Ignore:
Timestamp:
Jun 11, 2006 5:41:23 AM (18 years ago)
Author:
scdev
Message:

${1}

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/Utilities.inc.php

    r154 r159  
    595595 * @access  public
    596596 * @param   string  $val    The string to sign.
    597  * @param   string  $seed_key   (Optional) A text key to use for computing the signature.
     597 * @param   string  $salt   (Optional) A text key to use for computing the signature.
    598598 * @return  string  The original value with a signature appended.
    599599 */
    600 function addSignature($val, $seed_key=null)
    601 {
    602     $app =& App::getInstance();
    603    
    604     if ('' == $val) {
    605         $app->logMsg(sprintf('Adding signature to empty string.', null), LOG_NOTICE, __FILE__, __LINE__);
    606     }
    607 
    608     if (!isset($seed_key)) {
    609         $seed_key = $app->getParam('signing_key');
    610     }
    611 
    612     return $val . '-' . substr(md5($val . $seed_key), 0, 18);
     600function addSignature($val, $salt=null)
     601{
     602    $app =& App::getInstance();
     603   
     604    if ('' == trim($val)) {
     605        $app->logMsg(sprintf('Cannot add signature to an empty string.', null), LOG_DEBUG, __FILE__, __LINE__);
     606        return '';
     607    }
     608
     609    if (!isset($salt)) {
     610        $salt = $app->getParam('signing_key');
     611    }
     612
     613    return $val . '-' . substr(md5($salt . md5($val . $salt)), 0, 18);
    613614}
    614615
     
    631632 * @access  public
    632633 * @param   string  $signed_val A value with appended signature.
    633  * @param   string  $seed_key       (Optional) A text key to use for computing the signature.
     634 * @param   string  $salt       (Optional) A text key to use for computing the signature.
    634635 * @return  bool    True if the signature matches the var.
    635636 */
    636 function verifySignature($signed_val, $seed_key=null)
     637function verifySignature($signed_val, $salt=null)
    637638{
    638639    // Strip the value from the signed value.
    639640    $val = removeSignature($signed_val);
    640641    // If the signed value matches the original signed value we consider the value safe.
    641     if ($signed_val == addSignature($val, $seed_key)) {
     642    if ($signed_val == addSignature($val, $salt)) {
    642643        // Signature verified.
    643644        return true;
     
    716717        return false;
    717718    }
    718 }
    719 
    720 /**
    721  * If the given $url is on the same web site, return true. This can be used to
    722  * prevent from sending sensitive info in a get query (like the SID) to another
    723  * domain.
    724  *
    725  * @param  string $url    the URI to test.
    726  * @return bool True if given $url is this domain or has no domain (is a relative url), false if it's another.
    727  */
    728 function isMyDomain($url)
    729 {
    730     static $urls = array();
    731 
    732     if (!isset($urls[$url])) {
    733         if (!preg_match('|\w{1,}\.\w{2,5}/|', $url)) {
    734             // If we can't find a domain we assume the URL is relative.
    735             $urls[$url] = true;
    736         } else {
    737             $urls[$url] = preg_match('/' . preg_quote(getenv('HTTP_HOST')) . '/', $url);
    738         }
    739     }
    740     return $urls[$url];
    741 }
    742 
    743 /**
    744  * Takes a URL and returns it without the query or anchor portion
    745  *
    746  * @param  string $url   any kind of URI
    747  * @return string        the URI with ? or # and everything after removed
    748  */
    749 function stripQuery($url)
    750 {
    751     return preg_replace('![?#].*!', '', $url);
    752719}
    753720
     
    810777
    811778/**
     779 * If the given $url is on the same web site, return true. This can be used to
     780 * prevent from sending sensitive info in a get query (like the SID) to another
     781 * domain.
     782 *
     783 * @param  string $url    the URI to test.
     784 * @return bool True if given $url is our domain or has no domain (is a relative url), false if it's another.
     785 */
     786function isMyDomain($url)
     787{
     788    static $urls = array();
     789
     790    if (!isset($urls[$url])) {
     791        if (!preg_match('|https?://[\w.]+/|', $url)) {
     792            // If we can't find a domain we assume the URL is local (i.e. "/my/url/path/" or "../img/file.jpg").
     793            $urls[$url] = true;
     794        } else {
     795            $urls[$url] = preg_match('|https?://[\w.]*' . preg_quote(getenv('HTTP_HOST'), '|') . '|i', $url);
     796        }
     797    }
     798    return $urls[$url];
     799}
     800
     801/**
     802 * Takes a URL and returns it without the query or anchor portion
     803 *
     804 * @param  string $url   any kind of URI
     805 * @return string        the URI with ? or # and everything after removed
     806 */
     807function stripQuery($url)
     808{
     809    return preg_replace('![?#].*!', '', $url);
     810}
     811
     812/**
    812813 * Returns a fully qualified URL to the current script, including the query.
    813814 *
     
    823824 * Compares the current url with the referring url.
    824825 *
    825  * @param  string  $compary_query  Include the query string in the comparison.
    826  * @return bool    true if the current script (or specified valid_referer)
    827  *                 is the referrer. false otherwise.
     826 * @param  bool $exclude_query  Remove the query string first before comparing.
     827 * @return bool                 True if the current URL is the same as the refering URL, false otherwise.
    828828 */
    829829function refererIsMe($exclude_query=false)
Note: See TracChangeset for help on using the changeset viewer.