? ($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED']):($_SERVER['ORIG_SCRIPT_FILENAME']?$_SERVER['ORIG_SCRIPT_FILENAME']:$_SERVER['SCRIPT_FILENAME']))));
|
||
|
if (!defined('PATH_site')) define('PATH_site', dirname(PATH_thisScript).'/');
|
||
|
if (!defined('PATH_t3lib')) define('PATH_t3lib', PATH_site.'t3lib/');
|
||
|
define('PATH_tslib', PATH_site.'tslib/');
|
||
|
define('PATH_typo3conf', PATH_site.'typo3conf/');
|
||
|
define('TYPO3_mainDir', 'typo3/'); // This is the directory of the backend administration for the sites of this TYPO3 installation.
|
||
|
if (!@is_dir(PATH_typo3conf)) die('Cannot find configuration. This file is probably executed from the wrong location.');
|
||
|
require_once(PATH_t3lib.'class.t3lib_div.php');
|
||
|
/**
|
||
|
* This is the eID handler for encryption key generation.
|
||
|
*
|
||
|
* @author Marcus Krause <security@typo3.org>
|
||
|
*/
|
||
|
class tx_install_eid {
|
||
|
/**
|
||
|
* Keeps content to be printed.
|
||
|
*
|
||
|
* @var string
|
||
|
*/
|
||
|
var $content;
|
||
|
/**
|
||
|
* Main function which creates the ecryption key for the install tools AJAX call
|
||
|
* It stores the key in $this->content
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
function main() {
|
||
|
// Create output:
|
||
|
$this->content = $this->createEncryptionKey();
|
||
|
}
|
||
|
/**
|
||
|
* Outputs the content from $this->content
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
function printContent() {
|
||
|
echo $this->content;
|
||
|
}
|
||
|
/**
|
||
|
* Returns a newly created TYPO3 encryption key with a given length.
|
||
|
*
|
||
|
* @param integer $keyLength desired key length
|
||
|
* @return string
|
||
|
*/
|
||
|
function createEncryptionKey($keyLength = 96) {
|
||
|
|
||
|
$bytes = t3lib_div::generateRandomBytes($keyLength);
|
||
|
return substr(bin2hex($bytes), -96);
|
||
|
}
|
||
|
}
|
||
|
// Make instance:
|
||
|
$SOBE = t3lib_div::makeInstance('tx_install_eid');
|
||
|
$SOBE->main();
|
||
|
$SOBE->printContent();
|
||
|
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/sysext/install/mod/class.tx_install_eid.php']) {
|
||
|
include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/sysext/install/mod/class.tx_install_eid.php']);
|
||
|
}
|
||
|
?>
|
||
| typo3/sysext/install/mod/install.js (revision 0) | ||
|---|---|---|
|
/***************************************************************
|
||
|
*
|
||
|
* javascript functions to get the TYPO3 encryption key by an
|
||
|
* AJAX call and fill the form with it.
|
||
|
*
|
||
|
* Copyright notice
|
||
|
*
|
||
|
* (c) 2009 Marcus Krause, Helmut Hummel <security@typo3.org>
|
||
|
* All rights reserved
|
||
|
*
|
||
|
* This script is part of the TYPO3 backend provided by
|
||
|
* Kasper Skaarhoj <kasper@typo3.com> together with TYPO3
|
||
|
*
|
||
|
* Released under GNU/GPL (see license file in /typo3/)
|
||
|
*
|
||
|
* This script is distributed in the hope that it will be useful,
|
||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
*
|
||
|
* This copyright notice MUST APPEAR in all copies of this script
|
||
|
*
|
||
|
***************************************************************/
|
||
|
/**
|
||
|
*
|
||
|
* @author Marcus Krause
|
||
|
*/
|
||
|
var EncryptionKey = {
|
||
|
thisScript: '../../index.php',
|
||
|
eID: 'tx_install_eid',
|
||
|
// loads the ecryption key by an AJAX call
|
||
|
load: function(obj) {
|
||
|
// fallback if AJAX is not possible (e.g. IE < 6)
|
||
|
if (typeof Ajax.getTransport() != 'object') {
|
||
|
window.location.href = this.thisScript + '?eID=' + this.eID;
|
||
|
return;
|
||
|
}
|
||
|
new Ajax.Request(this.thisScript, {
|
||
|
method: 'get',
|
||
|
parameters: '?eID=' + this.eID,
|
||
|
onComplete: function(xhr) {
|
||
|
document.getElementsByName('TYPO3_INSTALL[localconf.php][encryptionKey]').item(0).value=xhr.responseText;
|
||
|
}.bind(this),
|
||
|
});
|
||
|
},
|
||
|
};
|
||