the last _send_channel_packet was unnecessarily complex. this lead
to a number of problems. for example,
the window size was checked for adjustments in two places. in the
second place it receives a window adjustment packet and just assumes
that the window adjustment packet was big enough for the rest of the
data.
(thanks, pixall!)
Currently, the call to "scp -t" or "scp -f" just uses naive quoting - i.e. a couple of quote marks are thrown in.
But, this can easily be escaped from - if the filename has a quote mark of its own in it, for example.
e.g. if the filename is as follows, then bad things will happen:
";rm -rf /
Instead, escapeshellarg should be used, to make sure it gets escaped properly.
Sometimes SSH servers will null pad their RSA keys. this null padding
broke Net/SSH2.php's RSA implementation (Crypt/RSA.php's implementation
works just fine). Also, the -3 was counting the initial "\0" of $h
twice so adjust it to -2.
it doesn't need to be defined since the strlen($this->last_interactive_response)
check in _login_helper serves the same purpose that NET_SSH_MASK_LOGIN_INTERACTIVE
was intended to serve
it is my hope that the issues 8c9e7a890e5755ee27fca66590ff5d2fa0616e56
and ccb1c3e2bdefd41cb3a7a21876eb0f5cd055c601 sought to resolve were
fixed 9f8d8a7bf6c92d49f71dcadf585c898fcccd5c0d and
7a2c7a414c08d28f0700c7f6f8686a9e0e246a44.
SSH2: make it so negotiated algorithms can be seen before login
* terrafrost/ssh2-show-methods-before-login:
SSH2: white space adjustment
SSH: update getServerPublicHostKey() to use new _connect() method
SSH2: fix if statement for conditional _connect() call
simplify calls to $this->_connect()
SSH2: make it so negotiated algorithms can be seen before login
This small patch adds hmac-sha2-256 support separately as requested in #423.
Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
SFTP: Do not check filename over and over again, remove '.' and '..' from the map instead.
* bantu/sftp-skip-current-dir-by-removal:
Do not check filename over and over again, remove '.' and '..' from the map instead.
SSH2: make isConnected return true if even if we're not logged in
* terrafrost/ssh2-connected:
SSH2: make isConnected return true if even if we're not logged in
SCP: add support for file names with spaces
* terrafrost/scp-spaces:
SCP: always encapsulate filenames within double quotes
SCP: add support for file names with spaces