mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-06-22 06:29:27 +00:00
Merge branch 'feature-25562/PV21_Datenbankstruktur_fuer_Vertraege_und_Gehaelter' into deploy-PV21
This commit is contained in:
Harald Bamberger
@@ -18,11 +18,11 @@ class Gehaltsbestandteil_model extends DB_Model implements IEncryption
|
||||
return array(
|
||||
'grundbetrag' => array(
|
||||
DB_Model::CRYPT_CAST => 'numeric',
|
||||
DB_Model::CRYPT_PASSWORD_NAME => 'ENCRYPTIONKEY'
|
||||
DB_Model::CRYPT_PASSWORD_NAME => 'ENCRYPTIONKEYGEHALT'
|
||||
),
|
||||
'betrag_valorisiert' => array(
|
||||
DB_Model::CRYPT_CAST => 'numeric',
|
||||
DB_Model::CRYPT_PASSWORD_NAME => 'ENCRYPTIONKEY'
|
||||
DB_Model::CRYPT_PASSWORD_NAME => 'ENCRYPTIONKEYGEHALT'
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
@@ -163,6 +163,43 @@ abstract class db extends basis
|
||||
return $rows;
|
||||
}
|
||||
|
||||
/**
|
||||
* Replace the password names with the related passwords in a SQL string, to decrypt data from the DB
|
||||
*/
|
||||
protected function replaceSQLDecryptionPassword($sql)
|
||||
{
|
||||
$newSQL = null;
|
||||
|
||||
// If the global constant CI_ENVIRONMENT is not defined then return a failure
|
||||
if (!defined('CI_ENVIRONMENT')) return null;
|
||||
|
||||
define('BASEPATH', 'LEGACY_WORKAROUND'); // little trick to load a CI config file
|
||||
|
||||
// Tries to include the CI config file that contains password for the database encryption
|
||||
// If the include fails then return a failure
|
||||
if (!include_once(dirname(__FILE__).'/../application/config/'.CI_ENVIRONMENT.'/db_crypt.php')) return null;
|
||||
|
||||
// Array that will contains all the DB decryption password
|
||||
$decryptionPasswordsArray = array();
|
||||
// Array that will contains all the DB decryption password names
|
||||
$decryptionPasswordNamesArray = array();
|
||||
|
||||
// For each password found in the config array
|
||||
foreach ($config['encryption_passwords'] as $name => $password)
|
||||
{
|
||||
// Copy the password name using this template: '{$'<password name>'}'
|
||||
$decryptionPasswordArray[] = $password;
|
||||
$decryptionPasswordNamesArray[] = '${'.$name.'}';
|
||||
}
|
||||
|
||||
// Replace the password names with the password values
|
||||
$newSQL = str_replace($decryptionPasswordNamesArray, $decryptionPasswordArray, $sql);
|
||||
|
||||
// In case the replacement is a failure
|
||||
if ($newSQL == '' || $newSQL == null) return null;
|
||||
|
||||
return $newSQL; // OK
|
||||
}
|
||||
}
|
||||
require_once(dirname(__FILE__).'/'.DB_SYSTEM.'.class.php');
|
||||
|
||||
|
||||
@@ -230,9 +230,11 @@ class filter extends basis_db
|
||||
*/
|
||||
public function loadValues($sql, $valuename, $showvalue)
|
||||
{
|
||||
|
||||
$this->values = array();
|
||||
|
||||
// In case a decryption function is used then perform password substitution
|
||||
$sql = $this->replaceSQLDecryptionPassword($sql);
|
||||
|
||||
if($this->db_query($sql))
|
||||
{
|
||||
while($row = $this->db_fetch_row())
|
||||
|
||||
@@ -1197,6 +1197,26 @@ function anzahlTage($date1, $date2)
|
||||
return round($diff / 86400);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the provided SQL string contains PostgreSQL functions to decrypt data, returns a boolean
|
||||
*/
|
||||
function hasSQLDecryption($sql)
|
||||
{
|
||||
return stripos($sql, 'PGP_SYM_DECRYPT') !== false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the provided SQL string contains PostgreSQL functions to decrypt data,
|
||||
* and if it is used a variable instead of a readable password. Returns a boolean
|
||||
*/
|
||||
function isSQLDecryptionValid($sql)
|
||||
{
|
||||
// If the SQL string contains decryption functions and there are _no_ password variables
|
||||
