2.1.27

Code review
Fix for #1834, #1833, #1830, #1829, #1820

admin.php

@@ -44,7 +44,7 @@
 
 echo '
 <input type="hidden" id="setting_send_stats" value="',isset($SETTINGS['send_stats']) ? $SETTINGS['send_stats'] : '0', '" />
-<div class="title ui-widget-content ui-corner-all">'.$LANG['thku'].' <span style="float:right;">', isset($k['version_full']) ? '<span class="fa fa-plug"></span>&nbsp;'.$k['version_full'] : '', '</span></div>
+<div class="title ui-widget-content ui-corner-all">'.$LANG['thku'].' <span style="float:right;">', isset($SETTINGS_EXT['version_full']) ? '<span class="fa fa-plug"></span>&nbsp;'.$SETTINGS_EXT['version_full'] : '', '</span></div>
 
 <div style="margin:auto; line-height:20px; padding:10px;" id="tabs">
     <ul>

admin.settings.php

@@ -946,7 +946,7 @@
                     </td>
                     <td>
                         <select id="offline_key_level" name="offline_key_level" class="text ui-widget-content" onchange="updateSetting($(this).attr(\'id\'));">';
-foreach ($SETTINGS['pwComplexity'] as $complex) {
+foreach ($SETTINGS_EXT['pwComplexity'] as $complex) {
     echo '<option value="'.$complex[0].'"', isset($SETTINGS['offline_key_level']) && $SETTINGS['offline_key_level'] == $complex[0] ? ' selected="selected"' : '', '>'.$complex[1].'</option>';
 }
 echo '

changelog.md

@@ -3,6 +3,11 @@
  8/
  PHPMailer library updated to 5.2.23
  Configuration variables are not set in SESSION anymore. Now read from tp.config.php file.
+ #1834 Typo in sources/main.functions.php
+ #1833 Opening a one time view page give a notice: A session had already been started...
+ #1830 Salt key field has already a character filled in.
+ #1829 Attachments is broken after upgrade from 2.1.27.0. Fix in progress
+ #1820 group vertical scroll bar not work correctly
  #1819 Fix for QR sending from login page
 
  6-7/

error.php

@@ -36,7 +36,7 @@
     throw new Exception("Error file '/includes/config/tp.config.php' not exists", 1);
 }
 
-if (isset(filter_input(INPUT_POST, 'session', FILTER_SANITIZE_STRING)) && filter_var($_POST['session'], FILTER_SANITIZE_STRING) === "expired") {
+if (null !== filter_input(INPUT_POST, 'session', FILTER_SANITIZE_STRING) && filter_var($_POST['session'], FILTER_SANITIZE_STRING) === "expired") {
     //Include files
     require_once $SETTINGS['cpassman_dir'].'/includes/config/settings.php';
     require_once $SETTINGS['cpassman_dir'].'/includes/config/include.php';
@@ -77,19 +77,19 @@
     require_once $SETTINGS['cpassman_dir'].'/includes/language/english.php';
     echo '
     <div style="width:800px;margin:auto;">';
-    if (@$_SESSION['error']['code'] == ERR_NOT_ALLOWED) {
+    if (@$_SESSION['error']['code'] === ERR_NOT_ALLOWED) {
         echo '
         <div class="ui-state-error ui-corner-all error" >'.$LANG['error_not_authorized'].'</div>';
-    } elseif (@$_SESSION['error']['code'] == ERR_NOT_EXIST) {
+    } elseif (@$_SESSION['error']['code'] === ERR_NOT_EXIST) {
         echo '
         <div class="ui-state-error ui-corner-all error" >'.$LANG['error_not_exists'].'</div>';
-    } elseif (@$_SESSION['error']['code'] == ERR_SESS_EXPIRED) {
+    } elseif (@$_SESSION['error']['code'] === ERR_SESS_EXPIRED) {
         echo '
         <div class="ui-state-error ui-corner-all error" style="text-align:center;" >'.$LANG['index_session_expired'].'<br /><br /><a href="index.php" />'.$LANG['home'].'</a></div>';
-    } elseif (@$_SESSION['error']['code'] == ERR_NO_MCRYPT) {
+    } elseif (@$_SESSION['error']['code'] === ERR_NO_MCRYPT) {
         echo '
         <div class="ui-state-error ui-corner-all error" style="text-align:center;" >'.$LANG['error_mcrypt_not_loaded'].'<br /><br /><a href="index.php" />'.$LANG['home'].'</a></div>';
-    } elseif (@$_SESSION['error']['code'] == ERR_VALID_SESSION) {
+    } elseif (@$_SESSION['error']['code'] === ERR_VALID_SESSION) {
         echo '
         <div class="ui-state-error ui-corner-all error" style="text-align:center;" >'.$LANG['error_not_authorized'].'<br /><br /><a href="index.php" />'.$LANG['home'].'</a></div>';
     }

