move mcrypt code in-line (avoid one require); also add a constant for better protection
This commit is contained in:
Marc Delisle
@@ -8,19 +8,98 @@
|
|||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
if (! defined('PMA_COMING_FROM_COMMON')) {
|
||||||
* @todo replace by constant
|
|
||||||
* $coming_from_common can be set from outside with register_globals on
|
|
||||||
*/
|
|
||||||
if (!isset($coming_from_common)) {
|
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) {
|
if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) {
|
||||||
/**
|
/**
|
||||||
* Uses faster mcrypt library if available
|
* Uses faster mcrypt library if available
|
||||||
|
* (as this is not called from anywhere else, put the code in-line
|
||||||
|
* for faster execution)
|
||||||
*/
|
*/
|
||||||
require_once './libraries/mcrypt.lib.php';
|
|
||||||
|
/**
|
||||||
|
* Initialization
|
||||||
|
* Store the initialization vector because it will be needed for
|
||||||
|
* further decryption. I don't think necessary to have one iv
|
||||||
|
* per server so I don't put the server number in the cookie name.
|
||||||
|
*/
|
||||||
|
if (!isset($_COOKIE['pma_mcrypt_iv'])) {
|
||||||
|
srand((double) microtime() * 1000000);
|
||||||
|
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
|
||||||
|
PMA_setCookie('pma_mcrypt_iv', base64_encode($iv));
|
||||||
|
} else {
|
||||||
|
$iv = base64_decode($_COOKIE['pma_mcrypt_iv']);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* String padding
|
||||||
|
*
|
||||||
|
* @param string input string
|
||||||
|
* @param integer length of the result
|
||||||
|
* @param string the filling string
|
||||||
|
* @param integer padding mode
|
||||||
|
*
|
||||||
|
* @return string the padded string
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
function full_str_pad($input, $pad_length, $pad_string = '', $pad_type = 0) {
|
||||||
|
$str = '';
|
||||||
|
$length = $pad_length - strlen($input);
|
||||||
|
if ($length > 0) { // str_repeat doesn't like negatives
|
||||||
|
if ($pad_type == STR_PAD_RIGHT) { // STR_PAD_RIGHT == 1
|
||||||
|
$str = $input.str_repeat($pad_string, $length);
|
||||||
|
} elseif ($pad_type == STR_PAD_BOTH) { // STR_PAD_BOTH == 2
|
||||||
|
$str = str_repeat($pad_string, floor($length/2));
|
||||||
|
$str .= $input;
|
||||||
|
$str .= str_repeat($pad_string, ceil($length/2));
|
||||||
|
} else { // defaults to STR_PAD_LEFT == 0
|
||||||
|
$str = str_repeat($pad_string, $length).$input;
|
||||||
|
}
|
||||||
|
} else { // if $length is negative or zero we don't need to do anything
|
||||||
|
$str = $input;
|
||||||
|
}
|
||||||
|
return $str;
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* Encryption using blowfish algorithm (mcrypt)
|
||||||
|
*
|
||||||
|
* @param string original data
|
||||||
|
* @param string the secret
|
||||||
|
*
|
||||||
|
* @return string the encrypted result
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*
|
||||||
|
* @author lem9
|
||||||
|
*/
|
||||||
|
function PMA_blowfish_encrypt($data, $secret) {
|
||||||
|
global $iv;
|
||||||
|
// Seems we don't need the padding. Anyway if we need it,
|
||||||
|
// we would have to replace 8 by the next 8-byte boundary.
