diff --git a/lam/templates/config/confImportExport.php b/lam/templates/config/confImportExport.php index ac51aed91..ec48d4d57 100644 --- a/lam/templates/config/confImportExport.php +++ b/lam/templates/config/confImportExport.php @@ -73,6 +73,9 @@ if (isset($_POST['exportConfig']) && $cfg->checkPassword($_SESSION["mainconf_pas try { $zip = new ZipArchive(); $zipTmpFile = tmpfile(); + if ($zipTmpFile === false) { + throw new LAMException(_('Unable to create temporary file.')); + } $zipFile = stream_get_meta_data($zipTmpFile)['uri']; fclose($zipTmpFile); $zip->open($zipFile, ZipArchive::CREATE); @@ -80,7 +83,14 @@ if (isset($_POST['exportConfig']) && $cfg->checkPassword($_SESSION["mainconf_pas $zip->addFromString('lam-config.json', $json); $zip->close(); $handle = fopen($zipFile, "r"); - $contents = fread($handle, filesize($zipFile)); + if ($handle === false) { + throw new LAMException(_('Unable to create temporary file.')); + } + $fileSize = filesize($zipFile); + if ($fileSize === false) { + throw new LAMException(_('Unable to create temporary file.')); + } + $contents = fread($handle, $fileSize); fclose($handle); unlink($zipFile); echo $contents; @@ -244,7 +254,13 @@ printHeaderContents(_("Import and export configuration"), '../..'); } else { $handle = fopen($tmpFileName, "r"); + if ($handle === false) { + throw new LAMException(_('Unable to read import file.')); + } $data = fread($handle, 100000000); + if ($data === false) { + throw new LAMException(_('Unable to read import file.')); + } fclose($handle); } $importer = new ConfigDataImporter(); @@ -260,7 +276,7 @@ printHeaderContents(_("Import and export configuration"), '../..'); $validUpload = true; } catch (LAMException $e) { - $content->add(new htmlStatusMessage('ERROR', htmlspecialchars($e->getTitle()), htmlspecialchars($e->getMessage())), 12); + $content->add(new htmlStatusMessage('ERROR', htmlspecialchars($e->getTitle()), htmlspecialchars($e->getMessage()))); } } if (!isset($_POST['importConfigConfirm']) && !$validUpload) { @@ -277,14 +293,14 @@ printHeaderContents(_("Import and export configuration"), '../..'); $stepCheckbox->setLabelAfterCheckbox(); $stepCheckbox->setCSSClasses(array('bold')); $subStepIds = array(); - $content->add($stepCheckbox, 12); + $content->add($stepCheckbox); $content->addVerticalSpacer('0.3rem'); foreach ($importStep->getSubSteps() as $subStep) { $subStepKey = 'step_' . $subStep->getKey(); $subStepIds[] = $subStepKey; $subStepCheckbox = new htmlResponsiveInputCheckbox($subStepKey, true, $subStep->getLabel()); $subStepCheckbox->setLabelAfterCheckbox(); - $content->add($subStepCheckbox, 12); + $content->add($subStepCheckbox); } $stepCheckbox->setTableRowsToShow($subStepIds); $content->addVerticalSpacer('1rem'); @@ -294,13 +310,19 @@ printHeaderContents(_("Import and export configuration"), '../..'); $importButton->setCSSClasses(array('lam-secondary')); $buttonGroup->addElement($importButton); $buttonGroup->addElement(new htmlButton('importCancel', _('Cancel'))); - $content->add($buttonGroup, 12); + $content->add($buttonGroup); } elseif (isset($_POST['importConfigConfirm'])) { - $handle = fopen($_SESSION['configImportFile'], "r"); - $data = fread($handle, 100000000); - fclose($handle); try { + $handle = fopen($_SESSION['configImportFile'], "r"); + if ($handle === false) { + throw