diff options
| author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2021-10-17 06:29:39 +0300 |
|---|---|---|
| committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-01-10 18:19:43 +0300 |
| commit | d057b68aa1136f5b37e63fbeb2fee46c211ae9fc (patch) | |
| tree | 0e7edea05fdf52092a735875fed1ee7f0f0af021 /libraries | |
| parent | 3095181bb3449401bcae92cbb1d36762a70f5a27 (diff) | |
Add unit tests
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
Diffstat (limited to 'libraries')
| -rw-r--r-- | libraries/classes/Core.php | 23 | ||||
| -rw-r--r-- | libraries/classes/Crypto/Crypto.php | 10 | ||||
| -rw-r--r-- | libraries/classes/Navigation/NavigationTree.php | 2 | ||||
| -rw-r--r-- | libraries/classes/Url.php | 4 | ||||
| -rw-r--r-- | libraries/common.inc.php | 12 |
5 files changed, 35 insertions, 16 deletions
diff --git a/libraries/classes/Core.php b/libraries/classes/Core.php index bf5edde41a..98ea2031f6 100644 --- a/libraries/classes/Core.php +++ b/libraries/classes/Core.php @@ -1317,4 +1317,27 @@ class Core $hmac = hash_hmac('sha256', $sqlQuery, $_SESSION[' HMAC_secret '] . $cfg['blowfish_secret']); return hash_equals($hmac, $signature); } + + /** + * @return void + */ + public static function populateRequestWithEncryptedQueryParams() + { + if (! isset($_GET['eq']) || ! is_string($_GET['eq'])) { + unset($_GET['eq'], $_REQUEST['eq']); + return; + } + + $decryptedQuery = Url::decryptQuery($_GET['eq']); + unset($_GET['eq'], $_REQUEST['eq']); + if ($decryptedQuery === null) { + return; + } + + $urlQueryParams = (array) json_decode($decryptedQuery); + foreach ($urlQueryParams as $urlQueryParamKey => $urlQueryParamValue) { + $_GET[$urlQueryParamKey] = $urlQueryParamValue; + $_REQUEST[$urlQueryParamKey] = $urlQueryParamValue; + } + } } diff --git a/libraries/classes/Crypto/Crypto.php b/libraries/classes/Crypto/Crypto.php index 5f12fbdcae..6449f7dca5 100644 --- a/libraries/classes/Crypto/Crypto.php +++ b/libraries/classes/Crypto/Crypto.php @@ -13,10 +13,14 @@ final class Crypto /** @var bool */ private $hasSodiumSupport; - public function __construct() + /** + * @param bool $forceFallback Force the usage of the fallback functions. + */ + public function __construct($forceFallback = false) { - $this->hasRandomBytesSupport = is_callable('random_bytes'); - $this->hasSodiumSupport = $this->hasRandomBytesSupport + $this->hasRandomBytesSupport = ! $forceFallback && is_callable('random_bytes'); + $this->hasSodiumSupport = ! $forceFallback + && $this->hasRandomBytesSupport && is_callable('sodium_crypto_secretbox') && is_callable('sodium_crypto_secretbox_open') && defined('SODIUM_CRYPTO_SECRETBOX_NONCEBYTES') diff --git a/libraries/classes/Navigation/NavigationTree.php b/libraries/classes/Navigation/NavigationTree.php index c40b1408b9..3d37577d95 100644 --- a/libraries/classes/Navigation/NavigationTree.php +++ b/libraries/classes/Navigation/NavigationTree.php @@ -1574,6 +1574,6 @@ class NavigationTree $url = parse_url($link); parse_str(htmlspecialchars_decode($url['query']), $query); - return $url['path'] . '?' . Url::buildHttpQuery($query); + return $url['path'] . '?' . htmlspecialchars(Url::buildHttpQuery($query)); } } diff --git a/libraries/classes/Url.php b/libraries/classes/Url.php index 215a1b98fc..cd1f89a4c0 100644 --- a/libraries/classes/Url.php +++ b/libraries/classes/Url.php @@ -270,7 +270,9 @@ class Url unset($data[$paramKey]); } - $data['eq'] = self::encryptQuery(json_encode($paramsToEncrypt)); + if ($paramsToEncrypt !== []) { + $data['eq'] = self::encryptQuery(json_encode($paramsToEncrypt)); + } return http_build_query($data, null, $separator); } diff --git a/libraries/common.inc.php b/libraries/common.inc.php index 0277c8af55..6705fd08be 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -43,7 +43,6 @@ use PhpMyAdmin\Response; use PhpMyAdmin\Session; use PhpMyAdmin\ThemeManager; use PhpMyAdmin\Tracker; -use PhpMyAdmin\Url; use PhpMyAdmin\Util; /** @@ -133,16 +132,7 @@ if (! defined('PMA_NO_SESSION')) { Session::setUp($GLOBALS['PMA_Config'], $GLOBALS['error_handler']); } -if (isset($_GET['eq']) && is_string($_GET['eq'])) { - $decryptedQuery = Url::decryptQuery($_GET['eq']); - if ($decryptedQuery !== null) { - $urlQueryParams = json_decode($decryptedQuery); - foreach ($urlQueryParams as $urlQueryParamKey => $urlQueryParamValue) { - $_GET[$urlQueryParamKey] = $urlQueryParamValue; - $_REQUEST[$urlQueryParamKey] = $urlQueryParamValue; - } - } -} +Core::populateRequestWithEncryptedQueryParams(); /** * init some variables LABEL_variables_init |