Merge branch 'hotfix/3.1.4.2'

nilsteampassnet · nilsteampassnet · commit 8a1cfbebaea3 · 2025-03-07T17:29:23.000+01:00
diff --git a/includes/config/include.php b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.4');
 define("UPGRADE_MIN_DATE", "1732981987");
-define('TP_VERSION_MINOR', '1');
+define('TP_VERSION_MINOR', '2');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
@@ -67,6 +67,8 @@
 define('TP_PW_STRENGTH_4', 48);
 define('TP_PW_STRENGTH_5', 60);
 define('MIN_PHP_VERSION', '8.1');
+define('MIN_MYSQL_VERSION', '8.0.13');
+define('MIN_MARIADB_VERSION', '10.2.1');
 
 // URLs
 define('READTHEDOC_URL', 'https://teampass.readthedocs.io/en/latest/');
diff --git a/includes/libraries/teampassclasses/emailservice/src/EmailService.php b/includes/libraries/teampassclasses/emailservice/src/EmailService.php
@@ -32,35 +32,6 @@
 use PHPMailer\PHPMailer\Exception;
 use voku\helper\AntiXSS;
 
-class EmailSettings
-{
-    public $smtpServer;
-    public $smtpAuth;
-    public $authUsername;
-    public $authPassword;
-    public $port;
-    public $security;
-    public $from;
-    public $fromName;
-    public $debugLevel;
-    public $dir;
-
-    // Constructeur pour initialiser les paramètres
-    public function __construct(array $SETTINGS)
-    {
-        $this->smtpServer = $SETTINGS['email_smtp_server'];
-        $this->smtpAuth = (int) $SETTINGS['email_smtp_auth'] === 1;
-        $this->authUsername = $SETTINGS['email_auth_username'];
-        $this->authPassword = $SETTINGS['email_auth_pwd'];
-        $this->port = (int) $SETTINGS['email_port'];
-        $this->security = $SETTINGS['email_security'];
-        $this->from = $SETTINGS['email_from'];
-        $this->fromName = $SETTINGS['email_from_name'];
-        $this->debugLevel = $SETTINGS['email_debug_level'];
-        $this->dir = $SETTINGS['cpassman_dir'];
-    }
-}
-
 class EmailService
 {
     protected $mailer;
@@ -102,7 +73,12 @@ public function configureMailer(EmailSettings $emailSettings, $silent, $cron)
     public function addRecipients($email)
     {
         foreach (array_filter(explode(',', $email)) as $dest) {
-            $this->mailer->addAddress($dest);
+            $dest = trim($dest);
+            if (filter_var($dest, FILTER_VALIDATE_EMAIL)) {
+                $this->mailer->addAddress($dest);
+            } else {
+                error_log("Teampass - Error - Invalid email ignored : $dest");
+            }
         }
     }
 
