diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index 3bf9236817a3778cc5d102ad22574039af597584..4d80efb50d3c1a08793411e1f19ce92532588668 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -1062,7 +1062,12 @@ class Vtiger_Functions {
/*
* Function to generate encrypted password.
*/
- static function generateEncryptedPassword($password, $mode='CRYPT') {
+ static function generateEncryptedPassword($password, $mode='') {
+ if ($mode == '') {
+ $mode = (version_compare(PHP_VERSION, '5.5.0') >= 0)? 'PHASH' : 'CRYPT';
+ }
+
+ if ($mode == 'PHASH') return password_hash($password, PASSWORD_DEFAULT);
if ($mode == 'MD5') return md5($password);
@@ -1085,6 +1090,7 @@ class Vtiger_Functions {
static function compareEncryptedPassword($plainText, $encryptedPassword, $mode='CRYPT') {
$reEncryptedPassword = null;
switch ($mode) {
+ case 'PHASH': return password_verify($plainText, $encryptedPassword);
case 'CRYPT': $reEncryptedPassword = crypt($plainText, $encryptedPassword); break;
case 'MD5' : $reEncryptedPassword = md5($plainText); break;
default : $reEncryptedPassword = $plainText; break;
@@ -1370,6 +1376,36 @@ class Vtiger_Functions {
return $jwt;
}
+ /**
+ * Function to mask input text.
+ */
+ static function toProtectedText($text) {
+ if (empty($text)) return $text;
+
+ require_once 'include/utils/encryption.php';
+ $encryption = new Encryption();
+ return '$ve$'.$encryption->encrypt($text);
+ }
+
+ /*
+ * Function to determine if text is masked.
+ */
+ static function isProtectedText($text) {
+ return !empty($text) && (strpos($text, '$ve$') === 0);
+ }
+
+ /*
+ * Function to unmask the text.
+ */
+ static function fromProtectedText($text) {
+ if (static::isProtectedText($text)) {
+ require_once 'include/utils/encryption.php';
+ $encryption = new Encryption();
+ return $encryption->decrypt(substr($text, 4));
+ }
+ return $text;
+ }
+
/*
* Function to convert file size in bytes to user displayable format
*/
@@ -1404,4 +1440,71 @@ class Vtiger_Functions {
}
return $isRelated;
}
+
+ /**
+ * Function to Escapes special characters in a string for use in an SQL statement
+ * @param type $value
+ * @return type
+ */
+ static function realEscapeString($value){
+ $db = PearDatabase::getInstance();
+ $value = $db->sql_escape_string($value);
+ return $value;
+ }
+
+ /**
+ * Request parameters and it's type.
+ * @var type
+ */
+ protected static $type = array(
+ 'record' => 'id',
+ 'src_record' => 'id',
+ 'parent_id' => 'id',
+ '_mfrom' => 'email',
+ '_mto' => 'email',
+ 'sequencesList' => 'idlist',
+ 'search_value' => 'keyword',
+ );
+
+ /**
+ * Function to validate request parameters.
+ * @param type $request
+ * @throws Exception - Bad Request
+ */
+ public static function validateRequestParameters($request) {
+ foreach (self::$type as $param => $type) {
+ if ($request[$param] && !self::validateRequestParameter($type, $request[$param])) {
+ http_response_code(400);
+ throw new Exception('Bad Request');
+ }
+ }
+ }
+
+ /**
+ * Function to validate request parameter by it's type.
+ * @param <String> type - Type of paramter.
+ * @param <String> $value - Which needs to be validated.
+ * @return <Boolean>
+ */
+ public static function validateRequestParameter($type, $value) {
+ $ok = true;
+ switch ($type) {
+ case 'id' : $ok = (preg_match('/[^0-9xH]/', $value)) ? false : $ok;
+ break;
+ case 'email' : $ok = (!filter_var($value, FILTER_VALIDATE_EMAIL)) ? false : $ok;
+ break;
+ case 'idlist' : $ok = (preg_match('/[a-zA-Z]/', $value)) ? false : $ok;
+ break;
+ case 'keyword':
+ $blackList = array('UNION', '--', 'SELECT ', 'SELECT*', '%', 'NULL', 'HEX');
+ foreach ($blackList as $keyword) {
+ if (stripos($value, $keyword) !== false) {
+ $ok = false;
+ break;
+ }
+ }
+ break;
+ }
+ return $ok;
+ }
}