From 2441849fa008cb9aa2f77cd695c8a6f79f72c6a8 Mon Sep 17 00:00:00 2001 From: ADmad Date: Sat, 16 Jan 2010 03:26:26 +0530 Subject: [PATCH] Replacing constant CIPHER_SEED with Configure class variable 'Security.cipher_seed' and renaming Security class method 'checkSessionKey' to 'checkSecurityKeys' --- app/config/core.php | 7 ++++++- cake/console/templates/default/views/home.ctp | 2 +- cake/console/templates/skel/config/core.php | 7 ++++++- cake/libs/controller/components/auth.php | 2 +- cake/libs/debugger.php | 8 ++++++-- cake/libs/security.php | 6 +----- cake/libs/view/pages/home.ctp | 2 +- cake/tests/test_app/views/pages/home.ctp | 2 +- 8 files changed, 23 insertions(+), 13 deletions(-) diff --git a/app/config/core.php b/app/config/core.php index 903c0205a..c127be2d1 100644 --- a/app/config/core.php +++ b/app/config/core.php @@ -74,7 +74,7 @@ * The value of the define determines the names of the routes * and their associated controller actions: * - * Set to an array of prefixes you want to use in your application. Use for + * Set to an array of prefixes you want to use in your application. Use for * admin or other prefixed routes. * * Routing.prefixes = array('admin', 'manager'); @@ -197,6 +197,11 @@ */ Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi'); +/** + * A random numeric string (digits only) used to encrypt/decrypt strings. + */ + Configure::write('Security.cipher_seed', '76859309657453542496749683645'); + /** * Apply timestamps with the last modified time to static assets (js, css, images). * Will append a querystring parameter containing the time the file was modified. This is diff --git a/cake/console/templates/default/views/home.ctp b/cake/console/templates/default/views/home.ctp index 0e478c4f1..eeaec4a24 100644 --- a/cake/console/templates/default/views/home.ctp +++ b/cake/console/templates/default/views/home.ctp @@ -3,7 +3,7 @@ $output = "

Sweet, \"" . Inflector::humanize($app) . "\" got Baked by CakePHP $output .=" 0): - Debugger::checkSessionKey(); + Debugger::checkSecurityKeys(); endif; ?>

diff --git a/cake/console/templates/skel/config/core.php b/cake/console/templates/skel/config/core.php index a8b506d14..15ec7aec3 100644 --- a/cake/console/templates/skel/config/core.php +++ b/cake/console/templates/skel/config/core.php @@ -85,7 +85,7 @@ /** * Uncomment the define below to use CakePHP prefix routes. * - * Set to an array of prefixes you want to use in your application. Use for + * Set to an array of prefixes you want to use in your application. Use for * admin or other prefixed routes. * * Routing.prefixes = array('admin', 'manager'); @@ -206,6 +206,11 @@ */ Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi'); +/** + * A random numeric string (digits only) used to encrypt/decrypt strings. + */ + Configure::write('Security.cipher_seed', '76859309657453542496749683645'); + /** * Compress CSS output by removing comments, whitespace, repeating tags, etc. * This requires a/var/cache directory to be writable by the web server for caching. diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php index b391b972b..bdbeb7146 100644 --- a/cake/libs/controller/components/auth.php +++ b/cake/libs/controller/components/auth.php @@ -278,7 +278,7 @@ class AuthComponent extends Object { $this->_set($settings); if (Configure::read() > 0) { App::import('Debugger'); - Debugger::checkSessionKey(); + Debugger::checkSecurityKeys(); } } diff --git a/cake/libs/debugger.php b/cake/libs/debugger.php index f7c04f013..ff01586cc 100644 --- a/cake/libs/debugger.php +++ b/cake/libs/debugger.php @@ -664,15 +664,19 @@ class Debugger extends Object { } /** - * Verifies that the application's salt value has been changed from the default value. + * Verifies that the application's salt and cipher seed value has been changed from the default value. * * @access public * @static */ - function checkSessionKey() { + function checkSecurityKeys() { if (Configure::read('Security.salt') == 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi') { trigger_error(__('Please change the value of \'Security.salt\' in app/config/core.php to a salt value specific to your application', true), E_USER_NOTICE); } + + if (Configure::read('Security.cipher_seed') == '76859309657453542496749683645') { + trigger_error(__('Please change the value of \'Security.cipher_seed\' in app/config/core.php to a numeric (digits only) seed value specific to your application', true), E_USER_NOTICE); + } } /** diff --git a/cake/libs/security.php b/cake/libs/security.php index b93f9934e..5bfc387bf 100644 --- a/cake/libs/security.php +++ b/cake/libs/security.php @@ -174,11 +174,7 @@ class Security extends Object { return ''; } - if (!defined('CIPHER_SEED')) { - //This is temporary will change later - define('CIPHER_SEED', '76859309657453542496749683645'); - } - srand(CIPHER_SEED); + srand(Configure::read('Security.cipher_seed')); $out = ''; for ($i = 0; $i < strlen($text); $i++) { diff --git a/cake/libs/view/pages/home.ctp b/cake/libs/view/pages/home.ctp index 37951f8c9..adb658685 100644 --- a/cake/libs/view/pages/home.ctp +++ b/cake/libs/view/pages/home.ctp @@ -25,7 +25,7 @@ endif; echo $this->Html->link(__('Read the changelog', true), 'http://code.cakephp.org/wiki/changelog/1_3_0-alpha'); if (Configure::read() > 0): - Debugger::checkSessionKey(); + Debugger::checkSecurityKeys(); endif; ?>

diff --git a/cake/tests/test_app/views/pages/home.ctp b/cake/tests/test_app/views/pages/home.ctp index b9b6f00ed..1d394b49f 100644 --- a/cake/tests/test_app/views/pages/home.ctp +++ b/cake/tests/test_app/views/pages/home.ctp @@ -2,7 +2,7 @@ 0): - Debugger::checkSessionKey(); + Debugger::checkSecurityKeys(); endif; ?>