From 40a1998640571f6151cb5369b64d3e8801087e25 Mon Sep 17 00:00:00 2001 From: Jamie Snape Date: Fri, 21 Nov 2014 18:14:35 -0500 Subject: [PATCH] Revise random number, string, and UUID generation to improve security --- composer.json | 4 ++ core/controllers/InstallController.php | 13 +++- core/controllers/UserController.php | 18 +++--- .../components/ExportComponent.php | 5 +- .../components/HttpuploadComponent.php | 12 ++-- .../components/RandomComponent.php | 63 +++++++++++++++++++ .../components/UtilityComponent.php | 34 +++------- core/controllers/components/UuidComponent.php | 39 +++++++++--- core/controllers/forms/ImportForm.php | 4 +- core/models/base/CommunityModelBase.php | 4 +- core/models/base/ItemModelBase.php | 4 +- core/models/base/ItemRevisionModelBase.php | 11 +++- .../base/NewUserInvitationModelBase.php | 4 +- core/models/base/PendingUserModelBase.php | 7 ++- core/models/base/UserModelBase.php | 18 ++++-- core/models/base/UserapiModelBase.php | 9 ++- core/models/pdo/FolderModel.php | 4 +- core/models/pdo/UserapiModel.php | 26 +++----- .../api/RestCallMethodsTestCase.php | 2 +- .../controllers/api/RestKeyControllerTest.php | 4 +- core/tests/databaseDataset/treeIndexes.xml | 2 +- .../tests/controllers/CallItemMethodsTest.php | 6 +- .../tests/controllers/CallMethodsTestCase.php | 2 +- modules/googleauth/Notification.php | 5 +- modules/oauth/models/base/ClientModelBase.php | 4 +- modules/oauth/models/base/CodeModelBase.php | 4 +- modules/oauth/models/base/TokenModelBase.php | 4 +- .../components/ParaviewComponent.php | 5 +- modules/remoteprocessing/Notification.php | 5 +- .../controllers/ConfigController.php | 4 +- .../controllers/ExecutableController.php | 5 +- .../controllers/components/ApiComponent.php | 31 +++++---- .../database/sqlite/1.0.2.sql | 4 +- modules/remoteprocessing/remotescript/main.py | 2 +- .../ApiComponentControllerTest.php | 5 +- .../controllers/ConfigControllerTest.php | 5 +- .../components/ImagemagickComponent.php | 11 +++- .../ApiComponentControllerTest.php | 4 +- .../controllers/components/MainComponent.php | 20 +++--- tests/TestsBootstrap.php | 2 + 40 files changed, 288 insertions(+), 127 deletions(-) create mode 100644 core/controllers/components/RandomComponent.php diff --git a/composer.json b/composer.json index 8b202adc5..4401966c5 100644 --- a/composer.json +++ b/composer.json @@ -21,9 +21,12 @@ "leafo/scssphp": "~0.1.1", "maennchen/zipstream-php": "~0.2.2", "michelf/php-markdown": "~1.4.1", + "moontoast/math": "~1.1.0", "pear-pear.php.net/XML_Serializer": "~0.20.2", "reprovinci/solr-php-client": "~1.0.3", + "rhumsaa/uuid": "~2.8.0", "sendgrid/sendgrid": "~2.1.1", + "symfony/console": "~2.5.7", "zendframework/zendframework1": "~1.12.9" }, "require-dev": { @@ -42,6 +45,7 @@ "ext-imagick": "*", "ext-ldap": "*", "ext-memcached": "*", + "ext-openssl": "*", "ext-zip": "*" }, "autoload": { diff --git a/core/controllers/InstallController.php b/core/controllers/InstallController.php index 140b35f93..7f9b8a20f 100644 --- a/core/controllers/InstallController.php +++ b/core/controllers/InstallController.php @@ -25,7 +25,7 @@ class InstallController extends AppController { public $_models = array('User', 'Assetstore'); public $_daos = array('Assetstore'); - public $_components = array('Utility'); + public $_components = array('Random', 'Utility'); public $_forms = array('Install'); /** @@ -172,7 +172,16 @@ public function step2Action() // Must generate and store our password salt before we create our first user $options = array('allowModifications' => true); $applicationConfig = new Zend_Config_Ini(CORE_CONFIGS_PATH.'/application.ini', null, $options); - $applicationConfig->global->password->prefix = UtilityComponent::generateRandomString(32); + + if (extension_loaded('openssl')) { + $factory = new \RandomLib\Factory(); + $generator = $factory->getHighStrengthGenerator(); + $prefix = $generator->generateString(32); + } else { + $prefix = $this->Component->Random->generateString(32); + } + + $applicationConfig->global->password->prefix = $prefix; $applicationConfig->global->gravatar = $form->getValue('gravatar'); $writer = new Zend_Config_Writer_Ini(); diff --git a/core/controllers/UserController.php b/core/controllers/UserController.php index 9faa8b07a..dd7313a70 100644 --- a/core/controllers/UserController.php +++ b/core/controllers/UserController.php @@ -38,7 +38,7 @@ class UserController extends AppController 'Setting', ); public $_daos = array('User', 'Folder', 'Folderpolicygroup', 'Folderpolicyuser', 'Group'); - public $_components = array('Breadcrumb', 'Date', 'Filter', 'Sortdao'); + public $_components = array('Breadcrumb', 'Date', 'Filter', 'Random', 'Sortdao'); public $_forms = array('User'); /** Init Controller */ @@ -110,7 +110,7 @@ public function recoverpasswordAction() } } - $pass = UtilityComponent::generateRandomString(10); + $pass = $this->Component->Random->generateString(32); $this->User->changePassword($user, $pass); $url = $this->getServerURL().$this->view->webroot; @@ -206,7 +206,7 @@ public function ajaxregisterAction() $nopass = (bool) $this->getParam('nopassword'); if ($adminCreate && $nopass) { $form->populate($this->getRequest()->getPost()); - $passwd = UtilityComponent::generateRandomString(32); + $passwd = $this->Component->Random->generateString(32); $form->getElement('password1')->setValue($passwd); $form->getElement('password2')->setValue($passwd); @@ -891,7 +891,7 @@ public function settingsAction() return; } - $tmpPath = $this->getDataDirectory('thumbnail').'