From f1f72ff9ddcfdeda9c05251ef410ff1dec238405 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Mon, 07 Jan 2013 10:17:09 -0500
Subject: [PATCH] Fixed: FS#2608 - Certain complex database passwords are not escaped properly (MySQL) - passwords are now enrypted already in tform (and remoting) and not stored in datalog clear text - clientdb plugin no longer encrypts password itself but receives crypted password
---
interface/lib/classes/tform.inc.php | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index c51e3e1..bd28db4 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -1057,7 +1057,9 @@
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'MYSQL') {
- $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} elseif ($field['encryption'] == 'CLEARTEXT') {
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
@@ -1084,7 +1086,9 @@
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
- $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+ $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
+ $record[$key] = $tmp['crypted'];
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
--
Gitblit v1.9.1