From 188961745dfa27cba8037900e79d904818b0f8e6 Mon Sep 17 00:00:00 2001 From: rxu Date: Thu, 4 Jan 2024 10:34:35 +0700 Subject: [PATCH 1/2] Do not expose private key in ACP module (phpBB 4.0 consistent). --- acp/wpn_acp_module.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/acp/wpn_acp_module.php b/acp/wpn_acp_module.php index 1471b7e..ad44fa5 100644 --- a/acp/wpn_acp_module.php +++ b/acp/wpn_acp_module.php @@ -98,7 +98,7 @@ public function display_settings() $this->template->assign_vars([ 'S_WEBPUSH_ENABLE' => $this->config['wpn_webpush_enable'], 'WEBPUSH_VAPID_PUBLIC' => $this->config['wpn_webpush_vapid_public'], - 'WEBPUSH_VAPID_PRIVATE' => $this->config['wpn_webpush_vapid_private'], + 'WEBPUSH_VAPID_PRIVATE' => !$this->config['wpn_webpush_vapid_private'] ?: '********', // Replace private key with asterixes 'U_ACTION' => $this->u_action, ]); } @@ -117,6 +117,12 @@ public function save_settings() 'wpn_webpush_vapid_private'=> ['validate' => 'string:25:255', 'lang' => 'WEBPUSH_VAPID_PRIVATE'], ]; + // Do not validate and update private key field if the content is ******** and the key was already set + if ($config_array['wpn_webpush_vapid_private'] == '********' && $this->config['wpn_webpush_vapid_private']) + { + unset($display_settings['wpn_webpush_vapid_private'], $config_array['wpn_webpush_vapid_private']); + } + if ($config_array['wpn_webpush_enable']) { // Validate config values @@ -135,9 +141,10 @@ public function save_settings() $this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_CONFIG_WEBPUSH'); - $this->config->set('wpn_webpush_enable', $config_array['wpn_webpush_enable']); - $this->config->set('wpn_webpush_vapid_public', $config_array['wpn_webpush_vapid_public']); - $this->config->set('wpn_webpush_vapid_private', $config_array['wpn_webpush_vapid_private']); + foreach ($config_array as $config_name => $config_value) + { + $this->config->set($config_name, $config_value); + } trigger_error($this->lang->lang('CONFIG_UPDATED') . adm_back_link($this->u_action), E_USER_NOTICE); } From e0c2429e1d6c5a99d1122c34bb07412bfc3d53c0 Mon Sep 17 00:00:00 2001 From: rxu Date: Thu, 4 Jan 2024 10:40:03 +0700 Subject: [PATCH 2/2] Fix test. --- tests/functional/functional_test.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/functional/functional_test.php b/tests/functional/functional_test.php index fe481e9..12b6ef7 100644 --- a/tests/functional/functional_test.php +++ b/tests/functional/functional_test.php @@ -57,6 +57,7 @@ public function test_acp_module() foreach ($form_data as $config_name => $config_value) { + $config_value = ($config_name === 'config[wpn_webpush_vapid_private]') ? '********' : $config_value; $this->assertEquals($config_value, $crawler->filter('input[name="' . $config_name . '"]')->attr('value')); } }