vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jftho...@apache.org
Subject svn commit: r1797999 - in /vcl/trunk/web/.ht-inc: addomain.php siteconfig.php utils.php vm.php
Date Wed, 07 Jun 2017 20:52:50 GMT
Author: jfthomps
Date: Wed Jun  7 20:52:50 2017
New Revision: 1797999

URL: http://svn.apache.org/viewvc?rev=1797999&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries

addomain.php: modified AJsaveResource: added check for getCryptKeyID returning NULL

siteconfig.php: removed TODO comment

utils.php:
-modified checkCryptkey: updated comments
-modified prettyLength: (unrelated to this JIRA) cast $minutes / 60 to int

vm.php: modified AJupdateVMprofileItem: added check for getCryptKeyID returning NULL

Modified:
    vcl/trunk/web/.ht-inc/addomain.php
    vcl/trunk/web/.ht-inc/siteconfig.php
    vcl/trunk/web/.ht-inc/utils.php
    vcl/trunk/web/.ht-inc/vm.php

Modified: vcl/trunk/web/.ht-inc/addomain.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1797999&r1=1797998&r2=1797999&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Wed Jun  7 20:52:50 2017
@@ -188,6 +188,11 @@ class ADdomain extends Resource {
 				$oldsecretid = $olddata['secretid'];
 				# check that we have a cryptsecret entry for this secret
 				$cryptkeyid = getCryptKeyID();
+				if($cryptkeyid == NULL) {
+					$ret = array('status' => 'error', 'msg' => "Error encountered while updating password");
+					sendJSON($ret);
+					return;
+				}
 				$query = "SELECT cryptsecret "
 				       . "FROM cryptsecret "
 				       . "WHERE cryptkeyid = $cryptkeyid AND "

Modified: vcl/trunk/web/.ht-inc/siteconfig.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/siteconfig.php?rev=1797999&r1=1797998&r2=1797999&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/siteconfig.php (original)
+++ vcl/trunk/web/.ht-inc/siteconfig.php Wed Jun  7 20:52:50 2017
@@ -1138,7 +1138,7 @@ class AffilTextVariable {
 				continue;
 			$id = "{$this->domidbase}_$affilid";
 			$newval = processInputVar($id, ARG_STRING);
-			if($newval !== NULL || # TODO test further
+			if($newval !== NULL ||
 	   		! $this->allowempty ||
 				($affilid == $this->globalid && ! $this->allowglobalempty)) {
 				if(! $this->validateValue($newval)) {

Modified: vcl/trunk/web/.ht-inc/utils.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/utils.php?rev=1797999&r1=1797998&r2=1797999&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/utils.php (original)
+++ vcl/trunk/web/.ht-inc/utils.php Wed Jun  7 20:52:50 2017
@@ -646,10 +646,11 @@ function checkCryptkey() {
 			return;
 	}
 
-	# no id file or no matching entry in cryptkey, create new key
+	// if no id file and cannot write to cryptkey directory, return
 	if(! is_writable($filebase))
 		return;
 
+	# no id file or no matching entry in cryptkey, create new key
 	$keyfile = "$filebase/private.pem";
 
 	$_algorithm = constant("OPENSSL_KEYTYPE_" . ASYMALGO);
@@ -10023,7 +10024,7 @@ function prettyLength($minutes) {
 	elseif($minutes == 60)
 		return i("1 hour");
 	elseif($minutes % 60 == 0)
-		return $minutes / 60 . " " . i("hours");
+		return (int)($minutes / 60) . " " . i("hours");
 	else {
 		$hours = (int)($minutes / 60);
 		$min = (int)($minutes % 60);

Modified: vcl/trunk/web/.ht-inc/vm.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/vm.php?rev=1797999&r1=1797998&r2=1797999&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/vm.php (original)
+++ vcl/trunk/web/.ht-inc/vm.php Wed Jun  7 20:52:50 2017
@@ -868,6 +868,11 @@ function AJupdateVMprofileItem() {
 			$secretid = getSecretKeyID('vmprofile', 'secretid', $profileid);
 			# check that we have a cryptsecret entry for this secret
 			$cryptkeyid = getCryptKeyID();
+			if($cryptkeyid === NULL) {
+				print "dojo.byId('savestatus').innerHTML = '';";
+				print "alert('Error saving password');";
+				return;
+			}
 			$query = "SELECT cryptsecret "
 			       . "FROM cryptsecret "
 			       . "WHERE cryptkeyid = $cryptkeyid AND "



Mime
View raw message