2.1.27

Fix for #1965, #1961

changelog.md

@@ -15,7 +15,9 @@
  Improved the possibility to define the access level on Roles when creating new folder
  Added filter in Roles
  New: confirm deletion of attachment
+ #1965 Login credentials do not correspond (json_decode issue)
  #1964 Make email field in new LDAP user insertion null safe
+ #1961 After fresh installation the index.php shows random string
  #1956 Warning appears on Category and API pages in admin mode
  #1947 Dependency & array update in install checks
  #1945 Cannot delete items

install/install.queries.php

@@ -114,7 +114,7 @@ function encryptFollowingDefuse($message, $ascii_key)
 
 // Prepare POST variables
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_activity = filter_input(INPUT_POST, 'activity', FILTER_SANITIZE_STRING);
 $post_task = filter_input(INPUT_POST, 'task', FILTER_SANITIZE_STRING);
 $post_index = filter_input(INPUT_POST, 'index', FILTER_SANITIZE_NUMBER_INT);
@@ -368,7 +368,7 @@ function encryptFollowingDefuse($message, $ascii_key)
                             `type` varchar(50) NOT NULL,
                             `intitule` varchar(100) NOT NULL,
                             `valeur` varchar(500) NOT NULL,
-                            PRIMARY KEY (`id`)
+                            PRIMARY KEY (`increment_id`)
                             ) CHARSET=utf8;"
                         );
 

install/upgrade_ajax.php

@@ -51,7 +51,7 @@
 
 // Prepare POST variables
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_index = filter_input(INPUT_POST, 'index', FILTER_SANITIZE_NUMBER_INT);
 $post_multiple = filter_input(INPUT_POST, 'multiple', FILTER_SANITIZE_STRING);
 $post_login = filter_input(INPUT_POST, 'login', FILTER_SANITIZE_STRING);
@@ -835,13 +835,13 @@ function tableExists($tablename)
                     echo 'document.getElementById("step5_skFile").innerHTML = '.
                         '"<img src=\"images/tick.png\">";';
                 }
-                
+
                 // Mark a tag to force Install stuff (folders, files and table) to be cleanup while first login
                 mysqli_query(
                     $db_link,
                     "INSERT INTO `".$pre."misc` (`type`, `intitule`, `valeur`) VALUES ('install', 'clear_install_folder', 'true')"
                 );
-            
+
 
                 //Finished
                 if ($result1 !== false

install/upgrade_run_2.1.27.php

@@ -198,7 +198,7 @@ function cleanFields($txt)
     $res = addColumnIfNotExist(
         $pre."misc",
         "increment_id",
-        "INT(12) NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`id`)"
+        "INT(12) NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`increment_id`)"
     );
 }
 

sources/admin.queries.php

@@ -78,7 +78,7 @@
 
 // Prepare POST variables
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
 $post_session_key = filter_input(INPUT_POST, 'session_key', FILTER_SANITIZE_STRING);
 $post_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);

sources/categories.queries.php

@@ -67,7 +67,7 @@
 $post_field_title = filter_input(INPUT_POST, 'field_title', FILTER_SANITIZE_STRING);
 $post_field_type = filter_input(INPUT_POST, 'field_type', FILTER_SANITIZE_STRING);
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
 $post_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
 

sources/folders.queries.php

@@ -342,7 +342,7 @@
                 break;
             }
             //decrypt and retreive data in JSON format
-            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING), "decode");
+            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), "decode");
             $error = "";
             $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
             $folderForDel = array();
@@ -431,7 +431,7 @@
             $error = $newId = $droplist = "";
 
             //decrypt and retreive data in JSON format
-            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING), "decode");
+            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), "decode");
 
             //Prepare variables
             $title = filter_var(htmlspecialchars_decode($dataReceived['title']), FILTER_SANITIZE_STRING);
@@ -659,7 +659,7 @@
             $error = $droplist = "";
 
             //decrypt and retreive data in JSON format
-            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING), "decode");
+            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), "decode");
 
             //Prepare variables
             $title = filter_var(htmlspecialchars_decode($dataReceived['title']), FILTER_SANITIZE_STRING);
@@ -958,7 +958,7 @@
             }
 
             //decrypt and retreive data in JSON format
-            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING), "decode");
+            $dataReceived = prepareExchangedData(filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), "decode");
 
