From f6ff4ee30bb3828d3df61ce5ab6c4d2400989177 Mon Sep 17 00:00:00 2001 From: nuxsmin Date: Sun, 16 Mar 2014 12:22:01 +0100 Subject: [PATCH] * [BUG] Fixed error on saving passwords with special characters. Thanks to @chadrempp (Closes #30) * [BUG] Fixed error on saving detected browser language after installing * [MOD] PHP version is verified on installation process * [MOD] Translations updates --- CHANGELOG | 14 ++++++++++ ajax/ajax_accountsave.php | 4 +-- ajax/ajax_configsave.php | 8 +++--- ajax/ajax_doLogin.php | 2 +- ajax/ajax_usersSave.php | 4 +-- inc/common.class.php | 4 +-- inc/config.class.php | 6 ++-- inc/db.class.php | 8 +++--- inc/locales/en_US/LC_MESSAGES/messages.mo | Bin 37183 -> 37931 bytes inc/tpl/install.php | 32 +++++++++++----------- inc/tpl/login.php | 4 +-- inc/util.class.php | 28 +++++++++---------- 12 files changed, 65 insertions(+), 49 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9a26b5637..1090e03a1 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +=== ** v1.0.8 ** === + +* [BUG] Corregido error al guardar claves con carácteres especiales +* [BUG] Corregido error al guardar el idioma tras la instalación +* [MOD] Verificación de versión de PHP en la instalación +* [MOD] Actualización de traducciones + === ** v1.0.7 ** === * [BUG] Corregido error en la selección del código de caráteres del lenguaje @@ -172,6 +179,13 @@ --- +=== ** v1.0.8 ** === + +* [BUG] Fixed error on saving passwords with special characters. Thanks to @chadrempp +* [BUG] Fixed error on saving detected browser language after installing +* [MOD] PHP version is verified on installation process +* [MOD] Translations updates + === ** v1.0.7 ** === * [BUG] Fixed error on language charset selection diff --git a/ajax/ajax_accountsave.php b/ajax/ajax_accountsave.php index 2d34d2687..efcf8c08c 100644 --- a/ajax/ajax_accountsave.php +++ b/ajax/ajax_accountsave.php @@ -45,8 +45,8 @@ $frmNewCustomer = SP_Common::parseParams('p', 'customer_new'); $frmName = SP_Common::parseParams('p', 'name'); $frmLogin = SP_Common::parseParams('p', 'login'); -$frmPassword = SP_Common::parseParams('p', 'password'); -$frmPasswordV = SP_Common::parseParams('p', 'password2'); +$frmPassword = SP_Common::parseParams('p', 'password', '', false, false, false); +$frmPasswordV = SP_Common::parseParams('p', 'password2', '', false, false, false); $frmCategoryId = SP_Common::parseParams('p', 'categoryId', 0); $frmUGroups = SP_Common::parseParams('p', 'ugroups'); $frmNotes = SP_Common::parseParams('p', 'notice'); diff --git a/ajax/ajax_configsave.php b/ajax/ajax_configsave.php index a247889c9..9e008fa9f 100644 --- a/ajax/ajax_configsave.php +++ b/ajax/ajax_configsave.php @@ -63,7 +63,7 @@ $frmLdapBase = SP_Common::parseParams('p', 