* [BUG] Fixed error on saving passwords with special characters. Than…

…ks to @chadrempp (Closes #30)

* [BUG] Fixed error on saving detected browser language after installing
* [MOD] PHP version is verified on installation process
* [MOD] Translations updates

CHANGELOG

@@ -1,3 +1,10 @@
+=== ** v1.0.8 ** ===
+
+* [BUG] Corregido error al guardar claves con carácteres especiales
+* [BUG] Corregido error al guardar el idioma tras la instalación
+* [MOD] Verificación de versión de PHP en la instalación
+* [MOD] Actualización de traducciones
+
 === ** v1.0.7 ** ===
 
 * [BUG] Corregido error en la selección del código de caráteres del lenguaje
@@ -172,6 +179,13 @@
 
 ---
 
+=== ** v1.0.8 ** ===
+
+* [BUG] Fixed error on saving passwords with special characters. Thanks to @chadrempp
+* [BUG] Fixed error on saving detected browser language after installing
+* [MOD] PHP version is verified on installation process
+* [MOD] Translations updates
+
 === ** v1.0.7 ** ===
 
 * [BUG] Fixed error on language charset selection

ajax/ajax_accountsave.php

@@ -45,8 +45,8 @@
 $frmNewCustomer = SP_Common::parseParams('p', 'customer_new');
 $frmName = SP_Common::parseParams('p', 'name');
 $frmLogin = SP_Common::parseParams('p', 'login');
-$frmPassword = SP_Common::parseParams('p', 'password');
-$frmPasswordV = SP_Common::parseParams('p', 'password2');
+$frmPassword = SP_Common::parseParams('p', 'password', '', false, false, false);
+$frmPasswordV = SP_Common::parseParams('p', 'password2', '', false, false, false);
 $frmCategoryId = SP_Common::parseParams('p', 'categoryId', 0);
 $frmUGroups = SP_Common::parseParams('p', 'ugroups');
 $frmNotes = SP_Common::parseParams('p', 'notice');

ajax/ajax_configsave.php

@@ -63,7 +63,7 @@
     $frmLdapBase = SP_Common::parseParams('p', 'ldapbase');
     $frmLdapGroup = SP_Common::parseParams('p', 'ldapgroup');
     $frmLdapBindUser = SP_Common::parseParams('p', 'ldapbinduser');
-    $frmLdapBindPass = SP_Common::parseParams('p', 'ldapbindpass');
+    $frmLdapBindPass = SP_Common::parseParams('p', 'ldapbindpass', '', false, false, false);
 
     $frmMailEnabled = SP_Common::parseParams('p', 'mailenabled', 0, FALSE, 1);
     $frmMailServer = SP_Common::parseParams('p', 'mailserver');
@@ -133,9 +133,9 @@
 
     SP_Common::printXML(_('Configuración actualizada'), 0);
 } elseif ($frmAction == "crypt") {
-    $currentMasterPass = SP_Common::parseParams('p', 'curMasterPwd');
-    $newMasterPass = SP_Common::parseParams('p', 'newMasterPwd');
-    $newMasterPassR = SP_Common::parseParams('p', 'newMasterPwdR');
+    $currentMasterPass = SP_Common::parseParams('p', 'curMasterPwd', '', false, false, false);
+    $newMasterPass = SP_Common::parseParams('p', 'newMasterPwd', '', false, false, false);
+    $newMasterPassR = SP_Common::parseParams('p', 'newMasterPwdR', '', false, false, false);
     $confirmPassChange = SP_Common::parseParams('p', 'confirmPassChange', 0, FALSE, 1);
     $noAccountPassChange = SP_Common::parseParams('p', 'chkNoAccountChange', 0, FALSE, 1);
 

ajax/ajax_doLogin.php

@@ -33,7 +33,7 @@
 }
 
 $userLogin = SP_Common::parseParams('p', 'user');
-$userPass = SP_Common::parseParams('p', 'pass');
+$userPass = SP_Common::parseParams('p', 'pass', '', false, false, false);
 $masterPass = SP_Common::parseParams('p', 'mpass');
 
