Commit 810bba2b authored by Johan Cwiklinski's avatar Johan Cwiklinski Committed by Johan Cwiklinski

Switch to PDO; closes #5156

This rewrites entirely the way database queries are built.
Also, many (not needed) static calls has been dropped.

Move non MYSQL specific in abstract class
parent 125f3016
......@@ -8,7 +8,7 @@ shared: &shared
command: |
sudo -E apt-get update
sudo -E apt-get install -y mysql-client libpng-dev libxml2-dev
sudo -E docker-php-ext-install mysqli gd xmlrpc
sudo -E docker-php-ext-install pdo pdo_mysql gd xmlrpc
sudo -E pecl install apcu <<< '' || sudo -E pecl install apcu-4.0.11 <<< ''
sudo -E docker-php-ext-enable apcu
echo "apc.enable=1" | sudo -E tee --append /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini
......@@ -47,6 +47,12 @@ shared: &shared
bin/console glpi:database:update --config-dir=./tests --allow-unstable --no-interaction |grep -q "No migration needed." || (echo "glpi:database:update command FAILED" && exit 1)
bin/console glpi:migration:myisam_to_innodb --config-dir=./tests --no-interaction
rm tests/config_db.php
- run:
name: Database tests
command: |
cp tests/circleci.config_db.php tests/config_db.php
php vendor/bin/atoum -p 'php -d memory_limit=512M' --debug --force-terminal --use-dot-report --configurations tests/telemetry.php --bootstrap-file tests/bootstrap.php --no-code-coverage --max-children-number 1 -d tests/database
rm tests/config_db.php
- run:
name: Install DB
command: |
......@@ -56,9 +62,6 @@ shared: &shared
- run:
name: Unit tests
command: php vendor/bin/atoum -p 'php -d memory_limit=512M' --debug --force-terminal --use-dot-report --configurations tests/telemetry.php --bootstrap-file tests/bootstrap.php --no-code-coverage -d tests/units
- run:
name: Database tests
command: php vendor/bin/atoum -p 'php -d memory_limit=512M' --debug --force-terminal --use-dot-report --configurations tests/telemetry.php --bootstrap-file tests/bootstrap.php --no-code-coverage --max-children-number 1 -d tests/database
- run:
name: Functionnal tests
command: php vendor/bin/atoum -p 'php -d memory_limit=512M' --debug --force-terminal --use-dot-report --configurations tests/telemetry.php --bootstrap-file tests/bootstrap.php --no-code-coverage --max-children-number 1 -d tests/functionnal
......
......@@ -3,13 +3,14 @@
The present file will list all changes made to the project; according to the
[Keep a Changelog](http://keepachangelog.com/) project.
## [X.X] unreleased
### Added
## [10.0.0] unreleased
### Changed
- Update process is now limited to GLPI 0.80 and above. See upgrade documentation for details.
- /!\ Database queries now rely on PDO; and global sanitize has been dropped.
- /!\ `DB` methods which uses to return a mysqli_statement now return a PDOStatement.
- /!\ `DB` methods signatures significally changed due to usage of PDO.
### Removed
......
......@@ -51,7 +51,7 @@ It is distributed under the GNU GENERAL PUBLIC LICENSE Version 2 - please consul
- json
- mbstring
- iconv
- mysqli
- pdo_mysql
- session
- gd (picture generation)
- curl (CAS authentication)
......
......@@ -87,7 +87,7 @@ if (class_exists($_POST["itemtype"])
$values = [];
if ($DB->numrows($result)) {
while ($data = $DB->fetch_assoc($result)) {
while ($data = $DB->fetchAssoc($result)) {
// Device name + port name
$output = $output_long = $data['cname'];
......
......@@ -66,7 +66,7 @@ if ($_POST['softwares_id'] > 0) {
$values = [];
if ($number) {
while ($data = $DB->fetch_assoc($result)) {
while ($data = $DB->fetchAssoc($result)) {
$ID = $data['id'];
$output = $data['name'];
......
