Skip to content

Commit

Permalink
Merge branch 'development'
Browse files Browse the repository at this point in the history
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Jul 18, 2016
2 parents 95bc951 + 7246bce commit fe2c4ca
Show file tree
Hide file tree
Showing 11 changed files with 63 additions and 47 deletions.
12 changes: 6 additions & 6 deletions admin.settings.load.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,9 +252,9 @@ function(data) {
$("#restore_bck_encryption_key_dialog").dialog("close");
$("#result_admin_action_db_restore").html("<img src='includes/images/tick.png' alt='' />");
$("#result_admin_action_db_restore_get_file").hide();
//deconnect user
$("#menu_action").val("deconnexion");
document.main_form.submit();
//deconnect userd
sessionStorage.clear();
window.location.href = "logout.php"
} else if (data[0].result == "cache_reload") {
$("#result_admin_action_reload_cache_table").html("<img src='includes/images/tick.png' alt='' />");
} else if (data[0].result == "db_optimize") {
Expand All @@ -267,7 +267,7 @@ function(data) {
//deconnect user
$("#menu_action").val("deconnexion");
sessionStorage.clear();
document.main_form.submit();
window.location.href = "logout.php"
} else if (data[0].result == "email_test_conf" || data[0].result == "admin_email_send_backlog") {
if (data[0].error != "") {
$("#email_testing_results").html("<?php echo addslashes($LANG['admin_email_result_nok']);?>&nbsp;"+data[0].message).show().attr("class","ui-state-error ui-corner-all");
Expand Down Expand Up @@ -684,8 +684,8 @@ function(data) {
bgiframe: true,
modal: true,
autoOpen: false,
width:100,
height:140,
width:250,
height:150,
title: "<?php echo $LANG['admin_action_db_restore_key'];?>",
buttons: {
"<?php echo $LANG['ok'];?>": function() {
Expand Down
5 changes: 5 additions & 0 deletions changelog.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
Last changes
2.1.26
#1386 JSON parse failed (history item view)
#1381 LDAP user have unlimited access on first logon
#1380 CSV or KeePass Import - Title as "0"
#1369 Cannot save some settings
#1361 Duo prevents the ability to add/edit items
#1353 Add ldap_start_tls if set
#1346 On upgrade settings.php not found
#1345 Admin, password change and logoff not working
#1344 Wrap all non-GROUP BY columns in an aggregate function (MIN)
#1342 Change my password screen loop
#1340 Upgrade process last step
#1335 This page doesn't exist
Expand All @@ -24,6 +28,7 @@ Last changes
#1292 SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
#1284 fix for can_manage_all_users update during upgrade
#1279 SyntaxError: Unexpected token î in JSON at position 0
#1278 CSRFProtector protection while restoring a backup file
#1276 MySQL 5.7 query error
#1269 Typo error
#1263 Error at line 75 in suggestion page
Expand Down
2 changes: 1 addition & 1 deletion install/install.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -539,7 +539,7 @@ function chmod_r($dir, $dirPermissions, $filePermissions) {
$mysqli_result = mysqli_query($dbTmp,
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."cache` (
`id` int(12) NOT NULL,
`label` varchar(250) NOT NULL,
`label` varchar(500) NOT NULL,
`description` text NOT NULL,
`tags` text DEFAULT NULL,
`id_tree` int(12) NOT NULL,
Expand Down
7 changes: 3 additions & 4 deletions items.load.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2845,11 +2845,10 @@ function(data) {
return;
}

if (data[0].error === "") {
$("#item_history_log").html(data[0].new_html);
if (data.error === "") {
$("#item_history_log").html(data.new_html);
}
},
"json"
}
);
}
});
Expand Down
2 changes: 1 addition & 1 deletion load.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ function(data) {
function (){
window.location.href="index.php"
},
3000
2000
);
} else if (data[0].value == "false_onetimepw") {
$("#connection_error").html("'.$LANG['bad_onetime_password'].'").show();
Expand Down
14 changes: 7 additions & 7 deletions otv.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
intval($_GET['code'])
);
if (
$data['timestamp'] == $_GET['stamp']
$data['timestamp'] == intval($_GET['stamp'])
) {
// otv is too old
if ($data['timestamp'] < ( time() - ($_SESSION['settings']['otv_expiration_period'] * 86400))) {
Expand All @@ -65,7 +65,7 @@

