Index: typo3/sysext/install/ext_localconf.php
===================================================================
--- typo3/sysext/install/ext_localconf.php (revision 4715)
+++ typo3/sysext/install/ext_localconf.php (working copy)
@@ -10,4 +10,7 @@
// remove pagetype "advanced" since TYPO3 4.2
// this is merged with doctype "standard" with tab view to edit
$TYPO3_CONF_VARS['SC_OPTIONS']['ext/install']['update']['mergeAdvancedDoktypeConversion'] = 'tx_coreupdates_mergeadvanced';
+
+ // register eID script for ecryption key AJAX call
+$TYPO3_CONF_VARS['FE']['eID_include']['tx_install_eid'] = 'EXT:install/mod/class.tx_install_eid.php';
?>
\ No newline at end of file
Index: typo3/sysext/install/mod/class.tx_install.php
===================================================================
--- typo3/sysext/install/mod/class.tx_install.php (revision 4715)
+++ typo3/sysext/install/mod/class.tx_install.php (working copy)
@@ -2087,8 +2087,9 @@
if ($this->mode!='123') {
$out.=$this->wrapInCells('Site name:', '');
$out.=$this->wrapInCells('', '
');
- $out.='';
- $out.=$this->wrapInCells('Encryption key:', '
');
+ $out.='';
+ $out.='';
+ $out.=$this->wrapInCells('Encryption key:', '
');
$out.=$this->wrapInCells('', '
');
// Other
Index: typo3/sysext/install/mod/install.js
===================================================================
--- typo3/sysext/install/mod/install.js (revision 0)
+++ typo3/sysext/install/mod/install.js (revision 0)
@@ -0,0 +1,49 @@
+/***************************************************************
+*
+* javascript functions to get the TYPO3 encryption key by an
+* AJAX call and fill the form with it.
+*
+* Copyright notice
+*
+* (c) 2009 Marcus Krause, Helmut Hummel
+* All rights reserved
+*
+* This script is part of the TYPO3 backend provided by
+* Kasper Skaarhoj together with TYPO3
+*
+* Released under GNU/GPL (see license file in /typo3/)
+*
+* This script is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+*
+* This copyright notice MUST APPEAR in all copies of this script
+*
+***************************************************************/
+
+
+/**
+ *
+ * @author Marcus Krause
+ */
+var EncryptionKey = {
+ thisScript: '../../index.php',
+ eID: 'tx_install_eid',
+
+ // loads the ecryption key by an AJAX call
+ load: function(obj) {
+ // fallback if AJAX is not possible (e.g. IE < 6)
+ if (typeof Ajax.getTransport() != 'object') {
+ window.location.href = this.thisScript + '?eID=' + this.eID;
+ return;
+ }
+
+ new Ajax.Request(this.thisScript, {
+ method: 'get',
+ parameters: '?eID=' + this.eID,
+ onComplete: function(xhr) {
+ document.getElementsByName('TYPO3_INSTALL[localconf.php][encryptionKey]').item(0).value=xhr.responseText;
+ }.bind(this),
+ });
+ },
+};
\ No newline at end of file
Index: typo3/sysext/install/mod/class.tx_install_eid.php
===================================================================
--- typo3/sysext/install/mod/class.tx_install_eid.php (revision 0)
+++ typo3/sysext/install/mod/class.tx_install_eid.php (revision 0)
@@ -0,0 +1,111 @@
+
+ */
+class tx_install_eid {
+
+
+ /**
+ * Keeps content to be printed.
+ *
+ * @var string
+ */
+ var $content;
+
+
+ /**
+ * Main function which creates the ecryption key for the install tools AJAX call
+ * It stores the key in $this->content
+ *
+ * @return void
+ */
+ function main() {
+ // Create output:
+ $this->content = $this->createEncryptionKey();
+ }
+
+ /**
+ * Outputs the content from $this->content
+ *
+ * @return void
+ */
+ function printContent() {
+ echo $this->content;
+ }
+
+ /**
+ * Returns a newly created TYPO3 encryption key with a given length.
+ *
+ * @param integer $keyLength desired key length
+ * @return string
+ */
+ function createEncryptionKey($keyLength = 96) {
+
+ $bytes = t3lib_div::generateRandomBytes($keyLength);
+ return substr(bin2hex($bytes), -96);
+ }
+}
+
+// Make instance:
+$SOBE = t3lib_div::makeInstance('tx_install_eid');
+$SOBE->main();
+$SOBE->printContent();
+
+if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/sysext/install/mod/class.tx_install_eid.php']) {
+ include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/sysext/install/mod/class.tx_install_eid.php']);
+}
+
+?>
\ No newline at end of file
Index: t3lib/class.t3lib_div.php
===================================================================
--- t3lib/class.t3lib_div.php (revision 4715)
+++ t3lib/class.t3lib_div.php (working copy)
@@ -1503,8 +1503,40 @@
return strtr((string)$str, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
}
+ /**
+ * Returns a string of highly randomized bytes (over the full 8-bit range).
+ *
+ * @copyright Drupal CMS
+ * @license GNU General Public License version 2
+ * @param integer Number of characters (bytes) to return
+ * @return string Random Bytes
+ */
+ public static function generateRandomBytes($count) {
+ $output = '';
+ // /dev/urandom is available on many *nix systems and is considered
+ // the best commonly available pseudo-random source.
+ if (TYPO3_OS != 'WIN' && ($fh = @fopen('/dev/urandom', 'rb'))) {
+ $output = fread($fh, $count);
+ fclose($fh);
+ }
+ // fallback if /dev/urandom is not available
+ if (!isset($output{$count - 1})) {
+ // We initialize with the somewhat random.
+ $randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']
+ . microtime() . getmypid();
+ while (!isset($output{$count - 1})) {
+ $randomState = md5(microtime() . mt_rand() . $randomState);
+ $output .= md5(mt_rand() . $randomState, true);
+ }
+ $output = substr($output, strlen($output) - $count, $count);
+ }
+ return $output;
+ }
+
+
+