summaryrefslogtreecommitdiff
path: root/includes/lib
diff options
context:
space:
mode:
Diffstat (limited to 'includes/lib')
-rw-r--r--includes/lib/account.php72
-rw-r--r--includes/lib/check_weak_key.php2
-rw-r--r--includes/lib/general.php37
-rw-r--r--includes/lib/l10n.php131
4 files changed, 154 insertions, 88 deletions
diff --git a/includes/lib/account.php b/includes/lib/account.php
index e311668..dd8afd3 100644
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@@ -19,10 +19,10 @@
/**
* Function to recalculate the cached Assurer status
- *
+ *
* @param int $userID
* if the user ID is not given the flag will be recalculated for all users
- *
+ *
* @return bool
* false if there was an error on fixing the flag. This does NOT return the
* new value of the flag
@@ -30,7 +30,7 @@
function fix_assurer_flag($userID = NULL)
{
// Update Assurer-Flag on users table if 100 points and CATS passed.
- //
+ //
// We may have some performance issues here if no userID is given
// there are ~150k assurances and ~220k users currently
// but the exists-clause on cats_passed should be a good filter
@@ -46,20 +46,21 @@ function fix_assurer_flag($userID = NULL)
WHERE `cp`.`variant_id` = `cv`.`id`
AND `cv`.`type_id` = 1
AND `cp`.`user_id` = `u`.`id`
- )
+ )
AND (
SELECT SUM(`points`) FROM `notary` AS `n`
WHERE `n`.`to` = `u`.`id`
AND (`n`.`expire` > now()
- OR `n`.`expire` IS NULL)
+ OR `n`.`expire` IS NULL)
+ AND `n`.`deleted` = 0
) >= 100';
-
+
$query = mysql_query($sql);
if (!$query) {
return false;
}
// Challenge has been passed and non-expired points >= 100
-
+
// Reset flag if requirements are not met
//
// Also a bit performance critical but assurer flag is only set on
@@ -86,13 +87,64 @@ function fix_assurer_flag($userID = NULL)
`n`.`expire` > now()
OR `n`.`expire` IS NULL
)
+ AND `n`.`deleted` = 0
) < 100
)';
-
+
$query = mysql_query($sql);
if (!$query) {
return false;
}
-
+
return true;
-} \ No newline at end of file
+}
+
+/**
+ * Supported hash algorithms for signing certificates
+ */
+class HashAlgorithms {
+ /**
+ * Default hash algorithm identifier for signing
+ * @var string
+ */
+ public static $default = 'sha256';
+
+ /**
+ * Get display strings for the supported hash algorithms
+ * @return array(string=>array('name'=>string, 'info'=>string))
+ * - [$hash_identifier]['name'] = Name that should be displayed in UI
+ * - [$hash_identifier]['info'] = Additional information that can help
+ * with the selection of a suitable algorithm
+ */
+ public static function getInfo() {
+ return array(
+ 'sha256' => array(
+ 'name' => 'SHA-256',
+ 'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
+ ),
+ 'sha384' => array(
+ 'name' => 'SHA-384',
+ 'info' => '',
+ ),
+ 'sha512' => array(
+ 'name' => 'SHA-512',
+ 'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
+ ),
+ );
+ }
+
+ /**
+ * Check if the input is a supported hash algorithm identifier otherwise
+ * return the identifier of the default hash algorithm
+ *
+ * @param string $hash_identifier
+ * @return string The cleaned identifier
+ */
+ public static function clean($hash_identifier) {
+ if (array_key_exists($hash_identifier, self::getInfo() )) {
+ return $hash_identifier;
+ } else {
+ return self::$default;
+ }
+ }
+}
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index 8ad2ccf..59c6cd6 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -173,7 +173,7 @@ function checkWeakKeyText($text)
$exponent = $exponent[1]; // exponent might be very big =>
//handle as string using bc*()
- if (bccomp($exponent, "3") === 0)
+ if (bccomp($exponent, "65537") < 0)
{
return sprintf(_("The keys you use might be insecure. ".
"Although there is currently no known attack for ".
diff --git a/includes/lib/general.php b/includes/lib/general.php
index 85b132d..127c6b7 100644
--- a/includes/lib/general.php
+++ b/includes/lib/general.php
@@ -18,10 +18,10 @@
/**
* Checks if the user may log in and retrieve the user id
- *
+ *
* Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and
* $_SERVER['SSL_CLIENT_I_DN_CN']
- *
+ *
* @param $serial string
* usually $_SERVER['SSL_CLIENT_M_SERIAL']
* @param $issuer_cn string
@@ -43,7 +43,7 @@ function get_user_id_from_cert($serial, $issuer_cn)
$row = mysql_fetch_assoc($res);
return intval($row['memid']);
}
-
+
return -1;
}
@@ -71,7 +71,7 @@ function failWithId($errormessage) {
/**
* Runs a command on the shell and return it's exit code and output
- *
+ *
* @param string $command
* The command to run. Make sure that you escapeshellarg() any non-constant
* parts as this is executed on a shell!
