3.1.1

Some changes in upgrade process (robustness) WIP regarding #3956
nilsteampassnet · Dec 16, 2023 · db8c06a · db8c06a
1 parent bee3f61
commit db8c06a
Show file tree

Hide file tree

Showing 7 changed files with 70 additions and 37 deletions.
diff --git a/includes/config/include.php b/includes/config/include.php
@@ -17,7 +17,7 @@
  */
 define('TP_VERSION', '3.1.1');
 define("UPGRADE_MIN_DATE", "1702452416");
-define('TP_VERSION_MINOR', '7');
+define('TP_VERSION_MINOR', '8');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);

diff --git a/install/install.queries.php b/install/install.queries.php
@@ -1301,7 +1301,7 @@ function encryptFollowingDefuse($message, $ascii_key)
                             "CREATE TABLE IF NOT EXISTS `" . $var['tbl_prefix'] . "ldap_groups_roles` (
                             `increment_id` INT(12) NOT NULL AUTO_INCREMENT,
                             `role_id` INT(12) NOT NULL,
-                            `ldap_group_id` INT(12) NOT NULL,
+                            `ldap_group_id` VARCHAR(500) NOT NULL,
                             `ldap_group_label` VARCHAR(255) NOT NULL,
                             PRIMARY KEY (`increment_id`),
                             KEY `ROLE` (`role_id`)

diff --git a/install/upgrade_run_3.0.0.php b/install/upgrade_run_3.0.0.php
@@ -1232,7 +1232,7 @@
         MODIFY COLUMN `pw_len` INT(5) NOT NULL DEFAULT 0,
         MODIFY COLUMN `restricted_to` VARCHAR(200) DEFAULT NULL,
         MODIFY COLUMN `viewed_no` INT(12) NOT NULL DEFAULT 0,
-        MODIFY COLUMN `complexity_level` VARCHAR(3) NOT NULL DEFAULT '-1',
+        MODIFY COLUMN `complexity_level` VARCHAR(10) NOT NULL DEFAULT '-1',
         MODIFY COLUMN `auto_update_pwd_frequency` tinyint(2) NOT NULL DEFAULT 0,
         MODIFY COLUMN `auto_update_pwd_next_date` VARCHAR(100) NOT NULL DEFAULT '0',
         MODIFY COLUMN `encryption_type` VARCHAR(20) NOT NULL DEFAULT 'not_set';"
@@ -1496,6 +1496,15 @@
 }
 
 // Alter table templates
+mysqli_query(
+    $db_link,
+    'CREATE TABLE IF NOT EXISTS `' . $pre . 'templates` (
+    `increment_id` int(12) NOT NULL AUTO_INCREMENT,
+    `item_id` int(12) NOT NULL,
+    `category_id` int(12) NOT NULL,
+    PRIMARY KEY (`increment_id`)
+    ) CHARSET=utf8;'
+);
 mysqli_query(
     $db_link,
     "ALTER TABLE `" . $pre . "templates`

diff --git a/install/upgrade_run_3.1.php b/install/upgrade_run_3.1.php
@@ -118,6 +118,13 @@
     'ALTER TABLE `' . $pre . 'tokens` CHANGE `end_timestamp` `end_timestamp` VARCHAR(50) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL;'
 );
 
+
+// Alter table ldap_groups_roles
+mysqli_query(
+    $db_link,
+    'ALTER TABLE `' . $pre . 'ldap_groups_roles` CHANGE `ldap_group_id` `ldap_group_id` VARCHAR(500) NOT NULL;'
+);
+
 //---<END 3.1.1
 
 //---------------------------------------------------------------------

diff --git a/pages/roles.js.php b/pages/roles.js.php
@@ -800,7 +800,7 @@ function(data) {
             //---
 
         } else if ($(this).data('action') === 'do-adgroup-role-mapping') {
-            var groupId = parseInt($(this).data('id')),
+            var groupId = $(this).data('id'),
                 roleId = parseInt($('.select-role').val()),
                 groupTitle = $('.select-role option:selected').text();
 