find.load.php

@@ -137,7 +137,7 @@ function(data) {
                             "<tr><td valign='top' class='td_title'><span class='ui-icon ui-icon-carat-1-e' style='float: left; margin-right: .3em;'>&nbsp;</span><?php echo $LANG['index_login']; ?> :</td><td style='font-style:italic;display:inline;'>"+data.login+"</td></tr>"+
                             "<tr><td valign='top' class='td_title'><span class='ui-icon ui-icon-carat-1-e' style='float: left; margin-right: .3em;'>&nbsp;</span><?php echo $LANG['url']; ?> :</td><td style='font-style:italic;display:inline;'>"+data.url+"</td></tr>"+
                         "</table>";
-                    }
+                    }console.log(return_html);
                     $("#div_item_data_show_error").html("").hide();
                     $("#div_item_data_text").html(return_html);
                 }
@@ -213,7 +213,7 @@ function(event, ui) {
 
             // prepare display
             if ($("#div_mass_op").data('action') === "move") {
-                html = '<?php echo $LANG['you_decided_to_move_items']; ?>: ' +
+                html = '<?php echo $LANG["you_decided_to_move_items"]; ?>: ' +
                 '<div><ul>' + sel_items_txt + '</ul></div>';
                 var folder_options = '';
 
@@ -248,7 +248,7 @@ function(data) {
                 html = '<?php echo $LANG['you_decided_to_delete_items']; ?>: ' +
                 '<div><ul>' + sel_items_txt + '</ul></div>' +
                 '<div style="padding:10px;" class="ui-corner-all ui-state-error"><span class="fa fa-warning fa-lg"></span>&nbsp;<?php echo $LANG['confirm_deletion']; ?></div>';
-                
+
                 $("#div_mass_html").html(html);
             }
 
@@ -294,7 +294,7 @@ function(data) {
                             }
                             //if OK
                             if (data[0].status == "ok") {
-                                //reload search 
+                                //reload search
                                 oTable.api().ajax.reload();
 
                                 $("#main_info_box_text").html("<?php echo $LANG['alert_message_done']; ?>");
@@ -329,7 +329,7 @@ function(data) {
                             }
                             //if OK
                             if (data[0].status == "ok") {
-                                //reload search 
+                                //reload search
                                 oTable.api().ajax.reload();
 
                                 $("#main_info_box_text").html("<?php echo $LANG['alert_message_done']; ?>");

folders.php

@@ -126,7 +126,7 @@
 
     <label for="new_rep_complexite" class="label_cpm">'.$LANG['complex_asked'].'</label>
     <select id="new_rep_complexite" class="input_text text ui-widget-content ui-corner-all">';
-foreach ($SETTINGS['pwComplexity'] as $complex) {
+foreach ($SETTINGS_EXT['pwComplexity'] as $complex) {
     echo '<option value="'.$complex[0].'">'.$complex[1].'</option>';
 }
 echo '
@@ -169,7 +169,7 @@
 
