core/util/webfiles/functions.php @@ -12,7 +12,7 @@ else { if (SNAP_WI_CRYPT) { foreach ($file_list as $idx => $file) { - $file_list[$idx] = snap_blowfish_encrypt($file, SNAP_WI_CRYPT); + $file_list[$idx] = snap_encrypt($file, SNAP_WI_CRYPT); } } core/util/webfiles/getfiles.php @@ -5,22 +5,18 @@ $urls = array( 'css' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => 'css', )), 'css-ie6' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => 'css-ie6', )), 'css-ie7' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => 'css-ie7', )), 'js' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => 'js', )), @@ -62,11 +58,7 @@ $urls = array( <dt>Test Path:</dt> <dd><?php if (SNAP_WI_CRYPT) { - $crypt = snap_blowfish_encrypt(SNAP_WI_TEST_PATH, SNAP_WI_CRYPT); - $crypt = str_replace('_', '', $crypt); - $crypt = substr($crypt, -32); - echo $crypt; - echo " <strong>(File obfuscation is on)</strong>"; + echo "??? <strong>(Full path obfuscation is on)</strong>"; } else { echo SNAP_WI_TEST_PATH; core/util/webfiles/index.php @@ -223,7 +223,7 @@ YAHOO.SnapTest.DisplayManager = (function() { YAHOO.util.Dom.addClass(p, "file_name"); var fileDisplay = file; - fileDisplay = fileDisplay.substr(fileDisplay.length - 32, 32); + // fileDisplay = fileDisplay.substr(fileDisplay.length - 32, 32); var txt = document.createTextNode(fileDisplay); YAHOO.util.Dom.get(YAHOO.SnapTest.Constants.TEST_LIST).appendChild(li); core/util/webfiles/js/displaymanager.js @@ -17,7 +17,7 @@ $file_original = $options['file']; // decrypt if required if (SNAP_WI_CRYPT) { - $file = snap_blowfish_decrypt($file, SNAP_WI_CRYPT); + $file = snap_decrypt($file, SNAP_WI_CRYPT); } // ensure file path matches test path prefix core/util/webfiles/loadtests.php @@ -51,39 +51,33 @@ $content_types = array( $replacements = array( 'css' => array( '{IMG}' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => null, )), '../../../../assets/skins/sam/sprite.png' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => 'sam-assets.png', )), ), 'css-ie6' => array( '{IMG}' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => null, )), '../../../../assets/skins/sam/sprite.png' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => 'sam-assets.png', )), ), 'css-ie7' => array( '{IMG}' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => null, )), '../../../../assets/skins/sam/sprite.png' => Snap_Request::makeURL(array( - 'key' => SNAP_WI_KEY, 'mode' => 'resource', 'file' => 'sam-assets.png', )), core/util/webfiles/resource.php @@ -20,7 +20,7 @@ $klass = $options['klass']; // decrypt if required if (SNAP_WI_CRYPT) { - $file = snap_blowfish_decrypt($file, SNAP_WI_CRYPT); + $file = snap_decrypt($file, SNAP_WI_CRYPT); } // ensure file path matches test path prefix core/util/webfiles/runtest.php @@ -14,27 +14,17 @@ define('SNAP_WI_TEST_PATH', '/path/to/my/tests/'); // once more without weird script url hackery define('SNAP_WI_URL_PATH', 'http://www.example.com/path/to/snaptest_web.dist.php'); -// STEP 4: Set a key. You only need this if you are putting your -// tests on a publicly accessible server. This also offers very minimal -// protection. If you're actually going this far in the protecting bit, -// it is probably time to read up on .htaccess and possibly write your own -// web stub to do security. -// A blank string means no key will be used. -define('SNAP_WI_KEY', ''); - -// STEP 5: Obfuscation key. If you decided to set a key for STEP 4, then -// you may want a key for STEP 5. Setting a crypt key will obfuscate all -// path information in the web interface. Great if you want to show off your -// test results without exposing your path to the world. Is this wise? -// I suppose that'd be your call. -// A blank string means no obfuscation will be done. -define('SNAP_WI_CRYPT', ''); - -// STEP 6: set the matching path +// STEP 4: Obfuscation. If this is defined to TRUE then full path obfuscation +// will be on and the path informaton will be ommitted from the display side +// of everything. It is strongly encouraged to leave this on unless you are in +// a secure environment and don't mind your entire path being exposed. +define('SNAP_WI_CRYPT', TRUE); + +// STEP 5: set the matching path // Files matching this pattern will be testable define('SNAP_WI_TEST_MATCH', '^.*\.stest\.php$'); -// STEP 7: Relax, you're done. Bask in your awesomeness. +// STEP 6: Relax, you're done. Bask in your awesomeness. // Go to http://www.example.com/path/to/snaptest_web.dist.php // -------------------------------------------------------------------------- snaptest_web.dist.php @@ -18,18 +18,7 @@ $options = Snap_Request::getLongOptions(array( 'key' => '', )); -if (SNAP_WI_KEY) { - if ($options['key'] != SNAP_WI_KEY) { - echo "\n"; - echo "SnapTest Web Interface: Key Mismatch\n"; - exit; - } -} - -// include the blowfish library if they are crypting -if (SNAP_WI_CRYPT) { - require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'util' . DIRECTORY_SEPARATOR . 'blowfish' . DIRECTORY_SEPARATOR . 'blowfish.php'; -} +require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'util' . DIRECTORY_SEPARATOR . 'webfiles' . DIRECTORY_SEPARATOR . 'functions.php'; Snap_Request::setURLBase(SNAP_WI_URL_PATH); snaptest_webcore.php core/util/blowfish/blowfish.php core/util/blowfish/lib.php de550048bb3c5ef978be030f522b886af93725ba Jakob Heuser jakob@felocity.org http://github.com/Jakobo/snaptest/commit/c1353f7a9ae1adc9fc3cd15b6640868a3b76e2e6 c1353f7a9ae1adc9fc3cd15b6640868a3b76e2e6 2009-07-03T18:41:01-07:00 2009-07-03T18:41:01-07:00 changed from blowfish to just full path prefix removal. This is a much more intelligent solution to #16 21f5f201f548012d9339233eb334cf4cfe82f411 Jakob Heuser jakob@felocity.org