protected function check($params = array())
{
$sign = new Signer();
$str = (string) $sign->unsign($this->signature, self::$salt);
$str2 = (string) $this->id;
if (is_array($params) && array_key_exists("width", $params) && $params["width"] > 0 && array_key_exists("height", $params) && $params["height"] > 0) {
$str2 = $this->id . "x" . $params["width"] . "x" . $params["height"];
}
return $str == $str2;
}
/**
* Check message signature and it lifetime. If everything is OK - return original message.
*
* Simple example:
* <code>
* $signer = new TimeSigner;
*
* // Sing message for 1 second
* $signedValue = $signer->sign('test', '+1 second');
*
* // Or sign with expiring on some magic timestamp (e.g. 01.01.2030)
* $signedValue = $signer->sign('test', 1893445200);
*
* // Get original message with checking
* echo $signer->unsign($signedValue);
* // Output: 'test'
*
* // Try to unsigning not signed value
* echo $signer->unsign('test');
* //throw BadSignatureException with message 'Separator not found in value'
*
* // Or with invalid sign
* echo $signer->unsign('test.invalid_sign');
*
* // Or invalid salt
* echo $signer->unsign($signedValue, 'invalid_salt');
* //throw BadSignatureException with message 'Signature does not match'
*
* // Or expired lifetime
* echo $signer->unsign($signedValue);
* //throw BadSignatureException with message 'Signature timestamp expired (1403039921 < 1403040024)'
*
* </code>
*
* @param string $signedValue Signed value, must be in format: {message}{separator}{expired timestamp}{separator}{signature}.
* @param string|null $salt Salt, if used while signing.
* @return string
* @throws BadSignatureException
*/
public function unsign($signedValue, $salt = null)
{
$timedValue = parent::unsign($signedValue, $salt);
if (strpos($signedValue, $timedValue) === false) {
throw new BadSignatureException('Timestamp missing');
}
list($value, $time) = $this->unpack($timedValue);
$time = (int) $time;
if ($time <= 0) {
throw new BadSignatureException(sprintf('Malformed timestamp %d', $time));
}
if ($time < time()) {
throw new BadSignatureException(sprintf('Signature timestamp expired (%d < %d)', $time, time()));
}
return $value;
}
/**
* @param string $signedValue
* @param string|null $salt
* @return string
* @throws BadSignatureException
*/
public function unsign($signedValue, $salt = null)
{
$timedValue = parent::unsign($signedValue, $salt);
if (strpos($signedValue, $timedValue) === false) {
throw new BadSignatureException('Timestamp missing');
}
$pos = strrpos($timedValue, $this->separator);
$value = substr($timedValue, 0, $pos);
$time = (int) substr($timedValue, $pos + 1);
if ($time <= 0) {
throw new BadSignatureException(sprintf('Malformed timestamp %d', $time));
}
if ($time < time()) {
throw new BadSignatureException(sprintf('Signature timestamp expired (%d < %d)', $time, time()));
}
return $value;
}
protected function check()
{
$this->status = new Status();
if (!$GLOBALS["USER"]->IsAuthorized()) {
$this->status = new Error(self::STATUS_DENIED, Loc::getMessage("BXU_AccessDenied_Authorize"));
} else {
try {
$sign = new Signer();
$params = unserialize(base64_decode($sign->unsign($this->signature, "fileinput")));
$this->id = $params["id"];
$this->getAgent()->setParams($params);
} catch (BadSignatureException $e) {
$this->status = new Error(self::STATUS_INVALID_SIGN, Loc::getMessage("BXU_AccessDenied_SignBetter"));
}
}
return !$this->status instanceof Error;
}
public function unsign($signedValue, $salt = null)
{
$encodedValue = parent::unsign($signedValue, $salt);
return Json::decode(base64_decode($encodedValue));
}
/**
* Hook executed before saving url_preview user type value. Checks and removes signature of the $value.
* If signature is correct, checks current user's access to $value.
*
* @param array $userField Array containing parameters of the user field.
* @param string $value Signed value of the user field.
* @return int Unsigned value of the user field, or null in case of errors.
*/
public static function onBeforeSave($userField, $value)
{
$imageUrl = null;
if (strpos($value, ';') !== false) {
list($value, $imageUrl) = explode(';', $value);
}
$signer = new Signer();
try {
$value = $signer->unsign($value, UrlPreview::SIGN_SALT);
} catch (SystemException $e) {
return null;
}
$metadata = UrlMetadataTable::getById($value)->fetch();
if (!is_array($metadata)) {
return null;
}
if ($metadata['TYPE'] === UrlMetadataTable::TYPE_STATIC) {
if ($imageUrl && is_array($metadata['EXTRA']['IMAGES']) && in_array($imageUrl, $metadata['EXTRA']['IMAGES'])) {
UrlPreview::setMetadataImage((int) $value, $imageUrl);
}
return $value;
} else {
if ($metadata['TYPE'] === UrlMetadataTable::TYPE_DYNAMIC && UrlPreview::checkDynamicPreviewAccess($metadata['URL'])) {
return $value;
}
}
return null;
}
$cid = trim($_REQUEST['cid']);
use Bitrix\Main\UI\FileInputUtility;
use Bitrix\Main\Security\Sign\Signer;
/**
* Bitrix vars
*
* @global CMain $APPLICATION
*/
if ($cid && preg_match('/^[a-f01-9]{32}$/', $cid) && check_bitrix_sessid()) {
$fid = intval($_GET["fileID"]);
if ($fid > 0 && FileInputUtility::instance()->checkFile($cid, $fid)) {
$arFile = \CFile::GetFileArray($fid);
if ($arFile) {
$APPLICATION->RestartBuffer();
while (ob_end_clean()) {
}
// hack!
$useContentType = false;
if (!empty($_REQUEST["s"])) {
$sign = new Signer();
$useContentType = ($res = $sign->unsign($_REQUEST["s"], "main.file.input")) && $res == $cid;
}
if ($useContentType) {
CFile::ViewByUser($arFile, array("content_type" => $arFile["CONTENT_TYPE"]));
} else {
CFile::ViewByUser($arFile, array("force_download" => true));
}
}
}
}
die;
/**
* @param $signedTag
* @return array
* @throws \Bitrix\Main\Security\Sign\BadSignatureException
*/
public static function parseSignedTag($signedTag)
{
$signer = new Signer();
$unsignedTag = $signer->unsign($signedTag, static::SIGN_SALT_ACTION);
return static::parseTag($unsignedTag);
}
