Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix permissions issues on main.queries and users.queries. #4400

Merged
merged 6 commits into from
Oct 8, 2024
Merged

Fix permissions issues on main.queries and users.queries. #4400

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
955d43e
Fix keyHandler permissions.
corentin-soriano Oct 8, 2024
35e2b47
Fix mailHandler permissions.
corentin-soriano Oct 8, 2024
3433909
Fix userHandler permissions.
corentin-soriano Oct 8, 2024
7aaf9a1
Fix passwordHandler permissions.
corentin-soriano Oct 8, 2024
e46c17a
Remove obsolete code.
corentin-soriano Oct 8, 2024
c7f7f80
Fix global user.queries.php permissions.
corentin-soriano Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 84 additions & 25 deletions sources/main.queries.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,26 +425,69 @@ function userHandler(string $post_type, array|null|string $dataReceived, array $
*/
function mailHandler(string $post_type, /*php8 array|null|string */$dataReceived, array $SETTINGS): string
{
$session = SessionManager::getSession();

switch ($post_type) {
/*
* CASE
* Send email
*/
* CASE
* Send email
*/
case 'mail_me'://action_mail
return sendMailToUser(
filter_var($dataReceived['receipt'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
$dataReceived['body'],
(string) filter_var($dataReceived['subject'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
(array) filter_var_array(
$dataReceived['pre_replace'],
FILTER_SANITIZE_FULL_SPECIAL_CHARS
// Get info about user to send email
$data_user = DB::queryfirstrow(
'SELECT admin, gestionnaire, can_manage_all_users, isAdministratedByRole FROM ' . prefixTable('users') . '
WHERE email = %s',
$post_id
Copy link
Owner

@nilsteampassnet nilsteampassnet Oct 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$post_id isn't initialized at this step

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forgot to replace $post_id with $dataReceived['receipt']

);

// Only administrators and managers can send mails
if (
// Administrator user
(int) $session->get('user-admin') === 1
// Manager of basic/ro users in this role but don't allow promote user to admin or managers roles
|| ((int) $session->get('user-manager') === 1
&& in_array($data_user['isAdministratedByRole'], $session->get('user-roles_array'))
&& (int) $post_is_admin !== 1 && (int) $data_user['admin'] !== 1
Copy link
Owner

@nilsteampassnet nilsteampassnet Oct 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for $post_is_admin, $post_is_hr and $post_is_manager

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy/paste error.
We must check if the query returns a result and if the user has the right to administer the account found.
I will correct this tomorrow.

&& (int) $post_is_hr !== 1 && (int) $data_user['can_manage_all_users'] !== 1
&& (int) $post_is_manager !== 1 && (int) $data_user['gestionnaire'] !== 1)
// Manager of all basic/ro users but don't allow promote user to admin or managers roles
|| ((int) $session->get('user-can_manage_all_users') === 1
&& (int) $post_is_admin !== 1 && (int) $data_user['admin'] !== 1
&& (int) $post_is_hr !== 1 && (int) $data_user['can_manage_all_users'] !== 1
&& (int) $post_is_manager !== 1 && (int) $data_user['gestionnaire'] !== 1)
) {
return sendMailToUser(
filter_var($dataReceived['receipt'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
$dataReceived['body'],
(string) filter_var($dataReceived['subject'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
(array) filter_var_array(
$dataReceived['pre_replace'],
FILTER_SANITIZE_FULL_SPECIAL_CHARS
),
true
);
}

return prepareExchangedData(
array(
'error' => true,
),
true
'encode'
);
/*
* Send emails not sent
*/
case 'send_waiting_emails'://mail
// Administrative task
if ((int) $session->get('user-admin') !== 1) {
return prepareExchangedData(
array(
'error' => true,
),
'encode'
);
}

sendEmailsNotSent(
$SETTINGS
);
Expand Down Expand Up @@ -658,8 +701,8 @@ function systemHandler(string $post_type, array|null|string $dataReceived, array
);

/*
* Sending statistics
*/
* Sending statistics
*/
case 'sending_statistics'://action_system
sendingStatistics(
$SETTINGS
Expand All @@ -675,6 +718,17 @@ function systemHandler(string $post_type, array|null|string $dataReceived, array
* Generate BUG report
*/
case 'generate_bug_report'://action_system

// Only administrators can see this confidential informations.
if ((int) $session->get('user-admin') !== 1) {
return prepareExchangedData(
array(
'error' => false,
),
'encode'
);
}

return generateBugReport(
(array) $dataReceived,
$SETTINGS
Expand All @@ -684,6 +738,17 @@ function systemHandler(string $post_type, array|null|string $dataReceived, array
* get_teampass_settings
*/
case 'get_teampass_settings'://action_system

// Only administrators can see this confidential informations.
if ((int) $session->get('user-admin') !== 1) {
return prepareExchangedData(
array(
'error' => false,
),
'encode'
);
}

// Encrypt data to return
return prepareExchangedData(
array_intersect_key(
Expand All @@ -709,8 +774,8 @@ function systemHandler(string $post_type, array|null|string $dataReceived, array
);

/*
* Generates a TOKEN with CRYPT
*/
* Generates a TOKEN with CRYPT
*/
case 'save_token'://action_system
$token = GenerateCryptKey(
null !== filter_input(INPUT_POST, 'size', FILTER_SANITIZE_NUMBER_INT) ? (int) filter_input(INPUT_POST, 'size', FILTER_SANITIZE_NUMBER_INT) : 20,
Expand Down Expand Up @@ -753,8 +818,8 @@ function utilsHandler(string $post_type, array|null|string $dataReceived, array
{
switch ($post_type) {
/*
* generate_an_otp
*/
* generate_an_otp
*/
case 'generate_an_otp'://action_utils
return generateAnOTP(
(string) filter_var($dataReceived['label'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
Expand All @@ -764,8 +829,8 @@ function utilsHandler(string $post_type, array|null|string $dataReceived, array


/*
* Default case
*/
* Default case
*/
default :
return prepareExchangedData(
array(
Expand Down Expand Up @@ -1441,12 +1506,6 @@ function generateBugReport(
// Load user's language
$session = SessionManager::getSession();
$lang = new Language($session->get('user-language') ?? 'english');

// Only administrators can see this confidential informations.
if ($session->get('user-admin') !== 1) {
http_response_code(403);
return "";
}

// Read config file
$list_of_options = '';
Expand Down