protected function check($params = array()) { $sign = new Signer(); $str = (string) $sign->unsign($this->signature, self::$salt); $str2 = (string) $this->id; if (is_array($params) && array_key_exists("width", $params) && $params["width"] > 0 && array_key_exists("height", $params) && $params["height"] > 0) { $str2 = $this->id . "x" . $params["width"] . "x" . $params["height"]; } return $str == $str2; }
/** * Check message signature and it lifetime. If everything is OK - return original message. * * Simple example: * <code> * $signer = new TimeSigner; * * // Sing message for 1 second * $signedValue = $signer->sign('test', '+1 second'); * * // Or sign with expiring on some magic timestamp (e.g. 01.01.2030) * $signedValue = $signer->sign('test', 1893445200); * * // Get original message with checking * echo $signer->unsign($signedValue); * // Output: 'test' * * // Try to unsigning not signed value * echo $signer->unsign('test'); * //throw BadSignatureException with message 'Separator not found in value' * * // Or with invalid sign * echo $signer->unsign('test.invalid_sign'); * * // Or invalid salt * echo $signer->unsign($signedValue, 'invalid_salt'); * //throw BadSignatureException with message 'Signature does not match' * * // Or expired lifetime * echo $signer->unsign($signedValue); * //throw BadSignatureException with message 'Signature timestamp expired (1403039921 < 1403040024)' * * </code> * * @param string $signedValue Signed value, must be in format: {message}{separator}{expired timestamp}{separator}{signature}. * @param string|null $salt Salt, if used while signing. * @return string * @throws BadSignatureException */ public function unsign($signedValue, $salt = null) { $timedValue = parent::unsign($signedValue, $salt); if (strpos($signedValue, $timedValue) === false) { throw new BadSignatureException('Timestamp missing'); } list($value, $time) = $this->unpack($timedValue); $time = (int) $time; if ($time <= 0) { throw new BadSignatureException(sprintf('Malformed timestamp %d', $time)); } if ($time < time()) { throw new BadSignatureException(sprintf('Signature timestamp expired (%d < %d)', $time, time())); } return $value; }
/** * @param string $signedValue * @param string|null $salt * @return string * @throws BadSignatureException */ public function unsign($signedValue, $salt = null) { $timedValue = parent::unsign($signedValue, $salt); if (strpos($signedValue, $timedValue) === false) { throw new BadSignatureException('Timestamp missing'); } $pos = strrpos($timedValue, $this->separator); $value = substr($timedValue, 0, $pos); $time = (int) substr($timedValue, $pos + 1); if ($time <= 0) { throw new BadSignatureException(sprintf('Malformed timestamp %d', $time)); } if ($time < time()) { throw new BadSignatureException(sprintf('Signature timestamp expired (%d < %d)', $time, time())); } return $value; }
protected function check() { $this->status = new Status(); if (!$GLOBALS["USER"]->IsAuthorized()) { $this->status = new Error(self::STATUS_DENIED, Loc::getMessage("BXU_AccessDenied_Authorize")); } else { try { $sign = new Signer(); $params = unserialize(base64_decode($sign->unsign($this->signature, "fileinput"))); $this->id = $params["id"]; $this->getAgent()->setParams($params); } catch (BadSignatureException $e) { $this->status = new Error(self::STATUS_INVALID_SIGN, Loc::getMessage("BXU_AccessDenied_SignBetter")); } } return !$this->status instanceof Error; }
public function unsign($signedValue, $salt = null) { $encodedValue = parent::unsign($signedValue, $salt); return Json::decode(base64_decode($encodedValue)); }
/** * Hook executed before saving url_preview user type value. Checks and removes signature of the $value. * If signature is correct, checks current user's access to $value. * * @param array $userField Array containing parameters of the user field. * @param string $value Signed value of the user field. * @return int Unsigned value of the user field, or null in case of errors. */ public static function onBeforeSave($userField, $value) { $imageUrl = null; if (strpos($value, ';') !== false) { list($value, $imageUrl) = explode(';', $value); } $signer = new Signer(); try { $value = $signer->unsign($value, UrlPreview::SIGN_SALT); } catch (SystemException $e) { return null; } $metadata = UrlMetadataTable::getById($value)->fetch(); if (!is_array($metadata)) { return null; } if ($metadata['TYPE'] === UrlMetadataTable::TYPE_STATIC) { if ($imageUrl && is_array($metadata['EXTRA']['IMAGES']) && in_array($imageUrl, $metadata['EXTRA']['IMAGES'])) { UrlPreview::setMetadataImage((int) $value, $imageUrl); } return $value; } else { if ($metadata['TYPE'] === UrlMetadataTable::TYPE_DYNAMIC && UrlPreview::checkDynamicPreviewAccess($metadata['URL'])) { return $value; } } return null; }
$cid = trim($_REQUEST['cid']); use Bitrix\Main\UI\FileInputUtility; use Bitrix\Main\Security\Sign\Signer; /** * Bitrix vars * * @global CMain $APPLICATION */ if ($cid && preg_match('/^[a-f01-9]{32}$/', $cid) && check_bitrix_sessid()) { $fid = intval($_GET["fileID"]); if ($fid > 0 && FileInputUtility::instance()->checkFile($cid, $fid)) { $arFile = \CFile::GetFileArray($fid); if ($arFile) { $APPLICATION->RestartBuffer(); while (ob_end_clean()) { } // hack! $useContentType = false; if (!empty($_REQUEST["s"])) { $sign = new Signer(); $useContentType = ($res = $sign->unsign($_REQUEST["s"], "main.file.input")) && $res == $cid; } if ($useContentType) { CFile::ViewByUser($arFile, array("content_type" => $arFile["CONTENT_TYPE"])); } else { CFile::ViewByUser($arFile, array("force_download" => true)); } } } } die;
/** * @param $signedTag * @return array * @throws \Bitrix\Main\Security\Sign\BadSignatureException */ public static function parseSignedTag($signedTag) { $signer = new Signer(); $unsignedTag = $signer->unsign($signedTag, static::SIGN_SALT_ACTION); return static::parseTag($unsignedTag); }