'ldapbase'); $frmLdapGroup = SP_Common::parseParams('p', 'ldapgroup'); $frmLdapBindUser = SP_Common::parseParams('p', 'ldapbinduser'); - $frmLdapBindPass = SP_Common::parseParams('p', 'ldapbindpass'); + $frmLdapBindPass = SP_Common::parseParams('p', 'ldapbindpass', '', false, false, false); $frmMailEnabled = SP_Common::parseParams('p', 'mailenabled', 0, FALSE, 1); $frmMailServer = SP_Common::parseParams('p', 'mailserver'); @@ -133,9 +133,9 @@ SP_Common::printXML(_('Configuración actualizada'), 0); } elseif ($frmAction == "crypt") { - $currentMasterPass = SP_Common::parseParams('p', 'curMasterPwd'); - $newMasterPass = SP_Common::parseParams('p', 'newMasterPwd'); - $newMasterPassR = SP_Common::parseParams('p', 'newMasterPwdR'); + $currentMasterPass = SP_Common::parseParams('p', 'curMasterPwd', '', false, false, false); + $newMasterPass = SP_Common::parseParams('p', 'newMasterPwd', '', false, false, false); + $newMasterPassR = SP_Common::parseParams('p', 'newMasterPwdR', '', false, false, false); $confirmPassChange = SP_Common::parseParams('p', 'confirmPassChange', 0, FALSE, 1); $noAccountPassChange = SP_Common::parseParams('p', 'chkNoAccountChange', 0, FALSE, 1); diff --git a/ajax/ajax_doLogin.php b/ajax/ajax_doLogin.php index 29f240dae..6aaf0aa7b 100644 --- a/ajax/ajax_doLogin.php +++ b/ajax/ajax_doLogin.php @@ -33,7 +33,7 @@ } $userLogin = SP_Common::parseParams('p', 'user'); -$userPass = SP_Common::parseParams('p', 'pass'); +$userPass = SP_Common::parseParams('p', 'pass', '', false, false, false); $masterPass = SP_Common::parseParams('p', 'mpass'); if ( ! $userLogin OR ! $userPass ){ diff --git a/ajax/ajax_usersSave.php b/ajax/ajax_usersSave.php index 48a164644..23fdca606 100644 --- a/ajax/ajax_usersSave.php +++ b/ajax/ajax_usersSave.php @@ -55,8 +55,8 @@ $frmUsrGroup = SP_Common::parseParams('p', 'groupid', 0); $frmUsrEmail = SP_Common::parseParams('p', 'email'); $frmUsrNotes = SP_Common::parseParams('p', 'notes'); - $frmUsrPass = SP_Common::parseParams('p', 'pass'); - $frmUsrPassV = SP_Common::parseParams('p', 'passv'); + $frmUsrPass = SP_Common::parseParams('p', 'pass', '', false, false, false); + $frmUsrPassV = SP_Common::parseParams('p', 'passv', '', false, false, false); $frmAdminApp = SP_Common::parseParams('p', 'adminapp', 0, FALSE, 1); $frmAdminAcc = SP_Common::parseParams('p', 'adminacc', 0, FALSE, 1); $frmDisabled = SP_Common::parseParams('p', 'disabled', 0, FALSE, 1); diff --git a/inc/common.class.php b/inc/common.class.php index 15bcb8bef..829c345ce 100644 --- a/inc/common.class.php +++ b/inc/common.class.php @@ -215,7 +215,7 @@ public static function checkSessionKey($key) { * @param mixed $force opcional, valor devuelto si el parámeto está definido * @return boo|string si está presente el parámeto