diff --git a/includes/libraries/teampassclasses/emailservice/src/EmailSettings.php b/includes/libraries/teampassclasses/emailservice/src/EmailSettings.php
@@ -44,15 +44,15 @@ class EmailSettings
     // Constructeur pour initialiser les paramètres
     public function __construct(array $SETTINGS)
     {
-        $this->smtpServer = $SETTINGS['email_smtp_server'];
-        $this->smtpAuth = (int) $SETTINGS['email_smtp_auth'] === 1;
-        $this->authUsername = $SETTINGS['email_auth_username'];
-        $this->authPassword = $SETTINGS['email_auth_pwd'];
-        $this->port = (int) $SETTINGS['email_port'];
-        $this->security = $SETTINGS['email_security'];
-        $this->from = $SETTINGS['email_from'];
-        $this->fromName = $SETTINGS['email_from_name'];
-        $this->debugLevel = $SETTINGS['email_debug_level'];
-        $this->dir = $SETTINGS['cpassman_dir'];
+        $this->smtpServer = $SETTINGS['email_smtp_server'] ?? '';
+        $this->smtpAuth = isset($SETTINGS['email_smtp_auth']) ? ((int) $SETTINGS['email_smtp_auth']) === 1 : false;
+        $this->authUsername = $SETTINGS['email_auth_username'] ?? '';
+        $this->authPassword = $SETTINGS['email_auth_pwd'] ?? '';
+        $this->port = isset($SETTINGS['email_port']) ? (int) $SETTINGS['email_port'] : 25;
+        $this->security = $SETTINGS['email_security'] ?? 'none';
+        $this->from = $SETTINGS['email_from'] ?? 'no-reply@example.com';
+        $this->fromName = $SETTINGS['email_from_name'] ?? 'No Reply';
+        $this->debugLevel = $SETTINGS['email_debug_level'] ?? 0;
+        $this->dir = $SETTINGS['cpassman_dir'] ?? __DIR__;
     }
 }
diff --git a/install/install-steps/install.functions.php b/install/install-steps/install.functions.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * Teampass - a collaborative passwords manager.
+ * ---
+ * This file is part of the TeamPass project.
+ * 
+ * TeamPass is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3 of the License.
+ * 
+ * TeamPass is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ * 
+ * Certain components of this file may be under different licenses. For
+ * details, see the `licenses` directory or individual file headers.
+ * ---
+ * @file      run.step1.php
+ * @author    Nils Laumaillé (nils@teampass.net)
+ * @copyright 2009-2025 Teampass.net
+ * @license   GPL-3.0
+ * @see       https://www.teampass.net
+ */
+
+use Elegant\Sanitizer\Sanitizer;
+use voku\helper\AntiXSS;
+
+// Check if function exists
+if (!function_exists('dataSanitizer')) {
+    /**
+     * Uses Sanitizer to perform data sanitization
+     *
+     * @param array     $data
+     * @param array     $filters
+     * @return array|string
+     */
+    function dataSanitizer(array $data, array $filters): array|string
+    {
+        // Load Sanitizer library
+        $sanitizer = new Sanitizer($data, $filters);
+
+        // Load AntiXSS
+        $antiXss = new AntiXSS();
+
+        // Sanitize post and get variables
+        return $antiXss->xss_clean($sanitizer->sanitize());
+    }
+}
diff --git a/install/install.php b/install/install.php
@@ -26,10 +26,6 @@
  * @see       https://www.teampass.net
  */
 
-// Define some constants
-define('MIN_PHP_VERSION', '8.1');
-define('MIN_MYSQL_VERSION', '8.0.13');
-define('MIN_MARIADB_VERSION', '10.2.1');
 
 // Prepare autoloader
 require '../vendor/autoload.php';
@@ -39,9 +35,9 @@
 include __DIR__.'/../includes/config/include.php';
 // Load functions
 require_once __DIR__.'/tp.functions.php';
+require_once __DIR__.'/install-steps/install.functions.php';
 
 $superGlobal = new SuperGlobal();
-
 // Prepare variables
 $serverPath = rtrim($superGlobal->get('DOCUMENT_ROOT', 'SERVER'), '/').
 	substr($superGlobal->get('PHP_SELF', 'SERVER'), 0,-20);
diff --git a/install/tp.functions.php b/install/tp.functions.php
@@ -683,25 +683,4 @@ function recursiveChmodForInstall(
 
     // Everything seemed to work out well, return true
     return true;
-}
-
-if (!function_exists('dataSanitizer')) {
-    /**
-     * Uses Sanitizer to perform data sanitization
-     *
-     * @param array     $data
-     * @param array     $filters
-     * @return array|string
-     */
-    function dataSanitizer(array $data, array $filters): array|string
-    {
-        // Load Sanitizer library
-        $sanitizer = new Sanitizer($data, $filters);
-
-        // Load AntiXSS
-        $antiXss = new AntiXSS();
-
-        // Sanitize post and get variables
-        return $antiXss->xss_clean($sanitizer->sanitize());
-    }
 }
diff --git a/install/upgrade.php b/install/upgrade.php
@@ -44,16 +44,14 @@
 
 require_once './libs/SecureHandler.php';
 require_once '../sources/main.functions.php';
+require_once '../includes/config/include.php';
 
 // init
 loadClasses();
 $session = SessionManager::getSession();
 
 //Session teampass tag
 $_SESSION['CPM'] = 1;
-define('MIN_PHP_VERSION', '8.1');
-define('MIN_MYSQL_VERSION', '8.0.13');
-define('MIN_MARIADB_VERSION', '10.2.1');
 
 // Prepare POST variables
 $post_root_url = filter_input(INPUT_POST, 'root_url', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
diff --git a/install/upgrade_ajax.php b/install/upgrade_ajax.php
@@ -209,9 +209,6 @@ function settingsConsistencyCheck(): array
 
 error_reporting(E_ERROR | E_PARSE);
 $_SESSION['CPM'] = 1;
-define('MIN_PHP_VERSION', '8.1');
-define('MIN_MYSQL_VERSION', '8.0.13');
-define('MIN_MARIADB_VERSION', '10.2.1');
 
