3.0.10

Getting rid of some $_SESSION vars
nilsteampassnet · Nov 13, 2023 · 429b093 · 429b093
1 parent 2a48581
commit 429b093
Show file tree

Hide file tree

Showing 80 changed files with 159 additions and 151 deletions.
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -0,0 +1,8 @@
+exclude_patterns:
+- "vendor/**"
+- "plugins/**"
+- "includes/libraries/cryptojs/**"
+- "includes/libraries/csrfp/**"
+- "includes/libraries/ezimuel/**"
+- "includes/libraries/plupload/**"
+- "includes/libraries/yubico/**"
diff --git a/includes/config/include.php b/includes/config/include.php
@@ -17,7 +17,7 @@
  */
 define('TP_VERSION', '3.0.10');
 define("UPGRADE_MIN_DATE", "1697990713");
-define('TP_VERSION_MINOR', '123');
+define('TP_VERSION_MINOR', '124');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);

diff --git a/index.php b/index.php
@@ -174,7 +174,7 @@
 if (file_exists($SETTINGS['cpassman_dir'] . '/includes/language/' . $session_user_language . '.php') === true) {
     $_SESSION['teampass']['lang'] = include $SETTINGS['cpassman_dir'] . '/includes/language/' . $session_user_language . '.php';
 } else {
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     //not allowed page
     include $SETTINGS['cpassman_dir'] . '/error.php';
 }
@@ -960,7 +960,7 @@
                         } elseif ((int) $session_user_admin === 1) {
                             include $SETTINGS['cpassman_dir'] . '/pages/admin.php';
                         } else {
-                            $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+                            $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
                             //not allowed page
                             include $SETTINGS['cpassman_dir'] . '/error.php';
                         }
@@ -974,12 +974,12 @@
                             ) {
                                 //include $SETTINGS['cpassman_dir'] . '/pages/' . $mngPages[$_GET['page']];
                             } else {
-                                $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+                                $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
                                 //not allowed page
                                 include $SETTINGS['cpassman_dir'] . '/error.php';
                             }
                         } else {
-                            $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+                            $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
                             //not allowed page
                             include $SETTINGS['cpassman_dir'] . '/error.php';
                         }

diff --git a/install/libs/aesctr.php b/install/libs/aesctr.php
@@ -12,10 +12,10 @@ class Aes
     /**
      * AES Cipher function: encrypt 'input' with Rijndael algorithm
      *
-     * @param input message as byte-array (16 bytes)
-     * @param w     key schedule as 2D byte-array (Nr+1 x Nb bytes) -
+     * @param $input message as byte-array (16 bytes)
+     * @param $w     key schedule as 2D byte-array (Nr+1 x Nb bytes) -
      *              generated from the cipher key by keyExpansion()
-     * @return ciphertext as byte-array (16 bytes)
+     * @return $ciphertext as byte-array (16 bytes)
      */
     public static function cipher($input, $w)
     {
@@ -125,8 +125,8 @@ private static function mixColumns($s, $Nb)
      * Key expansion for Rijndael cipher(): performs key expansion on cipher key
      * to generate a key schedule
      *
-     * @param key cipher key byte-array (16 bytes)
-     * @return key schedule as 2D byte-array (Nr+1 x Nb bytes)
+     * @param $key cipher key byte-array (16 bytes)
+     * @return $key schedule as 2D byte-array (Nr+1 x Nb bytes)
      */
     public static function keyExpansion($key)
     {
@@ -232,9 +232,9 @@ class aesctr extends Aes
      *
      * Unicode multi-byte character safe
      *
-     * @param plaintext string text to be encrypted
-     * @param password  the password to use to generate a key
-     * @param nBits     integer of bits to be used in the key (128, 192, or 256)
+     * @param $plaintext string text to be encrypted
+     * @param $password  the password to use to generate a key
+     * @param $nBits     integer of bits to be used in the key (128, 192, or 256)
      * @return          string text
      */
     public static function encrypt($plaintext, $password, $nBits)
@@ -313,9 +313,9 @@ public static function encrypt($plaintext, $password, $nBits)
     /**
      * Decrypt a text encrypted by AES in counter mode of operation
      *
-     * @param ciphertext source text to be decrypted
-     * @param password   the password to use to generate a key
-     * @param nBits      integer of bits to be used in the key (128, 192, or 256)
+     * @param $ciphertext source text to be decrypted
+     * @param $password   the password to use to generate a key
+     * @param $nBits      integer of bits to be used in the key (128, 192, or 256)
      * @return           string text
      */
     public static function decrypt($ciphertext, $password, $nBits)
@@ -385,8 +385,8 @@ public static function decrypt($ciphertext, $password, $nBits)
     /*
     * Unsigned right shift function, since PHP has neither >>> operator nor unsigned ints
     *
-    * @param a  number to be shifted (32-bit integer)
-    * @param b  number of bits to shift a to the right (0..31)
+    * @param $a  number to be shifted (32-bit integer)
+    * @param $b  number of bits to shift a to the right (0..31)
     * @return   a right-shifted and zero-filled by b bits
     */
     private static function urs($a, $b)

