[icinga-checkins] icinga.org: icinga-web/master: * Accented letters will be ignored in command hash (js: Single letter, php : Multiletter) (#fixes 932)

git at icinga.org git at icinga.org
Tue Nov 2 12:28:50 CET 2010


Module: icinga-web
Branch: master
Commit: 651ae661e6109857a25d32c1ae850f5efeffd720
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=651ae661e6109857a25d32c1ae850f5efeffd720

Author: Netways <jmosshammer at localhost.localdomain>
Date:   Tue Nov  2 12:27:18 2010 +0100

* Accented letters will be ignored in command hash (js: Single letter, php: Multiletter) (#fixes 932)

---

 .../models/System/CommandSenderModel.class.php     |    5 ++++-
 .../System/ViewProc/js/IcingaCommandHandler.js     |    6 ++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/modules/Cronks/models/System/CommandSenderModel.class.php b/app/modules/Cronks/models/System/CommandSenderModel.class.php
index f8e0ed2..97c8fb7 100755
--- a/app/modules/Cronks/models/System/CommandSenderModel.class.php
+++ b/app/modules/Cronks/models/System/CommandSenderModel.class.php
@@ -65,6 +65,7 @@ class Cronks_System_CommandSenderModel extends CronksBaseModel {
 		$data = strftime('%Y-%d-%H-').  (date('i') - (date('i') % self::TIME_VALID));
 		$data .= '-'. $this->getContext()->getUser()->getNsmUser()->user_id;
 		$data .= '-'. session_id();
+		
 		return hash_hmac(self::TIME_ALGO, $data, self::TIME_KEY);
 	}
 	
@@ -77,8 +78,10 @@ class Cronks_System_CommandSenderModel extends CronksBaseModel {
 	 */
 	public function checkAuth($command, $json_selection, $json_data, $key) {
 		$data = $command. '-'. $json_selection. '-'. $json_data;
+		$data = preg_replace("/[ẃéŕźúíóṕǘáśǵḱĺýćǘńḿȩŗźíóṕáşḑģḩķĺýçńḿẂÉŔŹÚÍÓṔÚÜÁŚǴḰĹÝĆǗǸḾȨŖŢŞḐĢḨĶĻÝÇŅ]/", "", $data);
+
 		$test = hash_hmac(self::TIME_ALGO, $data, $this->genTimeKey());
-		
+
 		if ($key === $test) {
 			return true;
 		}
diff --git a/app/modules/Cronks/templates/System/ViewProc/js/IcingaCommandHandler.js b/app/modules/Cronks/templates/System/ViewProc/js/IcingaCommandHandler.js
index cdc3684..a1418eb 100755
--- a/app/modules/Cronks/templates/System/ViewProc/js/IcingaCommandHandler.js
+++ b/app/modules/Cronks/templates/System/ViewProc/js/IcingaCommandHandler.js
@@ -269,7 +269,7 @@ IcingaCommandHandler.prototype = {
 					defaults: {
 						border: false,
 						msgTarget: 'side'
-					}	
+					}
 				});
 				
 				oForm.getForm().on('beforeaction', function(f, a) {
@@ -282,7 +282,9 @@ IcingaCommandHandler.prototype = {
 					// The complete key is valid for the command and the selection
 					var h_data = command + '-' + selection;
 					h_data += '-' + Ext.util.JSON.encode( f.getValues(false) );
-					
+					// simplify string
+					h_data = h_data.replace(/[ẃéŕźúíóṕǘáśǵḱĺýćǘńḿȩŗźíóṕáşḑģḩķĺýçńḿẂÉŔŹÚÍÓṔÚÜÁŚǴḰĹÝĆǗǸḾȨŖŢŞḐĢḨĶĻÝÇŅ]/g,"");
+
 					var h_key = o.tk;
 					var h_auth = hex_hmac_rmd160(h_key, h_data);
 					





More information about the icinga-checkins mailing list