Skip to content

Commit

Permalink
3.0.10
Browse files Browse the repository at this point in the history 
Code review fixes
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Nov 11, 2023
1 parent 86008ed commit 3e0185b
Show file tree
Hide file tree
Showing 112 changed files with 11,680 additions and 790 deletions.
1 change: 1 addition & 0 deletions api/inc/bootstrap.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@

// init
loadClasses('DB');
$superGlobal = new SuperGlobal();

// Load superglobal
$superGlobal = new SuperGlobal();
Expand Down
1 change: 1 addition & 0 deletions error.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@

// init
loadClasses('DB');
$superGlobal = new SuperGlobal();

// Load config if $SETTINGS not defined
try {
Expand Down
2 changes: 1 addition & 1 deletion includes/config/include.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
*/
define('TP_VERSION', '3.0.10');
define("UPGRADE_MIN_DATE", "1697990713");
define('TP_VERSION_MINOR', '115');
define('TP_VERSION_MINOR', '116');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
110 changes: 55 additions & 55 deletions includes/core/load.js.php
View file

Large diffs are not rendered by default.

24 changes: 12 additions & 12 deletions includes/core/login.js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,7 +354,7 @@ function encryptPersonalItems(items, files, psk) {
"sources/main.queries.php", {
type: "convert_items_with_personal_saltkey_progress",
data: prepareExchangedData(JSON.stringify(data), "encode", store.get('teampassUser').sessionKey),
key: '<?php echo $_SESSION['key']; ?>'
key: '<?php echo $superGlobal->get('key', 'SESSION'); ?>'
},
function(data) {
data = prepareExchangedData(data, store.get('teampassUser').sessionKey);
Expand Down Expand Up @@ -536,7 +536,7 @@ function launchIdentify(isDuo, redirect, psk) {
function(data) {
data = JSON.parse(data);

if (data.key !== '<?php echo $_SESSION['key']; ?>') {
if (data.key !== '<?php echo $superGlobal->get('key', 'SESSION'); ?>') {
// No session was found, warn user
toastr.remove();
toastr.error(
Expand All @@ -560,7 +560,7 @@ function(data) {
data = prepareExchangedData(
data.ret,
"decode",
"<?php echo $_SESSION['key']; ?>"
"<?php echo $superGlobal->get('key', 'SESSION'); ?>"
);
} catch (e) {
// error
Expand Down Expand Up @@ -664,15 +664,15 @@ function identifyUser(redirect, psk, data, randomstring) {
data: prepareExchangedData(
JSON.stringify(data),
'encode',
'<?php echo $_SESSION['key']; ?>'
'<?php echo $superGlobal->get('key', 'SESSION'); ?>'
)
},
function(receivedData) {
try {
var data = prepareExchangedData(
receivedData,
"decode",
"<?php echo $_SESSION['key']; ?>"
"<?php echo $superGlobal->get('key', 'SESSION'); ?>"
);
} catch (e) {
// error
Expand All @@ -690,7 +690,7 @@ function(receivedData) {

if (debugJavascript === true) {
console.info('Identification answer:')
console.log('SESSION KEY is: <?php echo $_SESSION['key']; ?>');
console.log('SESSION KEY is: <?php echo $superGlobal->get('key', 'SESSION'); ?>');
console.log(data);
}

Expand Down Expand Up @@ -830,11 +830,11 @@ function getGASynchronization() {
'sources/main.queries.php', {
type: 'ga_generate_qr',
type_category: 'action_user',
data: prepareExchangedData(JSON.stringify(data), "encode", "<?php echo $_SESSION['key']; ?>"),
key: "<?php echo $_SESSION['key']; ?>"
data: prepareExchangedData(JSON.stringify(data), "encode", "<?php echo $superGlobal->get('key', 'SESSION'); ?>"),
key: "<?php echo $superGlobal->get('key', 'SESSION'); ?>"
},
function(data) {
data = prepareExchangedData(data, 'decode', '<?php echo $_SESSION['key']; ?>');
data = prepareExchangedData(data, 'decode', '<?php echo $superGlobal->get('key', 'SESSION'); ?>');
if (debugJavascript === true) console.log(data);

if (data.error !== false) {
Expand Down Expand Up @@ -887,11 +887,11 @@ function send_user_new_temporary_ga_code() {
'sources/main.queries.php', {
type: 'ga_generate_qr',
type_category: 'action_user',
data: prepareExchangedData(JSON.stringify(data), "encode", "<?php echo $_SESSION['key']; ?>"),
key: "<?php echo $_SESSION['key']; ?>"
data: prepareExchangedData(JSON.stringify(data), "encode", "<?php echo $superGlobal->get('key', 'SESSION'); ?>"),
key: "<?php echo $superGlobal->get('key', 'SESSION'); ?>"
},
function(data) {
data = prepareExchangedData(data, 'decode', '<?php echo $_SESSION['key']; ?>');
data = prepareExchangedData(data, 'decode', '<?php echo $superGlobal->get('key', 'SESSION'); ?>');
if (debugJavascript === true) console.log(data);

if (data.error !== false) {
Expand Down
1 change: 1 addition & 0 deletions includes/core/logout.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@

// init
loadClasses('DB');
$superGlobal = new SuperGlobal();
session_name('teampass_session');
session_start();

Expand Down
1 change: 1 addition & 0 deletions includes/core/otv.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
// Load functions
require_once __DIR__.'/../../sources/main.functions.php';
loadClasses('DB');
$superGlobal = new SuperGlobal();

// Load config if $SETTINGS not defined
try {
Expand Down
19 changes: 11 additions & 8 deletions includes/libraries/teampassclasses/performchecks/src/PerformChecks.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@

class PerformChecks
{
private $postType;
private $sessionVar;
/**
* Construct the class.
*
Expand Down Expand Up @@ -93,15 +95,16 @@ function checkUserSessionExists(): string
echo json_encode([
'status' => true,
]);
} else {
// In case that no session is available
// Force the page to be reloaded and attach the CSRFP info
// Load CSRFP
$csrfp_array = __DIR__ . '/../includes/libraries/csrfp/libs/csrfp.config.php';

// Send back CSRFP info
echo $csrfp_array['CSRFP_TOKEN'] . ';' . filter_input(INPUT_POST, $csrfp_array['CSRFP_TOKEN'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
exit();
}

// In case that no session is available
// Force the page to be reloaded and attach the CSRFP info
// Load CSRFP
$csrfp_array = __DIR__ . '/../includes/libraries/csrfp/libs/csrfp.config.php';

// Send back CSRFP info
echo $csrfp_array['CSRFP_TOKEN'] . ';' . filter_input(INPUT_POST, $csrfp_array['CSRFP_TOKEN'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}

/**
Expand Down
2 changes: 2 additions & 0 deletions includes/libraries/teampassclasses/superglobal/src/SuperGlobal.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ public function get($key, $type, $special = false)
return (isset($_GET[$key]) === true ? $this->dataSanitizerCall($_GET[$key])['key'] : null);
} elseif ($type === 'COOKIE') {
return (isset($_COOKIE[$key]) === true ? $this->dataSanitizerCall($_COOKIE[$key])['key'] : null);
} elseif ($type === 'POST') {
return (isset($_POST[$key]) === true ? $this->dataSanitizerCall($_POST[$key])['key'] : null);
}
}

Expand Down
Loading

0 comments on commit 3e0185b

Please sign in to comment.