Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix deleteExpiredPubliclet() function
Update legacy links for php5.6 to pad the $id (used as key for mcrypt_decrypt) with 0. List shares for each workspace to make sure they are updated.
  • Loading branch information
cdujeu committed Feb 6, 2015
1 parent 83ca68d commit e49304c
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 7 deletions.
26 changes: 22 additions & 4 deletions core/src/plugins/action.share/class.ShareCenter.php
Expand Up @@ -1118,12 +1118,30 @@ private function deleteExpiredPubliclet($elementId, $data){
if(!is_a($repoObject, "Repository")) {
$repoObject = ConfService::getRepositoryById($data["REPOSITORY"]);
}
$repoLoaded = false;

ConfService::loadDriverForRepository($repoObject)->detectStreamWrapper(true);
AJXP_Controller::registryReset();
$ajxpNode = new AJXP_Node("ajxp.".$repoObject->getAccessType()."://".$repoObject->getId().$data["FILE_PATH"]);
if(!empty($repoObject)){
try{
ConfService::loadDriverForRepository($repoObject)->detectStreamWrapper(true);
$repoLoaded = true;
}catch (Exception $e){
// Cannot load this repository anymore.
}
}
if($repoLoaded){
AJXP_Controller::registryReset();
$ajxpNode = new AJXP_Node("ajxp.".$repoObject->getAccessType()."://".$repoObject->getId().$data["FILE_PATH"]);
}
$this->getShareStore()->deleteShare("file", $elementId);
$this->removeShareFromMeta($ajxpNode, $elementId);
if(isSet($ajxpNode)){
try{
$this->removeShareFromMeta($ajxpNode, $elementId);
}catch (Exception $e){

}
gc_collect_cycles();
}

}

/**
Expand Down
13 changes: 10 additions & 3 deletions core/src/plugins/action.share/class.ShareStore.php
Expand Up @@ -99,13 +99,13 @@ public function storeShare($parentRepositoryId, $shareData, $type="minisite", $e
$loader = 'ShareCenter::loadPubliclet($data);';
}

$outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $data, MCRYPT_MODE_ECB));
$outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, str_pad($hash, 16, "\0"), $data, MCRYPT_MODE_ECB));
$fileData = "<"."?"."php \n".
' require_once("'.str_replace("\\", "/", AJXP_INSTALL_PATH).'/publicLet.inc.php"); '."\n".
' $id = str_replace(".php", "", basename(__FILE__)); '."\n". // Not using "" as php would replace $ inside
' $cypheredData = base64_decode("'.$outputData.'"); '."\n".
' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB), "\0"); '."\n".
' if (!ShareCenter::checkHash($inputData, $id)) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } '."\n".
' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, str_pad($id, 16, "\0"), $cypheredData, MCRYPT_MODE_ECB), "\0"); '."\n".
' // if (!ShareCenter::checkHash($inputData, $id)) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } '."\n".
' // Ok extract the data '."\n".
' $data = unserialize($inputData); '.$loader;
if (@file_put_contents($this->downloadFolder."/".$hash.".php", $fileData) === FALSE) {
Expand All @@ -125,6 +125,7 @@ public function loadShare($hash){
$this->confStorage->simpleStoreGet("share", $hash, "serial", $data);
if(!empty($data)){
$data["DOWNLOAD_COUNT"] = PublicletCounter::getCount($hash);
$data["SECURITY_MODIFIED"] = false;
return $data;
}
}
Expand All @@ -134,6 +135,12 @@ public function loadShare($hash){
$inputData = '';
// Necessary for the eval
$id = $hash;
// UPDATE LINK FOR PHP5.6
if(trim($lines[4]) == '$inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB), "\0");' && is_writable($file)){
// Upgrade line
$lines[4] = ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, str_pad($id, 16, "\0"), $cypheredData, MCRYPT_MODE_ECB), "\0");'."\n";
$res = file_put_contents($file, implode('', $lines));
}
$code = $lines[3] . $lines[4] . $lines[5];
eval($code);
if(empty($inputData)) return false;
Expand Down

0 comments on commit e49304c

Please sign in to comment.