 if ( ! $userLogin OR ! $userPass ){

ajax/ajax_usersSave.php

@@ -55,8 +55,8 @@
     $frmUsrGroup = SP_Common::parseParams('p', 'groupid', 0);
     $frmUsrEmail = SP_Common::parseParams('p', 'email');
     $frmUsrNotes = SP_Common::parseParams('p', 'notes');
-    $frmUsrPass = SP_Common::parseParams('p', 'pass');
-    $frmUsrPassV = SP_Common::parseParams('p', 'passv');
+    $frmUsrPass = SP_Common::parseParams('p', 'pass', '', false, false, false);
+    $frmUsrPassV = SP_Common::parseParams('p', 'passv', '', false, false, false);
     $frmAdminApp = SP_Common::parseParams('p', 'adminapp', 0, FALSE, 1);
     $frmAdminAcc = SP_Common::parseParams('p', 'adminacc', 0, FALSE, 1);
     $frmDisabled = SP_Common::parseParams('p', 'disabled', 0, FALSE, 1);

inc/common.class.php

@@ -215,7 +215,7 @@ public static function checkSessionKey($key) {
      * @param mixed $force opcional, valor devuelto si el parámeto está definido
      * @return boo|string si está presente el parámeto en la petición devuelve bool. Si lo está, devuelve el valor.
      */
-    public static function parseParams($method, $param, $default = '', $onlyCHeck = FALSE, $force = FALSE){
+    public static function parseParams($method, $param, $default = '', $onlyCHeck = FALSE, $force = FALSE, $sanitize = TRUE){
         $out = '';
 
         switch ($method){
@@ -254,7 +254,7 @@ public static function parseParams($method, $param, $default = '', $onlyCHeck =
         }
 
         if (is_string($out)){
-            return ( $method != 's' ) ? SP_Html::sanitize($out) : $out;
+            return ( $method != 's' && $sanitize === TRUE ) ? SP_Html::sanitize($out) : $out;
         }
 
         if (is_array($out)){

inc/config.class.php

@@ -391,7 +391,9 @@ public static function setDefaultValues(){
         self::setValue('mailenabled', 0);
         self::setValue('wikienabled', 0);
         self::setValue('demoenabled', 0);
-
+        self::setValue('filesenabled', 1);
+        self::setValue('checkupdates', 1);
+
         self::setValue('allowed_exts', 'PDF,JPG,GIF,PNG,ODT,ODS,DOC,DOCX,XLS,XSL,VSD,TXT,CSV,BAK');
         self::setValue('allowed_size', 1024);
         self::setValue('wikisearchurl', '');
@@ -404,7 +406,7 @@ public static function setDefaultValues(){
         self::setValue('mailserver', '');
         self::setValue('mailfrom', '');
         self::setValue('wikifilter', '');
-        self::setValue('sitelang', 'es_ES');
+        self::setValue('sitelang', str_replace('.utf8','',SP_Init::$LANG));
         self::setValue('session_timeout', '300');
         self::setValue('account_link', 1);
         self::setValue('account_count', 10);

inc/db.class.php

@@ -167,13 +167,13 @@ public static function checkDatabaseExist(){
                 ." WHERE table_schema='".SP_Config::getValue("dbname")."' "
                 . "AND table_name = 'usrData';";
 
-        $resquery = self::$_db->query($query);
+        $resQuery = self::$_db->query($query);
 
-        if( $resquery ) {
-            $row = $resquery->fetch_row();
+        if( $resQuery ) {
+            $row = $resQuery->fetch_row();
         }
 
-        if( ! $resquery || $row[0] == 0) {
+        if( ! $resQuery || $row[0] == 0) {
             return false;
         }
 

inc/tpl/install.php

@@ -22,7 +22,8 @@
  * along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-$errors = SP_Util::checkModules();
+$modulesErrors = SP_Util::checkModules();
+$versionErrors = SP_Util::checkPhpVersion();
 $resInstall = array();
 $isCompleted = 0;
 
@@ -32,7 +33,7 @@
     if (count($resInstall) == 0) {
         $resInstall[] = array('type' => 'ok',
             'description' => _('Instalación finalizada'),
-            'hint' => 'Pulse <a href="index.php" title="Acceder"> aquí</a> para acceder');
+            'hint' => _('Pulse <a href="index.php" title="Acceder">aquí</a> para acceder'));
         $isCompleted = 1;
     }
 }
@@ -48,18 +49,20 @@
         <input type="hidden" name="install" value="true" />
 