en la petición devuelve bool. Si lo está, devuelve el valor. */ - public static function parseParams($method, $param, $default = '', $onlyCHeck = FALSE, $force = FALSE){ + public static function parseParams($method, $param, $default = '', $onlyCHeck = FALSE, $force = FALSE, $sanitize = TRUE){ $out = ''; switch ($method){ @@ -254,7 +254,7 @@ public static function parseParams($method, $param, $default = '', $onlyCHeck = } if (is_string($out)){ - return ( $method != 's' ) ? SP_Html::sanitize($out) : $out; + return ( $method != 's' && $sanitize === TRUE ) ? SP_Html::sanitize($out) : $out; } if (is_array($out)){ diff --git a/inc/config.class.php b/inc/config.class.php index 01f1c089c..e41fbf2e8 100644 --- a/inc/config.class.php +++ b/inc/config.class.php @@ -391,7 +391,9 @@ public static function setDefaultValues(){ self::setValue('mailenabled', 0); self::setValue('wikienabled', 0); self::setValue('demoenabled', 0); - + self::setValue('filesenabled', 1); + self::setValue('checkupdates', 1); + self::setValue('allowed_exts', 'PDF,JPG,GIF,PNG,ODT,ODS,DOC,DOCX,XLS,XSL,VSD,TXT,CSV,BAK'); self::setValue('allowed_size', 1024); self::setValue('wikisearchurl', ''); @@ -404,7 +406,7 @@ public static function setDefaultValues(){ self::setValue('mailserver', ''); self::setValue('mailfrom', ''); self::setValue('wikifilter', ''); - self::setValue('sitelang', 'es_ES'); + self::setValue('sitelang', str_replace('.utf8','',SP_Init::$LANG)); self::setValue('session_timeout', '300'); self::setValue('account_link', 1); self::setValue('account_count', 10); diff --git a/inc/db.class.php b/inc/db.class.php index 9d8cc7731..e826f903a 100644 --- a/inc/db.class.php +++ b/inc/db.class.php @@ -167,13 +167,13 @@ public static function checkDatabaseExist(){ ." WHERE table_schema='".SP_Config::getValue("dbname")."' " . "AND table_name = 'usrData';"; - $resquery = self::$_db->query($query); + $resQuery = self::$_db->query($query); - if( $resquery ) { - $row = $resquery->fetch_row(); + if( $resQuery ) { + $row = $resQuery->fetch_row(); } - if( ! $resquery || $row[0] == 0) { + if( ! $resQuery || $row[0] == 0) { return false; } diff --git a/inc/locales/en_US/LC_MESSAGES/messages.mo b/inc/locales/en_US/LC_MESSAGES/messages.mo index 8ec5177cfd5a43999244497cc6d0406b5bbc7204..4f2e1d41359f5985f2f70067f365553816c2faf2 100644 GIT binary patch delta 13592 zcmaLd2Y3|K-pBDt2sMyE=zR#Gg&I0BR1pCwp@^V}EZI%6kYtnH4Uix#ML?uGC<-kRH%i2deqlHQ>E3<=TCEysWj8l!dSc`liCgDPChd1G6xEuRnd`I{B z;n<4&B#g%hHUMim33a>$)!=hj0}rAa{sc9E)5rr>g-({$9Gjq?%Rmim66$#mG6ySU z^4DP%@;96OomiFpV_1p)tz9H4Qm_{r;(kp{zEf$Fd=_QrHm z9x~;nsEMpF8`Og*P&57&>tdZQmX(O9SPj#$HeP}n z*d){|C_vS}1+~-x^KW8A9UUd12EIYf=nquKHPhUIwL>+Wf!#10^)5G{ zR%{Q}!y~BYe#H7%t*d)K8QYN0K&`A7Yhhkj)?Xu?M*)3W>rf5u!^`oQDepnATDoj( zgvF>1*Pv!