Fixed bug #10154: Weak encryption key generation vulnerability in sysext install...
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / mod / class.tx_install.php
index dba4887..5fa613b 100755 (executable)
@@ -2088,8 +2088,9 @@ From sub-directory:
                                if ($this->mode!='123') {
                                        $out.=$this->wrapInCells('Site name:', '<input type="text" name="TYPO3_INSTALL[localconf.php][sitename]" value="'.htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']).'">');
                                        $out.=$this->wrapInCells('', '<br />');
-                                       $out.='<script type="text/javascript" src="../md5.js"></script><script type="text/javascript">function generateEncryptionKey(key) {time=new Date(); key=MD5(time.getMilliseconds().toString());while(key.length<66){key=key+MD5(key)};return key;}</script>';
-                                       $out.=$this->wrapInCells('Encryption key:', '<a name="set_encryptionKey"></a><input type="text" name="TYPO3_INSTALL[localconf.php][encryptionKey]" value="'.htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']).'"><br /><input type="button" onclick="document.forms[\'setupGeneral\'].elements[\'TYPO3_INSTALL[localconf.php][encryptionKey]\'].value=generateEncryptionKey(document.forms[\'setupGeneral\'].elements[\'TYPO3_INSTALL[localconf.php][encryptionKey]\'].value);" value="Generate random key">');
+                                       $out.='<script type="text/javascript" src="' . t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . 'sysext/install/mod/install.js"></script>';
+                                       $out.='<script type="text/javascript" src="' . t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . 'contrib/prototype/prototype.js"></script>';
+                                       $out.=$this->wrapInCells('Encryption key:', '<a name="set_encryptionKey"></a><input type="text" name="TYPO3_INSTALL[localconf.php][encryptionKey]" value="'.htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']).'"><br /><input type="button" onclick="EncryptionKey.load(this)" value="Generate random key">');
                                        $out.=$this->wrapInCells('', '<br />');
 
                                                // Other