removing hex2bin to avoid having to add code for this in JS and to not introduce a dependency on paste IDs always having to be hex strings

2019-06-29 11:24:25 +02:00 · 2019-06-29 11:24:25 +02:00 · 74519f6c4f
parent 5651c0f04e
commit 74519f6c4f
6 changed files with 7 additions and 26 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -664,23 +664,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         */
        let base58 = new baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');

-        /**
-         * convert hexadecimal string to binary representation
-         *
-         * @name   CryptTool.hex2bin
-         * @function
-         * @private
-         * @param  {string} message hex string
-         * @return {string} binary representation as a DOMString
-         */
-        function hex2bin(message) {
-            let result = [];
-            for (let i = 0, l = message.length; i < l; i += 2) {
-                result.push(parseInt(message.substr(i, 2), 16));
-            }
-            return String.fromCharCode.apply(String, result);
-        }
-
        /**
         * convert UTF-8 string stored in a DOMString to a standard UTF-16 DOMString
         *
@ -1014,9 +997,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                            false, // may not export this
                            ['sign']
                        ),
-                        stringToArraybuffer(
-                            hex2bin(id)
-                        )
+                        stringToArraybuffer(id)
                    )
                )
            );
--- a/lib/Model/Paste.php
+++ b/lib/Model/Paste.php
@ -117,7 +117,7 @@ class Paste extends AbstractModel
        // if a challenge was sent, we store the HMAC of paste ID & challenge
        if (array_key_exists('challenge', $this->_data['meta'])) {
            $this->_data['meta']['challenge'] = base64_encode(hash_hmac(
-                'sha256', hex2bin($this->getId()), base64_decode($this->_data['meta']['challenge']), true
+                'sha256', $this->getId(), base64_decode($this->_data['meta']['challenge']), true
            ));
        }

--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@ -71,7 +71,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-o8Q/t6/gpmx6bQaHw3gru3cjOD5BLE/KdBKja73SllZo0/FuLvAjJ+40KhZ8ig/EpioP04etJtfTnNzF/isXow==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-r9MutKcgP/igbs8aUbENyJEie7LMyJ22f2On0RwGL0Hq0seJnmnPo4avDfhR0E/TZWDoux2arzxYHneH2/Ltmw==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
--- a/tpl/page.php
+++ b/tpl/page.php
@ -49,7 +49,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-o8Q/t6/gpmx6bQaHw3gru3cjOD5BLE/KdBKja73SllZo0/FuLvAjJ+40KhZ8ig/EpioP04etJtfTnNzF/isXow==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-r9MutKcgP/igbs8aUbENyJEie7LMyJ22f2On0RwGL0Hq0seJnmnPo4avDfhR0E/TZWDoux2arzxYHneH2/Ltmw==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
--- a/tst/ControllerTest.php
+++ b/tst/ControllerTest.php
@ -814,7 +814,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
    public function testReadBurnAfterReadingWithToken()
    {
        $token = base64_encode(hash_hmac(
-            'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true
+            'sha256', Helper::getPasteId(), random_bytes(32), true
        ));
        $burnPaste = Helper::getPaste(2, array('challenge' => $token));
        $burnPaste['adata'][3] = 1;
@ -839,7 +839,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
    public function testReadBurnAfterReadingWithIncorrectToken()
    {
        $token = base64_encode(hash_hmac(
-            'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true
+            'sha256', Helper::getPasteId(), random_bytes(32), true
        ));
        $burnPaste = Helper::getPaste(2, array('challenge' => base64_encode(random_bytes(32))));
        $burnPaste['adata'][3] = 1;
--- a/tst/ModelTest.php
+++ b/tst/ModelTest.php
@ -277,7 +277,7 @@ class ModelTest extends PHPUnit_Framework_TestCase
        $pasteData = Helper::getPastePost();
        $pasteData['meta']['challenge'] = base64_encode(random_bytes(32));
        $token = base64_encode(hash_hmac(
-            'sha256', hex2bin(Helper::getPasteId()), base64_decode($pasteData['meta']['challenge']), true
+            'sha256', Helper::getPasteId(), base64_decode($pasteData['meta']['challenge']), true
        ));
        $this->_model->getPaste(Helper::getPasteId())->delete();
        $paste = $this->_model->getPaste(Helper::getPasteId());