/'.mt_rand(1, 1000); + $tmpPath = $this->getDataDirectory('thumbnail').'/'.$this->Component->Random->generateInt(); if (!file_exists($this->getDataDirectory('thumbnail'))) { throw new Zend_Exception( "Thumbnail path does not exist: ".$this->getDataDirectory('thumbnail') @@ -900,15 +900,15 @@ public function settingsAction() if (!file_exists($tmpPath)) { mkdir($tmpPath); } - $tmpPath .= '/'.mt_rand(1, 1000); + $tmpPath .= '/'.$this->Component->Random->generateInt(); if (!file_exists($tmpPath)) { mkdir($tmpPath); } - $destionation = $tmpPath."/".mt_rand(1, 1000).'.jpeg'; - while (file_exists($destionation)) { - $destionation = $tmpPath."/".mt_rand(1, 1000).'.jpeg'; + $destination = $tmpPath."/".$this->Component->Random->generateInt().'.jpg'; + while (file_exists($destination)) { + $destination = $tmpPath."/".$this->Component->Random->generateInt().'.jpg'; } - $pathThumbnail = $destionation; + $pathThumbnail = $destination; list ($x, $y) = getimagesize($path); //--- get size of img --- $thumb = 32; //--- max. size of thumb --- diff --git a/core/controllers/components/ExportComponent.php b/core/controllers/components/ExportComponent.php index 186f4e315..4870fd3b8 100644 --- a/core/controllers/components/ExportComponent.php +++ b/core/controllers/components/ExportComponent.php @@ -124,6 +124,9 @@ public function exportBitstreams($userDao, $targetDir, $itemIds, $shouldSymLink) // process the items which pass the ITEM level policy check if (!empty($revisions)) { + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + foreach ($revisions as $revision) { $itemId = $revision->getItemId(); $this->_createItemDirectory($targetDir.'/'.$itemId); @@ -142,7 +145,7 @@ public function exportBitstreams($userDao, $targetDir, $itemIds, $shouldSymLink) // for symbolic link option,if multiple bitstreams (in a single item revision) // have the same file name, add a '.new' suffix to distinguish them if (file_exists($dest)) { - $dest .= '.'.mt_rand().'.new'; + $dest .= '.'.$randomComponent->generateInt().'.new'; } if (!symlink($source, $dest)) { throw new Zend_Exception("Cannot create symlink: ".$dest."linked to".$source); diff --git a/core/controllers/components/HttpuploadComponent.php b/core/controllers/components/HttpuploadComponent.php index 08878fc61..5b9ced5ac 100644 --- a/core/controllers/components/HttpuploadComponent.php +++ b/core/controllers/components/HttpuploadComponent.php @@ -68,16 +68,18 @@ public function generateToken($args, $dirname = '') throw new Exception('Failed to create temporary upload dir', MIDAS_HTTPUPLOAD_TMP_DIR_CREATION_FAILED); } } - $unique_identifier = 'midas'.uniqid().'-'.md5($args['filename']); + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $uniqueIdentifier = $randomComponent->generateString(64); if ($dirname != '') { - $unique_identifier = $dirname.'/'.$unique_identifier; + $uniqueIdentifier = $dirname.'/'.$uniqueIdentifier; } - if (file_exists(UtilityComponent::getTempDirectory().'/'.$unique_identifier)) { + if (file_exists(UtilityComponent::getTempDirectory().'/'.$uniqueIdentifier)) { throw new Exception('Failed to generate upload token', MIDAS_HTTPUPLOAD_UPLOAD_TOKEN_GENERATION_FAILED); } - touch(UtilityComponent::getTempDirectory().'/'.$unique_identifier); + touch(UtilityComponent::getTempDirectory().'/'.$uniqueIdentifier); - return array('token' => $unique_identifier); + return array('token' => $uniqueIdentifier); } /** Handle the upload */ diff --git a/core/controllers/components/RandomComponent.php b/core/controllers/components/RandomComponent.php new file mode 100644 index 000000000..75472c643 --- /dev/null +++ b/core/controllers/components/RandomComponent.php @@ -0,0 +1,63 @@ +_factory)) { + $this->_factory = new \RandomLib\Factory; + $this->_generator = $this->_factory->getMediumStrengthGenerator(); + } + + return $this->_generator->generateInt($minimum, $maximum); + } + + /** + * Generate a medium-strength random string of the given length. + * + * @param int $length length of the generated string + * @param string $characters characters to use to generate the string + * @return string + */ + public function generateString($length, $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') + { + if (is_null($this->_factory)) { + $this->_factory = new \RandomLib\Factory; + $this->_generator = $this->_factory->getMediumStrengthGenerator(); + } + + return $this->_generator->generateString($length, $characters); + } +} diff --git a/core/controllers/components/UtilityComponent.php b/core/controllers/components/UtilityComponent.php index 5043f40ab..deb6f76a7 100644 --- a/core/controllers/components/UtilityComponent.php +++ b/core/controllers/components/UtilityComponent.php @@ -315,12 +315,7 @@ public static function safedelete($filename) /** Function to run a SQL script */ public static function run_sql_from_file($db, $sqlfile) { - try { - $db->getConnection(); - } catch (Zend_Exception $exception) { - throw new Zend_Exception("Unable to connect."); - } - + $db->getConnection(); $sql = ''; $lines = file($sqlfile); foreach ($lines as $line) { @@ -630,28 +625,19 @@ public static function getServerURL() } /** - * Generate a string of random characters. Seeds RNG within the function using microtime. + * Generate a medium-strength random string of the given length. * - * @param $length The length of the random string - * @param $alphabet (Optional) The alphabet string; if none provided, uses [a-zA-z0-9] + * @deprecated since 3.3.0 + * @param int $length length of the generated string + * @param string $characters characters to use to generate the string + * @return string */ - public static function generateRandomString($length, $alphabet = null) + public static function generateRandomString($length, $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') { - if (!is_string($alphabet) || empty($alphabet)) { - $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; - } - - // Seed RNG with microtime (for lack of something more difficult to guess) - list($usec, $sec) = explode(' ', microtime()); - srand((float) $sec + ((float) $usec * 100000)); - - $salt = ''; - $max = strlen($alphabet) - 1; - for ($i = 0; $i < $length; $i++) { - $salt .