From c56ab8de32d7c5802ef24ce4211f451cecafa55e Mon Sep 17 00:00:00 2001 From: Alexey Shpakovsky Date: Tue, 8 Jun 2021 00:19:28 +0200 Subject: [PATCH] use sha256 instead of plaintext IMAP password to encrypt CardDAV password --- setup.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup.php b/setup.php index 56bca2c..d0d898d 100755 --- a/setup.php +++ b/setup.php @@ -33,7 +33,7 @@ function abook_get_password($data, $opt){ require_once(SM_PATH . 'functions/strings.php'); switch ($opt) { case '0': return sqauth_read_password(); - case '1': return OneTimePadDecrypt($data, base64_encode(sqauth_read_password())); + case '1': return OneTimePadDecrypt($data, base64_encode(hash("sha256",sqauth_read_password(),true))); case '2': return $data; } } @@ -46,7 +46,7 @@ function abook_set_password($password, $opt){ if(preg_match('/^\**$/', $password)) { return; } require_once(SM_PATH . 'functions/auth.php'); require_once(SM_PATH . 'functions/strings.php'); - $data = OneTimePadEncrypt($password, base64_encode(sqauth_read_password())); + $data = OneTimePadEncrypt($password, base64_encode(hash("sha256",sqauth_read_password(),true))); break; case '2': if(preg_match('/^\**$/', $password)) { return; } @@ -207,6 +207,6 @@ function plugin_abook_carddav_password_opt_save($option){ * @return string */ function abook_carddav_version() { - return '1.1'; + return '2.0'; } ?>