Changeset 374 for trunk/grails-app/taglib
- Timestamp:
- Apr 23, 2010, 11:02:31 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/grails-app/taglib/dbnp/studycapturing/WizardTagLib.groovy
r372 r374 4 4 import dbnp.studycapturing.* 5 5 import dbnp.data.* 6 import cr.co.arquetipos.crypto.Blowfish 6 7 7 8 /** … … 564 565 def entity = attrs.remove('entity') 565 566 566 // add the entity class name to the element as 567 // a base64 encoded string. 568 // TODO: encrypt this, instead of using base64! 569 // As this class is instantiated elsewhere 570 // this is a security hazard! 571 // @see TemplateEditorController 572 attrs['entity'] = entity.toString().replaceAll(/^class /,'').bytes.encodeBase64() 567 // add the entity class name to the element 568 // do we have crypto information available? 569 if (grailsApplication.config.crypto) { 570 // generate a Blowfish encrypted and Base64 encoded string. 571 attrs['entity'] = Blowfish.encryptBase64( 572 entity.toString().replaceAll(/^class /, ''), 573 grailsApplication.config.crypto.shared.secret 574 ) 575 } else { 576 // base64 only; this is INSECURE! As this class 577 // is instantiated elsewehere. Possibly exploitable! 578 attrs['entity'] = entity.toString().replaceAll(/^class /, '').bytes.encodeBase64() 579 } 573 580 574 581 // fetch templates
Note: See TracChangeset
for help on using the changeset viewer.