= substr($alphabet, mt_rand(0, $max), 1); - } + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); - return $salt; + return $randomComponent->generateString($length, $characters); } /** diff --git a/core/controllers/components/UuidComponent.php b/core/controllers/components/UuidComponent.php index f4be0e305..5c830f361 100644 --- a/core/controllers/components/UuidComponent.php +++ b/core/controllers/components/UuidComponent.php @@ -18,47 +18,72 @@ limitations under the License. =========================================================================*/ -/** UuidComponent component */ +/** UUID component for generating UUIDs and searching by UUID. */ class UuidComponent extends AppComponent { - /** Get using id */ + /** + * Generate a version 4 UUID. + * + * @return string + */ + public function generate() + { + return str_replace('-', '', \Rhumsaa\Uuid\Uuid::uuid4()->toString()); + } + + /** + * Return a resource given its unique id. + * + * @param string $uuid UUID + * @return false|CommunityDao|FolderDao|ItemDao|ItemRevisionDao|UserDao + */ public function getByUid($uuid) { + /** @var CommunityModel $model */ $model = MidasLoader::loadModel('Community'); $dao = $model->getByUuid($uuid); - if ($dao != false) { + + if ($dao !== false) { $dao->resourceType = MIDAS_RESOURCE_COMMUNITY; return $dao; } + /** @var FolderModel $model */ $model = MidasLoader::loadModel('Folder'); $dao = $model->getByUuid($uuid); - if ($dao != false) { + + if ($dao !== false) { $dao->resourceType = MIDAS_RESOURCE_FOLDER; return $dao; } + /** @var ItemModel $model */ $model = MidasLoader::loadModel('Item'); $dao = $model->getByUuid($uuid); - if ($dao != false) { + + if ($dao !== false) { $dao->resourceType = MIDAS_RESOURCE_ITEM; return $dao; } + /** @var ItemRevisionModel $model */ $model = MidasLoader::loadModel('ItemRevision'); $dao = $model->getByUuid($uuid); - if ($dao != false) { + + if ($dao !== false) { $dao->resourceType = MIDAS_RESOURCE_REVISION; return $dao; } + /** @var UserModel $model */ $model = MidasLoader::loadModel('User'); $dao = $model->getByUuid($uuid); - if ($dao != false) { + + if ($dao !== false) { $dao->resourceType = MIDAS_RESOURCE_USER; return $dao; diff --git a/core/controllers/forms/ImportForm.php b/core/controllers/forms/ImportForm.php index a3d6f8c87..4a6319065 100644 --- a/core/controllers/forms/ImportForm.php +++ b/core/controllers/forms/ImportForm.php @@ -31,8 +31,10 @@ public function createImportForm($assetstores) $form->setMethod('post'); $form->setAttrib('class', 'importForm'); + $randomComponent = MidasLoader::loadComponent('Random'); + // Hidden upload id - $uploadId = new Zend_Form_Element_Hidden('uploadid', array('value' => mt_rand())); + $uploadId = new Zend_Form_Element_Hidden('uploadid', array('value' => $randomComponent->generateInt())); $uploadId->setDecorators( array( 'ViewHelper', diff --git a/core/models/base/CommunityModelBase.php b/core/models/base/CommunityModelBase.php index 5cfd5653d..e03e7a99f 100644 --- a/core/models/base/CommunityModelBase.php +++ b/core/models/base/CommunityModelBase.php @@ -106,7 +106,9 @@ abstract public function getByFolder($folder); public function save($dao) { if (!isset($dao->uuid) || empty($dao->uuid)) { - $dao->setUuid(uniqid().md5(mt_rand())); + /** @var UuidComponent $uuidComponent */ + $uuidComponent = MidasLoader::loadComponent('Uuid'); + $dao->setUuid($uuidComponent->generate()); } $name = $dao->getName(); if (empty($name) && $name !== '0') { diff --git a/core/models/base/ItemModelBase.php b/core/models/base/ItemModelBase.php index c0b46d4de..c48c8a6b3 100644 --- a/core/models/base/ItemModelBase.php +++ b/core/models/base/ItemModelBase.php @@ -175,7 +175,9 @@ public function delete($dao) public function save($dao, $metadataChanged = true) { if (!isset($dao->uuid) || empty($dao->uuid)) { - $dao->setUuid(uniqid().md5(mt_rand())); + /** @var UuidComponent $uuidComponent */ + $uuidComponent = MidasLoader::loadComponent('Uuid'); + $dao->setUuid($uuidComponent->generate()); } if (!isset($dao->date_creation) || empty($dao->date_creation)) { $dao->setDateCreation(date('Y-m-d H:i:s')); diff --git a/core/models/base/ItemRevisionModelBase.php b/core/models/base/ItemRevisionModelBase.php index c8870a455..de1f4d506 100644 --- a/core/models/base/ItemRevisionModelBase.php +++ b/core/models/base/ItemRevisionModelBase.php @@ -134,9 +134,12 @@ public function addBitstream($itemRevisionDao, $bitstreamDao) "Problem thumbnail path: ".UtilityComponent::getDataDirectory('thumbnail') ); } - $destination = $tmpPath.'/'.mt_rand(1, 10000).'.jpeg'; + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $destination = $tmpPath.'/'.$randomComponent->generateInt().'.jpg'; while (file_exists($destination)) { - $destination = $tmpPath.'/'.mt_rand(1, 10000).'.jpeg'; + $destination = $tmpPath.'/'.$randomComponent->generateInt().'