mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-24 17:17:15 +01:00
* [BUG] Fixed error on saving passwords with special characters. Thanks to @chadrempp (Closes #30)
* [BUG] Fixed error on saving detected browser language after installing * [MOD] PHP version is verified on installation process * [MOD] Translations updates
This commit is contained in:
nuxsmin
14
CHANGELOG
14
CHANGELOG
@@ -1,3 +1,10 @@
|
||||
=== ** v1.0.8 ** ===
|
||||
|
||||
* [BUG] Corregido error al guardar claves con carácteres especiales
|
||||
* [BUG] Corregido error al guardar el idioma tras la instalación
|
||||
* [MOD] Verificación de versión de PHP en la instalación
|
||||
* [MOD] Actualización de traducciones
|
||||
|
||||
=== ** v1.0.7 ** ===
|
||||
|
||||
* [BUG] Corregido error en la selección del código de caráteres del lenguaje
|
||||
@@ -172,6 +179,13 @@
|
||||
|
||||
---
|
||||
|
||||
=== ** v1.0.8 ** ===
|
||||
|
||||
* [BUG] Fixed error on saving passwords with special characters. Thanks to @chadrempp
|
||||
* [BUG] Fixed error on saving detected browser language after installing
|
||||
* [MOD] PHP version is verified on installation process
|
||||
* [MOD] Translations updates
|
||||
|
||||
=== ** v1.0.7 ** ===
|
||||
|
||||
* [BUG] Fixed error on language charset selection
|
||||
|
||||
@@ -45,8 +45,8 @@ $frmSelCustomer = SP_Common::parseParams('p', 'customerId', 0);
|
||||
$frmNewCustomer = SP_Common::parseParams('p', 'customer_new');
|
||||
$frmName = SP_Common::parseParams('p', 'name');
|
||||
$frmLogin = SP_Common::parseParams('p', 'login');
|
||||
$frmPassword = SP_Common::parseParams('p', 'password');
|
||||
$frmPasswordV = SP_Common::parseParams('p', 'password2');
|
||||
$frmPassword = SP_Common::parseParams('p', 'password', '', false, false, false);
|
||||
$frmPasswordV = SP_Common::parseParams('p', 'password2', '', false, false, false);
|
||||
$frmCategoryId = SP_Common::parseParams('p', 'categoryId', 0);
|
||||
$frmUGroups = SP_Common::parseParams('p', 'ugroups');
|
||||
$frmNotes = SP_Common::parseParams('p', 'notice');
|
||||
|
||||
@@ -63,7 +63,7 @@ if ($frmAction == "config") {
|
||||
$frmLdapBase = SP_Common::parseParams('p', 'ldapbase');
|
||||
$frmLdapGroup = SP_Common::parseParams('p', 'ldapgroup');
|
||||
$frmLdapBindUser = SP_Common::parseParams('p', 'ldapbinduser');
|
||||
$frmLdapBindPass = SP_Common::parseParams('p', 'ldapbindpass');
|
||||
$frmLdapBindPass = SP_Common::parseParams('p', 'ldapbindpass', '', false, false, false);
|
||||
|
||||
$frmMailEnabled = SP_Common::parseParams('p', 'mailenabled', 0, FALSE, 1);
|
||||
$frmMailServer = SP_Common::parseParams('p', 'mailserver');
|
||||
@@ -133,9 +133,9 @@ if ($frmAction == "config") {
|
||||
|
||||
SP_Common::printXML(_('Configuración actualizada'), 0);
|
||||
} elseif ($frmAction == "crypt") {
|
||||
$currentMasterPass = SP_Common::parseParams('p', 'curMasterPwd');
|
||||
$newMasterPass = SP_Common::parseParams('p', 'newMasterPwd');
|
||||
$newMasterPassR = SP_Common::parseParams('p', 'newMasterPwdR');
|
||||
$currentMasterPass = SP_Common::parseParams('p', 'curMasterPwd', '', false, false, false);
|
||||
$newMasterPass = SP_Common::parseParams('p', 'newMasterPwd', '', false, false, false);
