Login credentials do not correspond (json_decode issue)

[GTSLiDe]

Steps to reproduce

1. Upgrade from 2.1.27.7 to 2.1.27.9
2. Login using admin account
3. Receive the error message "Login credentials do not correspond!"

Expected behaviour

The system should logs you in

Actual behaviour

Receive the error message "Login credentials do not correspond!"

Server configuration

Operating system:
CentOS and MacOS

Web server:
Apache2

Database:
MYSQL 5.6.35

PHP version:
5.6.31

Teampass version:
2.1.27.9

Teampass configuration file:

Updated from an older Teampass or fresh install:
PLEASE attach to this message the file /includes/config/tp.config.php.

Client configuration

Browser:
Chrome, Safari and Firefox
Operating system:
MacOS and CentOS

Logs

Web server error log

Insert your webserver log here

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.

After an upgrade from 2.1.27.7 to 2.1.27.9, I was not able to login again.
After much troubleshooting I found that this code:
$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING);
in /sources/identify.php line 50, converted the array data to unreadable array which cause json_decode not able to decode it back and instead returning null.

var_dump($_POST['data']) output:
string(167) "{"login":"admin" , "pw":"admin" , "duree_session":"1000" , "screenHeight":"785" , "randomstring":"OviEU7mU9K" , "TimezoneOffset":"21600", "GACode":"" , "client":""}"

However, $post_data becomes unreadable array:

var_dump($post_data) output:

string(295) "{"login":"admin" , "pw":"admin" , "duree_session":"1000" , "screenHeight":"785" , "randomstring":"OviEU7mU9K" , "TimezoneOffset":"21600", "GACode":"" , "client":""}"

Looks like filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING); converts the " to ".

In order to fix this, I had to convert the quotes in $data variable in prepareExchangedData function in sources/main.functions.php line 1311:
$data = stripslashes(html_entity_decode($data));

Does anyone having this issue or is able to reproduce this issue on their side?

[nilsteampassnet]

Thank you for reporting with this good analysis.
This helps a lot.

To prevent doing several changes, the most optimized way to adapt is to add the filter FILTER_FLAG_NO_ENCODE_QUOTES to the filter_input command.

I will commit the fix today.

[nilsteampassnet]

Please use new 2.1.27.9 package by over-writing existing files.