new LAMException(_('Unable to read import file.')); + } + $data = fread($handle, 100000000); + if ($data === false) { + throw new LAMException(_('Unable to read import file.')); + } + fclose($handle); $importer = new ConfigDataImporter(); $importSteps = $importer->getPossibleImportSteps($data); foreach ($importSteps as $importStep) { @@ -311,12 +333,12 @@ printHeaderContents(_("Import and export configuration"), '../..'); } $importer->runImport($importSteps); unlink($_SESSION['configImportFile']); - $content->add(new htmlStatusMessage('INFO', _('Configuration import ended successful.')), 12); - $content->add(new htmlButton('importNew', _('New import')), 12); + $content->add(new htmlStatusMessage('INFO', _('Configuration import ended successful.'))); + $content->add(new htmlButton('importNew', _('New import'))); } catch (LAMException $e) { - $content->add(new htmlStatusMessage('ERROR', htmlspecialchars($e->getTitle()), htmlspecialchars($e->getMessage())), 12); - $content->add(new htmlButton('importCancel', _('Back')), 12); + $content->add(new htmlStatusMessage('ERROR', htmlspecialchars($e->getTitle()), htmlspecialchars($e->getMessage()))); + $content->add(new htmlButton('importCancel', _('Back'))); } } } diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php index 0eb8a6c34..976b06cce 100644 --- a/lam/templates/config/confmain.php +++ b/lam/templates/config/confmain.php @@ -411,6 +411,9 @@ foreach ($tools as $tool) { } $hideableTools++; $toolClass = get_class($tool); + if ($toolClass === false) { + continue; + } $toolName = substr($toolClass, strrpos($toolClass, '\\') + 1); $selected = false; if (isset($toolSettings['tool_hide_' . $toolName]) && ($toolSettings['tool_hide_' . $toolName] === 'true')) { @@ -769,6 +772,9 @@ function checkInput(): array { } foreach ($tools as $tool) { $toolClass = get_class($tool); + if ($toolClass === false) { + continue; + } $toolName = substr($toolClass, strrpos($toolClass, '\\') + 1); $toolConfigID = 'tool_hide_' . $toolName; if ((isset($_POST[$toolConfigID])) && ($_POST[$toolConfigID] == 'on')) { diff --git a/lam/templates/config/mainlogin.php b/lam/templates/config/mainlogin.php index ad57e3508..0bde64853 100644 --- a/lam/templates/config/mainlogin.php +++ b/lam/templates/config/mainlogin.php @@ -73,17 +73,7 @@ printHeaderContents(_("Login"), '../..'); read()) { - if (substr($jsEntry, strlen($jsEntry) - 3, 3) != '.js') continue; - $jsFiles[] = $jsEntry; - } - sort($jsFiles); - foreach ($jsFiles as $jsEntry) { - echo "\n"; - } + printJsIncludes('../..'); ?>
diff --git a/lam/templates/config/mainmanage.php b/lam/templates/config/mainmanage.php index 3a8a5b7de..da26739b1 100644 --- a/lam/templates/config/mainmanage.php +++ b/lam/templates/config/mainmanage.php @@ -142,12 +142,14 @@ if (isset($_POST['submitFormData'])) { } if (($cfg->licenseWarningType === LAMCfgMain::LICENSE_WARNING_EMAIL) || ($cfg->licenseWarningType === LAMCfgMain::LICENSE_WARNING_ALL)) { $toEmails = preg_split('/;[ ]*/', $cfg->licenseEmailTo); - foreach ($toEmails as $toEmail) { - if (!get_preg($toEmail, 'email')) { - $errors[] = _('Licence') . ': ' . _('TO address') . ' - ' . _('Please enter a valid email address!'); - break; - } - } + if ($toEmails !