|
||||
$newMasterPassR = SP_Common::parseParams('p', 'newMasterPwdR', '', false, false, false);
|
||||
$confirmPassChange = SP_Common::parseParams('p', 'confirmPassChange', 0, FALSE, 1);
|
||||
$noAccountPassChange = SP_Common::parseParams('p', 'chkNoAccountChange', 0, FALSE, 1);
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ if ( ! SP_Common::parseParams('p', 'login', FALSE) ){
|
||||
}
|
||||
|
||||
$userLogin = SP_Common::parseParams('p', 'user');
|
||||
$userPass = SP_Common::parseParams('p', 'pass');
|
||||
$userPass = SP_Common::parseParams('p', 'pass', '', false, false, false);
|
||||
$masterPass = SP_Common::parseParams('p', 'mpass');
|
||||
|
||||
if ( ! $userLogin OR ! $userPass ){
|
||||
|
||||
@@ -55,8 +55,8 @@ if ($frmSaveType == 1 || $frmSaveType == 2) {
|
||||
$frmUsrGroup = SP_Common::parseParams('p', 'groupid', 0);
|
||||
$frmUsrEmail = SP_Common::parseParams('p', 'email');
|
||||
$frmUsrNotes = SP_Common::parseParams('p', 'notes');
|
||||
$frmUsrPass = SP_Common::parseParams('p', 'pass');
|
||||
$frmUsrPassV = SP_Common::parseParams('p', 'passv');
|
||||
$frmUsrPass = SP_Common::parseParams('p', 'pass', '', false, false, false);
|
||||
$frmUsrPassV = SP_Common::parseParams('p', 'passv', '', false, false, false);
|
||||
$frmAdminApp = SP_Common::parseParams('p', 'adminapp', 0, FALSE, 1);
|
||||
$frmAdminAcc = SP_Common::parseParams('p', 'adminacc', 0, FALSE, 1);
|
||||
$frmDisabled = SP_Common::parseParams('p', 'disabled', 0, FALSE, 1);
|
||||
|
||||
@@ -215,7 +215,7 @@ class SP_Common {
|
||||
* @param mixed $force opcional, valor devuelto si el parámeto está definido
|
||||
* @return boo|string si está presente el parámeto en la petición devuelve bool. Si lo está, devuelve el valor.
|
||||
*/
|
||||
public static function parseParams($method, $param, $default = '', $onlyCHeck = FALSE, $force = FALSE){
|
||||
public static function parseParams($method, $param, $default = '', $onlyCHeck = FALSE, $force = FALSE, $sanitize = TRUE){
|
||||
$out = '';
|
||||
|
||||
switch ($method){
|
||||
@@ -254,7 +254,7 @@ class SP_Common {
|
||||
}
|
||||
|
||||
if (is_string($out)){
|
||||
return ( $method != 's' ) ? SP_Html::sanitize($out) : $out;
|
||||
return ( $method != 's' && $sanitize === TRUE ) ? SP_Html::sanitize($out) : $out;
|
||||
}
|
||||
|
||||
if (is_array($out)){
|
||||
|
||||
@@ -391,7 +391,9 @@ class SP_Config{
|
||||
self::setValue('mailenabled', 0);
|
||||
self::setValue('wikienabled', 0);
|
||||
self::setValue('demoenabled', 0);
|
||||
|
||||
self::setValue('filesenabled', 1);
|
||||
self::setValue('checkupdates', 1);
|
||||
|
||||
self::setValue('allowed_exts', 'PDF,JPG,GIF,PNG,ODT,ODS,DOC,DOCX,XLS,XSL,VSD,TXT,CSV,BAK');
|
||||
self::setValue('allowed_size', 1024);
|
||||
self::setValue('wikisearchurl', '');
|
||||
@@ -404,7 +406,7 @@ class SP_Config{
|
||||
self::setValue('mailserver', '');
|
||||
self::setValue('mailfrom', '');
|
||||
self::setValue('wikifilter', '');
|
||||
self::setValue('sitelang', 'es_ES');
|
||||
self::setValue('sitelang', str_replace('.utf8','',SP_Init::$LANG));
|
||||
self::setValue('session_timeout', '300');
|
||||
self::setValue('account_link', 1);
