removing hex2bin to avoid having to add code for this in JS and to not introduce a dependency on paste IDs always having to be hex strings
This commit is contained in:
El RIDO
parent
5651c0f04e
commit
74519f6c4f
6 changed files with 7 additions and 26 deletions
|
|
@ -664,23 +664,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
*/
|
*/
|
||||||
let base58 = new baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
|
let base58 = new baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
|
||||||
|
|
||||||
/**
|
|
||||||
* convert hexadecimal string to binary representation
|
|
||||||
*
|
|
||||||
* @name CryptTool.hex2bin
|
|
||||||
* @function
|
|
||||||
* @private
|
|
||||||
* @param {string} message hex string
|
|
||||||
* @return {string} binary representation as a DOMString
|
|
||||||
*/
|
|
||||||
function hex2bin(message) {
|
|
||||||
let result = [];
|
|
||||||
for (let i = 0, l = message.length; i < l; i += 2) {
|
|
||||||
result.push(parseInt(message.substr(i, 2), 16));
|
|
||||||
}
|
|
||||||
return String.fromCharCode.apply(String, result);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* convert UTF-8 string stored in a DOMString to a standard UTF-16 DOMString
|
* convert UTF-8 string stored in a DOMString to a standard UTF-16 DOMString
|
||||||
*
|
*
|
||||||
|
|
@ -1014,9 +997,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
false, // may not export this
|
false, // may not export this
|
||||||
['sign']
|
['sign']
|
||||||
),
|
),
|
||||||
stringToArraybuffer(
|
stringToArraybuffer(id)
|
||||||
hex2bin(id)
|
|
||||||
)
|
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -117,7 +117,7 @@ class Paste extends AbstractModel
|
||||||
// if a challenge was sent, we store the HMAC of paste ID & challenge
|
// if a challenge was sent, we store the HMAC of paste ID & challenge
|
||||||
if (array_key_exists('challenge', $this->_data['meta'])) {
|
if (array_key_exists('challenge', $this->_data['meta'])) {
|
||||||
$this->_data['meta']['challenge'] = base64_encode(hash_hmac(
|
$this->_data['meta']['challenge'] = base64_encode(hash_hmac(
|
||||||
'sha256', hex2bin($this->getId()), base64_decode($this->_data['meta']['challenge']), true
|
'sha256', $this->getId(), base64_decode($this->_data['meta']['challenge']), true
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,7 @@ if ($MARKDOWN):
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-o8Q/t6/gpmx6bQaHw3gru3cjOD5BLE/KdBKja73SllZo0/FuLvAjJ+40KhZ8ig/EpioP04etJtfTnNzF/isXow==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-r9MutKcgP/igbs8aUbENyJEie7LMyJ22f2On0RwGL0Hq0seJnmnPo4avDfhR0E/TZWDoux2arzxYHneH2/Ltmw==" crossorigin="anonymous"></script>
|
||||||
<!--[if IE]>
|
<!--[if IE]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,7 @@ if ($MARKDOWN):
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-o8Q/t6/gpmx6bQaHw3gru3cjOD5BLE/KdBKja73SllZo0/FuLvAjJ+40KhZ8ig/EpioP04etJtfTnNzF/isXow==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-r9MutKcgP/igbs8aUbENyJEie7LMyJ22f2On0RwGL0Hq0seJnmnPo4avDfhR0E/TZWDoux2arzxYHneH2/Ltmw==" crossorigin="anonymous"></script>
|
||||||
<!--[if IE]>
|
<!--[if IE]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
|
|
||||||
|
|
@ -814,7 +814,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
||||||
public function testReadBurnAfterReadingWithToken()
|
public function testReadBurnAfterReadingWithToken()
|
||||||
{
|
{
|
||||||
$token = base64_encode(hash_hmac(
|
$token = base64_encode(hash_hmac(
|
||||||
'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true
|
'sha256', Helper::getPasteId(), random_bytes(32), true
|
||||||
));
|
));
|
||||||
$burnPaste = Helper::getPaste(2, array('challenge' => $token));
|
$burnPaste = Helper::getPaste(2, array('challenge' => $token));
|
||||||
$burnPaste['adata'][3] = 1;
|
$burnPaste['adata'][3] = 1;
|
||||||
|
|
@ -839,7 +839,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
|
||||||
public function testReadBurnAfterReadingWithIncorrectToken()
|
public function testReadBurnAfterReadingWithIncorrectToken()
|
||||||
{
|
{
|
||||||
$token = base64_encode(hash_hmac(
|
$token = base64_encode(hash_hmac(
|
||||||
'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true
|
'sha256', Helper::getPasteId(), random_bytes(32), true
|
||||||
));
|
));
|
||||||
$burnPaste = Helper::getPaste(2, array('challenge' => base64_encode(random_bytes(32))));
|
$burnPaste = Helper::getPaste(2, array('challenge' => base64_encode(random_bytes(32))));
|
||||||
$burnPaste['adata'][3] = 1;
|
$burnPaste['adata'][3] = 1;
|
||||||
|
|
|
||||||
|
|
@ -277,7 +277,7 @@ class ModelTest extends PHPUnit_Framework_TestCase
|
||||||
$pasteData = Helper::getPastePost();
|
$pasteData = Helper::getPastePost();
|
||||||
$pasteData['meta']['challenge'] = base64_encode(random_bytes(32));
|
$pasteData['meta']['challenge'] = base64_encode(random_bytes(32));
|
||||||
$token = base64_encode(hash_hmac(
|
$token = base64_encode(hash_hmac(
|
||||||
'sha256', hex2bin(Helper::getPasteId()), base64_decode($pasteData['meta']['challenge']), true
|
'sha256', Helper::getPasteId(), base64_decode($pasteData['meta']['challenge']), true
|
||||||
));
|
));
|
||||||
$this->_model->getPaste(Helper::getPasteId())->delete();
|
$this->_model->getPaste(Helper::getPasteId())->delete();
|
||||||
$paste = $this->_model->getPaste(Helper::getPasteId());
|
$paste = $this->_model->getPaste(Helper::getPasteId());
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue