3.1.1

Reworked attachments to fix an issue

includes/config/include.php

@@ -17,7 +17,7 @@
  */
 define('TP_VERSION', '3.1.1');
 define("UPGRADE_MIN_DATE", "1702452416");
-define('TP_VERSION_MINOR', '25');
+define('TP_VERSION_MINOR', '26');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);

index.php

@@ -1150,8 +1150,7 @@ function(teampassSettings) {}
     <script type="text/javascript" src="plugins/DOMPurify/purify.min.js"></script>
 
     <?php
-    //$get = [];
-    //$get['page'] = $request->query->get('page') === null ? '' : $request->query->get('page');
+    $get['page'] = $request->query->filter('page', null, FILTER_SANITIZE_SPECIAL_CHARS);
     if ($menuAdmin === true) {
         ?>
         <link rel="stylesheet" href="./plugins/toggles/css/toggles.css" />

pages/items.js.php

@@ -5714,6 +5714,7 @@ function(data) {
                 //decrypt data
                 data = prepareExchangedData(data, 'decode', '<?php echo $session->get('key'); ?>', 'items.queries.php', 'image_preview_preparation');
                 if (debugJavascript === true) {
+                    console.log('DEBUG : image preview');
                     console.log(data);
                 }
 

pages/profile.php

@@ -283,7 +283,7 @@
                                     <li class="list-group-item">
                                         <b><i class="fas fa-stream fa-fw fa-lg mr-2"></i><?php echo $lang->get('tree_load_strategy'); ?></b>
                                         <a class="float-right">
-                                            <span id="profile-plupload-runtime"><?php echo null !== $session->get('user-tree_load_strategy') ? $session->get('user-tree_load_strategy') : ''; ?></span>
+                                            <?php echo null !== $session->get('user-tree_load_strategy') ? $session->get('user-tree_load_strategy') : ''; ?>
                                         </a>
                                     </li>
                                     <?php

sources/downloadFile.php

@@ -118,13 +118,8 @@
         decryptUserObjectKey($file_info['share_key'], $session->get('user-private_key'))
     );
     // Set the filename of the download
-    //$filename = base64_decode(basename($file_info['name'], '.'.$file_info['extension']));
-    // Décoder si les valeurs sont encodées en base64
-    $decoded_name = isBase64Encoded($file_info['name']) ? base64_decode($file_info['name']) : $file_info['name'];
-    $decoded_extension = isBase64Encoded($file_info['extension']) ? base64_decode($file_info['extension']) : $file_info['extension'];
-
-    // Utilisation de basename pour retirer l'extension du nom de fichier décodé
-    $filename = basename($decoded_name, '.'.$decoded_extension);
+    $filename = basename($file_info['name'], '.' . $file_info['extension']);
+    $filename = isBase64($filename) === true ? base64_decode($filename) : $filename;
 
 
     // Output CSV-specific headers

sources/items.queries.php

@@ -3117,16 +3117,20 @@
                 $inputData['id']
             );
             foreach ($rows as $record) {
+                $filename = basename($record['name'], '.' . $record['extension']);
+                $filename = isBase64($filename) === true ? base64_decode($filename) : $filename;
+
                 array_push(
                     $attachments,
                     array(
                         'icon' => fileFormatImage(strtolower($record['extension'])),
-                        'filename' => basename($record['name'], '.' . $record['extension']),
+                        'filename' => $filename,
                         'extension' => $record['extension'],
                         'size' => formatSizeUnits((int) $record['size']),
                         'is_image' => in_array(strtolower($record['extension']), TP_IMAGE_FILE_EXT) === true ? 1 : 0,
                         'id' => $record['id'],
                         'key' => $session->get('user-key_tmp'),
+                        'internalFilename' => basename($record['name'], '.' . $record['extension']),
                     )
                 );
             }
@@ -6111,14 +6115,11 @@
 
         // prepare image info
         $post_title = basename($file_info['name'], '.' . $file_info['extension']);
-        $post_title = isBase64($post_title) === true ?
-            base64_decode($post_title) : $post_title;
-        $image_code = $file_info['file'];
-        //$extension = $file_info['extension'];
-
+        $post_title = isBase64($post_title) === true ? base64_decode($post_title) : $post_title;
+
         // Get image content
         $fileContent = decryptFile(
-            $image_code,
+            $file_info['file'],
             $SETTINGS['path_to_upload_folder'],
             decryptUserObjectKey($file_info['share_key'], $session->get('user-private_key'))
         );

sources/main.functions.php

@@ -2568,7 +2568,6 @@ function encryptFile(string $fileInName, string $fileInPath): array
 
     // Load classes
     $cipher = new Crypt_AES();
-    $antiXSS = new AntiXSS();
 
     // Generate an object key
     $objectKey = uniqidReal(32);
@@ -2580,7 +2579,7 @@ function encryptFile(string $fileInName, string $fileInPath): array
     // Encrypt the file content
     $filePath = filter_var($fileInPath . '/' . $fileInName, FILTER_SANITIZE_URL);
     $fileContent = file_get_contents($filePath);
-    $plaintext = $antiXSS->xss_clean($fileContent);
+    $plaintext = $fileContent;
     $ciphertext = $cipher->encrypt($plaintext);
 
     // Save new file
@@ -2625,6 +2624,8 @@ function decryptFile(string $fileName, string $filePath, string $key): string
     $safeFilePath = $filePath . '/' . TP_FILE_PREFIX . $safeFileName;
     $ciphertext = file_get_contents(filter_var($safeFilePath, FILTER_SANITIZE_URL));
 
+    if (WIP) error_log('DEBUG: File image url -> '.filter_var($safeFilePath, FILTER_SANITIZE_URL));
+
     // Decrypt file content and return
     return base64_encode($cipher->decrypt($ciphertext));
 }