 <?php
+$securityErrors = array();
+
 if (@file_exists(__FILE__ . "\0Nullbyte")) {
-    $errors[] = array('type' => 'warning',
+    $securityErrors[] = array('type' => 'warning',
         'description' => _('La version de PHP es vulnerable al ataque NULL Byte (CVE-2006-7243)'),
         'hint' => _('Actualice la versión de PHP para usar sysPass de forma segura'));
 }
 if (!SP_Util::secureRNG_available()) {
-    $errors[] = array('type' => 'warning',
+    $securityErrors[] = array('type' => 'warning',
         'description' => _('No se encuentra el generador de números aleatorios.'),
         'hint' => _('Sin esta función un atacante puede utilizar su cuenta al resetear la clave'));
 }
 
-$errors = array_merge($errors, $resInstall);
+$errors = array_merge($modulesErrors, $versionErrors, $securityErrors, $resInstall);
 
 if (count($errors) > 0) {
     echo '<ul class="errors round">';
@@ -78,22 +81,19 @@
 
 <?php if ($isCompleted == 0): ?>
             <fieldset id="adminaccount">
-                <legend><?php echo _('Crear cuenta de admin'); ?></legend>
+                <legend><?php echo _('Crear cuenta de admin sysPass'); ?></legend>
                 <p>
-                    <input type="text" name="adminlogin" id="adminlogin" placeholder="<?php echo _('Usuario'); ?>  " value="<?php echo SP_Util::init_var('adminlogin'); ?>" autocomplete="off" autofocus required />
-                    <img class="svg" src="<?php //p(image_path('', 'actions/user.svg'));  ?>" alt="" />
+                    <input type="text" name="adminlogin" id="adminlogin" title="<?php echo _('Usuario'); ?>" placeholder="<?php echo _('Usuario'); ?>  " value="<?php echo SP_Util::init_var('adminlogin'); ?>" autocomplete="off" autofocus required />
                 </p>
                 <p>
-                    <input type="password" name="adminpass" id="adminpass" placeholder="<?php echo _('Clave'); ?>" value="<?php echo SP_Util::init_var('adminpass'); ?>" required/>
-                    <img class="svg" id="adminpass-icon" src="<?php //print_unescaped(image_path('', 'actions/password.svg'));  ?>" alt="" />
+                    <input type="password" name="adminpass" id="adminpass" title="<?php echo _('Clave'); ?>" placeholder="<?php echo _('Clave'); ?>" value="<?php echo SP_Util::init_var('adminpass'); ?>" required/>
                 </p>
             </fieldset>
 
             <fieldset id="masterpwd">
                 <legend><?php echo _('Clave Maestra'); ?></legend>
                 <p>
-                    <input type="password" name="masterpassword" id="masterpassword" placeholder="<?php echo _('Clave Maestra'); ?>  " value="<?php echo SP_Util::init_var('masterpassword'); ?>" autocomplete="off" required />
-                    <img class="svg" src="<?php //p(image_path('', 'actions/user.svg'));  ?>" alt="" />
+                    <input type="password" name="masterpassword" id="masterpassword" title="<?php echo _('Clave Maestra'); ?>" placeholder="<?php echo _('Clave Maestra'); ?>  " value="<?php echo SP_Util::init_var('masterpassword'); ?>" autocomplete="off" required />
                 </p>
             </fieldset>    
 
@@ -102,16 +102,16 @@
                 <input type='hidden' id='hasMySQL' value='true'/>
                 <input type="hidden" id="dbtype" name="dbtype" value="mysql" />
                 <p>
-                    <input type="text" name="dbuser" id="dbuser" placeholder="<?php echo _('Usuario BBDD'); ?>" value="<?php echo SP_Util::init_var('dbuser', 'root'); ?>" autocomplete=off" required/>
+                    <input type="text" name="dbuser" id="dbuser" title="<?php echo _('Usuario administrador BBDD'); ?>"  placeholder="<?php echo _('Usuario Admin BBDD'); ?>" value="<?php echo SP_Util::init_var('dbuser', 'root'); ?>" autocomplete=off" required/>
                 </p>
                 <p>
-                    <input type="password" name="dbpass" id="dbpass" placeholder="<?php echo _('Clave BBDD'); ?>" value="<?php echo SP_Util::init_var('dbpass'); ?>" required/>
+                    <input type="password" name="dbpass" id="dbpass" title="<?php echo _('Clave administrador BBDD'); ?>" placeholder="<?php echo _('Clave BBDD'); ?>" value="<?php echo SP_Util::init_var('dbpass'); ?>" required/>
                 </p>
                 <p>
-                    <input type="text" name="dbname" id="dbname" placeholder="<?php echo _('Nombre BBDD'); ?>" value="<?php echo SP_Util::init_var('dbname', 'syspass'); ?>" autocomplete=off" pattern="[0-9a-zA-Z$_-]+" />
+                    <input type="text" name="dbname" id="dbname" title="<?php echo _('Nombre BBDD'); ?>" placeholder="<?php echo _('Nombre BBDD'); ?>" value="<?php echo SP_Util::init_var('dbname', 'syspass'); ?>" autocomplete=off" pattern="[0-9a-zA-Z$_-]+" />
                 </p>
                 <p>
-                    <input type="text" name="dbhost" id="dbhost" placeholder="<?php echo _('Servidor BBDD'); ?>" value="<?php echo SP_Util::init_var('dbhost', 'localhost'); ?>" />
+                    <input type="text" name="dbhost" id="dbhost" title="<?php echo _('Servidor BBDD'); ?>" placeholder="<?php echo _('Servidor BBDD'); ?>" value="<?php echo SP_Util::init_var('dbhost', 'localhost'); ?>" />
                 </p>
                 <p>
                     <label for="hostingmode"><?php echo _('Modo Hosting'); ?></label>