diff --git a/sources/items.queries.php b/sources/items.queries.php
@@ -862,10 +862,10 @@
         if (is_array($dataReceived) === true && count($dataReceived) > 0) {
             // Prepare variables
             $itemInfos = array();
-            $inputData['label'] = filter_var($dataReceived['label'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+            $inputData['label'] = isset($dataReceived['label']) && is_string($dataReceived['label']) ? filter_var($dataReceived['label'], FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
             $post_url = isset($dataReceived['url'])=== true ? filter_var(htmlspecialchars_decode($dataReceived['url']), FILTER_SANITIZE_URL) : '';
-            $post_password = $original_pw = htmlspecialchars_decode($dataReceived['pw']);
-            $post_login = filter_var(htmlspecialchars_decode($dataReceived['login']), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+            $post_password = $original_pw = isset($dataReceived['pw']) && is_string($dataReceived['pw']) ? htmlspecialchars_decode($dataReceived['pw']) : '';
+            $post_login = isset($dataReceived['login']) && is_string($dataReceived['login']) ? filter_var(htmlspecialchars_decode($dataReceived['login']), FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
             $post_tags = isset($dataReceived['tags'])=== true ? htmlspecialchars_decode($dataReceived['tags']) : '';
             $post_email = isset($dataReceived['email'])=== true ? filter_var(htmlspecialchars_decode($dataReceived['email']), FILTER_SANITIZE_EMAIL) : '';
             $post_template_id = (int) filter_var($dataReceived['template_id'], FILTER_SANITIZE_NUMBER_INT);
@@ -3039,7 +3039,21 @@
                 break;
             }
         }
-        $returnArray = array();
+
+        // prepare return array
+        $returnArray = [
+            'show_details' => 0,
+            'attachments' => [],
+            'favourite' => 0,
+            'otp_for_item_enabled' => 0,
+            'otp_phone_number' => '',
+            'otp_secret' => '',
+            'users_list' => [],
+            'roles_list' => [],
+            'has_change_proposal' => 0,
+            'setting_restricted_to_roles' => 0,
+            'otv_links' => 0,
+        ];
 
         // Load item data
         $dataItem = DB::queryFirstRow(
@@ -3109,7 +3123,7 @@
             $_SESSION['key_tmp'] = bin2hex(GenerateCryptKey(16, false, true, true, false, true, $SETTINGS));
 
             // Prepare files listing
-            $attachments = array();
+            $attachments = [];
 
             // launch query
             $rows = DB::query(

diff --git a/sources/roles.queries.php b/sources/roles.queries.php
@@ -764,7 +764,7 @@
             }
 
             $retGroups = $connection->query()->where($searchCriteria)->get();
-
+            //error_log("Contenu de l'array : " . print_r($retGroups, true));
             // check if synched with roles in Teampass
             $retAD = [];
             foreach($retGroups as $key => $group) {
@@ -773,7 +773,7 @@
                     'SELECT a.increment_id, a.role_id, r.title
                     FROM '.prefixTable('ldap_groups_roles').' AS a
                     INNER JOIN '.prefixTable('roles_title').' AS r ON r.id = a.role_id
-                    WHERE ldap_group_id = %i',
+                    WHERE ldap_group_id = %s',
                     $group[(isset($SETTINGS['ldap_guid_attibute']) === true && empty($SETTINGS['ldap_guid_attibute']) === false ? $SETTINGS['ldap_guid_attibute']: 'gidnumber')][0]
                 );
                 $counter = DB::count();
@@ -843,29 +843,19 @@
 
             // Prepare variables
             $post_role_id = filter_var($dataReceived['roleId'], FILTER_SANITIZE_NUMBER_INT);
-            $post_adgroup_id = filter_var($dataReceived['adGroupId'], FILTER_SANITIZE_NUMBER_INT);
+            $post_adgroup_id = filter_var($dataReceived['adGroupId'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
             $post_adgroup_label = filter_var($dataReceived['adGroupLabel'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
             $data = DB::queryfirstrow(
                 'SELECT *
                 FROM '.prefixTable('ldap_groups_roles').'
-                WHERE ldap_group_id = %i',
+                WHERE ldap_group_id = %s',
                 $post_adgroup_id
             );
-            $counter = DB::count();
-
-            if ($counter === 0) {
-                // Adding new folder is possible as it doesn't exist
-                DB::insert(
-                    prefixTable('ldap_groups_roles'),
-                    array(
-                        'role_id' => $post_role_id,
-                        'ldap_group_id' => $post_adgroup_id,
-                        'ldap_group_label' => $post_adgroup_label,
-                    )
-                );
-                $new_id = DB::insertId();
-            } else {
+
+            if ($data) {
+                // exists in Teampass
+                // update or delete
                 if ((int) $post_role_id === -1) {
                     // delete
                     DB::delete(
@@ -875,17 +865,30 @@
                     );
                     $new_id = -1;
                 } else {
-                    // update
-                    DB::update(
-                        prefixTable('ldap_groups_roles'),
-                        array(
-                            'role_id' => $post_role_id,
-                        ),
-                        'increment_id = %i',
-                        $data['increment_id']
-                    );
-                    $new_id = '';
+                    if (isset($data['increment_id']) === true) {
+                        // update
+                        DB::update(
+                            prefixTable('ldap_groups_roles'),
+                            array(
+                                'role_id' => $post_role_id,
+                            ),
+                            'increment_id = %i',
+                            $data['increment_id']
+                        );
+                        $new_id = '';
+                    }
                 }
+            } else {
+                // Adding new folder is possible as it doesn't exist
+                DB::insert(
+                    prefixTable('ldap_groups_roles'),
+                    array(
+                        'role_id' => $post_role_id,
+                        'ldap_group_id' => $post_adgroup_id,
+                        'ldap_group_label' => $post_adgroup_label,
+                    )
+                );
+                $new_id = DB::insertId();
             }
 
             echo (string) prepareExchangedData(