|
||||
self::setValue('account_count', 10);
|
||||
|
||||
@@ -167,13 +167,13 @@ class DB {
|
||||
." WHERE table_schema='".SP_Config::getValue("dbname")."' "
|
||||
. "AND table_name = 'usrData';";
|
||||
|
||||
$resquery = self::$_db->query($query);
|
||||
$resQuery = self::$_db->query($query);
|
||||
|
||||
if( $resquery ) {
|
||||
$row = $resquery->fetch_row();
|
||||
if( $resQuery ) {
|
||||
$row = $resQuery->fetch_row();
|
||||
}
|
||||
|
||||
if( ! $resquery || $row[0] == 0) {
|
||||
if( ! $resQuery || $row[0] == 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
@@ -22,7 +22,8 @@
|
||||
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
$errors = SP_Util::checkModules();
|
||||
$modulesErrors = SP_Util::checkModules();
|
||||
$versionErrors = SP_Util::checkPhpVersion();
|
||||
$resInstall = array();
|
||||
$isCompleted = 0;
|
||||
|
||||
@@ -32,7 +33,7 @@ if (isset($_POST['install']) AND $_POST['install'] == 'true') {
|
||||
if (count($resInstall) == 0) {
|
||||
$resInstall[] = array('type' => 'ok',
|
||||
'description' => _('Instalación finalizada'),
|
||||
'hint' => 'Pulse <a href="index.php" title="Acceder"> aquí</a> para acceder');
|
||||
'hint' => _('Pulse <a href="index.php" title="Acceder">aquí</a> para acceder'));
|
||||
$isCompleted = 1;
|
||||
}
|
||||
}
|
||||
@@ -48,18 +49,20 @@ if (isset($_POST['install']) AND $_POST['install'] == 'true') {
|
||||
<input type="hidden" name="install" value="true" />
|
||||
|
||||
<?php
|
||||
$securityErrors = array();
|
||||
|
||||
if (@file_exists(__FILE__ . "\0Nullbyte")) {
|
||||
$errors[] = array('type' => 'warning',
|
||||
$securityErrors[] = array('type' => 'warning',
|
||||
'description' => _('La version de PHP es vulnerable al ataque NULL Byte (CVE-2006-7243)'),
|
||||
'hint' => _('Actualice la versión de PHP para usar sysPass de forma segura'));
|
||||
}
|
||||
if (!SP_Util::secureRNG_available()) {
|
||||
$errors[] = array('type' => 'warning',
|
||||
$securityErrors[] = array('type' => 'warning',
|
||||
'description' => _('No se encuentra el generador de números aleatorios.'),
|
||||
'hint' => _('Sin esta función un atacante puede utilizar su cuenta al resetear la clave'));
|
||||
}
|
||||
|
||||
$errors = array_merge($errors, $resInstall);
|
||||
$errors = array_merge($modulesErrors, $versionErrors, $securityErrors, $resInstall);
|
||||
|
||||
if (count($errors) > 0) {
|
||||
echo '<ul class="errors round">';
|
||||
@@ -78,22 +81,19 @@ if (count($errors) > 0) {
|
||||
|
||||
<?php if ($isCompleted == 0): ?>
|
||||
<fieldset id="adminaccount">
|
||||
<legend><?php echo _('Crear cuenta de admin'); ?></legend>
|
||||
<legend><?php echo _('Crear cuenta de admin sysPass'); ?></legend>
|
||||
<p>
|
||||
<input type="text" name="adminlogin" id="adminlogin" placeholder="<?php echo _('Usuario'); ?> " value="<?php echo SP_Util::init_var('adminlogin'); ?>" autocomplete="off" autofocus required />
|
||||
<img class="svg" src="<?php //p(image_path('', 'actions/user.svg')); ?>" alt="" />
|
||||
<input type="text" name="adminlogin" id="adminlogin" title="<?php echo _('Usuario'); ?>" placeholder="<?php echo _('Usuario'); ?> " value="<?php echo SP_Util::init_var('adminlogin'); ?>" autocomplete="off" autofocus required />