if (hasSQLDecryption($sql) && strpos($sql, '${') === false) return false; // then return false
|
||||
|
||||
return true; // in any other case return true
|
||||
}
|
||||
|
||||
/**
|
||||
* Gibt zurück, ob ein String ausschließlich erlaubte Zeichen enthält
|
||||
* erlaubt: Buchstaben a-z, A-Z, 0-9, -, _
|
||||
@@ -1205,10 +1225,10 @@ function anzahlTage($date1, $date2)
|
||||
*/
|
||||
function hasOnlyAllowedChars($stringToCheck)
|
||||
{
|
||||
if (!preg_match("#^[a-zA-Z0-9_-]+$#", $stringToCheck))
|
||||
return false;
|
||||
else
|
||||
return true;
|
||||
if (!preg_match("#^[a-zA-Z0-9_-]+$#", $stringToCheck))
|
||||
return false;
|
||||
else
|
||||
return true;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
@@ -514,6 +514,9 @@ class statistik extends basis_db
|
||||
$this->countRows=0;
|
||||
set_time_limit(120);
|
||||
|
||||
// In case a decryption function is used then perform password substitution
|
||||
$this->sql = $this->replaceSQLDecryptionPassword($this->sql);
|
||||
|
||||
if($this->sql!='')
|
||||
{
|
||||
$sql = $this->sql;
|
||||
|
||||
@@ -26,6 +26,7 @@ require_once('../../config/vilesci.config.inc.php');
|
||||
require_once('../../include/statistik.class.php');
|
||||
require_once('../../include/benutzerberechtigung.class.php');
|
||||
require_once('../../include/berechtigung.class.php');
|
||||
require_once('../../include/functions.inc.php');
|
||||
|
||||
if(!$db = new basis_db())
|
||||
{
|
||||
@@ -140,18 +141,29 @@ if(!$rechte->isBerechtigt('basis/statistik', null, 'suid'))
|
||||
$statistik->berechtigung_kurzbz = $berechtigung_kurzbz;
|
||||
$statistik->preferences = $preferences;
|
||||
|
||||
$success = $statistik->save();
|
||||
// Check if the SQL string contains functions to decrypt data and if there are
|
||||
// variables to replace the value of the password (no clear password wanted!)
|
||||
if (isSQLDecryptionValid($statistik->sql))
|
||||
{
|
||||
$success = $statistik->save();
|
||||
|
||||
if($success):
|
||||
if($success):
|
||||
?>
|
||||
<span class="ok">Daten erfolgreich gespeichert</span>
|
||||
<script type='text/javascript'>
|
||||
parent.uebersicht_statistik.location.href = 'statistik_uebersicht.php';
|
||||
</script>
|
||||
<?php else: ?>
|
||||
<span class="error"><?php echo $statistik->errormsg ?></span>
|
||||
<?php
|
||||
endif;
|
||||
}
|
||||
else // in case the SQL string is not valid display an error
|
||||
{
|
||||
?>
|
||||
<span class="ok">Daten erfolgreich gespeichert</span>
|
||||
<script type='text/javascript'>
|
||||
parent.uebersicht_statistik.location.href = 'statistik_uebersicht.php';
|
||||
</script>
|
||||
<?php else: ?>
|
||||
<span class="error"><?php echo $statistik->errormsg ?></span>
|
||||
<?php
|
||||
endif;
|
||||
<span class="error"><?php echo 'It is not possible to store a SQL that contains clear passwords to decrypt data from the DB' ?></span>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
|
||||
$preferences = trim($statistik->preferences);
|
||||
|
||||
@@ -76,9 +76,18 @@
|
||||
$filter->type = $_POST["type"];
|
||||
$filter->htmlattr = $_POST["htmlattr"];
|
||||
|
||||
if(!$filter->save())
|
||||
// Check if the SQL string contains functions to decrypt data and if there are
|
||||
// variables to replace the value of the password (no clear password wanted!)
|
||||
if (isSQLDecryptionValid($filter->sql))
|
||||
{
|
||||
$errorstr .= $filter->errormsg;
|
||||
if (!$filter->save())
|
||||
{
|
||||
$errorstr .= $filter->errormsg;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$errorstr .= 'It is not possible to store a SQL that contains clear passwords to decrypt data from the DB';
|
||||
}
|
||||
|
||||
$reloadstr .= "<script type='text/javascript'>\n";
|
||||
|
||||
Reference in New Issue
Block a user