}AL^ZM$C~&Yrr_Jy6wey#c6amLP%AK|JL{iBVlo929csi5 zs-cbM{tnc0dr;3EM0NZLs{Sd|#Li)Dtl7h|;xGj@^LD8E7e!3L2;&sg5*A{0T!xzI z&8UtZGUdBa1K5vs@F+IJA51>6r<+efP3U4&d&5!fTw(GNpD75UW;`G3;c8QUFRFnj zP&3gqP+j!Zb3Ix!;?`<<3lao zOw>ER0X4u4CchO`Z-?;}RQ;po{z+sXT7RN;e_9`R@ANW`#g01v`6NoIuo1O1_0rv? zNK($L0Hs67xs&1|K)zYW=6*2_p=*6*kp_q@oh=RvK=d~ASsqm8>TS?B))5;{(Q zVm)k?;Vx+gHYYzG^+fHZHb3;%oaSf`UwOAjwW26a* zH%K(X@31je=EJS>mZ$*?K$TBL4e(lQgO0hs3;EnzM^Rt4D*fG#+N0`^K^t>X?JPsJ ze@}nbUnAU0fi}faR0DAXEUP`XK`rGt)ctwb6z@aLXdkx5v#0?z8|dC2g6hbN>S#XJ z#oJNeg)-FUJv1=lzVk|h+!5Bn&fMsMT1p?bz-6cg9yC5@eBazZfj0LOFLqa~3pOL4 zi7F4E+F65Ik;hT5;N=Jjjp!3|qtal@;-hCZ#V(kMtg5vDJK-MGaXg91_!H{W-0%{2 z#V$sD7Xql6FGRiCJB>S0-+^~gU%<$xBy_A!pgy6$VFj!-#QjoLL!J93s1c{2j%fy} zqf1cdexfnoxDYkK^{D4|qUyhG?tkGLvCfgG$c@BH-E&?SYmsk-8fh;aj)Tqp)mVxA zou~%yMXl5htc=G|D{=~TESn5;M7^6V)TS&&&A`E` z_$0>S9^><<0ltVD&_UEpkD!+R6gJ01Mz0BVM%^EX`fyFcM)Yq@C!yWC7`16Op&r7w{aa;cEQ-N}IF|s{R$I(=Zb=@P5=O`2zKws4&89zbR^BeNY1%ixD*xB+(P^ zHWdz|mhu#8X6H~V6f@FYq57yVWhc~(GEjSBJodt?F%EA+O=JV6;5KZDZ(%z;Gm`b! zjGB+KEPg4i4Ae0x!U5=@9()H=@fYNvSSh33mB>Y#{9@EV?nTY`S=0m$VFG@P+G8hC zr{RpTW+v;echNr6J!To$gZv!42p>c3?h}}Zv18nhl29F`qLy?p*2Jq(^$JXW9@Zki z8r9AwRQ)HhI=&Ghp_51$@33YfBwS?zTdm{b{x1+YGcQ(j)HLBih ztcA<4J#NIV_!8<}pToMSzjdg7J*56(hHX3dROpaaw^xfzGx z7SwM47S+LNtcTSmxgE5?B=S8_D>l@WUyW+N2&>^NtgrLGkc5_G1M0y|s1Bb%jeIYv z!-L2Hus%S|p#7EZW*dfDu}P?b&%^<^5cT}?sFivL)$W(5O?nz5dWUgWxg)o+D*5hM zAN!%cfD=r432LT`unTTL&FEEZg>PXWJd3KAHrZ`=C~5$cQ4=gMMY3^@JBkVPvMNHL&Jc?#x=EX5I(262puW z@uL{a%0aE@5TD!LIMm*`3RQm^YG6g!R_FgZ5(6oC2z%p6)B|m^-I;bq4Qz816R4#>gnI52YJxR#7%2T)NhGx7%~gP@SP^@nmb@=k#$l)j z$C&&CY(RbrR=`=Pfy_a*w+yvX>#!1TLACcFHpA^0(T(>=sN#pHk)J@7|7P+Pa^209 zgt3&jL3Nah>bN)R`3%%19D$m-$CS^;D&((6wZ9hiVY(}q^>0DqF;j35HS*7~3Z6tQ z@z1D{SM$3a)kAHv)~JU1VPhPP8rTd>!4g#accAL;F&;Ah;Aj1Hqsnym9oeXnr(;_j zgBnOFYL_oUZJza*j1Qm&_&RELA2a3kXSf4NM;*tZ#wn-)hp{p)j*!rjtVDHu8*1cb z#zSb6{~fi&&GOt=(+Ra#dZ6~iAgqR$q8c8H`cPeI^0QFSM^G!Yx;%e73C-{!)J&c< z?ngCz1U2Gg#vf1(#N@jsqTYE^jK{91cKV^(&BUrW2{nK$tbrk9&I+Mx!LhOIFj^(sA4dH==c#xiWm zjYrYO1DK8{O+Gc?9=FR-9ePoxq!cxQ1(=8{F#&H!4Sbu)??BbtZ+r)9>imC9q6Yqm z9q>=o`R`EZcGMNMyN6MGfH9V%A?HIzxfZbN!ia1L?+z#+j%F*P#aV7`DN;P!0Zqnn<%*uES6(8b%v8 zpa!rDwFy5r`6WoZCr}!ct5ts z&rq8=agO_n>!MA*BQo%aHHt(M1#?V=RmOXb&!Udad#GLhDeAPGK%M_zQ9nWzuXSf! z6?N_#U<0&K&-Fn~XfSH#6R;-zThmD-QZNVgz;aVz3+jQVO#T(r3Vno{(MeRpXHWyO z=DGt-z#e29p~^E+--#)x=Y6PGHWTCM-`Y%~E8dUVghz1%{(+f%UL16imB=b<*!YE-=~SP!2- zE#a$JACI91bQZPiG#d6f1*@$U)08`Og?AC9Os@Df~x`v@vVzS8xQ7aNzOhTLDMpJM* zY5)(QI(`B*^1bH%`=}-V9DCzWro8hKx1$Wys~e4dF$Y`YJ!s==sQV|dA^lqwm%2;R z90zh^AZiI0VN2X(?(f4^+7hDA)yL>?1tB47kt`y0^`UxyTRQwEm14d9<_u6OnxM4iKn4vI2*NsYp@#LfvUe1 zlkrK^k+cqzsEF2b_rXf2ip@}`qCGaj{uqywQTKDP0v2OcEWvnOgjH}g>J{CBmGLdq zUO0?eiSIC?