.jpg'; } $pathThumbnail = $destination; @@ -169,7 +172,9 @@ public function addBitstream($itemRevisionDao, $bitstreamDao) public function save($dao) { if (!isset($dao->uuid) || empty($dao->uuid)) { - $dao->setUuid(uniqid().md5(mt_rand())); + /** @var UuidComponent $uuidComponent */ + $uuidComponent = MidasLoader::loadComponent('Uuid'); + $dao->setUuid($uuidComponent->generate()); } if (!isset($dao->date) || empty($dao->date)) { $dao->setDate(date('Y-m-d H:i:s')); diff --git a/core/models/base/NewUserInvitationModelBase.php b/core/models/base/NewUserInvitationModelBase.php index e4a306e51..1fd11247e 100644 --- a/core/models/base/NewUserInvitationModelBase.php +++ b/core/models/base/NewUserInvitationModelBase.php @@ -84,10 +84,12 @@ abstract public function deleteByCommunity($community); */ public function createInvitation($email, $group, $inviter) { + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); $email = strtolower($email); $newUserInvitation = MidasLoader::newDao('NewUserInvitationDao'); $newUserInvitation->setEmail($email); - $newUserInvitation->setAuthKey(UtilityComponent::generateRandomString(64, '0123456789abcdef')); + $newUserInvitation->setAuthKey($randomComponent->generateString(64, '0123456789abcdef')); $newUserInvitation->setInviterId($inviter->getKey()); $newUserInvitation->setGroupId($group->getKey()); $newUserInvitation->setCommunityId($group->getCommunityId()); diff --git a/core/models/base/PendingUserModelBase.php b/core/models/base/PendingUserModelBase.php index 4ad281adc..bbff8cee7 100644 --- a/core/models/base/PendingUserModelBase.php +++ b/core/models/base/PendingUserModelBase.php @@ -57,11 +57,14 @@ public function createPendingUser($email, $firstName, $lastName, $password) { $email = strtolower($email); $instanceSalt = Zend_Registry::get('configGlobal')->password->prefix; - $userSalt = UtilityComponent::generateRandomString(32); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $userSalt = $randomComponent->generateString(32); $pendingUser = MidasLoader::newDao('PendingUserDao'); $pendingUser->setEmail($email); - $pendingUser->setAuthKey(UtilityComponent::generateRandomString(64, '0123456789abcdef')); + $pendingUser->setAuthKey($randomComponent->generateString(64, '0123456789abcdef')); $pendingUser->setFirstname($firstName); $pendingUser->setLastname($lastName); $pendingUser->setSalt($userSalt); diff --git a/core/models/base/UserModelBase.php b/core/models/base/UserModelBase.php index 1a82483a1..49221557e 100644 --- a/core/models/base/UserModelBase.php +++ b/core/models/base/UserModelBase.php @@ -137,7 +137,9 @@ abstract public function legacyAuthenticate($userDao, $instanceSalt, $password); public function save($dao) { if (!isset($dao->uuid) || empty($dao->uuid)) { - $dao->setUuid(uniqid().md5(mt_rand())); + /** @var UuidComponent $uuidComponent */ + $uuidComponent = MidasLoader::loadComponent('Uuid'); + $dao->setUuid($uuidComponent->generate()); } parent::save($dao); } @@ -242,7 +244,9 @@ public function incrementViewCount($userDao) */ public function convertLegacyPasswordHash($userDao, $password) { - $userSalt = UtilityComponent::generateRandomString(32); + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $userSalt = $randomComponent->generateString(32); $instanceSalt = Zend_Registry::get('configGlobal')->password->prefix; $hashedPassword = hash('sha256', $instanceSalt.$userSalt.$password); $this->storePasswordHash($hashedPassword); @@ -259,7 +263,10 @@ public function convertLegacyPasswordHash($userDao, $password) public function changePassword($userDao, $password) { $instanceSalt = Zend_Registry::get('configGlobal')->password->prefix; - $userSalt = UtilityComponent::generateRandomString(32); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $userSalt = $randomComponent->generateString(32); $hashedPassword = hash('sha256', $instanceSalt.$userSalt.$password); $this->storePasswordHash($hashedPassword); @@ -296,7 +303,10 @@ public function createUser($email, $password, $firstname, $lastname, $admin = 0, } // Generate a random salt for this new user $instanceSalt = Zend_Registry::get('configGlobal')->password->prefix; - $userSalt = UtilityComponent::generateRandomString(32); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $userSalt = $randomComponent->generateString(32); $hashedPassword = hash('sha256', $instanceSalt.$userSalt.$password); $userDao->setSalt($userSalt); $this->storePasswordHash($hashedPassword); diff --git a/core/models/base/UserapiModelBase.php b/core/models/base/UserapiModelBase.php index a4a8ed2d4..8ff4c9dd4 100644 --- a/core/models/base/UserapiModelBase.php +++ b/core/models/base/UserapiModelBase.php @@ -71,7 +71,10 @@ public function createDefaultApiKey($userDao) if (!$userDao instanceof UserDao) { throw new Zend_Exception('Error parameter: must be a userDao object when creating default API key.'); } - $key = UtilityComponent::generateRandomString(32); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $key = $randomComponent->generateString(32); $rowset = $this->database->fetchAll( $this->database->select()->where('user_id = ?', $userDao->getKey())->where( @@ -115,7 +118,9 @@ public function createKey($userDao, $applicationname, $tokenexperiationtime) } $now = date('Y-m-d H:i:s'); - $key = UtilityComponent::generateRandomString(40); + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $key = $randomComponent->generateString(32); $userApiDao = MidasLoader::newDao('UserapiDao'); $userApiDao->setUserId($userDao->getKey()); diff --git a/core/models/pdo/FolderModel.php b/core/models/pdo/FolderModel.php index d605f9f56..b5e8276f9 100644 --- a/core/models/pdo/FolderModel.php +++ b/core/models/pdo/FolderModel.php @@ -628,7 +628,9 @@ public function save($folder) } if (!isset($folder->uuid) || empty($folder->uuid)) { - $folder->setUuid(uniqid().md5(mt_rand())); + /** @var UuidComponent $uuidComponent */ + $uuidComponent = MidasLoader::loadComponent('Uuid'); + $folder->setUuid($uuidComponent->generate()); } $name = $folder->getName(); if (empty($name) && $name !