Skip to content

Commit

Permalink
[BUGFIX] Correction de bugs critiques dans la classe config
Browse files Browse the repository at this point in the history 
- Correction du décryptage des clés API dans byKeys()
- Amélioration de la gestion du cache dans la méthode remove() pour le nettoyage complet lors de la suppression avec "*"
- Ajout d'une limite de taille dans genKey() pour éviter les problèmes de performance

Cette mise à jour corrige plusieurs problèmes qui pouvaient impacter la sécurité et les performances.
  • Loading branch information
@kwizer15
kwizer15 committed Dec 20, 2024
1 parent 3fbddab commit 5dd1aa4
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions core/class/config.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,11 @@ public static function remove(string $_key, string $_plugin = 'core') {
$sql = 'DELETE FROM config
WHERE plugin=:plugin';
DB::Prepare($sql, $values, DB::FETCH_TYPE_ROW);
foreach (self::$cache as $cacheKey => $value) {
if (strpos($cacheKey, $_plugin . '::') === 0) {
unset(self::$cache[$cacheKey]);
}
}
} else {
$values = array(
'plugin' => $_plugin,
Expand All @@ -131,9 +136,7 @@ public static function remove(string $_key, string $_plugin = 'core') {
WHERE `key`=:key
AND plugin=:plugin';
DB::Prepare($sql, $values, DB::FETCH_TYPE_ROW);
if (isset(self::$cache[$_plugin . '::' . $_key])) {
unset(self::$cache[$_plugin . '::' . $_key]);
}
unset(self::$cache[$_plugin . '::' . $_key]);
}
return true;
}
Expand Down Expand Up @@ -197,7 +200,7 @@ public static function byKeys($_keys, $_plugin = 'core', $_default = '') {
} else if ($_plugin != 'core' && class_exists($_plugin) && property_exists($_plugin, '_encryptConfigKey') && in_array($value['key'], $_plugin::$_encryptConfigKey)) {
$value['value'] = utils::decrypt($value['value']);
} else if ($value['key'] == 'api') {
$value['key'] = utils::decrypt($value['key']);
$value['value'] = utils::decrypt($value['value']);
}
$return[$value['key']] = $value['value'];
}
Expand Down Expand Up @@ -248,6 +251,9 @@ public static function searchKey($_key, $_plugin = 'core') {
}

public static function genKey($_car = 64) {
if ($_car > 256) {
throw new \Exception('Key length too long');
}
$key = '';
$chaine = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ($i = 0; $i < $_car; $i++) {
Expand Down

0 comments on commit 5dd1aa4

Please sign in to comment.