#P1~3V8RNsM8*zSiSoXv4hExUJ_^-f7Ha8dpk_M9laa4Yu2yHU>_ z#%lOIYK4AT!TPJ9)=GD?G(k0VC91<*td2p9$B1#cxxXGYkWHw8Y(+MewF5QqgQy7} z!4CK>YG4gkxqGR_D%QU<1(#Bw24)$TqB>rW3AhC{fHLE5)C^ulb@Ul(z{jyYo<>Aeu)cr=N_IKne^KwuUh6j01J!XlYG5O zdQ>}GO#X3Hhr2NeUq;>k0M*`ctfTX9IqppBqLwrjTVo&NRBS_jDe9d*f*Rm=?%4X{?23F*@^gX6DA`7^D7mrN!_s+k~!9T&y>dL0Wecz0Ez{y2_+CVLWjk zW&QAoZkp>U@;gbVVtXQ$^oK+yXq4~ELf z?>70@NWV*Hbz;r)x>Z8iL&UG7eZ)^Hq7cb;u_Ld;)BF*#3j-9PvU-V zM9jk*@K4JA?ecMN6fuCCg9-h=X1>PCl<8CZ8sR6cYd-eF$1xwZS3V$gz2#yh>iu)l ztQUwaRQ!opKzan~n&D#IMZPMX4Z-=8^(WpX#uIlC<(H0{uD!$}>J|_+d9Hx`v&7}( zE0Dhtbwwuf$A8FZN570K@D_8k2KFMaE7Qg5Ls<^doO~V*GvzO03Xx4DP~MQx<;8)- z7}D>UvbIKwG=Ki<6!C;9+-dxoGX1*sCx0B@CuWh}hPrAni}I_hd1fR9Q%zy_@|(uj zsq;H=z|?(+@;N$xt4S=N@P@xVpbv!pex`G)E8RSFC+Yp9w-QfB@9>*I`ZLnga6GYy zw7!Jp*I~-auW_U~_R(vO{?z<$ie}ya!Ko(c;Z%wvsuTB+{|$%Y3pfwI#XE^hh?~jl zx{0)|o_L#^v~I;|#AM3G;vQ3{JI*F*6Oq&0I7i}MEFm&T>w1`oHR+c~uO{7%c%FF9 zl&jvaq~ACBbL5{PrkMP5qz@3+lCMMP_dtIih#@_f7_Rw$LgH)UYT_3{*IbwAU%{1J zMsy&)Ee}uS?Xl2U2*ZZ%?PJV#Gqoi|)I>g=N zbv=V4Flh1>@Jo}f#B(#b*Nl7u>4Bs#CuWkr1$B)g_L5&t=&EAePWpEu(w9G8rSLMs zCatR#=@$4oahh~K(ULTMSf7#p7XL#mBi#%;5+4)OiSla)iJIKMjW|U54DnI5N93K!$2CLM*|;)w<{plhhHko2b}{h@I(WwTVtT<;mL;Qk4d-bmUe&X!lgi*^2v zQ24wl`~$xs|1qKK9pW%?kI8StPUJ&)g7|`Tkob{wWo$ysCYBP%DAV;M@t#R9#Y!fv zd!6;8)7ljDFy?Y2S$EC#1?5G=QQ{D>kMMKvI$}R@ka(N27Q~;#ON6cf@l`a%|1S)` zr~JR>UYL9`>4=xa?WWMwwU(48aJfl0z^x|jq5eAa%zr7nm2@JnY8C0XiO0zIB^H`G zdaRiElBhzxKPaC<`jmeE?;`OA(UiiCs1xxP>8XEvn432e-Z4xd29ti0*h9J- zv5WMh#17&V`8)7x)b$PV3i;;5IMO$q|N9r2>nU7M)MA9?*W)Cvq)gY(n2vpj2`V7} zAW@&>SZql=Oz5hL(@nZDUP_d?x2z}dthpDR?HV%o5;IKU?WST31BoZSg;+~;;QmQs z5^Q>q*zg0C5%RYt6k)m`jfKEKQqmQPLQ}t%k)r7T0@@YpQZ~|*cfvMAQ_9oy@m)fu3(=9#^@DMu zu_0xzIw#t%Ygbh4v-3Q*r!dc-<;n6tUshme7Z+st0|h=iD-aC&vcjHxUqRScHl;)L zxFnA^-(TPlg@Yb%AZQO7Gl(AH+f)Ime1=8Cin9c6+iz_MrThyyU-J4ByM@x-bu&f zstr_kZa15!-0&~Gm!(`YKeoQtXJ-!0w1Ylo6ZCsMcE7%Mk4|aMeV&(Ubnn=uTgSAX zc3PM8uDzT&(;EL(l9t}BXW8ay<6`ViojRZYPc>_Fp|8Ns^B2sp!vSlYKc~QUdU*qF z7)c<=kSVo;#RYaa*T=d=7cR_t*+G9!ZaA-`Y`OQVn6glIX-uQRgY3T+EF1{72{Fe| zXjUNTe48^QHt2D><@R(+a=&n{@eg+%@IP9CHl5Px$^UTU^ih?|m-g%F-^Wz23j)re zyjE!#wtcgC9oBfplH55fP>}7me$JJ^lj6o8P~Q zHPSQNpI@ABXZ!Pfc5z`|z~i+;{!*Xq4>^1CUry9Ky@7DZW&t$5H3iEn(1`Q#s=7|s zKuUD1mj}AlnU(7{;Pr(41vz$3Fi>3Rv@K~`)4C)WWVf8Z@2o0nRH3-g>%3l6zbU%) z&B}QHUfcO2aAkw@&$;zNK1T2L1WTMpf=!dNJYioBGyVHhcF5-mX60%S8t+|&!y5bZ z3j@LEurwR?SfIEd9BQLEJ6(z!HTY+#Y1HovIa7-2Rmmz2g#-D%pfVNRX-z3gb$msM z&bp#*Q4bb%lr{d*js{rwA0>7!FN@KtrP#rPL}fD=rJY5=%lo_2_4@LB(edi7{9|(G z??gxP|86;}iyFqMj&q=>UZ?Yw|8>M`#)bfJJ4(hGpHMjY-eZqO{Y(Bt-szxT5&_?KgAC_ z-kB>}U(n@07rcDrp|bc{#WBu;*%y^PGdm|HCgh})rts&`(oy_*b2PoPbZb3*_okIx zc($FAIej9-IBW%;X?dI|^)X`bz)agyOtK)%w^N@0>w+p~26h3TP}>u-J?>W}o5N6k z%j@GH=9Ql%?*s?d5onxH@UH$k`_An7 z&7FDkYdR0kPv{foSlhFLfr1<>)BP5C?JQ4$z6#TrdY-3XM)YfPL2GS7&Uf>BbTQTV z4G8-^d3+?i);M1%q|cvjg~Fa-*yrUt$!9*Fgfn_Uub8&Zk_9QlHP#Cn4Kc>(bNQZd zR&KQ0^Y80_+;WaBSP`e@oEZx{*_VfWL1yI7%d-o7bjjCQzgLWa8U?;tWxE$9#5e~Q zHH`6;eYNP3n96*{^r3X_T)Zs$DNS9{EY|io!