......@@ -52,7 +52,7 @@ if (isset($_POST['inline']) && $_POST['inline']) {
}
$submitname = _sx('button', 'Post');
if (isset($_POST['submitname']) && $_POST['submitname']) {
$submitname= stripslashes($_POST['submitname']);
$submitname= $_POST['submitname'];
}
......
......@@ -58,7 +58,7 @@ if ($_POST['softwares_id'] > 0) {
$values = [];
if ($number) {
while ($data = $DB->fetch_assoc($result)) {
while ($data = $DB->fetchAssoc($result)) {
$ID = $data['id'];
$output = $data['name'];
......
......@@ -113,7 +113,6 @@ if (isset($_POST["validatortype"])) {
$param['display'] = true;
$param['size'] = count($users);
$users = Toolbox::stripslashes_deep($users);
$rand = Dropdown::showFromArray(!empty($_POST['name']) ? $_POST['name']:'users_id_validate',
$users, $param);
......
......@@ -88,7 +88,7 @@ if (isset($_GET['node'])) {
ORDER BY `name`";
if ($result = $DB->query($query)) {
while ($row = $DB->fetch_assoc($result)) {
while ($row = $DB->fetchAssoc($result)) {
$path = [
'id' => $row['id'],
'text' => $row['name']
......
......@@ -43,6 +43,6 @@ if (isset($_POST['name'])) {
echo "<input type='text' ".(isset($_POST["size"])?" size='".$_POST["size"]."' ":"")." ".
(isset($_POST["maxlength"])?"maxlength='".$_POST["maxlength"]."' ":"")." name='".
$_POST['name']."' value=\"".
Html::cleanInputText(Toolbox::clean_cross_side_scripting_deep(rawurldecode(stripslashes($_POST["data"])))).
Html::cleanInputText(Toolbox::clean_cross_side_scripting_deep(rawurldecode($_POST["data"]))).
"\">";
}
......@@ -57,7 +57,7 @@ if (isset($_REQUEST['action'])) {
if (empty($input["passwd"])) {
unset($input["passwd"]);
} else {
$input["passwd"] = Toolbox::encrypt(stripslashes($input["passwd"]), GLPIKEY);
$input["passwd"] = Toolbox::encrypt($input["passwd"], GLPIKEY);
}
}
......
......@@ -47,9 +47,10 @@ if (!isset($_POST['itemtype']) || !isset($_POST['params'])) {
$itemtype = $_POST['itemtype'];
$params = $_POST['params'];
$data = Search::prepareDatasForSearch($itemtype, $params);
Search::constructSQL($data);
Search::constructData($data);
$search = new Search(new $itemtype(), $params);
$data = $search->prepareDataForSearch($itemtype, $params);
$search->constructSQL($data);
$search->constructData($data);
if ($itemtype == 'Location') {
$lat_field = $itemtype . '_21';
......
......@@ -89,7 +89,7 @@ if (isset($_POST["sub_type"]) && class_exists($_POST["sub_type"])) {
$CFG_GLPI["root_doc"]."/ajax/ruleactionvalue.php", $paramsaction);
if (isset($_POST['value'])) {
$paramsaction['value'] = stripslashes($_POST['value']);
$paramsaction['value'] = $_POST['value'];
}
Ajax::updateItem("action_type_span$randaction", $CFG_GLPI["root_doc"]."/ajax/ruleactionvalue.php",
......
......@@ -43,4 +43,4 @@ Session::checkLoginUser();
$ra = new RuleAction();
$ra->displayActionSelectPattern(Toolbox::stripslashes_deep($_POST));
$ra->displayActionSelectPattern($_POST);
......@@ -76,7 +76,7 @@ if (isset($_POST["sub_type"]) && ($rule = getItemForItemtype($_POST["sub_type"])
$paramscriteria);
if (isset($_POST['pattern'])) {
$paramscriteria['value'] = stripslashes($_POST['pattern']);
$paramscriteria['value'] = $_POST['pattern'];
}
Ajax::updateItem("condition_span$randcrit",
......
