More guardians of the nulls

tsugiproject · Feb 4, 2024 · 366b48c · 366b48c
1 parent c23e353
commit 366b48c
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 18 deletions.
diff --git a/SETUP.txt b/SETUP.txt
@@ -2,9 +2,11 @@ To set up the database for this application,
 
 (1) Create a database if you can do so:
 
-create database tsugi DEFAULT CHARACTER SET utf8;
-grant all on tsugi.* to ltiuser@'localhost' identified by 'ltipassword';
-grant all on tsugi.* to ltiuser@'127.0.0.1' identified by 'ltipassword';
+CREATE DATABASE tsugi DEFAULT CHARACTER SET utf8;
+CREATE USER 'ltiuser'@'localhost' IDENTIFIED BY 'ltipassword';
+CREATE USER 'ltiuser'@'127.0.0.1' IDENTIFIED BY 'ltipassword';
+GRANT ALL ON tsugi.* TO ltiuser@'localhost';
+GRANT ALL ON tsugi.* To ltiuser@'127.0.0.1';
 
 It is OK if you already have a database or your hosting provider forces you to
 share a database across applications.  You can set a prefix for all the
@@ -17,7 +19,8 @@ like "tsugi_".
 
 (3) Run the
 
-http://localhost/tsugi/admin/upgrade.php
+cd admin
+php upgrade.php
 
 To create the needed tables.  Note that in the lti_key table already
 has some entries - you can change the secret in the '12345' entry
@@ -26,4 +29,4 @@ calculation as that is used as the indexed logical key.  There are
 many SHA256 calculators on the web.
 
 /Chuck
-Mon Jan 13 20:57:42 EST 2014
+Sat Feb  3 22:31:40 EST 2024
diff --git a/composer.json b/composer.json
@@ -36,7 +36,7 @@
 
         "nesbot/carbon" : "2.68.1",
 
-        "tsugi/lib": "dev-master#e066074808929c1f426e6adc82702acc4009bc20",
+        "tsugi/lib": "dev-master#7dd1a824432f64bde02dca650d34f57d961062a3",
         "koseu/lib": "dev-master#70c7ac1ca413c2dd541e078ebe07719405621b1b"
     },
     "config": {

diff --git a/composer.lock b/composer.lock
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
@@ -7511,12 +7511,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/tsugiproject/tsugi-php.git",
-                "reference": "e066074808929c1f426e6adc82702acc4009bc20"
+                "reference": "7dd1a824432f64bde02dca650d34f57d961062a3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/tsugiproject/tsugi-php/zipball/e066074808929c1f426e6adc82702acc4009bc20",
-                "reference": "e066074808929c1f426e6adc82702acc4009bc20",
+                "url": "https://api.github.com/repos/tsugiproject/tsugi-php/zipball/7dd1a824432f64bde02dca650d34f57d961062a3",
+                "reference": "7dd1a824432f64bde02dca650d34f57d961062a3",
                 "shasum": ""
             },
             "require": {
@@ -7529,7 +7529,7 @@
                 "phpunit/php-timer": "v5.0.3",
                 "phpunit/phpunit": "9.*"
             },
-            "time": "2024-01-22T11:02:35+00:00",
+            "time": "2024-02-04T03:44:31+00:00",
             "default-branch": true,
             "type": "library",
             "installation-source": "dist",

diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '53d753e29cdb88cae62b2e7990fe2ce561a41147',
+        'reference' => 'c23e353ef9075db97ef40c75ed85ae25f0870e08',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '53d753e29cdb88cae62b2e7990fe2ce561a41147',
+            'reference' => 'c23e353ef9075db97ef40c75ed85ae25f0870e08',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -1045,7 +1045,7 @@
         'tsugi/lib' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => 'e066074808929c1f426e6adc82702acc4009bc20',
+            'reference' => '7dd1a824432f64bde02dca650d34f57d961062a3',
             'type' => 'library',
             'install_path' => __DIR__ . '/../tsugi/lib',
             'aliases' => array(

diff --git a/vendor/tsugi/lib/src/Core/LTIX.php b/vendor/tsugi/lib/src/Core/LTIX.php
@@ -153,6 +153,7 @@ public static function launchCheck($needed=self::ALL, $session_object=null,$requ
     public static function encrypt_secret($secret)
     {
         global $CFG;
+        if ( ! is_string($secret) ) return null;
         if ( startsWith($secret,'AES::') ) return $secret;
         $encr = AesOpenSSL::encrypt($secret, $CFG->cookiesecret) ;
         return 'AES::'.$encr;

diff --git a/vendor/tsugi/lib/src/Crypt/AesOpenSSL.php b/vendor/tsugi/lib/src/Crypt/AesOpenSSL.php
@@ -31,9 +31,12 @@ class AesOpenSSL {
    */
   public static function encrypt($plaintext, $password, $nBits=256) {
     $method = "AES-256-CBC";
+    if ( !is_string($plaintext) || ! is_string($password) ) return null;
     $key = hash('sha256', $password, true);
     $iv = openssl_random_pseudo_bytes(16);
 
+    if ( ! is_string($plaintext) || ! is_string($password) ) return null;
+
     $ciphertext = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
     $hash = hash_hmac('sha256', $ciphertext . $iv, $key, true);
 
@@ -50,6 +53,8 @@ public static function encrypt($plaintext, $password, $nBits=256) {
    * @return string    decrypted text
    */
   public static function decrypt($ciphertext, $password, $nBits=256) {
+    if ( ! is_string($ciphertext) || ! is_string($password) ) return null;
+
     $method = "AES-256-CBC";
     $ivHashCiphertext = base64_decode($ciphertext);
     $iv = substr($ivHashCiphertext, 0, 16);