Permalink
Browse files

changed from blowfish to just full path prefix removal. This is a muc…

…h more intelligent solution to #16
  • Loading branch information...
Jakobo committed Jul 4, 2009
1 parent de55004 commit c1353f7a9ae1adc9fc3cd15b6640868a3b76e2e6
@@ -1,22 +0,0 @@
-<?php
-
-if (!function_exists('snap_blowfish_encrypt')) {
-
- require_once 'lib.php';
-
- function snap_blowfish_encrypt($string, $key) {
- return snap_blowfish_out(Blowfish::encrypt($string, $key));
- }
-
- function snap_blowfish_decrypt($string, $key) {
- return Blowfish::decrypt(snap_blowfish_in($string), $key);
- }
-
- function snap_blowfish_out($string) {
- return str_replace('%', '-', rawurlencode(base64_encode($string)));
- }
-
- function snap_blowfish_in($string) {
- return base64_decode(rawurldecode(str_replace('-', '%', $string)));
- }
-}
View

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,10 @@
+<?php
+
+function snap_encrypt($string, $key) {
+ $string = ($string != SNAP_WI_TEST_PATH) ? preg_replace('#'.SNAP_WI_TEST_PATH.'#', '', $string, 1) : '??? [HIDDEN]';
+ return $string;
+}
+
+function snap_decrypt($string, $key) {
+ return SNAP_WI_TEST_PATH . $string;
+}
@@ -12,7 +12,7 @@
if (SNAP_WI_CRYPT) {
foreach ($file_list as $idx => $file) {
- $file_list[$idx] = snap_blowfish_encrypt($file, SNAP_WI_CRYPT);
+ $file_list[$idx] = snap_encrypt($file, SNAP_WI_CRYPT);
}
}
@@ -5,22 +5,18 @@
$urls = array(
'css' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => 'css',
)),
'css-ie6' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => 'css-ie6',
)),
'css-ie7' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => 'css-ie7',
)),
'js' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => 'js',
)),
@@ -62,11 +58,7 @@
<dt>Test Path:</dt>
<dd><?php
if (SNAP_WI_CRYPT) {
- $crypt = snap_blowfish_encrypt(SNAP_WI_TEST_PATH, SNAP_WI_CRYPT);
- $crypt = str_replace('_', '', $crypt);
- $crypt = substr($crypt, -32);
- echo $crypt;
- echo " <strong>(File obfuscation is on)</strong>";
+ echo "??? <strong>(Full path obfuscation is on)</strong>";
}
else {
echo SNAP_WI_TEST_PATH;
@@ -223,7 +223,7 @@ YAHOO.SnapTest.DisplayManager = (function() {
YAHOO.util.Dom.addClass(p, "file_name");
var fileDisplay = file;
- fileDisplay = fileDisplay.substr(fileDisplay.length - 32, 32);
+ // fileDisplay = fileDisplay.substr(fileDisplay.length - 32, 32);
var txt = document.createTextNode(fileDisplay);
YAHOO.util.Dom.get(YAHOO.SnapTest.Constants.TEST_LIST).appendChild(li);
@@ -17,7 +17,7 @@
// decrypt if required
if (SNAP_WI_CRYPT) {
- $file = snap_blowfish_decrypt($file, SNAP_WI_CRYPT);
+ $file = snap_decrypt($file, SNAP_WI_CRYPT);
}
// ensure file path matches test path prefix
@@ -51,39 +51,33 @@
$replacements = array(
'css' => array(
'{IMG}' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => null,
)),
'../../../../assets/skins/sam/sprite.png' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => 'sam-assets.png',
)),
),
'css-ie6' => array(
'{IMG}' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => null,
)),
'../../../../assets/skins/sam/sprite.png' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => 'sam-assets.png',
)),
),
'css-ie7' => array(
'{IMG}' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => null,
)),
'../../../../assets/skins/sam/sprite.png' => Snap_Request::makeURL(array(
- 'key' => SNAP_WI_KEY,
'mode' => 'resource',
'file' => 'sam-assets.png',
)),
@@ -20,7 +20,7 @@
// decrypt if required
if (SNAP_WI_CRYPT) {
- $file = snap_blowfish_decrypt($file, SNAP_WI_CRYPT);
+ $file = snap_decrypt($file, SNAP_WI_CRYPT);
}
// ensure file path matches test path prefix
View
@@ -14,27 +14,17 @@
// once more without weird script url hackery
define('SNAP_WI_URL_PATH', 'http://www.example.com/path/to/snaptest_web.dist.php');
-// STEP 4: Set a key. You only need this if you are putting your
-// tests on a publicly accessible server. This also offers very minimal
-// protection. If you're actually going this far in the protecting bit,
-// it is probably time to read up on .htaccess and possibly write your own
-// web stub to do security.
-// A blank string means no key will be used.
-define('SNAP_WI_KEY', '');
-
-// STEP 5: Obfuscation key. If you decided to set a key for STEP 4, then
-// you may want a key for STEP 5. Setting a crypt key will obfuscate all
-// path information in the web interface. Great if you want to show off your
-// test results without exposing your path to the world. Is this wise?
-// I suppose that'd be your call.
-// A blank string means no obfuscation will be done.
-define('SNAP_WI_CRYPT', '');
-
-// STEP 6: set the matching path
+// STEP 4: Obfuscation. If this is defined to TRUE then full path obfuscation
+// will be on and the path informaton will be ommitted from the display side
+// of everything. It is strongly encouraged to leave this on unless you are in
+// a secure environment and don't mind your entire path being exposed.
+define('SNAP_WI_CRYPT', TRUE);
+
+// STEP 5: set the matching path
// Files matching this pattern will be testable
define('SNAP_WI_TEST_MATCH', '^.*\.stest\.php$');
-// STEP 7: Relax, you're done. Bask in your awesomeness.
+// STEP 6: Relax, you're done. Bask in your awesomeness.
// Go to http://www.example.com/path/to/snaptest_web.dist.php
// --------------------------------------------------------------------------
View
@@ -18,18 +18,7 @@
'key' => '',
));
-if (SNAP_WI_KEY) {
- if ($options['key'] != SNAP_WI_KEY) {
- echo "\n";
- echo "SnapTest Web Interface: Key Mismatch\n";
- exit;
- }
-}
-
-// include the blowfish library if they are crypting
-if (SNAP_WI_CRYPT) {
- require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'util' . DIRECTORY_SEPARATOR . 'blowfish' . DIRECTORY_SEPARATOR . 'blowfish.php';
-}
+require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'util' . DIRECTORY_SEPARATOR . 'webfiles' . DIRECTORY_SEPARATOR . 'functions.php';
Snap_Request::setURLBase(SNAP_WI_URL_PATH);

0 comments on commit c1353f7

Please sign in to comment.