[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: email/inc class.bopreferences.inc.php,1.18,1.19
|
From: |
Angelo Tony Puglisi <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: email/inc class.bopreferences.inc.php,1.18,1.19 class.mail_msg_base.inc.php,1.69,1.70 |
|
Date: |
Thu, 24 Jan 2002 17:58:09 -0500 |
Update of /cvsroot/phpgroupware/email/inc
In directory subversions:/tmp/cvs-serv29540/email/inc
Modified Files:
class.bopreferences.inc.php class.mail_msg_base.inc.php
Log Message:
add back so-called database de-fanging to custom email passwords, apparently
still an issue at the database level, last-in, first-out handling preserves
integrity, also make sure default shows up in account combobox even when no
extra accounts exist
Index: class.bopreferences.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/email/inc/class.bopreferences.inc.php,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -r1.18 -r1.19
*** class.bopreferences.inc.php 23 Jan 2002 21:18:29 -0000 1.18
--- class.bopreferences.inc.php 24 Jan 2002 22:58:07 -0000 1.19
***************
*** 328,332 ****
'write_props' => '',
'lang_blurb' => lang('Email Account Name'),
- // 'init_default' =>
'function,$this->sub_default_userid($account_id);',
'init_default' =>
'function,sub_default_userid',
'values' => array()
--- 328,331 ----
***************
*** 338,341 ****
--- 337,341 ----
'widget' => 'passwordbox',
'accts_usage' => 'default, extra_accounts',
+ //'write_props' => 'password, hidden,
encrypted, empty_no_delete, no_db_defang',
'write_props' => 'password, hidden,
encrypted, empty_no_delete',
'lang_blurb' => lang('Email Password'),
***************
*** 671,676 ****
|| (trim($this->args[$this_pref['id']]) == ''))
{
! // nothing submitted for this
preference item
! // OR an empty string was submitted for
this pref item
if ($this->debug_set_prefs > 1) { echo
'email: bopreferences: process_submitted_prefs: submitted_pref for
["'.$this_pref['id'].'"] not set or empty string<br>'; }
if (stristr($this_pref['write_props'],
'empty_no_delete'))
--- 671,678 ----
|| (trim($this->args[$this_pref['id']]) == ''))
{
! // ---- nothing submitted for this
preference item ----
! // ---- OR an empty string was
submitted for this pref item ----
!
! // so how do we handle this, for this
pref...
if ($this->debug_set_prefs > 1) { echo
'email: bopreferences: process_submitted_prefs: submitted_pref for
["'.$this_pref['id'].'"] not set or empty string<br>'; }
if (stristr($this_pref['write_props'],
'empty_no_delete'))
***************
*** 705,708 ****
--- 707,712 ----
{
// --- we have real data submitted for
this preference item ---
+
+ // so how do we handle this, for this
pref...
$submitted_pref =
$this->args[$this_pref['id']];
// init a var to hold the processed
submitted_pref
***************
*** 728,735 ****
{
// certain data
(passwords) should be encrypted before going into the repository
! // "user_string"s to be
"encrypted" do NOT get "html_quotes_encode"
// before going into
the encryption routine
$processed_pref =
$GLOBALS['phpgw']->msg->stripslashes_gpc($submitted_pref);
$processed_pref =
$GLOBALS['phpgw']->msg->encrypt_email_passwd($processed_pref);
}
else
--- 732,750 ----
{
// certain data
(passwords) should be encrypted before going into the repository
! // "user_string"s to be
"encrypted" do NOT get "db_defanged"
// before going into
the encryption routine
+ // UPDATE: password
STILL required "database defanging" because
+ // as of Jan 24 2002,
it is verified that un-defanged passwords *may* destroy
+ // all user prefs
because they may have the database unfriendly chars that
+ // "de-fanging"
encodes, i.e. this is STILL an issue at the database level
$processed_pref =
$GLOBALS['phpgw']->msg->stripslashes_gpc($submitted_pref);
+ // we SHOULD feed the
password as UNALTERED as possible into the encryption
+ // after that, we may
manipulate it for database "friendliness"
$processed_pref =
$GLOBALS['phpgw']->msg->encrypt_email_passwd($processed_pref);
+ // the last thing you
do before saving to the DB is "de-fang"
+ $processed_pref =
$GLOBALS['phpgw']->msg->html_quotes_encode($processed_pref);
+ // so the FIRST thing
you do when reading from the db MUST be to "UN-defang"
+ // note this IS INDEED
what happens in api/class,preferences,
+ // unless
"no_db_defang" is specified, any "user_string" will be defanged
}
else
Index: class.mail_msg_base.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/email/inc/class.mail_msg_base.inc.php,v
retrieving revision 1.69
retrieving revision 1.70
diff -C2 -r1.69 -r1.70
*** class.mail_msg_base.inc.php 24 Jan 2002 14:51:33 -0000 1.69
--- class.mail_msg_base.inc.php 24 Jan 2002 22:58:07 -0000 1.70
***************
*** 708,711 ****
--- 708,721 ----
if ($this->debug_logins > 1) { echo 'mail_msg:
begin_request: $this->unprocessed_prefs[email][ex_accounts] NOT set or NOT
is_array, $this->ex_accounts_count: ['.$this->ex_accounts_count.']<br>';}
}
+ // if NO extra accounts axist, we STILL need to put the default
account inextra_and_default_acounts
+ // extra_and_default_acounts will not have been handled
whatsoever if no extra accounts exist
+ // so make sure the default account is there
+ if (count($this->extra_and_default_acounts) == 0)
+ {
+ $this->extra_and_default_acounts = array();
+ // first put in the default account
+ $this->extra_and_default_acounts[0]['acctnum'] = 0;
+ $this->extra_and_default_acounts[0]['status'] =
'enabled';
+ }
// -end- extra account init handling
***************
*** 796,803 ****
// DO NOT alter the password and do NOT put
that altered password BACK into the preferences array
// keep the one in GLOBALS in encrypted form if
possible ????
