Skip to content

Commit 27522bc

Browse files
sylfabresylfabre
committed
bug #43941 [FrameworkBundle] Comment design decision
1 parent b45fec3 commit 27522bc

File tree

1 file changed

+16
-7
lines changed

1 file changed

+16
-7
lines changed

Secrets/SodiumVault.php

Lines changed: 16 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,8 @@ public function seal(string $name, string $value): void
8585
$this->lastMessage = null;
8686
$this->validateName($name);
8787
$this->loadKeys();
88-
$this->export($name.'.'.substr(md5($name), 0, 6), sodium_crypto_box_seal($value, $this->encryptionKey ?? sodium_crypto_box_publickey($this->decryptionKey)));
88+
$filename = $this->getFilename($name);
89+
$this->export($filename, sodium_crypto_box_seal($value, $this->encryptionKey ?? sodium_crypto_box_publickey($this->decryptionKey)));
8990

9091
$list = $this->list();
9192
$list[$name] = null;
@@ -100,7 +101,8 @@ public function reveal(string $name): ?string
100101
$this->lastMessage = null;
101102
$this->validateName($name);
102103

103-
if (!is_file($file = $this->pathPrefix.$name.'.'.substr_replace(md5($name), '.php', -26))) {
104+
$filename = $this->getFilename($name);
105+
if (!is_file($file = $this->pathPrefix.$filename.'.php')) {
104106
$this->lastMessage = sprintf('Secret "%s" not found in "%s".', $name, $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
105107

106108
return null;
@@ -134,7 +136,8 @@ public function remove(string $name): bool
134136
$this->lastMessage = null;
135137
$this->validateName($name);
136138

137-
if (!is_file($file = $this->pathPrefix.$name.'.'.substr_replace(md5($name), '.php', -26))) {
139+
$filename = $this->getFilename($name);
140+
if (!is_file($file = $this->pathPrefix.$filename.'.php')) {
138141
$this->lastMessage = sprintf('Secret "%s" not found in "%s".', $name, $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
139142

140143
return false;
@@ -198,16 +201,16 @@ private function loadKeys(): void
198201
}
199202
}
200203

201-
private function export(string $file, string $data): void
204+
private function export(string $filename, string $data): void
202205
{
203-
$b64 = 'decrypt.private' === $file ? '// SYMFONY_DECRYPTION_SECRET='.base64_encode($data)."\n" : '';
204-
$name = basename($this->pathPrefix.$file);
206+
$b64 = 'decrypt.private' === $filename ? '// SYMFONY_DECRYPTION_SECRET='.base64_encode($data)."\n" : '';
207+
$name = basename($this->pathPrefix.$filename);
205208
$data = str_replace('%', '\x', rawurlencode($data));
206209
$data = sprintf("<?php // %s on %s\n\n%sreturn \"%s\";\n", $name, date('r'), $b64, $data);
207210

208211
$this->createSecretsDir();
209212

210-
if (false === file_put_contents($this->pathPrefix.$file.'.php', $data, \LOCK_EX)) {
213+
if (false === file_put_contents($this->pathPrefix.$filename.'.php', $data, \LOCK_EX)) {
211214
$e = error_get_last();
212215
throw new \ErrorException($e['message'] ?? 'Failed to write secrets data.', 0, $e['type'] ?? \E_USER_WARNING);
213216
}
@@ -221,4 +224,10 @@ private function createSecretsDir(): void
221224

222225
$this->secretsDir = null;
223226
}
227+
228+
private function getFilename(string $name): string
229+
{
230+
// The MD5 hash allows making secrets case-sensitive. The filename is not enough on Windows.
231+
return $name.'.'.substr(md5($name), 0, 6);
232+
}
224233
}

0 commit comments

Comments
 (0)