Issues in otv.php - All Issues - Inspection of "2.1.27" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — development ( 2c05ec...a5a40b )

by Nils

created 2017-06-03 14:17 UTC

otv.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @file          otv.php
 * @author        Nils Laumaillé
 * @version       2.1.27
 * @copyright     (c) 2009-2017 Nils Laumaillé
 * @licensing     GNU AFFERO GPL 3.0
 * @link          http://www.teampass.net
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

require_once('sources/SecureHandler.php');
@session_start();
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
    die('Hacking attempt...');
}

$html = "";
if (
    filter_var($_GET['code'], FILTER_SANITIZE_STRING) !== false
    && filter_var($_GET['stamp'], FILTER_VALIDATE_INT) !== false
) {
    //Include files
    require_once $_SESSION['settings']['cpassman_dir'].'/includes/config/settings.php';
    require_once $_SESSION['settings']['cpassman_dir'].'/includes/config/include.php';
    require_once $_SESSION['settings']['cpassman_dir'].'/sources/SplClassLoader.php';
    require_once $_SESSION['settings']['cpassman_dir'].'/sources/main.functions.php';

    // connect to DB
    require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php';
    DB::$host = $server;
    DB::$user = $user;
    DB::$password = $pass;
    DB::$dbName = $database;
    DB::$port = $port;
    DB::$encoding = $encoding;
    DB::$error_handler = true;
    $link = mysqli_connect($server, $user, $pass, $database, $port);
    $link->set_charset($encoding);

    if (!isset($_SESSION['settings']['otv_is_enabled']) || $_SESSION['settings']['otv_is_enabled'] === "0") {
        echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i>&nbsp;One-Time-View is not allowed!</div>';
    }

    // check session validity
    $data = DB::queryfirstrow(
        "SELECT id, timestamp, code, item_id FROM ".prefix_table("otv")."
        WHERE code = %s",
        $_GET['code']
    );
    if (
        $data['timestamp'] == intval($_GET['stamp'])
    ) {
        // otv is too old
        if ($data['timestamp'] < (time() - ($_SESSION['settings']['otv_expiration_period'] * 86400))) {
            $html = "Link is too old!";
        } else {
            // get from DB
            $dataItem = DB::queryfirstrow(
                "SELECT *
                FROM ".prefix_table("items")." as i
                INNER JOIN ".prefix_table("log_items")." as l ON (l.id_item = i.id)
                WHERE i.id = %i AND l.action = %s",
                intval($data['item_id']),
                'at_creation'
            );

            // is Item still valid regarding number of times being seen
            // Decrement the number before being deleted
            $dataDelete = DB::queryfirstrow(
                "SELECT * FROM ".prefix_table("automatic_del")." WHERE item_id=%i",
                $data['item_id']
            );
            if (isset($_SESSION['settings']['enable_delete_after_consultation']) && $_SESSION['settings']['enable_delete_after_consultation'] == 1) {
                if ($dataDelete['del_enabled'] == 1) {
                    if ($dataDelete['del_type'] == 1 && $dataDelete['del_value'] >= 1) {
                        // decrease counter
                        DB::update(
                            $pre."automatic_del",
                            array(
                                'del_value' => $dataDelete['del_value'] - 1
                                ),
                            "item_id = %i",
                            $data['item_id']
                        );
                    } elseif (
                        $dataDelete['del_type'] == 1 && $dataDelete['del_value'] <= 1
                        || $dataDelete['del_type'] == 2 && $dataDelete['del_value'] < time()
                    ) {
                        // delete item
                        DB::delete($pre."automatic_del", "item_id = %i", $data['item_id']);
                        // make inactive object
                        DB::update(
                            prefix_table("items"),
                            array(
                                'inactif' => '1',
                                ),
                            "id = %i",
                            $data['item_id']
                        );
                        // log
                        logItems($data['item_id'], $dataItem['label'], OTV_USER_ID, 'at_delete', 'otv', 'at_automatically_deleted');