|
||||
</p>
|
||||
<p>
|
||||
<input type="password" name="adminpass" id="adminpass" placeholder="<?php echo _('Clave'); ?>" value="<?php echo SP_Util::init_var('adminpass'); ?>" required/>
|
||||
<img class="svg" id="adminpass-icon" src="<?php //print_unescaped(image_path('', 'actions/password.svg')); ?>" alt="" />
|
||||
<input type="password" name="adminpass" id="adminpass" title="<?php echo _('Clave'); ?>" placeholder="<?php echo _('Clave'); ?>" value="<?php echo SP_Util::init_var('adminpass'); ?>" required/>
|
||||
</p>
|
||||
</fieldset>
|
||||
|
||||
<fieldset id="masterpwd">
|
||||
<legend><?php echo _('Clave Maestra'); ?></legend>
|
||||
<p>
|
||||
<input type="password" name="masterpassword" id="masterpassword" placeholder="<?php echo _('Clave Maestra'); ?> " value="<?php echo SP_Util::init_var('masterpassword'); ?>" autocomplete="off" required />
|
||||
<img class="svg" src="<?php //p(image_path('', 'actions/user.svg')); ?>" alt="" />
|
||||
<input type="password" name="masterpassword" id="masterpassword" title="<?php echo _('Clave Maestra'); ?>" placeholder="<?php echo _('Clave Maestra'); ?> " value="<?php echo SP_Util::init_var('masterpassword'); ?>" autocomplete="off" required />
|
||||
</p>
|
||||
</fieldset>
|
||||
|
||||
@@ -102,16 +102,16 @@ if (count($errors) > 0) {
|
||||
<input type='hidden' id='hasMySQL' value='true'/>
|
||||
<input type="hidden" id="dbtype" name="dbtype" value="mysql" />
|
||||
<p>
|
||||
<input type="text" name="dbuser" id="dbuser" placeholder="<?php echo _('Usuario BBDD'); ?>" value="<?php echo SP_Util::init_var('dbuser', 'root'); ?>" autocomplete=off" required/>
|
||||
<input type="text" name="dbuser" id="dbuser" title="<?php echo _('Usuario administrador BBDD'); ?>" placeholder="<?php echo _('Usuario Admin BBDD'); ?>" value="<?php echo SP_Util::init_var('dbuser', 'root'); ?>" autocomplete=off" required/>
|
||||
</p>
|
||||
<p>
|
||||
<input type="password" name="dbpass" id="dbpass" placeholder="<?php echo _('Clave BBDD'); ?>" value="<?php echo SP_Util::init_var('dbpass'); ?>" required/>
|
||||
<input type="password" name="dbpass" id="dbpass" title="<?php echo _('Clave administrador BBDD'); ?>" placeholder="<?php echo _('Clave BBDD'); ?>" value="<?php echo SP_Util::init_var('dbpass'); ?>" required/>
|
||||
</p>
|
||||
<p>
|
||||
<input type="text" name="dbname" id="dbname" placeholder="<?php echo _('Nombre BBDD'); ?>" value="<?php echo SP_Util::init_var('dbname', 'syspass'); ?>" autocomplete=off" pattern="[0-9a-zA-Z$_-]+" />
|
||||
<input type="text" name="dbname" id="dbname" title="<?php echo _('Nombre BBDD'); ?>" placeholder="<?php echo _('Nombre BBDD'); ?>" value="<?php echo SP_Util::init_var('dbname', 'syspass'); ?>" autocomplete=off" pattern="[0-9a-zA-Z$_-]+" />
|
||||
</p>
|
||||
<p>
|
||||
<input type="text" name="dbhost" id="dbhost" placeholder="<?php echo _('Servidor BBDD'); ?>" value="<?php echo SP_Util::init_var('dbhost', 'localhost'); ?>" />
|
||||
<input type="text" name="dbhost" id="dbhost" title="<?php echo _('Servidor BBDD'); ?>" placeholder="<?php echo _('Servidor BBDD'); ?>" value="<?php echo SP_Util::init_var('dbhost', 'localhost'); ?>" />