== '0') { diff --git a/core/models/pdo/UserapiModel.php b/core/models/pdo/UserapiModel.php index 0c1aaa9fc..25d079b39 100644 --- a/core/models/pdo/UserapiModel.php +++ b/core/models/pdo/UserapiModel.php @@ -105,22 +105,11 @@ public function getToken($email, $apikey, $appname) return $tokenDao; } - // We generate a token - $keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - $length = 40; - - // seed with microseconds - list($usec, $sec) = explode(' ', microtime()); - mt_srand((float) $sec + ((float) $usec * 100000)); - - $token = ""; - $max = strlen($keychars) - 1; - for ($i = 0; $i < $length; $i++) { - $token .= substr($keychars, mt_rand(0, $max), 1); - } + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $token = $randomComponent->generateString(32); // Find the API id - $sql = $this->database->select()->setIntegrityCheck(false)->from(array('u' => 'userapi'))->where( 'u.user_id = ?', $userDao->getKey() @@ -130,20 +119,21 @@ public function getToken($email, $apikey, $appname) $userapiDao = $this->initDao('Userapi', $row); if (!$userapiDao) { + throw new Zend_Exception(); return false; } + // We do some cleanup of all the other keys that have expired + $tokenModel = MidasLoader::loadModel('Token'); + $tokenModel->cleanExpired(); + $tokenDao = MidasLoader::newDao('TokenDao'); $tokenDao->setUserapiId($userapiDao->getKey()); $tokenDao->setToken($token); $tokenDao->setExpirationDate(date('Y-m-d H:i:s', time() + $userapiDao->getTokenExpirationTime() * 60)); - $tokenModel = MidasLoader::loadModel('Token'); $tokenModel->save($tokenDao); - // We do some cleanup of all the other keys that have expired - $tokenModel->cleanExpired(); - return $tokenDao; } diff --git a/core/tests/controllers/api/RestCallMethodsTestCase.php b/core/tests/controllers/api/RestCallMethodsTestCase.php index 0f8e848cd..ff3b7591d 100644 --- a/core/tests/controllers/api/RestCallMethodsTestCase.php +++ b/core/tests/controllers/api/RestCallMethodsTestCase.php @@ -83,7 +83,7 @@ protected function _loginAsUser($userDao) $resp = $this->_callRestApi($method, $path); $this->_assertStatusOk($resp); - $this->assertEquals(strlen($resp['body']->data->token), 40); + $this->assertEquals(strlen($resp['body']->data->token), 32); // **IMPORTANT** This will clear any params that were set before this function was called $this->resetAll(); diff --git a/core/tests/controllers/api/RestKeyControllerTest.php b/core/tests/controllers/api/RestKeyControllerTest.php index f3da61508..4014d4c63 100644 --- a/core/tests/controllers/api/RestKeyControllerTest.php +++ b/core/tests/controllers/api/RestKeyControllerTest.php @@ -61,7 +61,7 @@ public function testChangePasswordChangesDefaultApiKey() public function testNewUserGetsDefaultApiKey() { // Register a new user - $this->params['email'] = 'some.user@server.com'; + $this->params['email'] = 'some.user@example.org'; $this->params['password1'] = 'midas'; $this->params['password2'] = 'midas'; $this->params['firstname'] = 'some'; @@ -73,7 +73,7 @@ public function testNewUserGetsDefaultApiKey() // Check that their default api key was created $userApiModel = MidasLoader::loadModel('Userapi'); - $key = $userApiModel->getByAppAndEmail('Default', 'some.user@server.com')->getApikey(); + $key = $userApiModel->getByAppAndEmail('Default', 'some.user@example.org')->getApikey(); $this->assertNotEmpty($key); } } diff --git a/core/tests/databaseDataset/treeIndexes.xml b/core/tests/databaseDataset/treeIndexes.xml index 948a42d45..f6eafb461 100644 --- a/core/tests/databaseDataset/treeIndexes.xml +++ b/core/tests/databaseDataset/treeIndexes.xml @@ -60,7 +60,7 @@ - diff --git a/modules/api/tests/controllers/CallItemMethodsTest.php b/modules/api/tests/controllers/CallItemMethodsTest.php index bd81232e4..541a694d5 100644 --- a/modules/api/tests/controllers/CallItemMethodsTest.php +++ b/modules/api/tests/controllers/CallItemMethodsTest.php @@ -960,8 +960,12 @@ public function testCreateitemDeleteitem() $this->params['method'] = 'midas.item.create'; $this->params['name'] = 'created_item_2'; $this->params['description'] = 'my item description'; - $uuid = uniqid().md5(mt_rand()); + + /** @var UuidComponent $uuidComponent */ + $uuidComponent = MidasLoader::loadComponent('Uuid'); + $uuid = $uuidComponent->generate(); $this->params['uuid'] = $uuid; + $this->params['parentid'] = '1000'; $resp = $this->_callJsonApi(); $this->_assertStatusOk($resp); diff --git a/modules/api/tests/controllers/CallMethodsTestCase.php b/modules/api/tests/controllers/CallMethodsTestCase.php index c0c0ce6a8..6c3e2a2de 100644 --- a/modules/api/tests/controllers/CallMethodsTestCase.php +++ b/modules/api/tests/controllers/CallMethodsTestCase.php @@ -76,7 +76,7 @@ protected function _loginAsUser($userDao) $resp = $this->_callJsonApi(); $this->_assertStatusOk($resp); - $this->assertEquals(strlen($resp->data->token), 40); + $this->assertEquals(strlen($resp->data->token), 32); // **IMPORTANT** This will clear any params that were set before this function was called $this->resetAll(); diff --git a/modules/googleauth/Notification.php b/modules/googleauth/Notification.php index ec0a93245..d602c1d12 100644 --- a/modules/googleauth/Notification.php +++ b/modules/googleauth/Notification.php @@ -44,7 +44,10 @@ public function googleAuthLink() $clientId = $this->Setting->getValueByName(GOOGLE_AUTH_CLIENT_ID_KEY, $this->moduleName); $scheme = (array_key_exists('HTTPS', $_SERVER) && $_SERVER['HTTPS']) ? 