Replacing constant CIPHER_SEED with Configure class variable 'Security.cipher_seed' and renaming Security class method 'checkSessionKey' to 'checkSecurityKeys'

2024-11-15 03:18:26 +00:00 · 2010-01-16 03:26:26 +05:30 · 2010-01-16 03:26:26 +05:30 · 2441849fa0
commit 2441849fa0
parent 813a7779e0
8 changed files with 23 additions and 13 deletions
--- a/app/config/core.php
+++ b/app/config/core.php
@ -197,6 +197,11 @@
 */
 	Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');

+/**
+ * A random numeric string (digits only) used to encrypt/decrypt strings.
+ */
+	Configure::write('Security.cipher_seed', '76859309657453542496749683645');
+
 /**
 * Apply timestamps with the last modified time to static assets (js, css, images).
 * Will append a querystring parameter containing the time the file was modified. This is
--- a/cake/console/templates/default/views/home.ctp
+++ b/cake/console/templates/default/views/home.ctp
@ -3,7 +3,7 @@ $output = "<h2>Sweet, \"" . Inflector::humanize($app) . "\" got Baked by CakePHP
 $output .="
 <?php
 if (Configure::read() > 0):
-	Debugger::checkSessionKey();
+	Debugger::checkSecurityKeys();
 endif;
 ?>
 <p>
--- a/cake/console/templates/skel/config/core.php
+++ b/cake/console/templates/skel/config/core.php
@ -206,6 +206,11 @@
 */
 	Configure::write('Security.salt', 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi');

+/**
+ * A random numeric string (digits only) used to encrypt/decrypt strings.
+ */
+	Configure::write('Security.cipher_seed', '76859309657453542496749683645');
+
 /**
 * Compress CSS output by removing comments, whitespace, repeating tags, etc.
 * This requires a/var/cache directory to be writable by the web server for caching.
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@ -278,7 +278,7 @@ class AuthComponent extends Object {
 		$this->_set($settings);
 		if (Configure::read() > 0) {
 			App::import('Debugger');
-			Debugger::checkSessionKey();
+			Debugger::checkSecurityKeys();
 		}
 	}

--- a/cake/libs/debugger.php
+++ b/cake/libs/debugger.php
@ -664,15 +664,19 @@ class Debugger extends Object {
 	}

 /**
- * Verifies that the application's salt value has been changed from the default value.
+ * Verifies that the application's salt and cipher seed value has been changed from the default value.
 *
 * @access public
 * @static
 */
-	function checkSessionKey() {
+	function checkSecurityKeys() {
 		if (Configure::read('Security.salt') == 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi') {
 			trigger_error(__('Please change the value of \'Security.salt\' in app/config/core.php to a salt value specific to your application', true), E_USER_NOTICE);
 		}
+
+		if (Configure::read('Security.cipher_seed') == '76859309657453542496749683645') {
+			trigger_error(__('Please change the value of \'Security.cipher_seed\' in app/config/core.php to a numeric (digits only) seed value specific to your application', true), E_USER_NOTICE);
+		}
 	}

 /**
--- a/cake/libs/security.php
+++ b/cake/libs/security.php
@ -174,11 +174,7 @@ class Security extends Object {
 			return '';
 		}

-		if (!defined('CIPHER_SEED')) {
-			//This is temporary will change later
-			define('CIPHER_SEED', '76859309657453542496749683645');
-		}
-		srand(CIPHER_SEED);
+		srand(Configure::read('Security.cipher_seed'));
 		$out = '';

 		for ($i = 0; $i < strlen($text); $i++) {
--- a/cake/libs/view/pages/home.ctp
+++ b/cake/libs/view/pages/home.ctp
@ -25,7 +25,7 @@ endif;
 echo $this->Html->link(__('Read the changelog', true), 'http://code.cakephp.org/wiki/changelog/1_3_0-alpha');

 if (Configure::read() > 0):
-	Debugger::checkSessionKey();
+	Debugger::checkSecurityKeys();
 endif;
 ?>
 <p>
--- a/cake/tests/test_app/views/pages/home.ctp
+++ b/cake/tests/test_app/views/pages/home.ctp
@ -2,7 +2,7 @@

 <?php
 if (Configure::read() > 0):
-	Debugger::checkSessionKey();
+	Debugger::checkSecurityKeys();
 endif;
 ?>
 <p>