-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
67 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,7 +18,7 @@ | |
| * @package Xmf | ||
| * @author Richard Griffith <[email protected]> | ||
| * @copyright 2019-2020 XOOPS Project (https://xoops.org) | ||
| * @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html) | ||
| * @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html) | ||
| */ | ||
| class ProxyCheck | ||
| { | ||
|
|
@@ -108,10 +108,14 @@ protected function getProxyEnvConfig() | |
| */ | ||
| protected function getProxyHeader() | ||
| { | ||
| if (!isset($_SERVER[$this->proxyHeaderName]) || empty($_SERVER[$this->proxyHeaderName])) { | ||
| if (($this->proxyHeaderName === false) || (!isset($_SERVER[$this->proxyHeaderName])) || (empty($_SERVER[$this->proxyHeaderName]))) { | ||
| return false; | ||
| } | ||
| return $_SERVER[$this->proxyHeaderName]; | ||
| } | ||
|
|
||
| // Use PHP 5.3 compatible type casting | ||
| $proxyHeader = (string)$_SERVER[$this->proxyHeaderName]; | ||
|
|
||
| return $proxyHeader; | ||
| } | ||
|
|
||
| /** | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,7 +18,7 @@ | |
| * @package Xmf | ||
| * @author Richard Griffith <[email protected]> | ||
| * @copyright 2015-2018 XOOPS Project (https://xoops.org) | ||
| * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html) | ||
| * @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html) | ||
| * @link https://xoops.org | ||
| */ | ||
| class Random | ||
|
|
@@ -37,7 +37,29 @@ class Random | |
| */ | ||
| public static function generateOneTimeToken($hash = 'sha512', $bytes = 64) | ||
| { | ||
| $token = hash($hash, random_bytes($bytes)); | ||
| if (function_exists('random_bytes')) { | ||
| $randomData = random_bytes($bytes); | ||
| } elseif (function_exists('openssl_random_pseudo_bytes')) { | ||
| $crypto_strong = false; | ||
| $randomData = openssl_random_pseudo_bytes($bytes, $crypto_strong); | ||
|
|
||
| if ($randomData === false) { | ||
| throw new Exception("Could not generate secure random bytes."); | ||
| } | ||
|
|
||
| if (!$crypto_strong) { | ||
| throw new Exception("Non-cryptographically strong algorithm used for random bytes."); | ||
| } | ||
| } else { | ||
| $randomData = md5(uniqid(mt_rand(), true)); | ||
| } | ||
|
|
||
| if ($randomData === null) { | ||
| throw new Exception("Failed to generate random data."); | ||
| } | ||
|
|
||
| $token = hash($hash, $randomData); | ||
|
|
||
| return $token; | ||
| } | ||
|
|
||
|
|
@@ -55,7 +77,28 @@ public static function generateOneTimeToken($hash = 'sha512', $bytes = 64) | |
| */ | ||
| public static function generateKey($hash = 'sha512', $bytes = 128) | ||
| { | ||
| $token = hash($hash, random_bytes($bytes)); | ||
| if (function_exists('random_bytes')) { | ||
| $randomData = random_bytes($bytes); | ||
| } elseif (function_exists('openssl_random_pseudo_bytes')) { | ||
| $crypto_strong = false; | ||
| $randomData = openssl_random_pseudo_bytes($bytes, $crypto_strong); | ||
|
|
||
| if ($randomData === false) { | ||
| throw new Exception("Could not generate secure random bytes."); | ||
| } | ||
|
|
||
| if (!$crypto_strong) { | ||
| throw new Exception("Non-cryptographically strong algorithm used for random bytes."); | ||
| } | ||
| } else { | ||
| $randomData = md5(uniqid(mt_rand(), true)); | ||
| } | ||
|
|
||
| if ($randomData === null) { | ||
| throw new Exception("Failed to generate random data."); | ||
| } | ||
|
|
||
| $token = hash($hash, $randomData); | ||
| return $token; | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -24,7 +24,7 @@ | |
| * @author trabis <[email protected]> | ||
| * @author Joomla! | ||
| * @copyright 2011-2023 XOOPS Project (https://xoops.org) | ||
| * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html) | ||
| * @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html) | ||
| * @link https://xoops.org | ||
| */ | ||
| class Request | ||
|
|
@@ -339,6 +339,7 @@ public static function getIP($name, $default = '', $hash = 'default') | |
| */ | ||
| public static function getHeader($headerName, $default = '') | ||
| { | ||
| /** @var string[] $headers */ | ||
| static $headers = null; | ||
|
|
||
| if (null === $headers) { | ||
|
|
@@ -349,10 +350,10 @@ public static function getHeader($headerName, $default = '') | |
| $headers[strtolower($name)] = $value; | ||
| } | ||
| } else { | ||
| // From joyview - http://php.net/manual/en/function.getallheaders.php | ||
| // From joyview - https://php.net/manual/en/function.getallheaders.php | ||
| foreach ($_SERVER as $name => $value) { | ||
| if (substr($name, 0, 5) === 'HTTP_') { | ||
| $translatedName = str_replace(' ', '-', strtolower(str_replace('_', ' ', substr($name, 5)))); | ||
| $translatedName = (string)str_replace(' ', '-', strtolower(str_replace('_', ' ', substr($name, 5)))); | ||
| $headers[$translatedName] = $value; | ||
| } | ||
| } | ||
|
|
@@ -372,7 +373,7 @@ public static function getHeader($headerName, $default = '') | |
| * @param string $name variable to look for | ||
| * @param string $hash hash to check | ||
| * | ||
| * @return boolean True if hash has an element 'name', otherwise false | ||
| * @return bool True if hash has an element 'name', otherwise false | ||
| */ | ||
| public static function hasVar($name, $hash = 'default') | ||
| { | ||
|
|
@@ -392,10 +393,10 @@ public static function hasVar($name, $hash = 'default') | |
| /** | ||
| * Set a variable in one of the request variables | ||
| * | ||
| * @param string $name Name | ||
| * @param string $value Value | ||
| * @param string $hash Hash | ||
| * @param boolean $overwrite Boolean | ||
| * @param string $name Name | ||
| * @param string $value Value | ||
| * @param string $hash Hash | ||
| * @param bool $overwrite Boolean | ||
| * | ||
| * @return string Previous value | ||
| */ | ||
|
|
@@ -517,9 +518,9 @@ public static function get($hash = 'default', $mask = 0) | |
| /** | ||
| * Sets a request variable | ||
| * | ||
| * @param array $array An associative array of key-value pairs | ||
| * @param string $hash The request variable to set (POST, GET, FILES, METHOD) | ||
| * @param boolean $overwrite If true and an existing key is found, the value is overwritten, | ||
| * @param array $array An associative array of key-value pairs | ||
| * @param string $hash The request variable to set (POST, GET, FILES, METHOD) | ||
| * @param bool $overwrite If true and an existing key is found, the value is overwritten, | ||
| * otherwise it is ignored | ||
| * | ||
| * @return void | ||
|
|
@@ -576,7 +577,7 @@ protected static function cleanVar($var, $mask = 0, $type = null) | |
| if (null === $noHtmlFilter) { | ||
| $noHtmlFilter = FilterInput::getInstance(); | ||
| } | ||
| $var = $noHtmlFilter->clean($var, $type); | ||
| $var = $noHtmlFilter::clean($var, $type); | ||
| } | ||
| } | ||
|
|
||
|
|
||