^HKB{?K+C8F{M!$l nb>YvMUCe`JXI6a~(|9aDz5M8Sqrby5c_G>n=2!U3HIx1iJDOX% delta 12943 zcmZwN37pOK{>Sm(8NCXsu^KfiMTA*vUZZb9nQvXxWbh0 zGvx=d2IVJA`B|(<{ya9v$W+T>fvqI0L;qGg5|ywg>cK43jE7-8EWlbg7pvk5tcwqz z2KF>+>0d?F{{gks5owwsontMGLp|RT)lVvh)Id)Xn$ZZ<%=1tUmSP4zhT6lAP!C>2 ztyoMttA{O61MZIXaU|;gR7}E!7~U$ZP5yb*K=-Ay{}XjxVH;HWT-4HS z!G^dC)#1me8U2LXQ;jkfs$xrQgpIL}alCOhY6aF}9eg5#_1BEHQ=q-wi|X(l)QFFv zM*5|>e*yKNtCRCw9IE5ysQMYG`k7c4hhrpqP&1!`sz2N0mxoN^5!4cH!|HedHPa)g z0iHGGmrw(U>Fn%%A~qqPZt~eC??Fvy0jj;FsCMo*`3)u?Dkq^C??H9=p1JW2s)6&U znO#D?PLW+KD;aB`_Bs>ea3nUv0@Q$(U_0E1qwx^7!Q`&a){H{(A*+~#8h#kHG#gM$ z_abVK-$D)WQc2n z??WOUCu4n_gH3S_>cQvHjR!FSe?&DL)59rmk1fa#LA6tadhSltN<4~seLq08|2rmP zY){s|A&F!Xjc^d^MjmPa^Gx|;sD^i95*{-5FCkxVE3ua|qw7!|6{6~|MmKImwSNHB z{@17hR_e|A>rf>2b{ZIf{LWYfsHMCIb$>TD#&1zGs?x`@T4OiVfF_{s--+tz2~g`5%IL_sPyrlXc}12)40s0My8M)Y;^4N&(}(2d#H6mP>O zxXP4oMb&#BwIb(GTTr#1Goa=n61p)E`IuSbF%4HCt7N^3Dd_6&ypCzuoP1Z*CwdHO z#TKBx3tLe$e+{*@CyWa7Z;kkBWzCsx9Ns4vxE)O$Y;HDV9yHJyX% zXc6kYf57;R@io){kD{Kth^k-rTBm+%V-xR^~U1 zK-YDSk*EPip#~I(nrS1{(r2K~LN;nbMdp4P>ch1bwKbcu5&c_xN$Aj=L_OeQ+DTX! zwKAEgh6ke#X#uMK{g{p~Vh{Wd^%k@q?0hHsquz$`sEN%&4a`QhQ;wl7Bu<$M4Tm^O znSq*FChGL}MXk_i)R)qan(-Wr#x>X#*I^_cMor{XY>8*E1=bnrY*81~geDGU{rN$& z=1`#5K^9E$D~pXe6qmsi-Agh_Sd1YvC4?-;G*<_fYMe zMAiQdt7GhN=MXmzk>Gz;8h>hF8EVN_qV{+LcE>j`9jy`0_n;%X$>yNym0<^b40+?M zgV-A5MmkHLi8@mr)Z4Kf(=fD$gong0sD?)0=p3R_;~LZq%26}lk2+K*u@hcK9lDI0 zoB<3s&c$TPH)AS(j5<>>qnv-7#v=WNtV9yA+{i@j?GRK)Ueun=H?Bj~dkJgf0c?-Q zup>s_?Cf|0D?=lI>UxcbN(YP+M{Yuf?xWr@g~y zr-RNIPku0}gGpEir(+y0Hs$M3?LUiEaXZ$>*RYD-|4&Ki!IP*C&!a|O=@zHMIOJek zjZrfwL>;yzs1;j_8u*K-=Uzjt&>>WNU!&^(irTu!G0uS97>c2w6A6u|7wXG53RON6 zHN*LshHFtXc?(q|-AjQ+`YtBp zanxa{cB|7s9n=h4;b2V1ES!TiaW`sU2eB<4LbZ3aE#^ zIx}B~NVFqy0kxE^CO9LTfEt(&wUl#FhiWBi08g0m9jFz12NUojHpY4rodIW{R;CB) z=e;lL5MGPg;?QssTB@ z)WEW_4d!AuT!yOm25KU2V-)>cr%b{3sKXKAahAL>YGqPQz9*`KVWyk74+~|F@E0Wvw?*Gv1Ht_%N!0Pf&;NG-~F5nDY31 zXOCN>I!Hx*fO=sw9A@&jp$1-tIupxLhx*=p)?XukiUM`?9O`hrj%w%_YCvbOC0;}| z>@INX^+i25#^k3M%ZzJLTl6f3_Z-`hKZVg)-OKvxbl3Abho&vIAm0Nu!ilKE6Ts%U z88x7TsKa{9_zP;l(Nml)OhBzjGgQZE=*EG@0@Qb9afpOwumP*!3#h}h6LlsIU{!n< zqwo{dR-82X-%!v0ff`t?sZPEzYKFvHQ>+$lPE$pFwb~5s-uUo8a|6^ zXcwyC_b>)OMh)N;>iKi1Ep!z+&n2Mptxz5JMAhqy)%E^olc-9;IH$lWKs8)~TH=r? zUxQkq^{AEDh#JT?Y=tkQw(?%tWG}3;0W?@ zv!eV?2UAchQ;K?^47HT^8@HmiXg_KK$5AWsFYJtoMb3;zpgvGR;|f$e8!^;~#2ykl z^~bRtx^8nG=zyv?5Ve#OP_I)NYDN#CPWK+vYkAao0aZUS;0&-g>bV=S4f;?Ys`~=$ zzee^V1#0L6REOW89&iPn@TkRe zRX@+%pMzSFRpC7Qzn+91cmXw|y{LxYMh)l)>izx-JLAu$Jn44lJJA`{U=QqoLopI( zVMh#MBYYOK@E{Js*x8&l`nSfBPzMW9AC^_9Jz9rqcq=x`e*%TRmvC~834QK$Y5)QWtMs`qcyz-r8O zI%tLUp(n)$SJ5!1m2$|8?Uy1*!Opu{q146&Qiql04%SRQ)1U0}D|D ze9+{dLaop)Ou@aVtvHXG;00`pweN5aYvvskXvDWtphGejlkq;(NZ-J2cpMvJ{5T@RlAJj@#3Y9q{tBu-4K5gKJFryQcgY zYDLasPpq=Q`Qr6QH~Fck`^!)