@@ -85,7 +85,7 @@ function failWithId($errormessage) {
* @param string|bool $errors
* The output the command wrote to STDERR (this is passed as reference),
* if true (default) the output will be written to the real STDERR
- *
+ *
* @return int|bool
* The exit code of the command, true if the execution of the command
* failed (true because then
@@ -93,38 +93,38 @@ function failWithId($errormessage) {
*/
function runCommand($command, $input = "", &$output = null, &$errors = true) {
$descriptorspec = array();
-
+
if ($input !== true) {
$descriptorspec[0] = array("pipe", "r"); // STDIN for child
}
-
+
if ($output !== true) {
$descriptorspec[1] = array("pipe", "w"); // STDOUT for child
}
-
+
if ($errors !== true) {
$descriptorspec[2] = array("pipe", "w"); // STDERR for child
}
-
+
$proc = proc_open($command, $descriptorspec, $pipes);
-
+
if (is_resource($proc))
{
if ($input !== true) {
fwrite($pipes[0], $input);
fclose($pipes[0]);
}
-
+
if ($output !== true) {
$output = stream_get_contents($pipes[1]);
}
-
+
if ($errors !== true) {
$errors = stream_get_contents($pipes[2]);
}
-
+
return proc_close($proc);
-
+
} else {
return true;
}
@@ -145,19 +145,18 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) {
{
$Result |= 5;
}
-
- $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()');
+
+ $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now() and `deleted` = 0');
$row = mysql_fetch_assoc($query);
if ($row['points'] < 100) {
$Result |= 3;
}
-
+
$query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
$row = mysql_fetch_assoc($query);
if ($row['assurer_blocked'] > 0) {
$Result |= 9;
}
-
+
return $Result;
}
- \ No newline at end of file
diff --git a/includes/lib/l10n.php b/includes/lib/l10n.php
index 85b7aff..e325add 100644
--- a/includes/lib/l10n.php
+++ b/includes/lib/l10n.php
@@ -22,10 +22,10 @@
class L10n {
/**
* These are tranlations we currently support.
- *
+ *
* If another translation is added, it doesn't suffice to have gettext set
* up, you also need to add it here, because it acts as a white list.
- *
+ *
* @var array("ISO-language code" => "native name of the language")
*/
public static $translations = array(
@@ -53,15 +53,15 @@ class L10n {
"zh-cn" => "&#x4e2d;&#x6587;(&#x7b80;&#x4f53;)",
"zh-tw" => "&#x4e2d;&#x6587;(&#33274;&#28771;)",
);
-
+
/**
* setlocale needs a language + region code for whatever reason so here's
* the mapping from a translation code to locales with the region that
* seemed the most common for this language
- *
+ *
* You probably never need this. Use {@link set_translation()} to change the
* language instead of manually calling setlocale().
- *
+ *
* @var array(string => string)
*/
private static $locales = array(
@@ -101,11 +101,11 @@ class L10n {
"zh-cn" => "zh_CN",
"zh-tw" => "zh_TW",
);
-
+
/**
* Auto-detects the language that should be used and sets it. Only works for
* HTTP, not in a command line script.
- *
+ *
* Priority:
* <ol>
* <li>explicit parameter "lang" passed in HTTP (e.g. via GET)</li>
@@ -128,10 +128,10 @@ class L10n {
return;
}
}
-
-
+
+
$languages = array();
-
+
// parse Accept-Language header
if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER)) {
$bits = explode(",", strtolower(
@@ -144,29 +144,29 @@ class L10n {
$c = floatval(substr($b[1], 2));
else
$c = 1;
-
+
if ($c != 0)
{
$languages[trim($b[0])] = $c;
}
}
}
-
+
// check if there is an explicit language given as parameter
if(array_key_exists("lang",$_REQUEST) && trim($_REQUEST["lang"]) != "")
{
// higher priority than those values in the header
$languages[strtolower(trim($_REQUEST["lang"]))] = 2.0;
}
-
+
arsort($languages, SORT_NUMERIC);
-
+
// this is used to be compatible with browsers like internet
// explorer which only provide the language code including the
// region not without. Also handles the fallback to English (qvalues
// may only have three digits after the .)