                        echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i>&nbsp;'.addslashes(
                            $LANG['not_allowed_to_see_pw_is_expired']).'</div>';
                        return false;
                    }
                }
            }

            // get data
            $pw = cryption($dataItem['pw'], "", "decrypt");
            $label = $dataItem['label'];
            $email = $dataItem['email'];
            $url = $dataItem['url'];
            $description = preg_replace('/(?<!\\r)\\n+(?!\\r)/', '', strip_tags($dataItem['description'], $k['allowedTags']));
            $login = str_replace('"', '&quot;', $dataItem['login']);

            // display data
            $html = "<div style='margin:30px;'>".
                "<div style='font-size:20px;font-weight:bold;'>Welcome to One-Time item view page.</div>".
                "<div style='font-style:italic;'>Here are the details of the Item that has been shared to you</div>".
                "<div style='margin-top:10px;'><table>".
                "<tr><td>Label:</td><td>".$label."</td></tr>".
                "<tr><td>Password:</td><td>".htmlspecialchars($pw['string'])."</td></tr>".
                "<tr><td>Description:</td><td>".$description."</td></tr>".
                "<tr><td>login:</td><td>".$login."</td></tr>".
                "<tr><td>URL:</td><td>".$url."</td></tr>".
                "</table></div>".
                "<div style='margin-top:30px;'>Copy carefully the data you need. This page is only visible once.</div>".
                "</div>";

            // log
            logItems($data['item_id'], $dataItem['label'], OTV_USER_ID, 'at_shown', 'otv');

            // delete entry
            DB::delete(prefix_table("otv"), "id = %i", $data['id']);

            // display
            echo $html;
        }
    } else {
        echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i>&nbsp;Not a valid page!</div>';
    }
} else {
    echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i>&nbsp;No valid OTV inputs!</div>';
}