     <label for="edit_folder_complexite" class="label_cpm">'.$LANG['complex_asked'].'</label>
     <select id="edit_folder_complexite" class="input_text text ui-widget-content ui-corner-all">';
-foreach ($SETTINGS['pwComplexity'] as $complex) {
+foreach ($SETTINGS_EXT['pwComplexity'] as $complex) {
     echo '<option value="'.$complex[0].'">'.$complex[1].'</option>';
 }
 echo '

includes/config/include.php

@@ -9,20 +9,20 @@
  * @link
  */
 // DONT'T CHANGE BELOW THIS LINE
-global $settings, $languagesList;
+global $SETTINGS, $languagesList, $SETTINGS_EXT;
 
-$k['version'] = "2.1.27";
-$k['version_full'] = $k['version'].".8";
-$k['tool_name'] = "TeamPass";
-$k['one_day_seconds'] = 86400;
-$k['one_week_seconds'] = 604800;
-$k['one_month_seconds'] = 2592000;
-$k['image_file_ext'] = array('jpg', 'gif', 'png', 'jpeg', 'tiff', 'bmp');
-$k['office_file_ext'] = array('xls', 'xlsx', 'docx', 'doc', 'csv', 'ppt', 'pptx');
-$k['admin_full_right'] = true;
-$k['admin_no_info'] = false;
-$k['copyright'] = "2009 - ".date('Y');
-$k['allowedTags'] = "<b><i><sup><sub><em><strong><u><br><br /><a><strike><ul><blockquote><blockquote><img><li><h1><h2><h3><h4><h5><ol><small><font>";
+$SETTINGS_EXT['version'] = "2.1.27";
+$SETTINGS_EXT['version_full'] = $SETTINGS_EXT['version'].".8";
+$SETTINGS_EXT['tool_name'] = "TeamPass";
+$SETTINGS_EXT['one_day_seconds'] = 86400;
+$SETTINGS_EXT['one_week_seconds'] = 604800;
+$SETTINGS_EXT['one_month_seconds'] = 2592000;
+$SETTINGS_EXT['image_file_ext'] = array('jpg', 'gif', 'png', 'jpeg', 'tiff', 'bmp');
+$SETTINGS_EXT['office_file_ext'] = array('xls', 'xlsx', 'docx', 'doc', 'csv', 'ppt', 'pptx');
+$SETTINGS_EXT['admin_full_right'] = true;
+$SETTINGS_EXT['admin_no_info'] = false;
+$SETTINGS_EXT['copyright'] = "2009 - ".date('Y');
+$SETTINGS_EXT['allowedTags'] = "<b><i><sup><sub><em><strong><u><br><br /><a><strike><ul><blockquote><blockquote><img><li><h1><h2><h3><h4><h5><ol><small><font>";
 
 define('ERR_NOT_ALLOWED', "1000");
 define('ERR_NOT_EXIST', "1001");

includes/css/items.css

@@ -104,11 +104,16 @@ button{
 }
 #items_list{
     float:left;
-    margin-left: -35px;
-    width: 710px;
+    margin-left: 0px;
+    width: 680px;
     overflow:auto ;
 }
 
+#full_items_list{
+    margin-left: -36px;
+    width: 673px;
+}
+
 #item_details_ok{
     width: 670px;
     height: 230px;

