Changeset 159 for trunk/lib/Utilities.inc.php
- Timestamp:
- Jun 11, 2006 5:41:23 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Utilities.inc.php
r154 r159 595 595 * @access public 596 596 * @param string $val The string to sign. 597 * @param string $s eed_key(Optional) A text key to use for computing the signature.597 * @param string $salt (Optional) A text key to use for computing the signature. 598 598 * @return string The original value with a signature appended. 599 599 */ 600 function addSignature($val, $seed_key=null) 601 { 602 $app =& App::getInstance(); 603 604 if ('' == $val) { 605 $app->logMsg(sprintf('Adding signature to empty string.', null), LOG_NOTICE, __FILE__, __LINE__); 606 } 607 608 if (!isset($seed_key)) { 609 $seed_key = $app->getParam('signing_key'); 610 } 611 612 return $val . '-' . substr(md5($val . $seed_key), 0, 18); 600 function addSignature($val, $salt=null) 601 { 602 $app =& App::getInstance(); 603 604 if ('' == trim($val)) { 605 $app->logMsg(sprintf('Cannot add signature to an empty string.', null), LOG_DEBUG, __FILE__, __LINE__); 606 return ''; 607 } 608 609 if (!isset($salt)) { 610 $salt = $app->getParam('signing_key'); 611 } 612 613 return $val . '-' . substr(md5($salt . md5($val . $salt)), 0, 18); 613 614 } 614 615 … … 631 632 * @access public 632 633 * @param string $signed_val A value with appended signature. 633 * @param string $s eed_key(Optional) A text key to use for computing the signature.634 * @param string $salt (Optional) A text key to use for computing the signature. 634 635 * @return bool True if the signature matches the var. 635 636 */ 636 function verifySignature($signed_val, $s eed_key=null)637 function verifySignature($signed_val, $salt=null) 637 638 { 638 639 // Strip the value from the signed value. 639 640 $val = removeSignature($signed_val); 640 641 // If the signed value matches the original signed value we consider the value safe. 641 if ($signed_val == addSignature($val, $s eed_key)) {642 if ($signed_val == addSignature($val, $salt)) { 642 643 // Signature verified. 643 644 return true; … … 716 717 return false; 717 718 } 718 }719 720 /**721 * If the given $url is on the same web site, return true. This can be used to722 * prevent from sending sensitive info in a get query (like the SID) to another723 * domain.724 *725 * @param string $url the URI to test.726 * @return bool True if given $url is this domain or has no domain (is a relative url), false if it's another.727 */728 function isMyDomain($url)729 {730 static $urls = array();731 732 if (!isset($urls[$url])) {733 if (!preg_match('|\w{1,}\.\w{2,5}/|', $url)) {734 // If we can't find a domain we assume the URL is relative.735 $urls[$url] = true;736 } else {737 $urls[$url] = preg_match('/' . preg_quote(getenv('HTTP_HOST')) . '/', $url);738 }739 }740 return $urls[$url];741 }742 743 /**744 * Takes a URL and returns it without the query or anchor portion745 *746 * @param string $url any kind of URI747 * @return string the URI with ? or # and everything after removed748 */749 function stripQuery($url)750 {751 return preg_replace('![?#].*!', '', $url);752 719 } 753 720 … … 810 777 811 778 /** 779 * If the given $url is on the same web site, return true. This can be used to 780 * prevent from sending sensitive info in a get query (like the SID) to another 781 * domain. 782 * 783 * @param string $url the URI to test. 784 * @return bool True if given $url is our domain or has no domain (is a relative url), false if it's another. 785 */ 786 function isMyDomain($url) 787 { 788 static $urls = array(); 789 790 if (!isset($urls[$url])) { 791 if (!preg_match('|https?://[\w.]+/|', $url)) { 792 // If we can't find a domain we assume the URL is local (i.e. "/my/url/path/" or "../img/file.jpg"). 793 $urls[$url] = true; 794 } else { 795 $urls[$url] = preg_match('|https?://[\w.]*' . preg_quote(getenv('HTTP_HOST'), '|') . '|i', $url); 796 } 797 } 798 return $urls[$url]; 799 } 800 801 /** 802 * Takes a URL and returns it without the query or anchor portion 803 * 804 * @param string $url any kind of URI 805 * @return string the URI with ? or # and everything after removed 806 */ 807 function stripQuery($url) 808 { 809 return preg_replace('![?#].*!', '', $url); 810 } 811 812 /** 812 813 * Returns a fully qualified URL to the current script, including the query. 813 814 * … … 823 824 * Compares the current url with the referring url. 824 825 * 825 * @param string $compary_query Include the query string in the comparison. 826 * @return bool true if the current script (or specified valid_referer) 827 * is the referrer. false otherwise. 826 * @param bool $exclude_query Remove the query string first before comparing. 827 * @return bool True if the current URL is the same as the refering URL, false otherwise. 828 828 */ 829 829 function refererIsMe($exclude_query=false)
Note: See TracChangeset
for help on using the changeset viewer.