 // Load config
 $configManager = new ConfigManager();
@@ -222,7 +219,6 @@ function settingsConsistencyCheck(): array
 require_once '../includes/config/settings.php';
 require_once 'tp.functions.php';
 
-
 // Prepare POST variables
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 $post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
diff --git a/vendor/teampassclasses/emailservice/src/EmailService.php b/vendor/teampassclasses/emailservice/src/EmailService.php
@@ -32,35 +32,6 @@
 use PHPMailer\PHPMailer\Exception;
 use voku\helper\AntiXSS;
 
-class EmailSettings
-{
-    public $smtpServer;
-    public $smtpAuth;
-    public $authUsername;
-    public $authPassword;
-    public $port;
-    public $security;
-    public $from;
-    public $fromName;
-    public $debugLevel;
-    public $dir;
-
-    // Constructeur pour initialiser les paramètres
-    public function __construct(array $SETTINGS)
-    {
-        $this->smtpServer = $SETTINGS['email_smtp_server'];
-        $this->smtpAuth = (int) $SETTINGS['email_smtp_auth'] === 1;
-        $this->authUsername = $SETTINGS['email_auth_username'];
-        $this->authPassword = $SETTINGS['email_auth_pwd'];
-        $this->port = (int) $SETTINGS['email_port'];
-        $this->security = $SETTINGS['email_security'];
-        $this->from = $SETTINGS['email_from'];
-        $this->fromName = $SETTINGS['email_from_name'];
-        $this->debugLevel = $SETTINGS['email_debug_level'];
-        $this->dir = $SETTINGS['cpassman_dir'];
-    }
-}
-
 class EmailService
 {
     protected $mailer;
@@ -102,7 +73,12 @@ public function configureMailer(EmailSettings $emailSettings, $silent, $cron)
     public function addRecipients($email)
     {
         foreach (array_filter(explode(',', $email)) as $dest) {
-            $this->mailer->addAddress($dest);
+            $dest = trim($dest);
+            if (filter_var($dest, FILTER_VALIDATE_EMAIL)) {
+                $this->mailer->addAddress($dest);
+            } else {
+                error_log("Teampass - Error - Invalid email ignored : $dest");
+            }
         }
     }
 
diff --git a/vendor/teampassclasses/emailservice/src/EmailSettings.php b/vendor/teampassclasses/emailservice/src/EmailSettings.php
@@ -44,15 +44,15 @@ class EmailSettings
     // Constructeur pour initialiser les paramètres
     public function __construct(array $SETTINGS)
     {
-        $this->smtpServer = $SETTINGS['email_smtp_server'];
-        $this->smtpAuth = (int) $SETTINGS['email_smtp_auth'] === 1;
-        $this->authUsername = $SETTINGS['email_auth_username'];
-        $this->authPassword = $SETTINGS['email_auth_pwd'];
-        $this->port = (int) $SETTINGS['email_port'];
-        $this->security = $SETTINGS['email_security'];
-        $this->from = $SETTINGS['email_from'];
-        $this->fromName = $SETTINGS['email_from_name'];
-        $this->debugLevel = $SETTINGS['email_debug_level'];
-        $this->dir = $SETTINGS['cpassman_dir'];
+        $this->smtpServer = $SETTINGS['email_smtp_server'] ?? '';
+        $this->smtpAuth = isset($SETTINGS['email_smtp_auth']) ? ((int) $SETTINGS['email_smtp_auth']) === 1 : false;
+        $this->authUsername = $SETTINGS['email_auth_username'] ?? '';
+        $this->authPassword = $SETTINGS['email_auth_pwd'] ?? '';
+        $this->port = isset($SETTINGS['email_port']) ? (int) $SETTINGS['email_port'] : 25;
+        $this->security = $SETTINGS['email_security'] ?? 'none';
+        $this->from = $SETTINGS['email_from'] ?? 'no-reply@example.com';
+        $this->fromName = $SETTINGS['email_from_name'] ?? 'No Reply';
+        $this->debugLevel = $SETTINGS['email_debug_level'] ?? 0;
+        $this->dir = $SETTINGS['cpassman_dir'] ?? __DIR__;
     }
 }