index.php

@@ -195,7 +195,7 @@
         echo '
         <div id="menu_top">
             <div style="margin-left:20px; margin-top:2px;width:710px;" id="main_menu">';
-        if ($_SESSION['user_admin'] == 0 || $k['admin_full_right'] == 0) {
+        if ($_SESSION['user_admin'] == 0 || $SETTINGS_EXT['admin_full_right'] == 0) {
             echo '
                 <a class="btn btn-default" href="#"',
                 (isset($_SESSION['nb_folders']) && $_SESSION['nb_folders'] == 0)
@@ -216,7 +216,7 @@
         if (isset($SETTINGS['enable_favourites'])
             && $SETTINGS['enable_favourites'] == 1
             &&
-            ($_SESSION['user_admin'] == 0 || ($_SESSION['user_admin'] == 1 && $k['admin_full_right'] === false))
+            ($_SESSION['user_admin'] == 0 || ($_SESSION['user_admin'] == 1 && $SETTINGS_EXT['admin_full_right'] === false))
         ) {
             echo '
                     <a class="btn btn-default" href="#" onclick="MenuAction(\'favourites\')">
@@ -277,7 +277,7 @@
                     <ul class="menu" style="">
                         <li class="" style="padding:4px;width:40px; text-align:center;"><i class="fa fa-dashboard fa-fw"></i>&nbsp;
                             <ul class="menu_200" style="text-align:left;">',
-                                ($_SESSION['user_admin'] == 1 && $k['admin_full_right'] === true) ? '' : isset($SETTINGS['enable_pf_feature']) && $SETTINGS['enable_pf_feature'] == 1 ? '
+                                ($_SESSION['user_admin'] == 1 && $SETTINGS_EXT['admin_full_right'] === true) ? '' : isset($SETTINGS['enable_pf_feature']) && $SETTINGS['enable_pf_feature'] == 1 ? '
                                 <li onclick="$(\'#div_set_personal_saltkey\').dialog(\'open\')">
                                     <i class="fa fa-key fa-fw"></i> &nbsp;'.$LANG['home_personal_saltkey_button'].'
                                 </li>' : '', '
@@ -295,7 +295,7 @@
                     </ul>
                 </div>';
 
-        if ($_SESSION['user_admin'] != 1 || ($_SESSION['user_admin'] == 1 && $k['admin_full_right'] === false)) {
+        if ($_SESSION['user_admin'] != 1 || ($_SESSION['user_admin'] == 1 && $SETTINGS_EXT['admin_full_right'] === false)) {
             echo '
                 <div style="float:right; margin-right:10px;">
                     <ul class="menu" id="menu_last_seen_items">
@@ -469,7 +469,7 @@ class="ui-state-highlight ui-corner-all" id="div_maintenance">
             <h3>'.$LANG['index_change_pw'].'</h3>
             <div style="height:20px;text-align:center;margin:2px;display:none;" id="change_pwd_error" class=""></div>
             <div style="text-align:center;margin:5px;padding:3px;" id="change_pwd_complexPw" class="ui-widget ui-state-active ui-corner-all">'.
-            $LANG['complex_asked'].' : '.$SETTINGS['pwComplexity'][$_SESSION['user_pw_complexity']][1].
+            $LANG['complex_asked'].' : '.$SETTINGS_EXT['pwComplexity'][$_SESSION['user_pw_complexity']][1].
             '</div>
             <div id="pw_strength" style="margin:0 0 10px 140px;"></div>
             <table>
@@ -497,7 +497,7 @@ class="ui-state-highlight ui-corner-all" id="div_maintenance">
             // SHow page with Items
             if (($_SESSION['user_admin'] != 1)
                 ||
-                ($_SESSION['user_admin'] == 1 && $k['admin_full_right'] === false)
+                ($_SESSION['user_admin'] == 1 && $SETTINGS_EXT['admin_full_right'] === false)
             ) {
                 include 'items.php';
             } else {
@@ -698,7 +698,7 @@ class="ui-state-error ui-corner-all">
     echo '
     <div id="footer">
         <div style="float:left;width:32%;">
-            <a href="http://teampass.net" target="_blank" style="color:#F0F0F0;">'.$k['tool_name'].'&nbsp;'.$k['version'].'&nbsp;<i class="fa fa-copyright"></i>&nbsp;'.$k['copyright'].'</a>
+            <a href="http://teampass.net" target="_blank" style="color:#F0F0F0;">'.$SETTINGS_EXT['tool_name'].'&nbsp;'.$SETTINGS_EXT['version'].'&nbsp;<i class="fa fa-copyright"></i>&nbsp;'.$SETTINGS_EXT['copyright'].'</a>
             &nbsp;|&nbsp;
             <a href="http://teampass.readthedocs.io/en/latest/" target="_blank" style="color:#F0F0F0;" class="tip" title="'.addslashes($LANG['documentation_canal']).' ReadTheDocs"><i class="fa fa-book"></i></a>
             &nbsp;