// get data
$pw = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt");

echo $dataItem['pw']. " ;; ".SALT." ;; ". $dataItem['pw_iv']. " ;; ".$pw['string'] ;
$label = $dataItem['label'];
$email = $dataItem['email'];
$url = $dataItem['url'];
Expand All @@ -77,11 +77,11 @@
"<div style='font-size:20px;font-weight:bold;'>Welcome to One-Time item view page.</div>".
"<div style='font-style:italic;'>Here are the details of the Item that has been shared to you</div>".
"<div style='margin-top:10px;'><table>".
"<tr><td>Label:</td><td>" . $label . "</td</tr>".
"<tr><td>Password:</td><td>" . $pw['string'] . "</td</tr>".
"<tr><td>Description:</td><td>" . $description . "</td</tr>".
"<tr><td>login:</td><td>" . $login . "</td</tr>".
"<tr><td>URL:</td><td>" . $url ."</td</tr>".
"<tr><td>Label:</td><td>" . $label . "</td></tr>".
"<tr><td>Password:</td><td>" . $pw['string'] . "</td></tr>".
"<tr><td>Description:</td><td>" . $description . "</td></tr>".
"<tr><td>login:</td><td>" . $login . "</td></tr>".
"<tr><td>URL:</td><td>" . $url ."</td></tr>".
"</table></div>".
"<div style='margin-top:30px;'>Copy carefully the data you need. This page is only visible once.</div>".
"</div>";
Expand Down
2 changes: 1 addition & 1 deletion sources/admin.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@
if (isset($row[$j])) {
$return.= '"'.$row[$j].'"';
} else {
$return.= '""';
$return.= 'NULL';
}
if ($j<($numFields-1)) {
$return.= ',';
Expand Down
8 changes: 4 additions & 4 deletions sources/import.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,7 +256,7 @@ function sanitiseString($str, $crLFReplacement) {
DB::insert(
prefix_table("items"),
array(
'label' => substr($item[0], 500),
'label' => substr($item[0], 0, 500),
'description' => $item[4],
'pw' => $encrypt['string'],
'pw_iv' => $encrypt['iv'],
Expand Down Expand Up @@ -303,7 +303,7 @@ function sanitiseString($str, $crLFReplacement) {
prefix_table("cache"),
array(
'id' => $newId,
'label' => substr($item[0], 500),
'label' => substr($item[0], 0, 500),
'description' => $item[4],
'id_tree' => $_POST['folder'],
'perso' => $personalFolder == 0 ? 0 : 1,
Expand Down Expand Up @@ -847,7 +847,7 @@ function recursiveKeepassXML($xmlRoot, $xmlLevel = 0)
DB::insert(
prefix_table("items"),
array(
'label' => substr(stripslashes($item[KP_TITLE]), 500),
'label' => substr(stripslashes($item[KP_TITLE]), 0, 500),
'description' => stripslashes(str_replace($lineEndSeparator, '<br />', $item[KP_NOTES])),
'pw' => $encrypt['string'],
'pw_iv' => $encrypt['iv'],
Expand Down Expand Up @@ -889,7 +889,7 @@ function recursiveKeepassXML($xmlRoot, $xmlLevel = 0)
prefix_table("cache"),
array(
'id' => $newId,
'label' => substr(stripslashes($item[KP_TITLE]), 500),
'label' => substr(stripslashes($item[KP_TITLE]), 0, 500),
'description' => stripslashes(str_replace($lineEndSeparator, '<br />', $item[KP_NOTES])),
'id_tree' => $folderId,
'perso' => $personalFolder == 0 ? 0 : 1,
Expand Down
53 changes: 33 additions & 20 deletions sources/items.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1743,12 +1743,12 @@
mysqli_real_escape_string($link, filter_var($items_to_display_once, FILTER_SANITIZE_NUMBER_INT));

