use sha256 instead of plaintext IMAP password to encrypt CardDAV password

This commit is contained in:
Alexey Shpakovsky 2021-06-08 00:19:28 +02:00
parent 3298cccedb
commit c56ab8de32
No known key found for this signature in database
GPG key ID: 5797A726A2A4230A

View file

@ -33,7 +33,7 @@ function abook_get_password($data, $opt){
require_once(SM_PATH . 'functions/strings.php'); require_once(SM_PATH . 'functions/strings.php');
switch ($opt) { switch ($opt) {
case '0': return sqauth_read_password(); case '0': return sqauth_read_password();
case '1': return OneTimePadDecrypt($data, base64_encode(sqauth_read_password())); case '1': return OneTimePadDecrypt($data, base64_encode(hash("sha256",sqauth_read_password(),true)));
case '2': return $data; case '2': return $data;
} }
} }
@ -46,7 +46,7 @@ function abook_set_password($password, $opt){
if(preg_match('/^\**$/', $password)) { return; } if(preg_match('/^\**$/', $password)) { return; }
require_once(SM_PATH . 'functions/auth.php'); require_once(SM_PATH . 'functions/auth.php');
require_once(SM_PATH . 'functions/strings.php'); require_once(SM_PATH . 'functions/strings.php');
$data = OneTimePadEncrypt($password, base64_encode(sqauth_read_password())); $data = OneTimePadEncrypt($password, base64_encode(hash("sha256",sqauth_read_password(),true)));
break; break;
case '2': case '2':
if(preg_match('/^\**$/', $password)) { return; } if(preg_match('/^\**$/', $password)) { return; }
@ -207,6 +207,6 @@ function plugin_abook_carddav_password_opt_save($option){
* @return string * @return string
*/ */
function abook_carddav_version() { function abook_carddav_version() {
return '1.1'; return '2.0';
} }
?> ?>