== false) { + foreach ($toEmails as $toEmail) { + if (!get_preg($toEmail, 'email')) { + $errors[] = _('Licence') . ': ' . _('TO address') . ' - ' . _('Please enter a valid email address!'); + break; + } + } + } } } // set session timeout @@ -237,16 +239,28 @@ if (isset($_POST['submitFormData'])) { if (isset($_POST['sslCaCertUpload'])) { if (!isset($_FILES['sslCaCert']) || ($_FILES['sslCaCert']['size'] == 0)) { $errors[] = _('No file selected.'); - } else { + } + else { $handle = fopen($_FILES['sslCaCert']['tmp_name'], "r"); - $data = fread($handle, 10000000); - fclose($handle); - $sslReturn = $cfg->uploadSSLCaCert($data); - if ($sslReturn !== true) { - $errors[] = $sslReturn; - } else { - $messages[] = _('You might need to restart your webserver for changes to take effect.'); + if ($handle === false) { + $errors[] = _('Unable to create temporary file.'); } + else { + $data = fread($handle, 10000000); + if ($data === false) { + $errors[] = _('Unable to create temporary file.'); + } + else { + fclose($handle); + $sslReturn = $cfg->uploadSSLCaCert($data); + if ($sslReturn !== true) { + $errors[] = $sslReturn; + } + else { + $messages[] = _('You might need to restart your webserver for changes to take effect.'); + } + } + } } } if (isset($_POST['sslCaCertDelete'])) { @@ -482,7 +496,9 @@ printHeaderContents(_("Edit general settings"), '../..'); $validTo = isset($sslCerts[$i]['validTo_time_t']) ? $sslCerts[$i]['validTo_time_t'] : ''; if (get_preg($validTo, 'digit')) { $date = DateTime::createFromFormat('U', $validTo, new DateTimeZone('UTC')); - $validTo = $date->format('Y-m-d'); + if ($date !== false) { + $validTo = $date->format('Y-m-d'); + } } $cn = isset($sslCerts[$i]['subject']['CN']) ? $sslCerts[$i]['subject']['CN'] : ''; $delBtn = new htmlButton('deleteCert_' . $i, 'del.svg', true); diff --git a/lam/templates/initsuff.php b/lam/templates/initsuff.php index 4feda7b20..faf1350e3 100644 --- a/lam/templates/initsuff.php +++ b/lam/templates/initsuff.php @@ -2,7 +2,7 @@ /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2021 Roland Gruber + Copyright (C) 2003 - 2022 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lam/tmp/.gitignore b/lam/tmp/.gitignore index 1de9150f5..79f723c85 100644 --- a/lam/tmp/.gitignore +++ b/lam/tmp/.gitignore @@ -1,4 +1,5 @@ /*.jpg /*.pem /*.log -/*.pdf \ No newline at end of file +/*.pdf +/*.tmp diff --git a/lam/tmp/internal/.gitignore b/lam/tmp/internal/.gitignore new file mode 100644 index 000000000..79f723c85 --- /dev/null +++ b/lam/tmp/internal/.gitignore @@ -0,0 +1,5 @@ +/*.jpg +/*.pem +/*.log +/*.pdf +/*.tmp diff --git a/phpstan.neon b/phpstan.neon index 855b82a80..6de3dbc88 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -22,3 +22,9 @@ parameters: - '#PHPDoc tag @throws with type LAMException is not subtype of Throwable#' - '#Throwing object of an unknown class [a-zA-Z0-9\\_-]+.#' - '#Parameter \#[0-9] \$[a-zA-Z_]+ of function [a-zA-Z_]+ expects [(]?callable.*#' + - '#Call to an undefined method object::.*#' + - '#Parameter \#2 \$string of function explode expects string, array\|string given.#' + - '#Parameter \#2 \$result of function ldap_get_entries expects LDAP\\Result, array\|LDAP\\Result given.#' + - '#Cannot assign new offset to array\|string.#' + - '#Parameter \#1 \$result of function ldap_free_result expects LDAP\\Result, array\|LDAP\\Result given.#' + - '#Cannot access offset .* on array\|int.#'