$rows = DB::query(
"SELECT i.id AS id, i.restricted_to AS restricted_to, i.perso AS perso,
i.label AS label, i.description AS description, i.pw AS pw, i.login AS login,
i.pw_iv AS pw_iv,
i.anyone_can_modify AS anyone_can_modify, l.date AS date,
n.renewal_period AS renewal_period,
l.action AS log_action, l.id_user AS log_user
"SELECT i.id AS id, MIN(i.restricted_to) AS restricted_to, MIN(i.perso) AS perso,
MIN(i.label) AS label, MIN(i.description) AS description, MIN(i.pw) AS pw, MIN(i.login) AS login,
MIN(i.pw_iv) AS pw_iv,
MIN(i.anyone_can_modify) AS anyone_can_modify, l.date AS date,
MIN(n.renewal_period) AS renewal_period,
MIN(l.action) AS log_action, l.id_user AS log_user
FROM ".prefix_table("items")." AS i
INNER JOIN ".prefix_table("nested_tree")." AS n ON (i.id_tree = n.id)
INNER JOIN ".prefix_table("log_items")." AS l ON (i.id = l.id_item)
Expand All @@ -1762,12 +1762,12 @@
$where->add('i.inactif=%i',0);

$rows = DB::query(
"SELECT i.id AS id, i.restricted_to AS restricted_to, i.perso AS perso,
i.label AS label, i.description AS description, i.pw AS pw, i.login AS login,
i.pw_iv AS pw_iv,
i.anyone_can_modify AS anyone_can_modify,l.date AS date,
n.renewal_period AS renewal_period,
l.action AS log_action, l.id_user AS log_user
"SELECT i.id AS id, MIN(i.restricted_to) AS restricted_to, MIN(i.perso) AS perso,
MIN(i.label) AS label, MIN(i.description) AS description, MIN(i.pw) AS pw, MIN(i.login) AS login,
MIN(i.pw_iv) AS pw_iv,
MIN(i.anyone_can_modify) AS anyone_can_modify,l.date AS date,
MIN(n.renewal_period) AS renewal_period,
MIN(l.action) AS log_action, l.id_user AS log_user
FROM ".prefix_table("items")." AS i
INNER JOIN ".prefix_table("nested_tree")." AS n ON (i.id_tree = n.id)
INNER JOIN ".prefix_table("log_items")." AS l ON (i.id = l.id_item)
Expand Down Expand Up @@ -2706,7 +2706,7 @@
}

// generate session
$otv_code = bin2hex(PHP_Crypt::createKey(PHP_Crypt::RAND, 16));
$otv_code = GenerateCryptKey(32, false, true, true, true, false);

DB::insert(
prefix_table("otv"),
Expand Down Expand Up @@ -3106,8 +3106,16 @@
// Prepare variables
$id = noHTML(htmlspecialchars_decode($dataReceived['id']));

// get item info
$dataItem = DB::queryFirstRow(
"SELECT *
FROM ".prefix_table("items")."
WHERE id=%i",
$id
);