             //Prepare variables
             $source_folder_id = htmlspecialchars_decode($dataReceived['source_folder_id']);

sources/identify.php

@@ -47,7 +47,7 @@
 $post_login = filter_input(INPUT_POST, 'login', FILTER_SANITIZE_STRING);
 $post_sig_response = filter_input(INPUT_POST, 'sig_response', FILTER_SANITIZE_STRING);
 $post_cardid = filter_input(INPUT_POST, 'cardid', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
 
 if ($post_type === "identify_duo_user") {

sources/import.queries.php

@@ -264,7 +264,7 @@ function sanitiseString($str, $crLFReplacement)
     case "import_items":
         //decrypt and retreive data in JSON format
         $dataReceived = (Encryption\Crypt\aesctr::decrypt(
-            filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+            filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
             $_SESSION['key'],
             256
         ));

sources/items.queries.php

@@ -93,7 +93,7 @@
 // Prepare POST variables
 $post_page = filter_input(INPUT_POST, 'page', FILTER_SANITIZE_STRING);
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
 $post_label = filter_input(INPUT_POST, 'label', FILTER_SANITIZE_STRING);
 $post_status = filter_input(INPUT_POST, 'status', FILTER_SANITIZE_STRING);

sources/kb.queries.php

@@ -74,7 +74,7 @@ function utf8Urldecode($value)
 
 // Prepare POST variables
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
 
 // Construction de la requéte en fonction du type de valeur

sources/main.queries.php

@@ -47,7 +47,7 @@
     exit();
 } elseif ((isset($_SESSION['user_id']) && isset($_SESSION['key'])) ||
     (isset($post_type) && $post_type === "change_user_language"
-        && null !== filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING))
+        && null !== filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES))
 ) {
     // continue
     mainQuery();
@@ -93,7 +93,7 @@ function mainQuery()
         case "change_pw":
             // decrypt and retreive data in JSON format
             $dataReceived = prepareExchangedData(
-                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                 "decode"
             );
 
@@ -319,7 +319,7 @@ function mainQuery()
             ) {
                 // decrypt and retreive data in JSON format
                 $dataReceived = prepareExchangedData(
-                    filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                    filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                     "decode"
                 );
                 // Prepare variables
@@ -482,7 +482,7 @@ function mainQuery()
         case "generate_new_password":
             // decrypt and retreive data in JSON format
             $dataReceived = prepareExchangedData(
-                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                 "decode"
             );
 
@@ -555,7 +555,7 @@ function mainQuery()
         case "store_personal_saltkey":
             $err = "";
             $dataReceived = prepareExchangedData(
-                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                 "decode"
             );
 
@@ -760,7 +760,7 @@ function mainQuery()
             if (!empty($_SESSION['user_id'])) {
                 // decrypt and retreive data in JSON format
                 $dataReceived = prepareExchangedData(
-                    filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                    filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                     "decode"
                 );
                 // Prepare variables
@@ -1187,7 +1187,7 @@ function mainQuery()
                 //permits to test only once by session
                 $_SESSION['temporary']['send_stats_done'] = true;
                 $SETTINGS['send_stats_time'] = time();
-        
+
                 // save change in config file
                 handleConfigFile("update", 'send_stats_time', $SETTINGS['send_stats_time']);
 

sources/suggestion.queries.php

@@ -80,7 +80,7 @@
 
 // Prepare POST variables
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
 $post_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
 $post_folder_id = filter_input(INPUT_POST, 'folder_id', FILTER_SANITIZE_NUMBER_INT);

sources/users.queries.php

@@ -89,7 +89,7 @@
             }
             // decrypt and retreive data in JSON format
             $dataReceived = prepareExchangedData(
-                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                 "decode"
             );
 
@@ -772,7 +772,7 @@
         case "migrate_admin_pf":
             // decrypt and retreive data in JSON format
             $dataReceived = prepareExchangedData(
-                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                 "decode"
             );
             // Prepare variables
@@ -1122,7 +1122,7 @@
 
             // decrypt and retreive data in JSON format
             $dataReceived = prepareExchangedData(
-                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING),
+                filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES),
                 "decode"
             );
 

sources/utils.queries.php

@@ -48,7 +48,7 @@
 
 // Prepare POST variables
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
+$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_STRING);
 $post_id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
 $post_freq = filter_input(INPUT_POST, 'freq', FILTER_SANITIZE_NUMBER_INT);
@@ -413,7 +413,7 @@
                 WHERE id=%i",
                 $dataReceived['currentId']
             );
-            
+
             // encrypt new password
             $encrypt = cryption(
                 $dataReceived['new_pwd'],