[BUGFIX] Invalid RSA key when submitting form twice 51/18351/2
authorBenjamin Mack <benni@typo3.org>
Tue, 15 Jan 2013 12:05:27 +0000 (13:05 +0100)
committerSteffen Ritter <info@rs-websystems.de>
Sun, 7 Apr 2013 08:01:52 +0000 (10:01 +0200)
When submitting a RSA-supported form twice, the JS error
"Invalid RSA public key" is thrown. In order to suppress
this double RSA decryption, an additional JS check is needed.
The change also modifies the minified version of the JS
done with http://refresh-sf.com/yui/

Change-Id: I7133e320c76e14a6f6855f477ba5a34e50eecf58
Resolves: #40085
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/18351
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/rsaauth/resources/rsaauth.js
typo3/sysext/rsaauth/resources/rsaauth_min.js

index 5601688..e3863b2 100644 (file)
@@ -18,6 +18,10 @@ function tx_rsaauth_encrypt() {
 }
 
 function tx_rsaauth_feencrypt(form) {
+       // check if the form was already sent (see #40085)
+       if (form.pass.value.match(/^rsa:/) || form.n.value == '' || form.e.value == '') {
+               return;
+       }
        var rsa = new RSAKey();
        rsa.setPublic(form.n.value, form.e.value);
 
index 8f20fb5..16f8be2 100644 (file)
@@ -1,2 +1,2 @@
-function tx_rsaauth_encrypt(){var rsa=new RSAKey();rsa.setPublic(document.loginform.n.value,document.loginform.e.value);var username=document.loginform.username.value;var password=document.loginform.p_field.value;var res=rsa.encrypt(password);document.loginform.p_field.value="";document.loginform.e.value="";document.loginform.n.value="";if(res){document.loginform.userident.value='rsa:'+hex2b64(res);}}
-function tx_rsaauth_feencrypt(form){var rsa=new RSAKey();rsa.setPublic(form.n.value,form.e.value);var username=form.user.value;var password=form.pass.value;var res=rsa.encrypt(password);form.pass.value="";form.e.value="";form.n.value="";if(res){form.pass.value='rsa:'+hex2b64(res);}}
\ No newline at end of file
+function tx_rsaauth_encrypt(){var c=new RSAKey();c.setPublic(document.loginform.n.value,document.loginform.e.value);var d=document.loginform.username.value;var a=document.loginform.p_field.value;var b=c.encrypt(a);document.loginform.p_field.value="";document.loginform.e.value="";document.loginform.n.value="";if(b){document.loginform.userident.value="rsa:"+hex2b64(b)}}
+function tx_rsaauth_feencrypt(d){if(d.pass.value.match(/^rsa:/)||d.n.value==""||d.e.value==""){return}var c=new RSAKey();c.setPublic(d.n.value,d.e.value);var e=d.user.value;var a=d.pass.value;var b=c.encrypt(a);d.pass.value="";d.e.value="";d.n.value="";if(b){d.pass.value="rsa:"+hex2b64(b)}};
\ No newline at end of file