......@@ -46,7 +46,7 @@ Session::checkLoginUser();
if (isset($_POST["sub_type"]) && ($rule = getItemForItemtype($_POST["sub_type"]))) {
$value = '';
if (isset($_POST['value'])) {
$value = stripslashes($_POST['value']);
$value = $_POST['value'];
}
$rule->displayCriteriaSelectPattern("pattern", $_POST["criteria"], $_POST['condition'], $value);
}
......@@ -12,7 +12,7 @@
},
"require": {
"php": ">=7.0.8",
"ext-mysqli": "*",
"ext-pdo_mysql": "*",
"ext-fileinfo": "*",
"ext-json": "*",
"ext-mbstring": "*",
......
......@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "48c6ab05b1c936e2527df188eaf4e81d",
"content-hash": "3f7582968ae3082d27b66084b124bd01",
"packages": [
{
"name": "container-interop/container-interop",
......@@ -3593,7 +3593,7 @@
"prefer-lowest": false,
"platform": {
"php": ">=7.0.8",
"ext-mysqli": "*",
"ext-pdo_mysql": "*",
"ext-fileinfo": "*",
"ext-json": "*",
"ext-mbstring": "*",
......
......@@ -180,7 +180,7 @@ function get_def($DB, $table) {
$query = "SHOW CREATE TABLE `$table`";
$result = $DB->rawQuery($query);
$DB->rawQuery("SET SESSION sql_quote_show_create = 1");
$row = $DB->fetch_row($result);
$row = $DB->fetchRow($result);
$def .= preg_replace("/AUTO_INCREMENT=\w+/i", "", $row[1]);
$def .= ";";
......@@ -289,7 +289,7 @@ function restoreMySqlDump($DB, $dumpFile, $duree) {
}
}
if ($DB->error) {
if ($DB->error()) {
echo "<hr>";
//TRANS: %s is the SQL query which generates the error
printf(__("SQL error starting from %s"), "[$formattedQuery]");
......
......@@ -115,7 +115,7 @@ if (isset($_POST["add"])) {
'documents_id' => $doc->getID()
]);
foreach ($found_document_items as $item) {
$document_item->delete(Toolbox::addslashes_deep($item), true);
$document_item->delete($item, true);
}
}
Html::back();
......
......@@ -39,6 +39,7 @@ Html::popHeader(__('Setup'), $_SERVER['PHP_SELF']);
$params = Search::manageParams('DocumentType', $_GET);
$params['target'] = $_SERVER['PHP_SELF'];
Search::showList('DocumentType', $params);
$search = new Search(new DocumentType(), $params);
$search->showList('DocumentType', $params);
Html::popFooter();
......@@ -42,10 +42,6 @@ if (isset($_GET["id"])) {
Html::header(KnowbaseItem::getTypeName(1), $_SERVER['PHP_SELF'], "tools", "knowbaseitem");
// Clean for search
$_GET = Toolbox::stripslashes_deep($_GET);
// Search a solution
if (!isset($_GET["contains"])
&& isset($_GET["item_itemtype"])
......
......@@ -45,10 +45,7 @@ if (!isset($_SESSION["glpicookietest"]) || ($_SESSION["glpicookietest"] != 'test
}
}
$_POST = array_map('stripslashes', $_POST);
//Do login and checks
//$user_present = 1;
if (isset($_SESSION['namfield']) && isset($_POST[$_SESSION['namfield']])) {
$login = $_POST[$_SESSION['namfield']];
} else {
......
......@@ -118,7 +118,7 @@ if (isset($_POST["add"])) {
'documents_id' => $doc->getID()
]);
foreach ($found_document_items as $item) {
$document_item->delete(Toolbox::addslashes_deep($item), true);
$document_item->delete($item, true);
}
}
Html::back();
......
......@@ -183,7 +183,7 @@ if (isset($query) && count($query)) {
echo "<th>".__('Start date')."</th>";
echo "<th>".__('End date')."</th>";
echo "</tr>";
while ($data = $DB->fetch_assoc($result)) {
while ($data = $DB->fetchAssoc($result)) {
echo "<tr class='tab_bg_1'>";
if ($data['itemname']) {
echo "<td> ".$data['itemname']." </td>";
......
