svn commit: r1798093 - /vcl/trunk/web/.ht-inc/addomain.php

Thu, 08 Jun 2017 10:17:16 -0700 

Author: jfthomps
Date: Thu Jun  8 17:16:37 2017
New Revision: 1798093

URL: http://svn.apache.org/viewvc?rev=1798093&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries

addomain.php:
-modified AJsaveResource: changed string used to join error string passed to 
wordwrap from <br> to \n
-modified addResource: added checks for getSecretKeyID and encryptDBdata 
returning NULL and if so, return NULL; changed return when insert fails from 
returning 0 to returning NULL

Modified:
    vcl/trunk/web/.ht-inc/addomain.php

Modified: vcl/trunk/web/.ht-inc/addomain.php
URL: 
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1798093&r1=1798092&r2=1798093&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Thu Jun  8 17:16:37 2017
@@ -163,7 +163,7 @@ class ADdomain extends Resource {
                if($add) {
                        if(! $data['rscid'] = $this->addResource($data)) {
                                sendJSON(array('status' => 'adderror',
-                                              'errormsg' => wordwrap(i('Error 
encountered while trying to create new AD domain. Please contact an admin for 
assistance.'), 75, '<br>')));
+                                              'errormsg' => wordwrap(i('Error 
encountered while trying to create new AD domain. Please contact an admin for 
assistance.'), 75, "\n")));
                                return;
                        }
                }
@@ -313,7 +313,7 @@ class ADdomain extends Resource {
        ///
        /// \param $data - array of needed data for adding a new resource
        ///
-       /// \return id of new resource
+       /// \return id of new resource; NULL on failure
        ///
        /// \brief handles all parts of adding a new resource to the database; 
should
        /// be implemented by inheriting class, but not required since it is 
only
@@ -327,7 +327,11 @@ class ADdomain extends Resource {
                $ownerid = getUserlistID($data['owner']);
 
                $secretid = getSecretKeyID('addomain', 'secretid', 0);
+               if($secretid === NULL)
+                       return NULL;
                $encpass = encryptDBdata($data['password'], $secretid);
+               if($encpass === NULL)
+                       return NULL;
        
                $query = "INSERT INTO addomain"
                                .       "(name, "
@@ -350,7 +354,7 @@ class ADdomain extends Resource {
                if($rscid == 0) {
                        $query = "DELETE FROM cryptsecret WHERE secretid = 
$secretid";
                        doQuery($query);
-                       return 0;
+                       return NULL;
                }
 
                // add entry in resource table

Reply via email to