Bug #21491 » 12502_v1.diff
INSTALL.txt (Arbeitskopie) | ||
---|---|---|
- cURL
|
||
- filter
|
||
- GD2
|
||
- hash
|
||
- JSON
|
||
- mbstring
|
||
- mysql
|
t3lib/class.t3lib_div.php (Arbeitskopie) | ||
---|---|---|
}
|
||
/**
|
||
* Returns a proper HMAC on a given input string and secret TYPO3 encryption key.
|
||
*
|
||
* @param string Input string to create HMAC from
|
||
* @return string resulting (hexadecimal) HMAC currently with a length of 40 (HMAC-SHA-1)
|
||
*/
|
||
public static function hmac($input) {
|
||
$hashAlgorithm = 'sha1';
|
||
$hashBlocksize = 64;
|
||
$hmac = '';
|
||
if (extension_loaded('hash') && function_exists('hash_hmac') && function_exists('hash_algos') && in_array($hashAlgorithm, hash_algos())) {
|
||
$hmac = hash_hmac($hashAlgorithm, $input, $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']);
|
||
} else {
|
||
// outer padding
|
||
$opad = str_repeat(chr(0x5C), $hashBlocksize);
|
||
// innner padding
|
||
$ipad = str_repeat(chr(0x36), $hashBlocksize);
|
||
if (strlen($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']) > $hashBlocksize) {
|
||
// keys longer than blocksize are shorten
|
||
$key = str_pad(pack('H*', call_user_func($hashAlgorithm, $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'])), $hashBlocksize, chr(0x00));
|
||
} else {
|
||
// keys shorter than blocksize are zero-padded
|
||
$key = str_pad($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'], $hashBlocksize, chr(0x00));
|
||
}
|
||
$hmac = bin2hex(pack('H*', call_user_func($hashAlgorithm, ($key^$opad) . pack('H*', call_user_func($hashAlgorithm, ($key^$ipad) . $input)))));
|
||
}
|
||
return $hmac;
|
||
}
|
||
/**
|
||
* Takes comma-separated lists and arrays and removes all duplicates
|
||
* If a value in the list is trim(empty), the value is ignored.
|
||
* Usage: 16
|
tests/t3lib/t3lib_div_testcase.php (Arbeitskopie) | ||
---|---|---|
//////////////////////////////////
|
||
// Tests concerning hmac
|
||
//////////////////////////////////
|
||
/**
|
||
* @test
|
||
*/
|
||
public function hmacReturnsEqualHashesForEqualInput() {
|
||
$msg0 = 'message';
|
||
$msg1 = 'message';
|
||
$this->assertEquals(t3lib_div::hmac($msg0), t3lib_div::hmac($msg1));
|
||
}
|
||
/**
|
||
* @test
|
||
*/
|
||
public function hmacReturnsNotEqualHashesForNotEqualInput() {
|
||
$msg0 = 'message0';
|
||
$msg1 = 'message1';
|
||
$this->assertNotEquals(t3lib_div::hmac($msg0), t3lib_div::hmac($msg1));
|
||
}
|
||
//////////////////////////////////
|
||
// Tests concerning quoteJSvalue
|
||
//////////////////////////////////
|
||