......@@ -83,6 +83,8 @@ if (isset($_GET["item_type"]) && isset($_GET["display_type"])) {
}
}
$params = Search::manageParams($_GET["item_type"], $_GET);
Search::showList($_GET["item_type"], $params);
$itemtype = $_GET["item_type"];
$search = new Search(new $itemtype(), $params);
$search->showList($itemtype, $params);
}
}
......@@ -135,7 +135,7 @@ function display_infocoms_report($itemtype, $begin, $end) {
$valeurnettegraph = [];
$valeurgraph = [];
while ($line=$DB->fetch_assoc($result)) {
while ($line=$DB->fetchAssoc($result)) {
if ($itemtype == 'SoftwareLicense') {
$item->getFromDB($line["items_id"]);
......
......@@ -136,7 +136,7 @@ function display_infocoms_report($itemtype, $begin, $end) {
$valeurnettegraph = [];
$valeurgraph = [];
while ($line=$DB->fetch_assoc($result)) {
while ($line=$DB->fetchAssoc($result)) {
if (isset($line["is_global"]) && $line["is_global"]
&& $item->getFromDB($line["items_id"])) {
$line["value"] *= Computer_Item::countForItem($item);
......
......@@ -139,7 +139,7 @@ if (isset($query) && count($query)) {
echo "<th>".__('Start date')."</th>";
echo "<th>".__('End date')."</th></tr>";
while ($data = $DB->fetch_assoc($result)) {
while ($data = $DB->fetchAssoc($result)) {
echo "<tr class='tab_bg_1'>";
if ($data['itemname']) {
echo "<td> ".$data['itemname']."</td>";
......
......@@ -70,10 +70,6 @@ if (isset($_POST["test_rule"])) {
unset($_POST["sub_type"]);
$rule->getRuleWithCriteriasAndActions($rules_id, 1, 1);
// Need for RuleEngines
foreach ($_POST as $key => $val) {
$_POST[$key] = stripslashes($val);
}
//Add rules specific POST fields to the param array
$params = $rule->addSpecificParamsForPreview($params);
......
......@@ -60,10 +60,6 @@ $rulecollection->checkGlobal(READ);
Html::popHeader(__('Setup'), $_SERVER['PHP_SELF']);
// Need for RuleEngines
foreach ($_POST as $key => $val) {
$_POST[$key] = stripslashes($val);
}
$rulecollection->showRulesEnginePreviewCriteriasForm($_SERVER['PHP_SELF'], $_POST, $condition);
if (isset($_POST["test_all_rules"])) {
......
......@@ -191,7 +191,7 @@ if (isset($_POST["add"])) {
'documents_id' => $doc->getID()
]);
foreach ($found_document_items as $item) {
$document_item->delete(Toolbox::addslashes_deep($item), true);
$document_item->delete($item, true);
}
}
Html::back();
......
......@@ -65,4 +65,13 @@ abstract class AbstractQuery {
* @return string
*/
abstract public function getQuery();
/**
* Get query parameters
*
* @return array
*
* @since 10.0
*/
abstract public function getParameters();
}
......@@ -1108,6 +1108,7 @@ abstract class API extends CommonGLPI {
global $DB;
$this->initEndpoint();
$search = new \Search(new $itemtype(), $params);
// default params
$default = ['expand_dropdowns' => false,
......@@ -1154,8 +1155,8 @@ abstract class API extends CommonGLPI {
//specific case for restriction
$already_linked_table = [];
$join = Search::addDefaultJoin($itemtype, $table, $already_linked_table);
$where = Search::addDefaultWhere($itemtype);
$join = $search->addDefaultJoin($itemtype, $table, $already_linked_table);
$where = $search->addDefaultWhere($itemtype);
if ($where == '') {
$where = "1=1 ";
}
......@@ -1225,8 +1226,8 @@ abstract class API extends CommonGLPI {
// make text search
foreach ($params['searchText'] as $filter_field => $filter_value) {
if (!empty($filter_value)) {
$search = Search::makeTextSearch($filter_value);
$where.= " AND (`$table`.`$filter_field` $search)";
$search_value = $search->makeTextSearch($filter_value);
$where.= " AND (`$table`.`$filter_field` $search_value)";
}
}
}
......@@ -1257,7 +1258,7 @@ abstract class API extends CommonGLPI {
ORDER BY ".$params['sort']." ".$params['order']."
