Permalink
Browse files

(Fixes issue 3101)

  • Loading branch information...
1 parent 0b863a9 commit acf6d62e978f506f8c506be12b47d71da1090ecb keyboard.idol@gmail.com committed Jan 22, 2012
Showing with 31 additions and 13 deletions.
  1. +1 −0 CHANGELOG
  2. +30 −13 framework/base/CSecurityManager.php
View
@@ -12,6 +12,7 @@ Version 1.1.10 work in progress
- Bug #3096: Fixed the bug when reporting an error and CHtml is not loaded (mdomba)
- Bug #3103: Fixed the bug that CActiveForm->error() was not overloading htmlOptions (mdomba)
- Enh #3063: Gii, when generating models, tableNames will be checked against reserved PHP keywords when '*' is used (mdomba)
+- Enh #3101: The methods of CSecurityManager do now work correctly for the case that mbstring.func_overload is in effect (Y!!)
- Enh #3112: Fixed the exception error display on ajax calls when YII_DEBUG is true (mdomba)
- Enh: Added CActiveForm::validateTabular() to simplify ajax validation for tabular input (mdomba)
- Chg: Upgraded JQuery UI to 1.8.17 (mdomba)
@@ -72,6 +72,13 @@ class CSecurityManager extends CApplicationComponent
private $_validationKey;
private $_encryptionKey;
+ private $_mbstring;
+
+ public function init()
+ {
+ parent::init();
+ $this->_mbstring=extension_loaded('mbstring');
+ }
/**
* @return string a randomly generated private key
@@ -179,7 +186,7 @@ public function setValidation($value)
public function encrypt($data,$key=null)
{
$module=$this->openCryptModule();
- $key=substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));
+ $key=$this->substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));
srand();
$iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND);
mcrypt_generic_init($module,$key,$iv);
@@ -199,11 +206,11 @@ public function encrypt($data,$key=null)
public function decrypt($data,$key=null)
{
$module=$this->openCryptModule();
- $key=substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));
+ $key=$this->substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));
$ivSize=mcrypt_enc_get_iv_size($module);
- $iv=substr($data,0,$ivSize);
+ $iv=$this->substr($data,0,$ivSize);
mcrypt_generic_init($module,$key,$iv);
- $decrypted=mdecrypt_generic($module,substr($data,$ivSize));
+ $decrypted=mdecrypt_generic($module,$this->substr($data,$ivSize,$this->strlen($data)));
mcrypt_generic_deinit($module);
mcrypt_module_close($module);
return rtrim($decrypted,"\0");
@@ -219,9 +226,9 @@ protected function openCryptModule()
if(extension_loaded('mcrypt'))
{
if(is_array($this->cryptAlgorithm))
- $module=call_user_func_array('mcrypt_module_open',$this->cryptAlgorithm);
+ $module=@call_user_func_array('mcrypt_module_open',$this->cryptAlgorithm);
else
- $module=mcrypt_module_open($this->cryptAlgorithm, '', MCRYPT_MODE_CBC, '');
+ $module=@mcrypt_module_open($this->cryptAlgorithm,'', MCRYPT_MODE_CBC,'');
if($module===false)
throw new CException(Yii::t('yii','Failed to initialize the mcrypt module.'));
@@ -253,11 +260,11 @@ public function hashData($data,$key=null)
*/
public function validateData($data,$key=null)
{
- $len=strlen($this->computeHMAC('test'));
- if(strlen($data)>=$len)
+ $len=$this->strlen($this->computeHMAC('test'));
+ if($this->strlen($data)>=$len)
{
- $hmac=substr($data,0,$len);
- $data2=substr($data,$len);
+ $hmac=$this->substr($data,0,$len);
+ $data2=$this->substr($data,$len,$this->strlen($data));
return $hmac===$this->computeHMAC($data2,$key)?$data2:false;
}
else
@@ -288,11 +295,21 @@ protected function computeHMAC($data,$key=null)
$pack='H32';
$func='md5';
}
- if(strlen($key) > 64)
+ if($this->strlen($key) > 64)
$key=pack($pack, $func($key));
- if(strlen($key) < 64)
+ if($this->strlen($key) < 64)
$key=str_pad($key, 64, chr(0));
- $key=substr($key,0,64);
+ $key=$this->substr($key,0,64);
return $func((str_repeat(chr(0x5C), 64) ^ $key) . pack($pack, $func((str_repeat(chr(0x36), 64) ^ $key) . $data)));
}
+
+ private function strlen($string)
+ {
+ return $this->_mbstring ? mb_strlen($string,'8bit') : strlen($string);
+ }
+
+ private function substr($string,$start,$length)
+ {
+ return $this->_mbstring ? mb_substr($string,$start,$length,'8bit') : substr($string,$start,$length);
+ }
}

0 comments on commit acf6d62

Please sign in to comment.