From: Michael M Slusarz Date: Sat, 4 Sep 2010 08:19:37 +0000 (-0600) Subject: Make encryptKey a object parameter, not a globally static property X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=83e4ebc114bc71963a80b4b951afa12c56d45f94;p=horde.git Make encryptKey a object parameter, not a globally static property --- diff --git a/framework/Imap_Client/lib/Horde/Imap/Client.php b/framework/Imap_Client/lib/Horde/Imap/Client.php index 83010bd1d..2e53a4938 100644 --- a/framework/Imap_Client/lib/Horde/Imap/Client.php +++ b/framework/Imap_Client/lib/Horde/Imap/Client.php @@ -102,13 +102,6 @@ class Horde_Imap_Client const DATA_STRING = 8; /** - * The key used to encrypt the password within the object. - * - * @var string - */ - static public $encryptKey = null; - - /** * Attempts to return a concrete Horde_Imap_Client instance based on * $driver. * @@ -155,6 +148,8 @@ class Horde_Imap_Client * identified. The value can be any PHP supported wrapper that can * be opened via fopen(). * DEFAULT: No debug output + * encryptKey - (string) The key used to encrypt the password. + * DEFAULT: No encryption * hostspec - (string) The hostname or IP address of the server. * DEFAULT: 'localhost' * id - (array) Send ID information to the IMAP server (only if server diff --git a/framework/Imap_Client/lib/Horde/Imap/Client/Base.php b/framework/Imap_Client/lib/Horde/Imap/Client/Base.php index 3c6d4bf3a..da2d2dab0 100644 --- a/framework/Imap_Client/lib/Horde/Imap/Client/Base.php +++ b/framework/Imap_Client/lib/Horde/Imap/Client/Base.php @@ -118,10 +118,9 @@ abstract class Horde_Imap_Client_Base implements Serializable } // Encrypt password. - $key = Horde_Imap_Client::$encryptKey; - if (!is_null($key)) { + if ($params['encryptKey']) { $secret = new Horde_Secret(); - $params['password'] = $secret->write($key, $params['password']); + $params['password'] = $secret->write($params['encryptKey'], $params['password']); $params['_passencrypt'] = true; } @@ -200,6 +199,9 @@ abstract class Horde_Imap_Client_Base implements Serializable $store[$val] = $this->$val; } + /* Don't store password encryption key. */ + unset($store['_params']['encryptKey']); + return serialize($store); } @@ -266,6 +268,17 @@ abstract class Horde_Imap_Client_Base implements Serializable } /** + * Sets the password encryption key. Required after calling unserialize() + * on this object if the password is encrypted. + * + * @param string $key The encryption key. + */ + public function setEncryptionKey($key) + { + $this->_params['encryptKey'] = $key; + } + + /** * Returns a value from the internal params array. * * @param string $key The param key. @@ -276,12 +289,12 @@ abstract class Horde_Imap_Client_Base implements Serializable { /* Passwords may be stored encrypted. */ if (($key == 'password') && !empty($this->_params['_passencrypt'])) { - if (is_null(Horde_Imap_Client::$encryptKey)) { + if (!isset($this->_params['encryptKey'])) { return null; } $secret = new Horde_Secret(); - return $secret->read(Horde_Imap_Client::$encryptKey, $this->_params['password']); + return $secret->read($this->_params['encryptKey'], $this->_params['password']); } return isset($this->_params[$key]) diff --git a/framework/Imap_Client/test/Horde/Imap/test_client.php b/framework/Imap_Client/test/Horde/Imap/test_client.php index 0b7913469..a7156ea0a 100644 --- a/framework/Imap_Client/test/Horde/Imap/test_client.php +++ b/framework/Imap_Client/test/Horde/Imap/test_client.php @@ -101,6 +101,10 @@ if (@include_once 'Benchmark/Timer.php') { $timer->start(); } +if (require_once 'Horde/Secret.php') { + $params['encryptKey'] = uniqid(); +} + // Add an ID field to send to server (ID extension) $params['id'] = array('name' => 'Horde_Imap_Client test program'); @@ -861,17 +865,10 @@ Horde_Imap_Client_Sort::sortMailboxes($test_sort, array('delimiter' => '.', 'inb print_r($test_sort); print "Testing serialization of object. Will automatically logout.\n"; -$old_error = error_reporting(0); -if (require_once 'Horde/Secret.php') { - Horde_Imap_Client::$encryptKey = uniqid(); -} -error_reporting($old_error); $serialized_data = serialize($imap_client); print "\nSerialized object:\n"; print_r($serialized_data); -// Unset $encryptKey so password is not output in cleartext -Horde_Imap_Client::$encryptKey = null; $unserialized_data = unserialize($serialized_data); print "\n\nUnserialized object:\n"; print_r($unserialized_data); diff --git a/imp/lib/Imap.php b/imp/lib/Imap.php index 215a415c7..5b3724ed9 100644 --- a/imp/lib/Imap.php +++ b/imp/lib/Imap.php @@ -64,9 +64,6 @@ class IMP_Imap /* Register the logging callback. */ Horde_Imap_Client_Exception::$logCallback = array($this, 'logException'); - /* Set the encryption key. */ - Horde_Imap_Client::$encryptKey = $GLOBALS['injector']->getInstance('Horde_Secret')->getKey('imp'); - /* Rebuild the Horde_Imap_Client object. */ $this->_loadImapObject(); @@ -103,6 +100,7 @@ class IMP_Imap try { $this->ob = @unserialize($_SESSION['imp']['imap_ob'][$this->_serverkey]); + $this->ob->setEncryptionKey($GLOBALS['injector']->getInstance('Horde_Secret')->getKey('imp')); } catch (Exception $e) { /* Throw fatal error here - should never reach here and if we * do, we are out of luck. */ @@ -141,6 +139,7 @@ class IMP_Imap 'capability_ignore' => empty($server['capability_ignore']) ? array() : $server['capability_ignore'], 'comparator' => empty($server['comparator']) ? false : $server['comparator'], 'debug' => isset($server['debug']) ? $server['debug'] : null, + 'encryptKey' => $GLOBALS['injector']->getInstance('Horde_Secret')->getKey('imp'), 'hostspec' => isset($server['hostspec']) ? $server['hostspec'] : null, 'id' => empty($server['id']) ? false : $server['id'], 'lang' => empty($server['lang']) ? false : $server['lang'],