// get item history
$history = '<table style="background-color:#D4D5D5; margin:0px; width:100%;">';
$history = '<table style="margin:0px; width:100%; border-collapse: collapse; background-color:#D4D5D5;" cellspacing="0" cellpadding="1">';
$rows = DB::query(
"SELECT l.date as date, l.action as action, l.raison as raison, l.raison_iv AS raison_iv,
u.login as login, u.avatar_thumb as avatar_thumb
Expand Down Expand Up @@ -3140,17 +3148,22 @@

if (!empty($reason[1]) || $record['action'] == "at_copy" || $record['action'] == "at_creation" || $record['action'] == "at_manual" || $record['action'] == "at_modification" || $record['action'] == "at_delete" || $record['action'] == "at_restored") {
$avatar = isset($record['avatar_thumb']) && !empty($record['avatar_thumb']) ? $_SESSION['settings']['cpassman_url'].'/includes/avatars/'.$record['avatar_thumb'] : $_SESSION['settings']['cpassman_url'].'/includes/images/photo.jpg';
$history .= '<tr style="padding:1px;">'.
$history .= '<tr style="">'.
'<td rowspan="2" style="width:40px;"><img src="'.$avatar.'" style="border-radius:20px; height:35px;"></td>'.
'<td colspan="2" style="font-size:11px;"><i>'.$LANG['by'].' '.$record['login'].' '.$LANG['at'].' '.date($_SESSION['settings']['date_format']." ".$_SESSION['settings']['time_format'], $record['date']).'</i></td></tr>'.
'<tr style="border-bottom:1px solid;"><td style="width:100px;"><b>'.$LANG[$record['action']].'</b></td>'.
'<td>'.(!empty($record['raison']) ? (count($reason) > 1 ? $LANG[trim($reason[0])].' : '.$reason[1] : ($record['action'] == "at_manual" ? $reason[0] : $LANG[trim($reason[0])])):'').'</td>'.
'</tr>';
'<td colspan="2" style="font-size:11px;"><i>'.$LANG['by'].' '.$record['login'].' '.$LANG['at'].' '.date($_SESSION['settings']['date_format'].' '.$_SESSION['settings']['time_format'], $record['date']).'</i></td></tr>'.
'<tr style="border-bottom:3px solid #C9C9C9;"><td style="width:100px;"><b>'.$LANG[$record['action']].'</b></td>'.
'<td style="">'.(!empty($record['raison']) ? (count($reason) > 1 ? $LANG[trim($reason[0])].' : '.$reason[1] : ($record['action'] == "at_manual" ? $reason[0] : $LANG[trim($reason[0])])):'').'</td>'.
'</tr>'.
'<tr></tr>';
}
}
$history .= "</table>";

$data = '[{"error" : "" , "new_html" : "'.addslashes($history).'"}]';
$data = array(
'error' => "",
'new_html' => $history
);

// send data
echo prepareExchangedData($data, "encode");

Expand Down
4 changes: 2 additions & 2 deletions sources/main.functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -626,6 +626,7 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi
array_push($allowedFolders, $id);
}
}

// Clean array
$listAllowedFolders = array_filter(array_unique($allowedFolders));
// Exclude all PF
Expand Down Expand Up @@ -659,7 +660,7 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi
if (!in_array($pf['id'], $listAllowedFolders)) {
array_push($_SESSION['personal_folders'], $pf['id']);
// get all descendants
$ids = $tree->getDescendants($pf['id'], true);
$ids = $tree->getDescendants($pf['id'], true, true);
foreach ($ids as $id) {
array_push($listAllowedFolders, $id->id);
array_push($_SESSION['personal_visible_groups'], $id->id);
Expand Down Expand Up @@ -705,7 +706,6 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi
}
}


$_SESSION['all_non_personal_folders'] = $listAllowedFolders;
$_SESSION['groupes_visibles'] = $listAllowedFolders;
$_SESSION['groupes_visibles_list'] = implode(',', $listAllowedFolders);
Expand Down
1 change: 0 additions & 1 deletion sources/tree.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,6 @@ function buildNodeTree($nodeId)
{
global $ret_json, $listFoldersLimitedKeys, $listRestrictedFoldersForItemsKeys, $tree, $LANG, $last_visible_parent, $last_visible_parent_level;


// Be sure that user can only see folders he/she is allowed to
if (
!in_array($nodeId, $_SESSION['forbiden_pfs'])
Expand Down

0 comments on commit fe2c4ca

Please sign in to comment.