$fallbacks = array("en" => 0.0005);
-
+
foreach($languages as $lang => $qvalue)
{
// ignore any non-conforming values (that's why we don't need to
@@ -179,7 +179,7 @@ class L10n {
}
$lang_prefix = $matches[1]; // usually two-letter language code
$fallbacks[$lang_prefix] = $qvalue;
-
+
$chosen_translation = "";
if ($lang === '*') {
// According to the standard '*' matches anything but any
@@ -202,7 +202,7 @@ class L10n {
}
}
}
-
+
if ($chosen_translation !== "")
{
if (self::set_translation($chosen_translation)) {
@@ -210,7 +210,7 @@ class L10n {
}
}
}
-
+
// No translation found yet => try the prefixes
arsort($fallbacks, SORT_NUMERIC);
foreach ($fallbacks as $lang => $qvalue) {
@@ -218,16 +218,47 @@ class L10n {
return;
}
}
-
+
// should not get here, as the fallback of "en" is provided and that
// should always work => log an error
trigger_error("L10n::detect_language(): could not set language",
E_USER_WARNING);
}
-
+
+ /**
+ * Normalise the translation code (e.g. from the old codes to the new)
+ *
+ * @return string
+ * a translation code or the empty string if it can't be normalised
+ */
+ public static function normalise_translation($translation_code) {
+ // check $translation_code against whitelist
+ if (array_key_exists($translation_code, self::$translations) ) {
+ return $translation_code;
+ }
+
+ // maybe it's a locale as previously used in the system? e.g. en_AU
+ if (preg_match('/^([a-z][a-z])_([A-Z][A-Z])$/', $translation_code, $matches) !== 1) {
+ return '';
+ }
+
+ $lang_code = $matches[1];
+ $region_code = strtolower($matches[2]);
+
+ if (array_key_exists("${lang_code}-${region_code}", self::$translations)) {
+ return "${lang_code}-${region_code}";
+ }
+
+ if (array_key_exists($lang_code, self::$translations)) {
+ return $lang_code;
+ }
+
+ return '';
+ }
+
/**
* Get the set translation
- *
+ *
* @return string
* a translation code or the empty string if not set
*/
@@ -238,13 +269,13 @@ class L10n {
return "";
}
}
-
+
/**
* Set the translation to use.
- *
+ *
* @param string $translation_code
* the translation code as specified in the keys of {@link $translations}
- *
+ *
* @return bool
* <ul>
* <li>true if the translation has been set successfully</li>
@@ -255,27 +286,11 @@ class L10n {
* </ul>
*/
public static function set_translation($translation_code) {
- // check $translation_code against whitelist
- if ( !array_key_exists($translation_code, self::$translations) ) {
- // maybe it's a locale as previously used in the system? e.g. en_AU
- if ( preg_match('/^([a-z][a-z])_([A-Z][A-Z])$/', $translation_code,
- $matches) !== 1 ) {
- return false;
- }
-
- $lang_code = $matches[1];
- $region_code = strtolower($matches[2]);
-
- if ( array_key_exists("${lang_code}-${region_code}",
- self::$translations) ) {
- $translation_code = "${lang_code}-${region_code}";
- } elseif ( array_key_exists($lang_code, self::$translations) ) {
- $translation_code = $lang_code;
- } else {
- return false;
- }
+ $translation_code = self::normalise_translation($translation_code);
+ if (empty($translation_code)) {
+ return false;
}
-
+
// map translation to locale
if ( !array_key_exists($translation_code, self::$locales) ) {
// weird. maybe you added a translation but haven't added a
@@ -285,7 +300,7 @@ class L10n {
return false;
}
$locale = self::$locales[$translation_code];
-
+
// set up locale
if ( !putenv("LANG=$locale") ) {
trigger_error("L10n::set_translation(): could not set the ".
@@ -297,42 +312,42 @@ class L10n {
"LC_ALL to $locale", E_USER_WARNING);
return false;
}
-
-
+
+
// only set if we're running in a server not in a script
if (isset($_SESSION)) {
// save the setting
$_SESSION['_config']['language'] = $translation_code;
-
-
+
+
// Set up the recode settings needed e.g. in PDF creation
$_SESSION['_config']['recode'] = "html..latin-1";
-
+
if($translation_code === "zh-cn" || $translation_code === "zh-tw")
{
$_SESSION['_config']['recode'] = "html..gb2312";
-
+
} else if($translation_code === "pl" || $translation_code === "hu") {
$_SESSION['_config']['recode'] = "html..ISO-8859-2";
-
+
} else if($translation_code === "ja") {
$_SESSION['_config']['recode'] = "html..SHIFT-JIS";
-
+
} else if($translation_code === "ru") {
$_SESSION['_config']['recode'] = "html..ISO-8859-5";
-
+
} else if($translation_code == "lt") { // legacy, keep for reference
$_SESSION['_config']['recode'] = "html..ISO-8859-13";
-
+
}
}
-
+
return true;
}
-
+
/**
* Sets up the text domain used by gettext
- *
+ *
* @param string $domain
* the gettext domain that should be used, defaults to "messages"
*/