|
|
|
|
@ -34,9 +34,25 @@ function fulcrm_crypto_object_id_hmac( $object_type, $object_id ) {
|
|
|
|
|
return drupal_hmac_base64( 'fulcrm:' . strval( $object_id ) . ':' . $object_type, session_id() . drupal_get_hash_salt() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function fulcrm_crypto_hash_equals( $real_hmac, $hmac ) {
|
|
|
|
|
if ( function_exists( 'hash_equals' ) ) {
|
|
|
|
|
return hash_equals( $real_hmac, $hmac );
|
|
|
|
|
} else {
|
|
|
|
|
if ( strlen( $real_hmac ) != strlen( $hmac ) )
|
|
|
|
|
return false;
|
|
|
|
|
$xor = $real_hmac ^ $hmac;
|
|
|
|
|
$residual = 0;
|
|
|
|
|
for ( $i = strlen( $xor ) - 1; $i >= 0; $i-- )
|
|
|
|
|
$residual |= ord( $residual[ $i ] );
|
|
|
|
|
if ( $residual == 0 )
|
|
|
|
|
return true;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function fulcrm_crypto_check_object_id_hmac( $object_type, $object_id, $hmac ) {
|
|
|
|
|
$real_hmac = fulcrm_crypto_object_id_hmac( $object_type, $object_id );
|
|
|
|
|
return hash_equals( $real_hmac, $hmac );
|
|
|
|
|
return fulcrm_crypto_hash_equals( $real_hmac, $hmac );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function fulcrm_crypto_object_id_form_value( $object_type, $object_id ) {
|
|
|
|
|
@ -50,7 +66,7 @@ function fulcrm_crypto_get_object_id_form_value( $object_type, $form_value ) {
|
|
|
|
|
$hmac = $bits[ 1 ];
|
|
|
|
|
$real_hmac = fulcrm_crypto_object_id_hmac( $object_type, $object_id );
|
|
|
|
|
|
|
|
|
|
if ( hash_equals( $real_hmac, $hmac ) )
|
|
|
|
|
if ( fulcrm_crypto_hash_equals( $real_hmac, $hmac ) )
|
|
|
|
|
return $object_id;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
|