LIMIT ".$params['start'].", ".$params['list_limit'];
if ($result = $DB->query($query)) {
while ($data = $DB->fetch_assoc($result)) {
while ($data = $result->fetch(\PDO::FETCH_ASSOC)) {
$found[] = $data;
}
}
......@@ -1571,7 +1572,8 @@ abstract class API extends CommonGLPI {
$_SESSION['glpi_use_mode'] = Session::DEBUG_MODE;
// call Core Search method
$rawdata = Search::getDatas($itemtype, $params, $params['forcedisplay']);
$search = new \Search(new $itemtype(), $params);
$rawdata = $search->getData($itemtype, $params, $params['forcedisplay']);
// probably a sql error
if (!isset($rawdata['data']) || count($rawdata['data']) === 0) {
......@@ -1728,7 +1730,7 @@ abstract class API extends CommonGLPI {
$object["_add"] = true;
//add current item
$object = Toolbox::sanitize($object);
$object = Toolbox::clean_cross_side_scripting_deep($object);
$new_id = $item->add($object);
if ($new_id === false) {
$failed++;
......@@ -1846,7 +1848,7 @@ abstract class API extends CommonGLPI {
}
//update item
$object = Toolbox::sanitize((array)$object);
$object = Toolbox::clean_cross_side_scripting_deep((array)$object);
$update_return = $item->update($object);
if ($update_return === false) {
$failed++;
......@@ -2004,7 +2006,7 @@ abstract class API extends CommonGLPI {
$user = new User();
if (!isset($params['password_forget_token'])) {
$email = Toolbox::addslashes_deep($params['email']);
$email = $params['email'];
try {
$user->forgetPassword($email);
} catch (ForgetPasswordException $e) {
......@@ -2016,10 +2018,10 @@ abstract class API extends CommonGLPI {
} else {
$password = isset($params['password']) ? $params['password'] : '';
$input = [
'email' => Toolbox::addslashes_deep($params['email']),
'password_forget_token' => Toolbox::addslashes_deep($params['password_forget_token']),
'password' => Toolbox::addslashes_deep($password),
'password2' => Toolbox::addslashes_deep($password),
'email' => $params['email'],
'password_forget_token' => $params['password_forget_token'],
'password' => $password,
'password2' => $password,
];
try {
$user->updateForgottenPassword($input);
......
......@@ -633,7 +633,7 @@ class Auth extends CommonGLPI {
// Used for log when login process failed
$login_name = $this->user->fields['name'];
$this->auth_succeded = true;
$this->user_present = $this->user->getFromDBbyName(addslashes($login_name));
$this->user_present = $this->user->getFromDBbyName($login_name);
$this->extauth = 1;
$user_dn = false;
......@@ -741,7 +741,7 @@ class Auth extends CommonGLPI {
// Try connect local user if not yet authenticated
if (empty($login_auth)
|| $this->user->fields["authtype"] == $this::DB_GLPI) {
$this->auth_succeded = $this->connection_db(addslashes($login_name),
$this->auth_succeded = $this->connection_db($login_name,
$login_password);
}
......@@ -757,7 +757,7 @@ class Auth extends CommonGLPI {
$this->user->fields["auths_id"]);
if (!$this->auth_succeded && $this->user_deleted_ldap) {
$search_params = [
'name' => addslashes($login_name),
'name' => $login_name,
'authtype' => $this::LDAP];
if (!empty($login_auth)) {
$search_params['auths_id'] = $this->user->fields["auths_id"];
......@@ -807,11 +807,7 @@ class Auth extends CommonGLPI {
}
} else {
if ($this->user_present) {
// First stripslashes to avoid double slashes
$input = Toolbox::stripslashes_deep($this->user->fields);
// Then ensure addslashes
$input = Toolbox::addslashes_deep($input);
$input = $this->user->fields;
// Add the user e-mail if present
if (isset($email)) {
$this->user->fields['_useremails'] = $email;
......@@ -819,10 +815,7 @@ class Auth extends CommonGLPI {
$this->user->update($input);
} else if ($CFG_GLPI["is_users_auto_add"]) {
// Auto add user
// First stripslashes to avoid double slashes
$input = Toolbox::stripslashes_deep($this->user->fields);
// Then ensure addslashes
$input = Toolbox::addslashes_deep($input);
$input = $this->user->fields;
unset ($this->user->fields);
$this->user->add($input);
} else {
......
