Project

General

Profile

« Previous | Next » 

Revision 2140

Added by darkviper over 8 years ago

  1. class SecureTokens::addToken() fixed integer overflow problem on 32bit platforms

View differences:

branches/2.8.x/CHANGELOG
10 10 
# = Bugfix
11 11 
! = Update/Change
12 12 
===============================================================================
13 
13 Dec -2015 Build 2140 Manuela v.d.Decken(DarkViper)
14 
# class SecureTokens::addToken() fixed integer overflow problem on 32bit platforms
13 15 
10 Dec -2015 Build 2139 Manuela v.d.Decken(DarkViper)
14 16 
# class SecureTokens: ::buildFingerprint() fixed server identification an add protection of file SecureTokens.php
15 17 
05 Nov -2015 Build 2138 Manuela v.d.Decken(DarkViper)
branches/2.8.x/wb/admin/interface/version.php
51 51 

  		




  52
  52
  
    
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)


  		




  53
  53
  
    
if(!defined('VERSION')) define('VERSION', '2.8.4');


  		




  54
  
  
    
if(!defined('REVISION')) define('REVISION', '2139');


  		




  
  54
  
    
if(!defined('REVISION')) define('REVISION', '2140');


  		




  55
  55
  
    
if(!defined('SP')) define('SP', '');


  		












  

    
      branches/2.8.x/wb/framework/SecureTokens.php
    
  





  337
  337
  
    
 */


  		




  338
  338
  
    
    private function addToken($sTokenName, $sValue)


  		




  339
  339
  
    
    {


  		




  340
  
  
    
        $sTokenName = substr($sTokenName, 0, 16);


  		




  
  340
  
    
        // limit TokenName to 16 digits


  		




  
  341
  
    
        $sTokenName = substr(str_pad($sTokenName, 16, '0', STR_PAD_LEFT), -16);


  		




  
  342
  
    
        // make sure, first digit is a alpha char [a-f]


  		




  341
  343
  
    
        $sTokenName[0] = dechex(10 + (hexdec($sTokenName[0]) % 5));


  		




  
  344
  
    
        // loop as long the generated TokenName already exists in list


  		




  342
  345
  
    
        while (isset($this->aTokens[$sTokenName])) {


  		




  343
  
  
    
            $sTokenName = sprintf('%16x', hexdec($sTokenName)+1);


  		




  
  346
  
    
            // split TokenName into 4 words


  		




  
  347
  
    
            $aWords = str_split($sTokenName, 4);


  		




  
  348
  
    
            // get lowest word and increment it


  		




  
  349
  
    
            $iWord = hexdec($aWords[3]) + 1;


  		




  
  350
  
    
            // reformat integer into a 4 digit hex string


  		




  
  351
  
    
            $aWords[3] = sprintf('%04x', ($iWord > 0xffff ? 1 : $iWord));


  		




  
  352
  
    
            // rebuild the TokenName


  		




  
  353
  
    
            $sTokenName = implode('', $aWords);


  		




  344
  354
  
    
        }


  		




  
  355
  
    
        // store Token in list


  		




  345
  356
  
    
        $this->aTokens[$sTokenName] = array(


  		




  346
  357
  
    
            'value'    => $sValue,


  		




  347
  358
  
    
            'expire'   => $this->iExpireTime,


  		












Also available in:  Unified diff