Project

General

Profile

Download (2.19 KB)

Bug #31397 ยป bug_31397.diff

Gregor Hermens, 2011-10-31 09:53

View differences:

typo3_src-4.6.0/typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php 2011-10-31 09:45:17.000000000 +0100
$severity = tx_reports_reports_status_Status::OK;
$whereClause = 'username = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('admin', 'be_users')
. ' AND password = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('5f4dcc3b5aa765d61d8327deb882cf99', 'be_users')
. t3lib_BEfunc::deleteClause('be_users');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'uid, username, password',
......
$whereClause
);
if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$value = $GLOBALS['LANG']->getLL('status_insecure');
$severity = tx_reports_reports_status_Status::ERROR;
$secure = TRUE;
// check against plain MD5
if('5f4dcc3b5aa765d61d8327deb882cf99' === $row['password']) {
$secure = FALSE;
}
// check against salted password
if(t3lib_extMgm::isLoaded('saltedpasswords')) {
if(tx_saltedpasswords_div::isUsageEnabled('BE')) {
$objSalt = tx_saltedpasswords_salts_factory::getSaltingInstance($row['password']);
if(is_object($objSalt)) {
if($objSalt->checkPassword('password', $row['password'])) {
$secure = FALSE;
}
}
}
}
$editUserAccountUrl = 'alt_doc.php?returnUrl=mod.php?M=tools_txreportsM1&edit[be_users][' . $row['uid'] . ']=edit';
$message = sprintf(
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_admin'),
'<a href="' . $editUserAccountUrl . '">',
'</a>'
);
if(!$secure) {
$value = $GLOBALS['LANG']->getLL('status_insecure');
$severity = tx_reports_reports_status_Status::ERROR;
$editUserAccountUrl = 'alt_doc.php?returnUrl=mod.php?M=tools_txreportsM1&edit[be_users][' . $row['uid'] . ']=edit';
$message = sprintf(
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_admin'),
'<a href="' . $editUserAccountUrl . '">',
'</a>'
);
}
}
$GLOBALS['TYPO3_DB']->sql_free_result($res);
    (1-1/1)