'https://' : 'http://'; $fc = Zend_Controller_Front::getInstance(); - $csrfToken = UtilityComponent::generateRandomString(30); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $csrfToken = $randomComponent->generateString(30); $redirectUri = $scheme.$_SERVER['HTTP_HOST'].$fc->getBaseUrl().'/'.$this->moduleName.'/callback'; $scopes = array('profile', 'email'); diff --git a/modules/oauth/models/base/ClientModelBase.php b/modules/oauth/models/base/ClientModelBase.php index 5fcf31fab..6c396062c 100644 --- a/modules/oauth/models/base/ClientModelBase.php +++ b/modules/oauth/models/base/ClientModelBase.php @@ -75,10 +75,12 @@ public function create($userDao, $name) if (empty($name)) { throw new Zend_Exception('Client name must not be empty'); } + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); $clientDao = MidasLoader::newDao('ClientDao', $this->moduleName); $clientDao->setName($name); $clientDao->setOwnerId($userDao->getKey()); - $clientDao->setSecret(UtilityComponent::generateRandomString(40)); + $clientDao->setSecret($randomComponent->generateString(40)); $clientDao->setCreationDate(date('Y-m-d H:i:s')); $this->save($clientDao); diff --git a/modules/oauth/models/base/CodeModelBase.php b/modules/oauth/models/base/CodeModelBase.php index 473bb0b32..63072adfa 100644 --- a/modules/oauth/models/base/CodeModelBase.php +++ b/modules/oauth/models/base/CodeModelBase.php @@ -81,8 +81,10 @@ public function create($userDao, $clientDao, $scopes) if (!is_array($scopes)) { throw new Zend_Exception('Scopes must be an array'); } + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); $codeDao = MidasLoader::newDao('CodeDao', $this->moduleName); - $codeDao->setCode(UtilityComponent::generateRandomString(32)); + $codeDao->setCode($randomComponent->generateString(32)); $codeDao->setScopes(JsonComponent::encode($scopes)); $codeDao->setUserId($userDao->getKey()); $codeDao->setClientId($clientDao->getKey()); diff --git a/modules/oauth/models/base/TokenModelBase.php b/modules/oauth/models/base/TokenModelBase.php index 4dce8f3f2..f20005a08 100644 --- a/modules/oauth/models/base/TokenModelBase.php +++ b/modules/oauth/models/base/TokenModelBase.php @@ -94,8 +94,10 @@ public function createRefreshToken($codeDao) */ private function _createToken($fromDao, $type, $expire = null) { + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); $tokenDao = MidasLoader::newDao('TokenDao', $this->moduleName); - $tokenDao->setToken(UtilityComponent::generateRandomString(32)); + $tokenDao->setToken($randomComponent->generateString(32)); $tokenDao->setType($type); $tokenDao->setScopes($fromDao->getScopes()); $tokenDao->setUserId($fromDao->getUserId()); diff --git a/modules/pvw/controllers/components/ParaviewComponent.php b/modules/pvw/controllers/components/ParaviewComponent.php index 77800e10c..ec72a4ccf 100644 --- a/modules/pvw/controllers/components/ParaviewComponent.php +++ b/modules/pvw/controllers/components/ParaviewComponent.php @@ -70,7 +70,10 @@ public function createAndStartInstance($item, $meshItems, $appname, $progressDao $instance->setSid(''); // todo? $instance->setPid(0); $instance->setCreationDate(date('Y-m-d H:i:s')); - $instance->setSecret(UtilityComponent::generateRandomString(32, '0123456789abcdef')); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $instance->setSecret($randomComponent->generateString(32, '0123456789abcdef')); $instanceModel = MidasLoader::loadModel('Instance', 'pvw'); $instanceModel->save($instance); diff --git a/modules/remoteprocessing/Notification.php b/modules/remoteprocessing/Notification.php index 6ce52f835..d2f78e6cc 100644 --- a/modules/remoteprocessing/Notification.php +++ b/modules/remoteprocessing/Notification.php @@ -273,7 +273,10 @@ public function processProcessingResults($params) if (isset($params['log']) && !empty($params['log'])) { $jobComponenet = MidasLoader::loadComponent('Job', 'remoteprocessing'); $xmlResults = $jobComponenet->computeLogs($job, $params['log'], $params); - $logFile = $pathFile = $this->getTempDirectory().'/'.uniqid(); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $logFile = $this->getTempDirectory().'/'.$randomComponent->generateString(32); file_put_contents($logFile, $xmlResults); $item = $uploadComponent->createUploadedItem( $userDao, diff --git a/modules/remoteprocessing/controllers/ConfigController.php b/modules/remoteprocessing/controllers/ConfigController.php index ffb4a0707..9cee77dda 100644 --- a/modules/remoteprocessing/controllers/ConfigController.php +++ b/modules/remoteprocessing/controllers/ConfigController.php @@ -77,7 +77,9 @@ public function indexAction() $configForm = $this->ModuleForm->Config->createConfigForm(); $formArray = $this->getFormAsArray($configForm); if (empty($config->securitykey)) { - $config->securitykey = uniqid(); + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $config->securitykey = $randomComponent->generateString(32); $writer = new Zend_Config_Writer_Ini(); $writer->setConfig($config); diff --git a/modules/remoteprocessing/controllers/ExecutableController.php b/modules/remoteprocessing/controllers/ExecutableController.php index c6da36a97..3cc61a31b 100644 --- a/modules/remoteprocessing/controllers/ExecutableController.php +++ b/modules/remoteprocessing/controllers/ExecutableController.php @@ -67,7 +67,10 @@ public function defineAction() $results = $_POST['results']; $xmlContent = $this->ModuleComponent->Executable->createDefinitionFile($results); - $pathFile = $this->getTempDirectory().'