From 0cdf49f69a4e3444219643e8ffabd879fc2fd77d Mon Sep 17 00:00:00 2001 From: johnnyq Date: Sat, 20 Jan 2024 20:31:46 -0500 Subject: [PATCH] Update/Fix Mail Functions in POST/user.php and ajax.php - sanitize POST vars instead the whole mail subject and body which prevents having a mixed of confusing redundant escaped and unescaped vars --- ajax.php | 18 ++++++++++++++---- post/user.php | 18 +++++++++++++++--- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/ajax.php b/ajax.php index 7e7d18a4..78fb2ccb 100644 --- a/ajax.php +++ b/ajax.php @@ -303,14 +303,25 @@ if (isset($_GET['share_generate_link'])) { $url = "https://$config_base_url/guest_view_item.php?id=$share_id&key=$item_key"; } + $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_array($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'])); + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_mail_from_name = sanitizeInput($config_mail_from_name); + $config_mail_from_email = sanitizeInput($config_mail_from_email); + // Send user e-mail, if specified if(!empty($config_smtp_host) && filter_var($item_email, FILTER_VALIDATE_EMAIL)){ - $subject = "Time sensitive - $session_company_name secure link enclosed"; + $subject = "Time sensitive - $company_name secure link enclosed"; if ($item_expires_friendly == "never") { - $subject = "$session_company_name secure link enclosed"; + $subject = "$company_name secure link enclosed"; } - $body = mysqli_real_escape_string($mysqli, "Hello,

$session_name from $session_company_name sent you a time sensitive secure link regarding '$item_name'.

The link will expire in $item_expires_friendly and may only be viewed $item_view_limit times, before the link is destroyed.

Click here to access your secure content

~
$session_company_name
Support Department
$config_ticket_from_email"); + $body = "Hello,

$session_name from $company_name sent you a time sensitive secure link regarding \"$item_name\".

The link will expire in $item_expires_friendly and may only be viewed $item_view_limit times, before the link is destroyed.

Click here to access your secure content

--
$company_name - Support
$config_ticket_from_email
$company_phone"; $data = [ [ @@ -334,7 +345,6 @@ if (isset($_GET['share_generate_link'])) { echo json_encode($url); - // Logging mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = $client_id, log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id"); diff --git a/post/user.php b/post/user.php index 9adc59df..60515059 100644 --- a/post/user.php +++ b/post/user.php @@ -8,7 +8,6 @@ if (isset($_POST['add_user'])) { require_once 'post/user_model.php'; - validateAdminRole(); validateCSRFToken($_POST['csrf_token']); @@ -47,11 +46,24 @@ if (isset($_POST['add_user'])) { // Create Settings mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_config_force_mfa = $force_mfa"); + $sql = mysqli_query($mysqli,"SELECT * FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_array($sql); + $company_name = sanitizeInput($row['company_name']); + + // Sanitize Config vars from get_settings.php + $config_mail_from_name = sanitizeInput($config_mail_from_name); + $config_mail_from_email = sanitizeInput($config_mail_from_email); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_login_key_secret = mysqli_real_escape_string($mysqli, $config_login_key_secret); + $config_base_url = sanitizeInput($config_base_url); + // Send user e-mail, if specified if (isset($_POST['send_email']) && !empty($config_smtp_host) && filter_var($email, FILTER_VALIDATE_EMAIL)) { - $subject = "Your new $session_company_name ITFlow account"; - $body = "Hello, $name

An ITFlow account has been setup for you. Please change your password upon login.

Username: $email
Password: $_POST[password]
Login URL: https://$config_base_url/login.php?key=$config_login_key_secret

~
$session_company_name
Support Department
$config_ticket_from_email"; + $password = mysqli_real_escape_string($mysqli, $_POST['password']); + + $subject = "Your new $company_name ITFlow account"; + $body = "Hello $name,

An ITFlow account has been setup for you. Please change your password upon login.

Username: $email
Password: $password
Login URL: https://$config_base_url/login.php?key=$config_login_key_secret

--
$company_name - Support
$config_ticket_from_email"; $data = [ [