From 2471d3a979d00e0cecca64e0d5889ca40c02c5fe Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Sat, 16 May 2009 09:01:49 -0400
Subject: [PATCH] - Added possibility to encrypt received header, option 'http_received_header_encrypt', added some more logic in encrypt/decrypt functions for security
---
program/include/rcube_config.php | 50 ++++++++++++++++++++++++++++++++------------------
1 files changed, 32 insertions(+), 18 deletions(-)
diff --git a/program/include/rcube_config.php b/program/include/rcube_config.php
index 1312a73..60064e7 100644
--- a/program/include/rcube_config.php
+++ b/program/include/rcube_config.php
@@ -176,28 +176,42 @@
{
return $this->prop;
}
-
-
- /**
- * Return a 24 byte key for the DES encryption
- *
- * @return string DES encryption key
- */
- public function get_des_key()
- {
- $key = !empty($this->prop['des_key']) ? $this->prop['des_key'] : 'rcmail?24BitPwDkeyF**ECB';
- $len = strlen($key);
- // make sure the key is exactly 24 chars long
- if ($len<24)
- $key .= str_repeat('_', 24-$len);
- else if ($len>24)
- substr($key, 0, 24);
+ /**
+ * Return requested DES crypto key.
+ *
+ * @param string Crypto key name
+ * @return string Crypto key
+ */
+ public function get_crypto_key($key)
+ {
+ // Bomb out if the requested key does not exist
+ if (!array_key_exists($key, $this->prop))
+ {
+ raise_error(array(
+ 'code' => 500,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'message' => "Request for unconfigured crypto key \"$key\""
+ ), true, true);
+ }
+
+ $key = $this->prop[$key];
+
+ // Bomb out if the configured key is not exactly 24 bytes long
+ if (strlen($key) != 24)
+ {
+ raise_error(array(
+ 'code' => 500,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'message' => "Configured crypto key \"$key\" is not exactly 24 bytes long"
+ ), true, true);
+ }
return $key;
}
-
-
+
/**
* Try to autodetect operating system and find the correct line endings
*
--
Gitblit v1.9.1