inc/tpl/login.php

@@ -37,11 +37,11 @@
         <?php if ( SP_Config::getValue("demoenabled",0) ): ?>
             <input type="text" name="user" id="user" placeholder="<?php echo _('Usuario'); ?>" value="" title="> demo <"/><br />
             <input type="password" name="pass" id="pass" placeholder="<?php echo _('Clave'); ?>" value="" title="> syspass <"/><br />
-            <span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave maestra'); ?>" value="" title="> 01234567890 <" disabled/><br /></span>
+            <span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave Maestra'); ?>" value="" title="> 01234567890 <" disabled/><br /></span>
         <?php else: ?>
             <input type="text" name="user" id="user" placeholder="<?php echo  _('Usuario'); ?>" value="" /><br />
             <input type="password" name="pass" id="pass" placeholder="<?php echo _('Clave'); ?>" value="" /><br />
-            <span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave maestra'); ?>" value="" disabled/><br /></span>
+            <span id="smpass" style="display: none"><input type="password" name="mpass" id="mpass" placeholder="<?php echo _('Clave Maestra'); ?>" value="" disabled/><br /></span>
         <?php endif; ?>
 
             <input id="btnLogin" type="image" src="imgs/login.png" name="login" title="<?php echo _('Acceder') ?>" />

inc/util.class.php

@@ -99,15 +99,18 @@ public static function generate_random_bytes($length = 30) {
      * @return bool
      */
     public static function checkPhpVersion(){
-        preg_match("/(^\d\.\d)\..*/",PHP_VERSION, $version);
+        $error = array();
 
-        if ( $version[1] >= 5.1 ){
-            $this->printMsg(_('Versión PHP')." '".$version[0]."'");
-            return TRUE;
-        } else {
-            $this->printMsg(_('Versión PHP')." '".$version[0]."'", 1);
-            return FALSE;
-        }    
+        $version = explode('.', PHP_VERSION);
+        $versionId = ($version[0] * 10000 + $version[1] * 100 + $version[2]);
+
+        if ( $versionId < 50100 ){
+            $error[] = array('type' => 'critical',
+                'description' => _('Versión de PHP requerida >= 5.1'),
+                'hint' => _('Actualice la versión de PHP para que la aplicación funcione correctamente'));
+        }
+
+        return $error;
     }
 
     /**
@@ -169,15 +172,15 @@ public static function curlIsAvailable(){
      * @return array con el número de versión
      */
     public static function getVersion() {
-        return array(1, 00, 07);
+        return array(1, 0, 8);
     }
 
     /**
      * @brief Devuelve la versión de sysPass
      * @return string con la versión
      */
     public static function getVersionString() {
-        return '1.0-7';
+        return '1.0-8';
     }
 
     /**
@@ -224,9 +227,6 @@ public static function checkUpdates(){
                 }
             }
 
-
-
-
             if ( is_array($pubVer) && SP_Init::isLoggedIn() ){
                 $appVersion = implode('',self::getVersion());
                 $pubVersion = $pubVer[1].$pubVer[2].$pubVer[3];
@@ -264,4 +264,4 @@ public static function logout(){
         echo '<script>doLogout();</script>';
         exit();
     }
-}
+}