[BUGFIX] Invalid RSA key when submitting form twice 40/18340/2
authorBenjamin Mack <benni@typo3.org>
Tue, 15 Jan 2013 12:05:27 +0000 (13:05 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sun, 17 Feb 2013 15:21:43 +0000 (16:21 +0100)
When submitting a RSA-supported form twice, the JS error
"Invalid RSA public key" is thrown. In order to suppress
this double RSA decryption, an additional JS check is needed.
The change also modifies the minified version of the JS
done with http://refresh-sf.com/yui/

Change-Id: I7133e320c76e14a6f6855f477ba5a34e50eecf58
Resolves: #40085
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/17541
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-on: https://review.typo3.org/18340

typo3/sysext/rsaauth/resources/rsaauth.js
typo3/sysext/rsaauth/resources/rsaauth_min.js

index 86d2103..4c95e33 100644 (file)
@@ -18,6 +18,10 @@ function tx_rsaauth_encrypt() {
 }
 
 function tx_rsaauth_feencrypt(form) {
+       // check if the form was already sent (see #40085)
+       if (form.pass.value.match(/^rsa:/) || form.n.value == '' || form.e.value == '') {
+               return;
+       }
        var rsa = new RSAKey();
        rsa.setPublic(form.n.value, form.e.value);
 
@@ -52,4 +56,4 @@ function tx_rsaauth_encryptUserSetup() {
                        document.getElementById('field_password2').value = 'rsa:' + hex2b64(res2);
                }
        }       return false;
-}
\ No newline at end of file
+}
index 086beb0..25c5062 100644 (file)
@@ -1,3 +1 @@
-function tx_rsaauth_encrypt(){var rsa=new RSAKey();rsa.setPublic(document.loginform.n.value,document.loginform.e.value);var username=document.loginform.username.value;var password=document.loginform.p_field.value;var res=rsa.encrypt(password);document.loginform.p_field.value="";document.loginform.e.value="";document.loginform.n.value="";if(res){document.loginform.userident.value='rsa:'+hex2b64(res);}}
-function tx_rsaauth_feencrypt(form){var rsa=new RSAKey();rsa.setPublic(form.n.value,form.e.value);var username=form.user.value;var password=form.pass.value;var res=rsa.encrypt(password);form.pass.value="";form.e.value="";form.n.value="";if(res){form.pass.value='rsa:'+hex2b64(res);}}
-function tx_rsaauth_encryptUserSetup() {var rsa = new RSAKey();rsa.setPublic(document.usersetup.n.value, document.usersetup.e.value);var password = document.getElementById('field_password').value;var password2 = document.getElementById('field_password2').value;if (password || password2) {var res = rsa.encrypt(password);var res2 = rsa.encrypt(password2);if (res && res2) {document.getElementById('field_password').value = 'rsa:' + hex2b64(res);document.getElementById('field_password2').value = 'rsa:' + hex2b64(res2);}}      return false;}
\ No newline at end of file
+function tx_rsaauth_encrypt(){var rsa=new RSAKey();rsa.setPublic(document.loginform.n.value,document.loginform.e.value);var username=document.loginform.username.value;var password=document.loginform.p_field.value;var res=rsa.encrypt(password);document.loginform.p_field.value="";document.loginform.e.value="";document.loginform.n.value="";if(res){document.loginform.userident.value="rsa:"+hex2b64(res)}}function tx_rsaauth_feencrypt(form){if(form.pass.value.match(/^rsa:/)||form.n.value==""||form.e.value==""){return}var rsa=new RSAKey();rsa.setPublic(form.n.value,form.e.value);var username=form.user.value;var password=form.pass.value;var res=rsa.encrypt(password);form.pass.value="";form.e.value="";form.n.value="";if(res){form.pass.value="rsa:"+hex2b64(res)}}function tx_rsaauth_encryptUserSetup(){var rsa=new RSAKey();rsa.setPublic(document.usersetup.n.value,document.usersetup.e.value);var password=document.getElementById("field_password").value;var password2=document.getElementById("field_password2").value;if(password||password2){var res=rsa.encrypt(password);var res2=rsa.encrypt(password2);if(res&&res2){document.getElementById("field_password").value="rsa:"+hex2b64(res);document.getElementById("field_password2").value="rsa:"+hex2b64(res2)}}return false};