2.1.27

Fixes: - not expected visible "custom fields" - KB opening - SQL query (droping _install table)
nilsteampassnet · Sep 11, 2017 · 33cd61c · 33cd61c
1 parent 67cf179
commit 33cd61c
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 7 deletions.
diff --git a/changelog.md b/changelog.md
@@ -5,6 +5,7 @@
  Custom Field value can be masked
  Database password is encrypted in settings.php file
  PHPMailer library updated to 5.2.23
+ TwoFactorAuth library was updated
  Configuration variables are not set in SESSION anymore. Now read from tp.config.php file.
  Fix: issue on offline export
  #1891 Install error - Uncaught Defuse\\Crypto\\Exception\\BadFormatException: Encoded data is shorter than expected

diff --git a/items.load.php b/items.load.php
@@ -1412,7 +1412,7 @@ function(data_raw) {
                         if (data.fields === "") {
                             $(".tr_fields").addClass("hidden");
                         } else {
-                            $(".tr_cf, .tr_fields").addClass("hidden");
+                            $(".tr_cf, .tr_fields").removeClass("hidden");
                             var liste = data.fields.split('_|_');
                             for (var i=0; i<liste.length; i++) {
                                 var field = liste[i].split('~~');

diff --git a/items.php b/items.php
@@ -351,13 +351,13 @@
     foreach ($_SESSION['item_fields'] as $elem) {
         $itemCatName = $elem[0];
         echo '
-                    <tr class="tr_fields" id="tr_catfield_'.$elem[0].'" style="display:none;">
+                    <tr class="tr_fields hidden" id="tr_catfield_'.$elem[0].'">
                         <td valign="top" class="td_title">&nbsp;<i class="fa fa-angle-right"></i>&nbsp;'.$elem[1].' :</td>
                         <td></td>
                     </tr>';
         foreach ($elem[2] as $field) {
             echo '
-                    <tr class="tr_cf tr_fields" id="cf_tr_'.$field[0].'" style="display:none;">
+                    <tr class="tr_cf tr_fields hidden" id="cf_tr_'.$field[0].'">
                         <td valign="top" class="td_title">&nbsp;&nbsp;<i class="fa fa-caret-right"></i>&nbsp;<i>'.$field[1].'</i> :</td>
                         <td>';
             if ($field[3] === "masked") {

diff --git a/sources/core.php b/sources/core.php
@@ -119,7 +119,7 @@ function delTree($dir)
         }
 
         // Delete temporary install table
-        DB::query("DROP TABLE `_install`");
+        DB::query("DROP TABLE IF EXISTS `_install`");
 
         // Delete tag
         DB::delete(

diff --git a/sources/items.queries.php b/sources/items.queries.php
@@ -205,6 +205,8 @@
                 ||
                 (isset($SETTINGS['duplicate_item']) && $SETTINGS['duplicate_item'] === '1')
             ) {
+                // Handle case where pw is empty
+                // if not allowed then warn user
                 if ((isset($_SESSION['user_settings']['create_item_without_password'])
                     && $_SESSION['user_settings']['create_item_without_password'] !== '1'
                     ) ||
@@ -2589,7 +2591,7 @@
                 $counter_full = DB::count();
                 $uniqueLoadData['counter_full'] = $counter_full;
             }
-            
+
             // Check list to be continued status
             if ($post_nb_items_to_display_once !== 'max' && ($post_nb_items_to_display_once + $start) < $counter_full) {
                 $listToBeContinued = "yes";

diff --git a/sources/kb.queries.php b/sources/kb.queries.php
@@ -76,7 +76,6 @@ function utf8Urldecode($value)
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
 $post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
-$post_id = filter_input(INPUT_POST, $_POST['id'], FILTER_SANITIZE_NUMBER_INT);
 
 // Construction de la requéte en fonction du type de valeur
 if (null !== $post_type) {
@@ -186,6 +185,8 @@ function utf8Urldecode($value)
                 break;
             }
 
+            $post_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
+
             $ret = DB::queryfirstrow(
                 "SELECT k.id AS id, k.label AS label, k.description AS description, k.category_id AScategory_id, k.author_id AS author_id, k.anyone_can_modify AS anyone_can_modify, u.login AS login, c.category AS category
                 FROM ".prefix_table("kb")." AS k
@@ -221,7 +222,11 @@ function utf8Urldecode($value)
                 echo '[ { "error" : "key_not_conform" } ]';
                 break;
             }
+
+            $post_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
+
             DB::delete(prefix_table("kb"), "id=%i", $post_id);
+
             break;
     }
 }
diff --git a/sources/main.functions.php b/sources/main.functions.php
@@ -1226,7 +1226,7 @@ function generateKey()
 function dateToStamp($date)
 {
     global $SETTINGS;
-    
+
     $date = date_parse_from_format($SETTINGS['date_format'], $date);
     if ($date['warning_count'] == 0 && $date['error_count'] == 0) {
         return mktime(23, 59, 59, $date['month'], $date['day'], $date['year']);