......@@ -192,8 +192,7 @@ class AuthLDAP extends CommonDBTM {
if (empty($input["rootdn_passwd"])) {
unset($input["rootdn_passwd"]);
} else {
$input["rootdn_passwd"] = Toolbox::encrypt(stripslashes($input["rootdn_passwd"]),
GLPIKEY);
$input["rootdn_passwd"] = Toolbox::encrypt($input["rootdn_passwd"], GLPIKEY);
}
}
......@@ -1647,7 +1646,7 @@ class AuthLDAP extends CommonDBTM {
if (self::isLdapPageSizeAvailable($config_ldap)) {
ldap_control_paged_result($ds, $config_ldap->fields['pagesize'], true, $cookie);
}
$filter = Toolbox::unclean_cross_side_scripting_deep(Toolbox::stripslashes_deep($filter));
$filter = Toolbox::unclean_cross_side_scripting_deep($filter);
$sr = @ldap_search($ds, $values['basedn'], $filter, $attrs);
if ($sr) {
if (in_array(ldap_errno($ds), [4,11])) {
......@@ -1833,7 +1832,7 @@ class AuthLDAP extends CommonDBTM {
// -> renaming case
if ($userfound) {
//Get user in DB with this dn
if (!$tmpuser->getFromDBByDn(Toolbox::addslashes_deep($user['user_dn']))) {
if (!$tmpuser->getFromDBByDn($user['user_dn'])) {
//This should never happened
//If a user_dn is present more than one time in database
//Just skip user synchronization to avoid errors
......@@ -1878,7 +1877,7 @@ class AuthLDAP extends CommonDBTM {
foreach ($diff as $user) {
//If user dn exists in DB, it means that user login field has changed
if (!$tmpuser->getFromDBByDn(toolbox::addslashes_deep($user_infos[$user]["user_dn"]))) {
if (!$tmpuser->getFromDBByDn($user_infos[$user]["user_dn"])) {
$entry = ["user" => $user_infos[$user][$config_ldap->fields['login_field']],
"timestamp" => $user_infos[$user]["timestamp"],
"date_sync" => Dropdown::EMPTY_VALUE];
......@@ -2244,7 +2243,7 @@ class AuthLDAP extends CommonDBTM {
'SELECT' => ['ldap_value'],
'FROM' => 'glpi_groups',
'WHERE' => [
'ldap_group_dn' => Toolbox::addslashes_deep($ou)
'ldap_group_dn' => $ou
]
]);
......@@ -2379,7 +2378,6 @@ class AuthLDAP extends CommonDBTM {
static function ldapImportUserByServerId(array $params, $action, $ldap_server,
$display = false) {
$params = Toolbox::stripslashes_deep($params);
$config_ldap = new self();
$res = $config_ldap->getFromDB($ldap_server);
$input = [];
......@@ -2429,7 +2427,7 @@ class AuthLDAP extends CommonDBTM {
$user = new User();
//Get information from LDAP
if ($user->getFromLDAP($ds, $config_ldap->fields, $user_dn, addslashes($login),
if ($user->getFromLDAP($ds, $config_ldap->fields, $user_dn, $login,
($action == self::ACTION_IMPORT))) {
// Add the auth method
// Force date sync
......@@ -2512,17 +2510,17 @@ class AuthLDAP extends CommonDBTM {
//Connect to the directory
$ds = $config_ldap->connect();
if ($ds) {
$group_infos = self::getGroupByDn($ds, stripslashes($group_dn));
$group_infos = self::getGroupByDn($ds, $group_dn);
$group = new Group();
if ($options['type'] == "groups") {
return $group->add(["name" => addslashes($group_infos["cn"][0]),