! //$this->a[$this->acctnum]['prefs']['passwd'] =
$this->decrypt_email_passwd($this->a[$this->acctnum]['prefs']['passwd']);
! $pass =
$this->decrypt_email_passwd($this->get_pref_value('passwd'));
! //$this->set_pref_value('passwd', $pass);
! if ($this->debug_logins > 1) { echo 'mail_msg:
begin_request: pass decoded from prefs:
'.htmlspecialchars(serialize($this->get_pref_value('passwd'))).'<br>'; }
}
// ---- ISSET CHECK for userid and passwd to avoid
garbage logins ----
--- 806,817 ----
// DO NOT alter the password and do NOT put
that altered password BACK into the preferences array
// keep the one in GLOBALS in encrypted form if
possible ????
! $pass = $this->get_pref_value('passwd');
! if ($this->debug_logins > 1) { echo 'mail_msg:
begin_request: pass from prefs: already defanged for us, but still encrypted
<pre>'.$pass.'</pre><br>'."\r\n"; }
! // IMPORTANT: (this note on "defanging" still
valid as of Jan 24, 2002
! // the last thing you do before saving to the
DB is "de-fang"
! // so the FIRST thing class prefs does when
reading from the db MUST be to "UN-defang", and that IS what happens there
! // so by now phpgwapi/class.preferences has
ALREADY done the "de-fanging"
! $pass = $this->decrypt_email_passwd($pass);
! if ($this->debug_logins > 1) { echo 'mail_msg:
begin_request: pass from prefs: decrypted: <pre>'.$pass.'</pre><br>'."\r\n"; }
}
// ---- ISSET CHECK for userid and passwd to avoid
garbage logins ----
***************
*** 808,813 ****
{
$user = $this->get_pref_value('userid');
- // we set pass up above, we no longer alter the
pass and put it back intoi the prefs array
- //$pass = $this->get_pref_value('passwd');
}
else
--- 822,825 ----
***************
*** 1049,1054 ****
else
{
! $pass =
$this->decrypt_email_passwd($this->get_pref_value('passwd', $acctnum));
! if ($this->debug_logins > 1) { echo 'mail_msg:
ensure_stream_and_folder: pass decoded from prefs:
'.htmlspecialchars(serialize($this->get_pref_value('passwd'))).'<br>'; }
}
if ( $this->get_isset_pref('userid', $acctnum)
--- 1061,1068 ----
else
{
! $pass = $this->get_pref_value('passwd',
$acctnum);
! if ($this->debug_logins > 1) { echo 'mail_msg:
ensure_stream_and_folder: pass from prefs: already "defanged" for us, but still
ancrypted '.htmlspecialchars(serialize($pass)).'<br>'; }
! $pass = $this->decrypt_email_passwd($pass);
! if ($this->debug_logins > 1) { echo 'mail_msg:
ensure_stream_and_folder: pass from prefs: decrypted:
'.htmlspecialchars(serialize($pass)).'<br>'; }
}
if ( $this->get_isset_pref('userid', $acctnum)
***************
*** 3115,3118 ****
--- 3129,3136 ----
// == "poor-man's" database compatibility ==
+ function db_defang_encode($str)
+ {
+ return $this->html_quotes_encode($str);
+ }
function html_quotes_encode($str)
{
***************
*** 3133,3136 ****
--- 3151,3158 ----
// == "poor-man's" database compatibility ==
+ function db_defang_decode($str)
+ {
+ return $this->html_quotes_decode($str);
+ }
function html_quotes_decode($str)
{
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: email/inc class.bopreferences.inc.php,1.18,1.19 class.mail_msg_base.inc.php,1.69,1.70,
Angelo Tony Puglisi <address@hidden> <=
- Prev by Date:
[Phpgroupware-cvs] CVS: stocks/setup tables_baseline.inc.php,1.3,1.4 tables_update.inc.php,1.1,1.2
- Next by Date:
[Phpgroupware-cvs] CVS: stocks/inc class.bo.inc.php,1.6,1.7 class.ui.inc.php,1.7,1.8
- Previous by thread:
[Phpgroupware-cvs] CVS: stocks/setup tables_baseline.inc.php,1.3,1.4 tables_update.inc.php,1.1,1.2
- Next by thread:
[Phpgroupware-cvs] CVS: stocks/inc class.bo.inc.php,1.6,1.7 class.ui.inc.php,1.7,1.8
- Index(es):