[+BUGFIX] Extbase (Security): Fixed two issues with Request Hashing. Changed hash...
authorSebastian Kurfürst <sebastian@typo3.org>
Tue, 13 Oct 2009 07:31:01 +0000 (07:31 +0000)
committerSebastian Kurfürst <sebastian@typo3.org>
Tue, 13 Oct 2009 07:31:01 +0000 (07:31 +0000)
[+BUGFIX] Extbase (Persistence): Fixed a syntax error I introduced with last commit. Sorry :-)

typo3/sysext/extbase/Classes/Persistence/Storage/Typo3DbBackend.php
typo3/sysext/extbase/Classes/Security/Cryptography/HashService.php

index ebd9f7e..8cfd640 100644 (file)
@@ -712,12 +712,12 @@ class Tx_Extbase_Persistence_Storage_Typo3DbBackend implements Tx_Extbase_Persis
                $storagePage = NULL;
 
                if ($this->dataMapper->getDataMap($tableName)->hasPidColumn()) {
-                       $result = $this->databaseHandle->exec_SELECTquery('pid', $tableName, 'uid='.intval($uid)); {
+                       $result = $this->databaseHandle->exec_SELECTquery('pid', $tableName, 'uid='.intval($uid));
                        if ($row = $this->databaseHandle->sql_fetch_assoc($result))     {
                                $storagePage = $row['pid'];
                                $pageIdsToClear[] = $storagePage;
                        }
-               } elseif(isset($GLOBALS['TSFE'])) {
+               } elseif (isset($GLOBALS['TSFE'])) {
                        // No PID column - we can do a best-effort to clear the cache of the current page if in FE
                        $storagePage = $GLOBALS['TSFE']->id;
                        $pageIdsToClear[] = $storagePage;
index cb8df82..a6677b0 100644 (file)
@@ -41,12 +41,12 @@ class Tx_Extbase_Security_Cryptography_HashService implements t3lib_singleton {
         * @return string The hash of the string
         * @throws F3\FLOW3\Security\Exception\InvalidArgumentForHashGeneration if something else than a string was given as parameter
         * @todo Mark as API once it is more stable
-        * @todo encryption key has to come from somewhere else
         */
        public function generateHash($string) {
                if (!is_string($string)) throw new Tx_Extbase_Security_Exception_InvalidArgumentForHashGeneration('A hash can only be generated for a string, but "' . gettype($string) . '" was given.', 1255069587);
-               $encryptionKey = '7nN5#n8guP/oA9Bq95x=e/x}.hL[:7yv1BJcWrB0AYQ5WJ!KGd'; // TODO
-               return sha1($string . $encryptionKey);
+               $encryptionKey = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
+               if (!$encryptionKey) throw new Tx_Extbase_Security_Exception_InvalidArgumentForHashGeneration('Encryption Key was empty!', 1255069597);
+               return hash_hmac('sha1', $string, $encryptionKey);
        }
 
        /**