/'.uniqid().time(); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $pathFile = $this->getTempDirectory().'/'.$randomComponent->generateString(32); file_put_contents($pathFile, $xmlContent); $revision = $this->Item->getLastRevision($itemDao); diff --git a/modules/remoteprocessing/controllers/components/ApiComponent.php b/modules/remoteprocessing/controllers/components/ApiComponent.php index 3380f0440..ca6b04f00 100644 --- a/modules/remoteprocessing/controllers/components/ApiComponent.php +++ b/modules/remoteprocessing/controllers/components/ApiComponent.php @@ -64,8 +64,11 @@ public function registerserver($args) if (empty($os)) { throw new Exception('Error os parameter.', MIDAS_INVALID_PARAMETER); } - $email = uniqid().'@foo.com'; - $userDao = $userModel->createUser($email, uniqid(), 'Processing', 'Server'); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $email = 'some.user@example.org'; + $userDao = $userModel->createUser($email, $randomComponent->generateString(32), 'Processing', 'Server'); $userDao->setPrivacy(MIDAS_USER_PRIVATE); $userDao->setCompany($os); // used to set operating system $userModel->save($userDao); @@ -218,27 +221,29 @@ public function resultsserver($args) mkdir(UtilityComponent::getTempDirectory().'/remoteprocessing'); } - $destionation = UtilityComponent::getTempDirectory().'/remoteprocessing/'.mt_rand(1, 1000).time(); - while (file_exists($destionation)) { - $destionation = UtilityComponent::getTempDirectory().'/remoteprocessing/'.mt_rand(1, 1000).time(); + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $destination = UtilityComponent::getTempDirectory().'/remoteprocessing/'.$randomComponent->generateInt(); + while (file_exists($destination)) { + $destination = UtilityComponent::getTempDirectory().'/remoteprocessing/'.$randomComponent->generateInt(); } - mkdir($destionation); + mkdir($destination); if (!$testingmode) { - move_uploaded_file($_FILES['file']['tmp_name'], $destionation."/results.zip"); + move_uploaded_file($_FILES['file']['tmp_name'], $destination."/results.zip"); } if ($testingmode) { return array(); } - if (file_exists($destionation."/results.zip")) { - mkdir($destionation.'/content'); - $target_directory = $destionation.'/content'; + if (file_exists($destination."/results.zip")) { + mkdir($destination.'/content'); + $target_directory = $destination.'/content'; $filter = new Zend_Filter_Decompress( array('adapter' => 'Zip', 'options' => array('target' => $target_directory)) ); - $compressed = $filter->filter($destionation."/results.zip"); + $compressed = $filter->filter($destination."/results.zip"); if ($compressed && file_exists($target_directory.'/parameters.txt') ) { $info = file_get_contents($target_directory.'/parameters.txt'); @@ -248,7 +253,7 @@ public function resultsserver($args) $jobDao = $jobModel->load($job_id); $jobDao->setStatus(MIDAS_REMOTEPROCESSING_STATUS_DONE); $jobModel->save($jobDao); - $info['pathResults'] = $destionation.'/content'; + $info['pathResults'] = $destination.'/content'; $info['log'] = file_get_contents($target_directory.'/log.txt'); $info['userKey'] = $userDao->getKey(); Zend_Registry::get('notifier')->callback($info['resultCallback'], $info); @@ -258,7 +263,7 @@ public function resultsserver($args) } else { throw new Exception('Error, unable to find results.', MIDAS_INVALID_PARAMETER); } - $this->_rrmdir($destionation); + $this->_rrmdir($destination); return array(); } diff --git a/modules/remoteprocessing/database/sqlite/1.0.2.sql b/modules/remoteprocessing/database/sqlite/1.0.2.sql index 9e07f082e..452351737 100644 --- a/modules/remoteprocessing/database/sqlite/1.0.2.sql +++ b/modules/remoteprocessing/database/sqlite/1.0.2.sql @@ -6,8 +6,8 @@ CREATE TABLE IF NOT EXISTS "remoteprocessing_job" ( "job_id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "os" TEXT NOT NULL, "condition" TEXT NOT NULL DEFAULT '', - script text, - params text, + "script" text, + "params" text, "status" INTEGER NOT NULL DEFAULT 0, "expiration_date" TEXT, "creation_date" TEXT, diff --git a/modules/remoteprocessing/remotescript/main.py b/modules/remoteprocessing/remotescript/main.py index 356352a84..9b89a1f05 100644 --- a/modules/remoteprocessing/remotescript/main.py +++ b/modules/remoteprocessing/remotescript/main.py @@ -52,7 +52,7 @@ def registerServer(): interfaceMidas = apiMidas.Communicator (url) parameters = dict() - parameters['email'] = cfginternal['email']+'@foo.com' + parameters['email'] = cfginternal['email']+'@example.org' parameters['securitykey'] = cfg['securityKey'] parameters['apikey'] = cfginternal['apikey'] try: response = interfaceMidas.makeRequest('midas.remoteprocessing.registerserver', parameters) diff --git a/modules/remoteprocessing/tests/controllers/ApiComponentControllerTest.php b/modules/remoteprocessing/tests/controllers/ApiComponentControllerTest.php index 538f03c38..c549f8589 100644 --- a/modules/remoteprocessing/tests/controllers/ApiComponentControllerTest.php +++ b/modules/remoteprocessing/tests/controllers/ApiComponentControllerTest.php @@ -36,7 +36,10 @@ private function _getSecurityKey() $usersFile = $this->loadData('User', 'adminUser'); $userDao = $this->User->load($usersFile[0]->getKey()); $this->params = array(); - $securityKey = uniqid(); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $securityKey = $randomComponent->generateString(40); $this->params['securitykey'] = $securityKey; $this->params['submitConfig'] = 