install/install.queries.php

@@ -355,7 +355,7 @@ function bCrypt($password, $cost)
                             array('admin', 'maintenance_mode', '1'),
                             array('admin', 'enable_sts', '0'),
                             array('admin', 'encryptClientServer', '1'),
-                            array('admin', 'cpassman_version', $k['version']),
+                            array('admin', 'cpassman_version', $SETTINGS_EXT['version']),
                             array('admin', 'ldap_mode', '0'),
                             array('admin', 'ldap_type', '0'),
                             array('admin', 'ldap_suffix', '0'),
@@ -980,7 +980,7 @@ function bCrypt($password, $cost)
                         $fh,
                         utf8_encode(
                             "<?php
-global \$lang, \$txt, \$k, \$pathTeampas, \$urlTeampass, \$pwComplexity, \$mngPages;
+global \$lang, \$txt, \$pathTeampas, \$urlTeampass, \$pwComplexity, \$mngPages;
 global \$server, \$user, \$pass, \$database, \$pre, \$db, \$port, \$encoding;
 
 ### DATABASE connexion parameters ###
@@ -997,7 +997,7 @@ function bCrypt($password, $cost)
 if (file_exists(\"".str_replace('\\', '/', $skFile)."\")) {
     require_once \"".str_replace('\\', '/', $skFile)."\";
 }
-?>"
+"
                         )
                     );
                     fclose($fh);

install/upgrade.php

@@ -482,7 +482,7 @@ function(data) {
                         Please select:&nbsp;<select id="no_key_selection">
                             <option value="false">-- select --</option>
                             <option value="no_previous_sk_sel">We have never used Teampass in an older version than 2.1.27(.x)</option>
-                            <option value="previous_sk_sel">We have user Teampass in an older version (example: 2.1.26)</option>
+                            <option value="previous_sk_sel">We have used Teampass in an older version (example: 2.1.26)</option>
                         </select>
                         <div id="previous_sk_div" style="display:none;">
                             <p>Please use the next field to enter the saltkey you used in previous version of Teampass. It can be retrieved by editing sk.php file (in case you are upgrading from a version older than 2.1.27) or a sk.php backup file (in case you are upgrading from 2.1.27).<br>
@@ -504,7 +504,7 @@ function(data) {
     echo '
                      <h3>Step 3 - Converting database to UTF-8</h3>';
 
-    if (version_compare($_POST['actual_cpm_version'], $k['version'], "<")) {
+    if (version_compare($_POST['actual_cpm_version'], $SETTINGS_EXT['version'], "<")) {
         echo '
             Notice that TeamPass is now only using UTF-8 charset.
             This step will convert the database to this charset.<br />
@@ -635,7 +635,7 @@ function(data) {
 echo '
     <div id="footer">
         <div style="width:500px;">
-            '.$k['tool_name'].' '.$k['version'].' &#169; copyright 2009-2016
+            '.$SETTINGS_EXT['tool_name'].' '.$SETTINGS_EXT['version'].' &#169; copyright 2009-2016
         </div>
         <div style="float:right;margin-top:-15px;">
         </div>

install/upgrade_ajax.php

@@ -730,7 +730,7 @@ function tableExists($tablename)
                     $fh,
                     utf8_encode(
                         "<?php
-global \$lang, \$txt, \$k, \$pathTeampas, \$urlTeampass, \$pwComplexity, \$mngPages;
+global \$lang, \$txt, \$pathTeampas, \$urlTeampass, \$pwComplexity, \$mngPages;
 global \$server, \$user, \$pass, \$database, \$pre, \$db, \$port, \$encoding;
 