"ldap_group_dn" => addslashes($group_infos["dn"]),
return $group->add(["name" => $group_infos["cn"][0],
"ldap_group_dn" => $group_infos["dn"],
"entities_id" => $options['entities_id'],
"is_recursive" => $options['is_recursive']]);
}
return $group->add(["name" => addslashes($group_infos["cn"][0]),
return $group->add(["name" => $group_infos["cn"][0],
"ldap_field" => $config_ldap->fields["group_field"],
"ldap_value" => addslashes($group_infos["dn"]),
"ldap_value" => $group_infos["dn"],
"entities_id" => $options['entities_id'],
"is_recursive" => $options['is_recursive']]);
}
......@@ -2733,7 +2731,7 @@ class AuthLDAP extends CommonDBTM {
$auth->auth_succeded = true;
// try by login+auth_id and next by dn
if ($auth->user->getFromDBbyNameAndAuth($login, Auth::LDAP, $ldap_method['id'])
|| $auth->user->getFromDBbyDn(toolbox::addslashes_deep($user_dn))) {
|| $auth->user->getFromDBbyDn($user_dn)) {
//There's already an existing user in DB with the same DN but its login field has changed
$auth->user->fields['name'] = $login;
$auth->user_present = true;
......@@ -3227,7 +3225,7 @@ class AuthLDAP extends CommonDBTM {
$field_counter++;
$field_value = '';
if (isset($_SESSION['ldap_import']['criterias'][$field])) {
$field_value = Html::entities_deep(Toolbox::unclean_cross_side_scripting_deep(Toolbox::stripslashes_deep($_SESSION['ldap_import']['criterias'][$field])));
$field_value = Html::entities_deep(Toolbox::unclean_cross_side_scripting_deep($_SESSION['ldap_import']['criterias'][$field]));
}
echo "<input type='text' id='criterias$field' name='criterias[$field]' value='$field_value'>";
echo "</td>";
......@@ -3431,7 +3429,7 @@ class AuthLDAP extends CommonDBTM {
}
if (isset($input["rootdn_passwd"]) && !empty($input["rootdn_passwd"])) {
$input["rootdn_passwd"] = Toolbox::encrypt(stripslashes($input["rootdn_passwd"]), GLPIKEY);
$input["rootdn_passwd"] = Toolbox::encrypt($input["rootdn_passwd"], GLPIKEY);
}
return $input;
......@@ -3676,7 +3674,7 @@ class AuthLDAP extends CommonDBTM {
return $user;
}
if ($user->getFromDBbyNameAndAuth($DB->escape($name), Auth::LDAP, $authldaps_id)) {
if ($user->getFromDBbyNameAndAuth($name, Auth::LDAP, $authldaps_id)) {
return $user;
}
......
......@@ -289,7 +289,7 @@ class AuthMail extends CommonDBTM {
Toolbox::decodeFromUtf8($password));
if ($auth->auth_succeded) {
$auth->extauth = 1;
$auth->user_present = $auth->user->getFromDBbyName(addslashes($login));
$auth->user_present = $auth->user->getFromDBbyName($login);
$auth->user->getFromIMAP($mail_method, Toolbox::decodeFromUtf8($login));
//Update the authentication method for the current user
$auth->user->fields["authtype"] = Auth::MAIL;
......
......@@ -235,7 +235,7 @@ class Cartridge extends CommonDBChild {
'id' => $input['id']
]
);
if ($result && ($DB->affected_rows() > 0)) {
if ($result && ($result->rowCount() > 0)) {
return true;