(@i;caU6_R@P%GGcq4QhQ2e}`z@<`~Dy9o6ye+I|m z5!6gG7C9aC!=~i(P%~bDYH%&;RBy)?_$F#)&Y1hwozDNoqX}vyM;Pa0B>h{@k%;2P zOQOIi#`-G}yUZDRBC4ZKs1avkdmMlo*lnl*%*3j=1c%}p?2e~Qd6VVNho>#-P^O^z z8DSi6?oSDk2=5(gWb?2Fu0(aP4s}>IVkGWF9mZEtTX7UM(=V_F{)`&nADDr$E1d60 zf7Dh5Q0?4_8c=ANsc=75r(iGY6n}`C`M*#DX@0k}BFU%+yPAAIRL4V6&yPj@+7)0e zT!0$zJ*c-~lW{9DkdXBP2|c(2)zE&EKaARfQy6}q&3$X7(_l^1j9MD6!J6c6K)rtB zj0-S{{ASb^eu$dDr&vYr|2HJGBxg|#p2G-?Ugc~}HPk>FqaI8$W}u6_u0g~vCbJZq z5Pc}yif2su8S*cawu!x@I}_1*|1&7)N;D=uCjS(nE1mo)CmH_x41aeMubHw}xnFU0 zCOw|aBD{`xm~>a7FYzAvJwyU=8=)(mm`^$sBvEJznUJ-T^nQE|AHqaDP8=Zp81WpT z??1oP)+@w3LfhAnI=b}R(IcF4{(MJyTXXLQe39aB@k=7s#rnTOVj}S$^H2-Yw-WD| z{EMX95Q|KH0qM6$YmZAwzll3g*PZAh`Z?L~Uv23I%09rya2)FE>0GS;KS{ObhOSin ziD*fBAn^#1O#WNc|A$OHQ}3iCeuSYoj`)Uj4x!6UR3Sd3TvxX78GM^)+@lOv=z?STU!)(K zik0*Cn~PNB=m~bG6kPfN7pC#6+VS&rcC80^@oe^LCCt1 z8*9nvhvR3`K_ZFxiF|G17h(c=T~Fgy)a&?xDa#_QFXSkbf0Fdo*R5oR6aV1;Btk!2 zUl0dK_jECp56R>cgDB8-GqKa8&yxO%^d*yDfyG1|aV_`WAao5Te*)dOSp{4jNT=dW zs4LmQnt?YEm9@%R%1*>h#7N>UQ<-G=x|hFRqOK{w&zMBn^`uj%o?;Naul7Ei4$CR65YaRLCL`Mn|i1$g? zysFNCtJ14T_aR;<`1!DA;VB~1H1>XY{mJ-=&xm&1^b_le5vEcb)NlADqAH`$;ob|R zm!PgOMy0u@^8UbzVOiU%8r#j}^hc8if1V`XS;trx2@tdhLob-F7i|`3zmMIVK zf1=6!jCYxIC482Or5M23I1}698lvKQn6j#5-X+G9zMs$)>0tFXzDfDJM0fJbi5*V4 zbN&`{qrG`>EH{27J|&J&_Bwt}yk+h$$A6pjzbWrR`ZRXO+NPYW^{W1GeNX&Gc{9A8 zC?ZandXMY-UqFGbNkmI-M1^zwBf?Zt_VQI}<%@~uDSLsa!4^f~7Gez%Pec-9i9Dj> z$|f<4I7HbYQ&`iPKmUDC;cXPUXzWJ3nfy@v2DjkLM8#S82kFJcX6_xuuZc&AX+%@X zZo#JsT?ff;a+20Hq;=)vgG4>j16q-oK%x#75OWA!D~SJ)UTgB3tf-<|$*MEUkkZ?!6aeayF!_U;Mu%EwMDji{78DBJ#S(!LrQ z$?56I>7CtaY2DMVv3KS+`tOqRuX0DavQi8D(>$rZk{Q8iUSDee5yP^R`wtkEdV{C9 zuP4VB%ntaccyfz_sll1S?3`e*sx_?0<8v2!eN)}Vert$7-yZGpm&Z(g+vQ3r|0sW! z%bx1(ACVKVw|TqRO{YZLpL@@^QtY>) zc}dU{_-mov^Y;1?botNQ#tfp#pohWb<gSI@LhU~%RMCcAI~Z^G4aP-rM`gCF zBq7{DSukD?Jsj*hjaxanx&9I#OJv4Y@%WV?I3>RPD^<-JU8&N)@BbLOY5C7P;Q>u6 zz9~en;ib&;6ng%9w$7IPy}V-a|9&UD{C_Y0b4CAtE2ow-V|T?Zds2yC3v#@qeoc2U zXZn@HuzGr9-Dp0&M_(;s#V-Bz$P{t%OZ|a7XJ6T?D+^Px2A({xy=D5(O=%|JDGqo& z)2ZgpE#a(9^925^Z|^OAnZtX>jAeGl?RBFoPD**lnI*hH_LH+Rd5uoa%6Hk<&u(e^ zXWwA&!c((1#(VSJlV-Y$3q0#V{;w~h{V*aP+?nMGj)T0ozt)IBXcpmO)Znp*diMG57D7Hx6G=oI*U zlfC)&$*#1x1C`Pjx7PNDPk#86 z^$W}_V$FG|gzt)0qVco SRpZydJ)L#nwAdfmxBNeMmxmPq diff --git a/inc/tpl/install.php b/inc/tpl/install.php index ec655dea7..f2f1f8781 100644 --- a/inc/tpl/install.php +++ b/inc/tpl/install.php @@ -22,7 +22,8 @@ * along with sysPass. If not, see . * */ -$errors = SP_Util::checkModules(); +$modulesErrors = SP_Util::checkModules(); +$versionErrors = SP_Util::checkPhpVersion(); $resInstall = array(); $isCompleted = 0; @@ -32,7 +33,7 @@ if (count($resInstall) == 0) { $resInstall[] = array('type' => 'ok', 'description' => _('Instalación