'true'; $this->request->setMethod('POST'); diff --git a/modules/remoteprocessing/tests/controllers/ConfigControllerTest.php b/modules/remoteprocessing/tests/controllers/ConfigControllerTest.php index 11e91c41a..597b7cd05 100644 --- a/modules/remoteprocessing/tests/controllers/ConfigControllerTest.php +++ b/modules/remoteprocessing/tests/controllers/ConfigControllerTest.php @@ -42,7 +42,10 @@ public function testIndex() $this->resetAll(); $this->params = array(); - $securityKey = uniqid(); + + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $securityKey = $randomComponent->generateString(32); $this->params['securitykey'] = $securityKey; $this->params['submitConfig'] = 'true'; $this->request->setMethod('POST'); diff --git a/modules/thumbnailcreator/controllers/components/ImagemagickComponent.php b/modules/thumbnailcreator/controllers/components/ImagemagickComponent.php index e149ef2c4..b8826ebdd 100644 --- a/modules/thumbnailcreator/controllers/components/ImagemagickComponent.php +++ b/modules/thumbnailcreator/controllers/components/ImagemagickComponent.php @@ -109,10 +109,12 @@ public function createThumbnailFromPath($name, $fullPath, $width, $height, $exac $format = MIDAS_THUMBNAILCREATOR_FORMAT_JPG; } - $destination = $tmpPath.'/'.mt_rand(1, 10000).'.'.$format; + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $destination = $tmpPath.'/'.$randomComponent->generateInt().'.'.$format; while (file_exists($destination)) { - $destination = $tmpPath.'/'.mt_rand(1, 10000).'.'.$format; + $destination = $tmpPath.'/'.$randomComponent->generateInt().'.'.$format; } $pathThumbnail = $destination; @@ -214,8 +216,11 @@ public function preprocessByThumbnailer($name, $fullPath) copy($fullPath, $copyDestination); $jpegDestination = $tmpPath.'/'.$name.'.jpg'; + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + while (file_exists($jpegDestination)) { - $jpegDestination = $tmpPath.'/'.$name.mt_rand(1, 10000).'.jpg'; + $jpegDestination = $tmpPath.'/'.$name.$randomComponent->generateInt().'.jpg'; } /** @var SettingModel $settingModel */ diff --git a/modules/validation/tests/controllers/ApiComponentControllerTest.php b/modules/validation/tests/controllers/ApiComponentControllerTest.php index 73d52024e..0afcc9245 100644 --- a/modules/validation/tests/controllers/ApiComponentControllerTest.php +++ b/modules/validation/tests/controllers/ApiComponentControllerTest.php @@ -92,7 +92,7 @@ private function _loginUsingApiKey() $resp = $this->_callJsonApi(); $this->_assertStatusOk($resp); - $this->assertEquals(strlen($resp->data->token), 40); + $this->assertEquals(strlen($resp->data->token), 32); // **IMPORTANT** This will clear any params that were set before this // function was called @@ -121,7 +121,7 @@ private function _loginUsingApiKeyAsAdmin() $resp = $this->_callJsonApi(); $this->_assertStatusOk($resp); - $this->assertEquals(strlen($resp->data->token), 40); + $this->assertEquals(strlen($resp->data->token), 32); // **IMPORTANT** This will clear any params that were set before this // function was called diff --git a/modules/visualize/controllers/components/MainComponent.php b/modules/visualize/controllers/components/MainComponent.php index b84205192..338d48d58 100644 --- a/modules/visualize/controllers/components/MainComponent.php +++ b/modules/visualize/controllers/components/MainComponent.php @@ -463,22 +463,24 @@ public function processParaviewData($itemDao) return; } - $thumbnailPath = UtilityComponent::getDataDirectory('thumbnail').'/'.mt_rand(1, 1000); + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $thumbnailPath = UtilityComponent::getDataDirectory('thumbnail').'/'.$randomComponent->generateInt(); if (!file_exists(UtilityComponent::getDataDirectory('thumbnail'))) { throw new Zend_Exception("Problem thumbnail path: ".UtilityComponent::getDataDirectory('thumbnail')); } if (!file_exists($thumbnailPath)) { mkdir($thumbnailPath); } - $thumbnailPath .= '/'.mt_rand(1, 1000); + $thumbnailPath .= '/'.$randomComponent->generateInt(); if (!file_exists($thumbnailPath)) { mkdir($thumbnailPath); } - $destionation = $thumbnailPath."/".mt_rand(1, 1000).'.jpeg'; - while (file_exists($destionation)) { - $destionation = $thumbnailPath."/".mt_rand(1, 1000).'.jpeg'; + $destination = $thumbnailPath."/".$randomComponent->generateInt().'.jpg'; + while (file_exists($destination)) { + $destination = $thumbnailPath."/".$randomComponent->generateInt().'.jpg'; } - $pathThumbnail = $destionation; + $pathThumbnail = $destination; list ($x, $y) = getimagesize($tmpPath.'/screenshot1.png'); //--- get size of img --- $thumb = 100; //--- max. size of thumb --- @@ -545,10 +547,12 @@ public function createParaviewPath() } } - $tmpFolderName = 'ParaviewWeb_'.mt_rand(0, 9999999); + /** @var RandomComponent $randomComponent */ + $randomComponent = MidasLoader::loadComponent('Random'); + $tmpFolderName = 'ParaviewWeb_'.$randomComponent->generateInt(); $path = $tmp_dir.'/'.$tmpFolderName; while (!mkdir($path)) { - $tmpFolderName = 'ParaviewWeb_'.mt_rand(0, 9999999); + $tmpFolderName = 'ParaviewWeb_'.$randomComponent->generateInt(); $path = $tmp_dir.'/'.$tmpFolderName; } diff --git a/tests/TestsBootstrap.php b/tests/TestsBootstrap.php index 699791fd6..4c8ad9093 100644 --- a/tests/TestsBootstrap.php +++ b/tests/TestsBootstrap.php @@ -31,6 +31,8 @@ require_once BASE_PATH.'/vendor/autoload.php'; require_once BASE_PATH.'/core/include.php'; +date_default_timezone_set('UTC'); + Zend_Session::$_unitTestEnabled = true; Zend_Session::start();