|
||||
</p>
|
||||
<p>
|
||||
<label for="hostingmode"><?php echo _('Modo Hosting'); ?></label>
|
||||
|
||||
@@ -37,11 +37,11 @@ defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'
|
||||
<?php if ( SP_Config::getValue("demoenabled",0) ): ?>
|
||||
<input type="text" name="user" id="user" placeholder="<?php echo _('Usuario'); ?>" value="" title="> demo <"/><br />
|
||||
<input type="password" name="pass" id="pass" placeholder="<?php echo _('Clave'); ?>" value="" title="> syspass <"/><br />
|
||||
<span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave maestra'); ?>" value="" title="> 01234567890 <" disabled/><br /></span>
|
||||
<span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave Maestra'); ?>" value="" title="> 01234567890 <" disabled/><br /></span>
|
||||
<?php else: ?>
|
||||
<input type="text" name="user" id="user" placeholder="<?php echo _('Usuario'); ?>" value="" /><br />
|
||||
<input type="password" name="pass" id="pass" placeholder="<?php echo _('Clave'); ?>" value="" /><br />
|
||||
<span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave maestra'); ?>" value="" disabled/><br /></span>
|
||||
<span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave Maestra'); ?>" value="" disabled/><br /></span>
|
||||
<?php endif; ?>
|
||||
|
||||
<input id="btnLogin" type="image" src="imgs/login.png" name="login" title="<?php echo _('Acceder') ?>" />
|
||||
|
||||
@@ -99,15 +99,18 @@ class SP_Util {
|
||||
* @return bool
|
||||
*/
|
||||
public static function checkPhpVersion(){
|
||||
preg_match("/(^\d\.\d)\..*/",PHP_VERSION, $version);
|
||||
$error = array();
|
||||
|
||||
if ( $version[1] >= 5.1 ){
|
||||
$this->printMsg(_('Versión PHP')." '".$version[0]."'");
|
||||
return TRUE;
|
||||
} else {
|
||||
$this->printMsg(_('Versión PHP')." '".$version[0]."'", 1);
|
||||
return FALSE;
|
||||
}
|
||||
$version = explode('.', PHP_VERSION);
|
||||
$versionId = ($version[0] * 10000 + $version[1] * 100 + $version[2]);
|
||||
|
||||
if ( $versionId < 50100 ){
|
||||
$error[] = array('type' => 'critical',
|
||||
'description' => _('Versión de PHP requerida >= 5.1'),
|
||||
'hint' => _('Actualice la versión de PHP para que la aplicación funcione correctamente'));
|
||||
}
|
||||
|
||||
return $error;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -169,7 +172,7 @@ class SP_Util {
|
||||
* @return array con el número de versión
|
||||
*/
|
||||
public static function getVersion() {
|
||||
return array(1, 00, 07);
|
||||
return array(1, 0, 8);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -177,7 +180,7 @@ class SP_Util {
|
||||
* @return string con la versión
|
||||
*/
|
||||
public static function getVersionString() {
|
||||
return '1.0-7';
|
||||
return '1.0-8';
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -224,9 +227,6 @@ class SP_Util {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
if ( is_array($pubVer) && SP_Init::isLoggedIn() ){
|
||||
$appVersion = implode('',self::getVersion());
|
||||
$pubVersion = $pubVer[1].$pubVer[2].$pubVer[3];
|
||||
@@ -264,4 +264,4 @@ class SP_Util {
|
||||
echo '<script>doLogout();</script>';
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user