From f1f72ff9ddcfdeda9c05251ef410ff1dec238405 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 07 Jan 2013 10:17:09 -0500
Subject: [PATCH] Fixed: FS#2608 - Certain complex database passwords are not escaped properly (MySQL)  - passwords are now enrypted already in tform (and remoting) and not stored in datalog clear text  - clientdb plugin no longer encrypts password itself but receives crypted password

---
 server/plugins-available/mysql_clientdb_plugin.inc.php |    2 +-
 interface/lib/classes/tform.inc.php                    |    8 ++++++--
 interface/lib/classes/remoting_lib.inc.php             |    8 ++++++--
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 617250c..c636518 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -681,7 +681,9 @@
 																$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
-																$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
+																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+																$record[$key] = $tmp['crypted'];
+																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                                                         } else {
                                                                 $record[$key] = md5(stripslashes($record[$key]));
 																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
@@ -708,7 +710,9 @@
                                                                 $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
-																$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+																$record[$key] = $tmp['crypted'];
+																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 														} else {
                                                                 $record[$key] = md5(stripslashes($record[$key]));
 																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index c51e3e1..bd28db4 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -1057,7 +1057,9 @@
 																$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 														} elseif ($field['encryption'] == 'MYSQL') {
-																$sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
+																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+																$record[$key] = $tmp['crypted'];
+																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 														} elseif ($field['encryption'] == 'CLEARTEXT') {
 																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                                                         } else {
@@ -1084,7 +1086,9 @@
                                                                 $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
 																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
-																$sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+																$record[$key] = $tmp['crypted'];
+																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 														} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
 																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                                                         } else {
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index e4825c8..ce6bb5a 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -393,7 +393,7 @@
 			}
 
 			if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') {
-				$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed
+				$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
 				$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
 			}
         }

--
Gitblit v1.9.1