1			<?php
2			/**
3			* @file otv.php
4			* @author Nils Laumaillé
5			* @version 2.1.27
6			* @copyright (c) 2009-2017 Nils Laumaillé
7			* @licensing GNU AFFERO GPL 3.0
8			* @link http://www.teampass.net
9			*
10			* This library is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			require_once('sources/SecureHandler.php');
16			@session_start();
			0 ignored issues – show Security Best Practice introduced 2017-06-02 20:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
17			if (!isset($_SESSION['CPM']) \|\| $_SESSION['CPM'] != 1) {
18			die('Hacking attempt...');
19			}
20
21			$html = "";
22			if (
23			filter_var($_GET['code'], FILTER_SANITIZE_STRING) !== false
24			&& filter_var($_GET['stamp'], FILTER_VALIDATE_INT) !== false
25			) {
26			//Include files
27			require_once $_SESSION['settings']['cpassman_dir'].'/includes/config/settings.php';
28			require_once $_SESSION['settings']['cpassman_dir'].'/includes/config/include.php';
29			require_once $_SESSION['settings']['cpassman_dir'].'/sources/SplClassLoader.php';
30			require_once $_SESSION['settings']['cpassman_dir'].'/sources/main.functions.php';
31
32			// connect to DB
33			require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php';
34			DB::$host = $server;
35			DB::$user = $user;
36			DB::$password = $pass;
37			DB::$dbName = $database;
38			DB::$port = $port;
39			DB::$encoding = $encoding;
40			DB::$error_handler = true;
41			$link = mysqli_connect($server, $user, $pass, $database, $port);
42			$link->set_charset($encoding);
43
44			if (!isset($_SESSION['settings']['otv_is_enabled']) \|\| $_SESSION['settings']['otv_is_enabled'] === "0") {
45			echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i> One-Time-View is not allowed!</div>';
46			}
47
48			// check session validity
49			$data = DB::queryfirstrow(
50			"SELECT id, timestamp, code, item_id FROM ".prefix_table("otv")."
51			WHERE code = %s",
52			$_GET['code']
53			);
54			if (
55			$data['timestamp'] == intval($_GET['stamp'])
56			) {
57			// otv is too old
58			if ($data['timestamp'] < (time() - ($_SESSION['settings']['otv_expiration_period'] * 86400))) {
59			$html = "Link is too old!";
60			} else {
61			// get from DB
62			$dataItem = DB::queryfirstrow(
63			"SELECT *
64			FROM ".prefix_table("items")." as i
65			INNER JOIN ".prefix_table("log_items")." as l ON (l.id_item = i.id)
66			WHERE i.id = %i AND l.action = %s",
67			intval($data['item_id']),
68			'at_creation'
69			);
70
71			// is Item still valid regarding number of times being seen
72			// Decrement the number before being deleted
73			$dataDelete = DB::queryfirstrow(
74			"SELECT * FROM ".prefix_table("automatic_del")." WHERE item_id=%i",
75			$data['item_id']
76			);
77			if (isset($_SESSION['settings']['enable_delete_after_consultation']) && $_SESSION['settings']['enable_delete_after_consultation'] == 1) {
78			if ($dataDelete['del_enabled'] == 1) {
79			if ($dataDelete['del_type'] == 1 && $dataDelete['del_value'] >= 1) {
80			// decrease counter
81			DB::update(
82			$pre."automatic_del",
83			array(
84			'del_value' => $dataDelete['del_value'] - 1
85			),
86			"item_id = %i",
87			$data['item_id']
88			);
89			} elseif (
90			$dataDelete['del_type'] == 1 && $dataDelete['del_value'] <= 1
91			\|\| $dataDelete['del_type'] == 2 && $dataDelete['del_value'] < time()
92			) {
93			// delete item
94			DB::delete($pre."automatic_del", "item_id = %i", $data['item_id']);
95			// make inactive object
96			DB::update(
97			prefix_table("items"),
98			array(
99			'inactif' => '1',
100			),
101			"id = %i",
102			$data['item_id']
103			);
104			// log
105			logItems($data['item_id'], $dataItem['label'], OTV_USER_ID, 'at_delete', 'otv', 'at_automatically_deleted');
106
107			echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i> '.addslashes(
108			$LANG['not_allowed_to_see_pw_is_expired']).'</div>';
109			return false;
110			}
111			}
112			}
113
114			// get data
115			$pw = cryption($dataItem['pw'], "", "decrypt");
116			$label = $dataItem['label'];
117			$email = $dataItem['email'];
118			$url = $dataItem['url'];
119			$description = preg_replace('/(?<!\\r)\\n+(?!\\r)/', '', strip_tags($dataItem['description'], $k['allowedTags']));
120			$login = str_replace('"', '"', $dataItem['login']);
121
122			// display data
123			$html = "<div style='margin:30px;'>".
124			"<div style='font-size:20px;font-weight:bold;'>Welcome to One-Time item view page.</div>".
125			"<div style='font-style:italic;'>Here are the details of the Item that has been shared to you</div>".
126			"<div style='margin-top:10px;'><table>".
127			"<tr><td>Label:</td><td>".$label."</td></tr>".
128			"<tr><td>Password:</td><td>".htmlspecialchars($pw['string'])."</td></tr>".
129			"<tr><td>Description:</td><td>".$description."</td></tr>".
130			"<tr><td>login:</td><td>".$login."</td></tr>".
131			"<tr><td>URL:</td><td>".$url."</td></tr>".
132			"</table></div>".
133			"<div style='margin-top:30px;'>Copy carefully the data you need. This page is only visible once.</div>".
134			"</div>";
135
136			// log
137			logItems($data['item_id'], $dataItem['label'], OTV_USER_ID, 'at_shown', 'otv');
138
139			// delete entry
140			DB::delete(prefix_table("otv"), "id = %i", $data['id']);
141
142			// display
143			echo $html;
144			}
145			} else {
146			echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i> Not a valid page!</div>';
147			}
148			} else {
149			echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i> No valid OTV inputs!</div>';
150			}

nilsteampassnet / TeamPass

Push — development ( 2c05ec...a5a40b )

otv.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like