finalizada'), - 'hint' => 'Pulse aquí para acceder'); + 'hint' => _('Pulse aquí para acceder')); $isCompleted = 1; } } @@ -48,18 +49,20 @@ 'warning', + $securityErrors[] = array('type' => 'warning', 'description' => _('La version de PHP es vulnerable al ataque NULL Byte (CVE-2006-7243)'), 'hint' => _('Actualice la versión de PHP para usar sysPass de forma segura')); } if (!SP_Util::secureRNG_available()) { - $errors[] = array('type' => 'warning', + $securityErrors[] = array('type' => 'warning', 'description' => _('No se encuentra el generador de números aleatorios.'), 'hint' => _('Sin esta función un atacante puede utilizar su cuenta al resetear la clave')); } -$errors = array_merge($errors, $resInstall); +$errors = array_merge($modulesErrors, $versionErrors, $securityErrors, $resInstall); if (count($errors) > 0) { echo '
    '; @@ -78,22 +81,19 @@
    - +

    - - +

    - - +

    - - +

    @@ -102,16 +102,16 @@

    - +

    - +

    - +

    - +

    diff --git a/inc/tpl/login.php b/inc/tpl/login.php index a97e027d2..9a1226988 100644 --- a/inc/tpl/login.php +++ b/inc/tpl/login.php @@ -37,11 +37,11 @@

    - +

    - + diff --git a/inc/util.class.php b/inc/util.class.php index e58e4c967..39c79e193 100644 --- a/inc/util.class.php +++ b/inc/util.class.php @@ -99,15 +99,18 @@ public static function generate_random_bytes($length = 30) { * @return bool */ public static function checkPhpVersion(){ - preg_match("/(^\d\.\d)\..*/",PHP_VERSION, $version); + $error = array(); - if ( $version[1] >= 5.1 ){ - $this->printMsg(_('Versión PHP')." '".$version[0]."'"); - return TRUE; - } else { - $this->printMsg(_('Versión PHP')." '".$version[0]."'", 1); - return FALSE; - } + $version = explode('.', PHP_VERSION); + $versionId = ($version[0] * 10000 + $version[1] * 100 + $version[2]); + + if ( $versionId < 50100 ){ + $error[] = array('type' => 'critical', + 'description' => _('Versión de PHP requerida >= 5.1'), + 'hint' => _('Actualice la versión de PHP para que la aplicación funcione correctamente')); + } + + return $error; } /** @@ -169,7 +172,7 @@ public static function curlIsAvailable(){ * @return array con el número de versión */ public static function getVersion() { - return array(1, 00, 07); + return array(1, 0, 8); } /** @@ -177,7 +180,7 @@ public static function getVersion() { * @return string con la versión */ public static function getVersionString() { - return '1.0-7'; + return '1.0-8'; } /** @@ -224,9 +227,6 @@ public static function checkUpdates(){ } } - - - if ( is_array($pubVer) && SP_Init::isLoggedIn() ){ $appVersion = implode('',self::getVersion()); $pubVersion = $pubVer[1].$pubVer[2].$pubVer[3]; @@ -264,4 +264,4 @@ public static function logout(){ echo ''; exit(); } -} +} \ No newline at end of file