From: Gunnar Wrobel Date: Thu, 9 Dec 2010 17:01:48 +0000 (+0100) Subject: Bug #9438: Be less restrictive about the input to Horde_Secret::read/write() X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=a6267c6747973b74c6b58c2f2a75ad63c03389b6;p=horde.git Bug #9438: Be less restrictive about the input to Horde_Secret::read/write() I originally assumed that it makes sense to pull the is_string() check from Crypt_Blowfish into Horde_Secret (as Crypt_Blowfish would die on anything not a string). I overlooked however that we had a strlen() check before delegating to Crypt_Blowfish. As strlen(null) or strlen(false) is int(0) both can be passed into Horde_Secret::read/write() without causing problems. Type casting the input into a string instead of checking the type should fix the problems. --- diff --git a/framework/Secret/lib/Horde/Secret.php b/framework/Secret/lib/Horde/Secret.php index 862e9ece4..567429188 100644 --- a/framework/Secret/lib/Horde/Secret.php +++ b/framework/Secret/lib/Horde/Secret.php @@ -70,10 +70,7 @@ class Horde_Secret */ public function write($key, $message) { - if (!is_string($message)) { - throw new Horde_Secret_Exception('Plain text must be a string', 0); - } - + $message = (string) $message; if (strlen($key) && strlen($message)) { return $this->_getCipherOb($key)->encrypt($message); } else { @@ -92,10 +89,7 @@ class Horde_Secret */ public function read($key, $ciphertext) { - if (!is_string($ciphertext)) { - throw new Horde_Secret_Exception('Chiper text must be a string', 1); - } - + $ciphertext = (string) $ciphertext; if (strlen($key) && strlen($ciphertext)) { return rtrim($this->_getCipherOb($key)->decrypt($ciphertext), "\0"); } else { diff --git a/framework/Secret/test/Horde/Secret/Unit/SecretTest.php b/framework/Secret/test/Horde/Secret/Unit/SecretTest.php index 8b529fb5e..7472aa7de 100644 --- a/framework/Secret/test/Horde/Secret/Unit/SecretTest.php +++ b/framework/Secret/test/Horde/Secret/Unit/SecretTest.php @@ -81,24 +81,6 @@ class Horde_Secret_Unit_SecretTest extends PHPUnit_Framework_TestCase /** * @expectedException Horde_Secret_Exception */ - public function testWriteException() - { - $secret = new Horde_Secret(); - $secret->write("\x88", array()); - } - - /** - * @expectedException Horde_Secret_Exception - */ - public function testReadException() - { - $secret = new Horde_Secret(); - $secret->read("\x88", array()); - } - - /** - * @expectedException Horde_Secret_Exception - */ public function testKeyException() { $secret = new Horde_Secret();