 ### DATABASE connexion parameters ###
@@ -747,7 +747,8 @@ function tableExists($tablename)
 if (file_exists(\"".$skFile."\")) {
     require_once \"".$skFile."\";
 }
-@define('COST', '13'); // Don't change this."
+@define('COST', '13'); // Don't change this.
+"
                     )
                 );
 

install/upgrade_run_2.1.27.php

@@ -150,13 +150,13 @@ function cleanFields($txt)
 if (count($tmp[0]) === 0 || empty($tmp[0])) {
     mysqli_query(
         $dbTmp,
-        "INSERT INTO `".$_SESSION['pre']."misc` (`type`, `intitule`, `valeur`) VALUES ('admin', 'teampass_version', '".$k['version']."')"
+        "INSERT INTO `".$_SESSION['pre']."misc` (`type`, `intitule`, `valeur`) VALUES ('admin', 'teampass_version', '".$SETTINGS_EXT['version']."')"
     );
 } else {
     mysqli_query(
         $dbTmp,
         "UPDATE `".$_SESSION['pre']."misc`
-        SET `valeur` = '".$k['version']."'
+        SET `valeur` = '".$SETTINGS_EXT['version']."'
         WHERE intitule = 'teampass_version' AND type = 'admin'"
     );
 }

install/upgrade_run_db_original.php

@@ -163,7 +163,7 @@ function tableExists($tablename)
     array('admin', 'activate_expiration', '0', 0),
     array('admin', 'pw_life_duration', '30', 0),
     //array('admin', 'maintenance_mode','1',1),
-    array('admin', 'cpassman_version', $k['version'], 1),
+    array('admin', 'cpassman_version', $SETTINGS_EXT['version'], 1),
     array('admin', 'ldap_mode', '0', 0),
     array('admin', 'ldap_type', '0', 0),
     array('admin', 'ldap_suffix', '0', 0),

install/upgrade_run_defuse_for_files.php

@@ -93,7 +93,7 @@
 }
 
 // Prepare encryption options - with new KEY
-if (file_exists(SECUREPATH."/teampass-seckey.txt") && empty($SETTINGS['saltkey_ante_2127']) === false) {
+if (file_exists(SECUREPATH."/teampass-seckey.txt")) {
     // Prepare encryption options for Defuse
     $ascii_key = file_get_contents(SECUREPATH."/teampass-seckey.txt");
     $iv = substr(hash("md5", "iv".$ascii_key), 0, 8);
@@ -105,13 +105,25 @@
     $opts_encrypt = array('iv'=>$iv, 'key'=>$key);
 
     // Prepare encryption options - with old KEY
-    $iv = substr(md5("\x1B\x3C\x58".$SETTINGS['saltkey_ante_2127'], true), 0, 8);
-    $key = substr(
-        md5("\x2D\xFC\xD8".$SETTINGS['saltkey_ante_2127'], true).
-        md5("\x2D\xFC\xD9".$SETTINGS['saltkey_ante_2127'], true),
-        0,
-        24
-    );
+    if ($SETTINGS['saltkey_ante_2127'] !== "none" && empty($SETTINGS['saltkey_ante_2127']) === false) {
+        // Encoding option were set as this in Teampass version < 2.1.27
+        $iv = substr(md5("\x1B\x3C\x58".$SETTINGS['saltkey_ante_2127'], true), 0, 8);
+        $key = substr(
+            md5("\x2D\xFC\xD8".$SETTINGS['saltkey_ante_2127'], true).
+            md5("\x2D\xFC\xD9".$SETTINGS['saltkey_ante_2127'], true),
+            0,
+            24
+        );
+    } elseif (empty($SETTINGS['saltkey_ante_2127']) === true) {
+        // Encoding option were set as this in Teampass version = 2.1.27.0
+        $iv = substr(md5("\x1B\x3C\x58".$ascii_key, true), 0, 8);
+        $key = substr(
+            md5("\x2D\xFC\xD8".$ascii_key, true).
+            md5("\x2D\xFC\xD9".$ascii_key, true),
+            0,
+            24
+        );
+    }
     $opts_decrypt = array('iv'=>$iv, 'key'=>$key);
 
     while ($data = mysqli_fetch_array($rows)) {