|
||||||
|
//$data = full_str_pad($data, 8, "\0", STR_PAD_RIGHT);
|
||||||
|
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Decryption using blowfish algorithm (mcrypt)
|
||||||
|
*
|
||||||
|
* @param string encrypted data
|
||||||
|
* @param string the secret
|
||||||
|
*
|
||||||
|
* @return string original data
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*
|
||||||
|
* @author lem9
|
||||||
|
*/
|
||||||
|
function PMA_blowfish_decrypt($encdata, $secret) {
|
||||||
|
global $iv;
|
||||||
|
return trim(mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, base64_decode($encdata), MCRYPT_MODE_CBC, $iv));
|
||||||
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
require_once './libraries/blowfish.php';
|
require_once './libraries/blowfish.php';
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -720,7 +720,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
|
|||||||
// and run authentication
|
// and run authentication
|
||||||
|
|
||||||
// (for a quick check of path disclosure in auth/cookies:)
|
// (for a quick check of path disclosure in auth/cookies:)
|
||||||
$coming_from_common = true;
|
define('PMA_COMING_FROM_COMMON', true);
|
||||||
|
|
||||||
// to allow HTTP or http
|
// to allow HTTP or http
|
||||||
$cfg['Server']['auth_type'] = strtolower($cfg['Server']['auth_type']);
|
$cfg['Server']['auth_type'] = strtolower($cfg['Server']['auth_type']);
|
||||||
|
|||||||
@@ -1,89 +0,0 @@
|
|||||||
<?php
|
|
||||||
/* vim: set expandtab sw=4 ts=4 sts=4: */
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @version $Id$
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Initialization
|
|
||||||
* Store the initialization vector because it will be needed for
|
|
||||||
* further decryption. I don't think necessary to have one iv
|
|
||||||
* per server so I don't put the server number in the cookie name.
|
|
||||||
*/
|
|
||||||
if (!isset($_COOKIE['pma_mcrypt_iv'])) {
|
|
||||||
srand((double) microtime() * 1000000);
|
|
||||||
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
|
|
||||||
PMA_setCookie('pma_mcrypt_iv', base64_encode($iv));
|
|
||||||
} else {
|
|
||||||
$iv = base64_decode($_COOKIE['pma_mcrypt_iv']);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* String padding
|
|
||||||
*
|
|
||||||
* @param string input string
|
|
||||||
* @param integer length of the result
|
|
||||||
* @param string the filling string
|
|
||||||
* @param integer padding mode
|
|
||||||
*
|
|
||||||
* @return string the padded string
|
|
||||||
*
|
|
||||||
* @access public
|
|
||||||
*/
|
|
||||||
function full_str_pad($input, $pad_length, $pad_string = '', $pad_type = 0) {
|
|
||||||
$str = '';
|
|
||||||
$length = $pad_length - strlen($input);
|
|
||||||
if ($length > 0) { // str_repeat doesn't like negatives
|
|
||||||
if ($pad_type == STR_PAD_RIGHT) { // STR_PAD_RIGHT == 1
|
|
||||||
$str = $input.str_repeat($pad_string, $length);
|
|
||||||
} elseif ($pad_type == STR_PAD_BOTH) { // STR_PAD_BOTH == 2
|
|
||||||
$str = str_repeat($pad_string, floor($length/2));
|
|
||||||
$str .= $input;
|
|
||||||
$str .= str_repeat($pad_string, ceil($length/2));
|
|
||||||
} else { // defaults to STR_PAD_LEFT == 0
|
|
||||||
$str = str_repeat($pad_string, $length).$input;
|
|
||||||
}
|
|
||||||
} else { // if $length is negative or zero we don't need to do anything
|
|
||||||
$str = $input;
|
|
||||||
}
|
|
||||||
return $str;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Encryption using blowfish algorithm (mcrypt)
|
|
||||||
*
|
|
||||||
* @param string original data
|
|
||||||
* @param string the secret
|
|
||||||
*
|
|
||||||
* @return string the encrypted result
|
|
||||||
*
|
|
||||||
* @access public
|
|
||||||
*
|
|
||||||
* @author lem9
|
|
||||||
*/
|
|
||||||
function PMA_blowfish_encrypt($data, $secret) {
|
|
||||||
global $iv;
|
|
||||||
// Seems we don't need the padding. Anyway if we need it,
|
|
||||||
// we would have to replace 8 by the next 8-byte boundary.
|
|
||||||
//$data = full_str_pad($data, 8, "\0", STR_PAD_RIGHT);
|
|
||||||
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Decryption using blowfish algorithm (mcrypt)
|
|
||||||
*
|
|
||||||
* @param string encrypted data
|
|
||||||
* @param string the secret
|
|
||||||
*
|
|
||||||
* @return string original data
|
|
||||||
*
|
|
||||||
* @access public
|
|
||||||
*
|
|
||||||
* @author lem9
|
|
||||||
*/
|
|
||||||
function PMA_blowfish_decrypt($encdata, $secret) {
|
|
||||||
global $iv;
|
|
||||||
return trim(mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, base64_decode($encdata), MCRYPT_MODE_CBC, $iv));
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
||||||
Reference in New Issue
Block a user