[icinga-checkins] icinga.org: icinga-web/next: Fix special characters in commands causing errors

git at icinga.org git at icinga.org
Thu Apr 11 15:26:59 CEST 2013


Module: icinga-web
Branch: next
Commit: 3f7f05fec2afd59594047ecc863b63487f4fb72c
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=3f7f05fec2afd59594047ecc863b63487f4fb72c

Author: Jannis Moßhammer <jannis.mosshammer at netways.de>
Date:   Thu Apr 11 15:23:43 2013 +0200

Fix special characters in commands causing errors

Removed the hashing of the command data, as this causes
problems due to the different charset handling of js and php.

fixes #3948

---

 .../Cronks/lib/js/Cronk/grid/CommandHandler.js     |    2 +-
 .../models/System/CommandSenderModel.class.php     |    5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/modules/Cronks/lib/js/Cronk/grid/CommandHandler.js b/app/modules/Cronks/lib/js/Cronk/grid/CommandHandler.js
old mode 100644
new mode 100755
index a79f85c..af2a62c
--- a/app/modules/Cronks/lib/js/Cronk/grid/CommandHandler.js
+++ b/app/modules/Cronks/lib/js/Cronk/grid/CommandHandler.js
@@ -439,7 +439,7 @@ Ext.ns('Cronk.grid');
 
 
                         var h_key = o.tk;
-                        var h_auth = hex_hmac_rmd160(h_key, h_data);
+                        var h_auth = hex_hmac_rmd160(h_key,command);
 
                         a.options.params.auth = h_auth;
                         a.options.params.selection = selection;
diff --git a/app/modules/Cronks/models/System/CommandSenderModel.class.php b/app/modules/Cronks/models/System/CommandSenderModel.class.php
old mode 100644
new mode 100755
index d609b48..1ec2a81
--- a/app/modules/Cronks/models/System/CommandSenderModel.class.php
+++ b/app/modules/Cronks/models/System/CommandSenderModel.class.php
@@ -106,10 +106,9 @@ class Cronks_System_CommandSenderModel extends CronksBaseModel {
      * @return boolean
      */
     public function checkAuth($command, $json_selection, $json_data, $key) {
-        $data = $command. '-'. $json_selection. '-'. $json_data;
-        $data = utf8_decode($data);
-        $test = hash_hmac(self::TIME_ALGO, $data, $this->genTimeKey());
 
+        $test = hash_hmac(self::TIME_ALGO,$command,$this->genTimeKey());
+        echo "//{$this->genTimeKey()} $command - ".$test."\n";
         if ($key === $test) {
             return true;
         }





More information about the icinga-checkins mailing list