You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by jf...@apache.org on 2017/06/08 17:16:37 UTC
svn commit: r1798093 - /vcl/trunk/web/.ht-inc/addomain.php
Author: jfthomps
Date: Thu Jun 8 17:16:37 2017
New Revision: 1798093
URL: http://svn.apache.org/viewvc?rev=1798093&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries
addomain.php:
-modified AJsaveResource: changed string used to join error string passed to wordwrap from <br> to \n
-modified addResource: added checks for getSecretKeyID and encryptDBdata returning NULL and if so, return NULL; changed return when insert fails from returning 0 to returning NULL
Modified:
vcl/trunk/web/.ht-inc/addomain.php
Modified: vcl/trunk/web/.ht-inc/addomain.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1798093&r1=1798092&r2=1798093&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Thu Jun 8 17:16:37 2017
@@ -163,7 +163,7 @@ class ADdomain extends Resource {
if($add) {
if(! $data['rscid'] = $this->addResource($data)) {
sendJSON(array('status' => 'adderror',
- 'errormsg' => wordwrap(i('Error encountered while trying to create new AD domain. Please contact an admin for assistance.'), 75, '<br>')));
+ 'errormsg' => wordwrap(i('Error encountered while trying to create new AD domain. Please contact an admin for assistance.'), 75, "\n")));
return;
}
}
@@ -313,7 +313,7 @@ class ADdomain extends Resource {
///
/// \param $data - array of needed data for adding a new resource
///
- /// \return id of new resource
+ /// \return id of new resource; NULL on failure
///
/// \brief handles all parts of adding a new resource to the database; should
/// be implemented by inheriting class, but not required since it is only
@@ -327,7 +327,11 @@ class ADdomain extends Resource {
$ownerid = getUserlistID($data['owner']);
$secretid = getSecretKeyID('addomain', 'secretid', 0);
+ if($secretid === NULL)
+ return NULL;
$encpass = encryptDBdata($data['password'], $secretid);
+ if($encpass === NULL)
+ return NULL;
$query = "INSERT INTO addomain"
. "(name, "
@@ -350,7 +354,7 @@ class ADdomain extends Resource {
if($rscid == 0) {
$query = "DELETE FROM cryptsecret WHERE secretid = $secretid";
doQuery($query);
- return 0;
+ return NULL;
}
// add entry in resource table