diff --git a/install/upgrade_run_3.0.0.php b/install/upgrade_run_3.0.0.php
@@ -20,6 +20,7 @@
 use TeampassClasses\SuperGlobal\SuperGlobal;
 use PasswordLib\PasswordLib;
 use TeampassClasses\NestedTree\NestedTree;
+use Encryption\Crypt\aesctr;
 
 // Load functions
 require_once __DIR__.'/../sources/main.functions.php';
@@ -100,7 +101,7 @@
 // Get POST with user info
 $post_user_info = json_decode(base64_decode(filter_input(INPUT_POST, 'info', FILTER_SANITIZE_FULL_SPECIAL_CHARS)));//print_r($post_user_info);
 $userLogin = $post_user_info[0];
-$userPassword = Encryption\Crypt\aesctr::decrypt(base64_decode($post_user_info[1]), 'cpm', 128);
+$userPassword = aesctr::decrypt(base64_decode($post_user_info[1]), 'cpm', 128);
 $userId = $post_user_info[2];
 
 // Get current version

diff --git a/pages/2fa.js.php b/pages/2fa.js.php
@@ -70,7 +70,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('mfa') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/2fa.php b/pages/2fa.php
@@ -62,13 +62,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('mfa') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/admin.js.php b/pages/admin.js.php
@@ -61,13 +61,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('admin') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/admin.php b/pages/admin.php
@@ -68,7 +68,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('admin') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/api.js.php b/pages/api.js.php
@@ -69,7 +69,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('api') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/api.php b/pages/api.php
@@ -62,13 +62,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('api') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/backups.js.php b/pages/backups.js.php
@@ -68,7 +68,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('backups') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/backups.php b/pages/backups.php
@@ -62,13 +62,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('backups') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/emails.js.php b/pages/emails.js.php
@@ -69,7 +69,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('emails') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/emails.php b/pages/emails.php
@@ -62,13 +62,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('emails') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/export.js.php b/pages/export.js.php
@@ -69,7 +69,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('export') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/export.php b/pages/export.php
@@ -62,13 +62,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('export') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/favorites.js.php b/pages/favorites.js.php
@@ -69,7 +69,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('favourites') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/favourites.php b/pages/favourites.php
@@ -61,13 +61,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('favourites') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/fields.js.php b/pages/fields.js.php
@@ -68,7 +68,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('fields') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/fields.php b/pages/fields.php
@@ -62,13 +62,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('fields') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/folders.js.php b/pages/folders.js.php
@@ -68,7 +68,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('folders') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/folders.php b/pages/folders.php
@@ -63,13 +63,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('folders') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/import.js.php b/pages/import.js.php
@@ -69,7 +69,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('import') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }

diff --git a/pages/import.php b/pages/import.php
@@ -62,13 +62,13 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('import') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }
 
 // Load language file
-require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user']['user_language'].'.php';
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$superGlobal->get('user_language', 'SESSION', 'user').'.php';
 
 // Define Timezone
 date_default_timezone_set(isset($SETTINGS['timezone']) === true ? $SETTINGS['timezone'] : 'UTC');

diff --git a/pages/items.js.php b/pages/items.js.php
@@ -70,7 +70,7 @@
 $checkUserAccess->caseHandler();
 if ($checkUserAccess->checkSession() === false || $checkUserAccess->userAccessPage('items') === false) {
     // Not allowed page
-    $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
+    $superGlobal->put('code', ERR_NOT_ALLOWED, 'SESSION', 'error');
     include $SETTINGS['cpassman_dir'] . '/error.php';
     exit;
 }