2.1.27

Code review with Codacy

admin.settings.load.php

@@ -236,9 +236,15 @@ function LaunchAdminActions(action, option)
     } else if (action === "admin_action_backup_decrypt") {
         option = $("#bck_script_decrypt_file").val();
     } else if (action === "admin_action_change_salt_key") {
-        option = aes_encrypt(sanitizeString($("#new_salt_key").val()));
+        option = prepareExchangedData(
+            sanitizeString($("#new_salt_key").val()),
+            "encode",
+            "<?php echo $_SESSION['key']; ?>"
+        );
     } else if (action === "admin_email_send_backlog") {
-        $("#email_testing_results").show().html("<?php echo addslashes($LANG['please_wait']); ?>").attr("class","ui-corner-all ui-state-focus");
+        $("#email_testing_results")
+            .show().
+            html("<?php echo addslashes($LANG['please_wait']); ?>").attr("class","ui-corner-all ui-state-focus");
     } else if (action === "admin_action_attachments_cryption") {
         option = $("input[name=attachments_cryption]:checked").val();
         if (option === "" || option === undefined) {

find.load.php

@@ -19,11 +19,6 @@
 
 <script type="text/javascript">
 //<![CDATA[
-function aes_decrypt(text)
-{
-    return Aes.Ctr.decrypt(text, "<?php echo $_SESSION['key']; ?>", 256);
-}
-
 /*
 * Copying an item from find page
 */

includes/js/functions.js

@@ -52,7 +52,7 @@ function IncreaseSessionTime(messageEnd, messageWait, duration){
                 setTimeout(function(){$("#main_info_box").effect( "fade", "slow" );}, 1000);
                 $("#temps_restant").val(data[0].new_value);
                 $("#date_end_session").val(data[0].new_value);
-                $('#countdown').css("color","white");
+                $("#countdown").css("color","white");
                 $("#div_increase_session_time").dialog("close");
             } else {
                 document.location = "index.php?session=expired";
@@ -67,7 +67,7 @@ function IncreaseSessionTime(messageEnd, messageWait, duration){
 **/
 function countdown()
 {
-    var DayTill
+    var DayTill;
     var theDay =  $("#temps_restant").val();
     var today = new Date(); //Create an Date Object that contains today's date.
     var second = Math.floor(theDay - (today.getTime()/1000));
@@ -179,7 +179,7 @@ function CreateRandomString(size,type){
 **/
 function unsanitizeString(string){
     if(string !== "" && string !== null){
-        string = string.replace(/\\/g,'').replace(/\/g,'\\');
+        string = string.replace(/\\/g,"").replace(/\/g,"\\");
     }
     return string;
 }
@@ -208,7 +208,7 @@ function SendMail(category, contentEmail, keySent, message){
             key     : keySent
         },
         function(data){
-            if (data[0].error !== undefined && data[0].error !== "") {
+            if (typeof data[0].error !== 'undefined' && data[0].error !== "") {
                 message = data[0].message;
             }
             $("#div_dialog_message_text").html(message);
@@ -245,7 +245,7 @@ function extractLast( term ) {
 }
 
 
-function store_error(messageError, dialogDiv, textDiv){
+function storeError(messageError, dialogDiv, textDiv){
     //Store error in DB
     $.post(
         "sources/main.queries.php",
@@ -259,13 +259,13 @@ function store_error(messageError, dialogDiv, textDiv){
     $("#"+dialogDiv).dialog("open");
 }
 
-function aes_encrypt(text, key)
+function aesEncrypt(text, key)
 {
     return Aes.Ctr.encrypt(text, key, 256);
 }
 
 
-function aes_decrypt(text, key)
+function aesDecrypt(text, key)
 {
     return Aes.Ctr.decrypt(text, key, 256);
 }
@@ -297,7 +297,7 @@ function prepareExchangedData(data, type, key)
             }
         } else {
             try {
-                return $.parseJSON(aes_decrypt(data, key));
+                return $.parseJSON(aesDecrypt(data, key));
             }
             catch (e) {
                 return "Error: " + jsonErrorHdl(e);
@@ -307,7 +307,7 @@ function prepareExchangedData(data, type, key)
         if ($("#encryptClientServer").val() === "0") {
             return data;
         } else {
-            return aes_encrypt(data, key);
+            return aesEncrypt(data, key);
         }
     } else {
         return false;

items.import.php

@@ -429,8 +429,8 @@ function launchCSVItemsImport()
             "sources/import.queries.php",
             {
                 type        : "import_items",
-                folder    : $("#import_items_to").val(),
-                data        : aes_encrypt(items),
+                folder      : $("#import_items_to").val(),
+                data        : prepareExchangedData(items , "encode", "<?php echo $_SESSION['key']; ?>"),
                 import_csv_anyone_can_modify    : $("#import_csv_anyone_can_modify").prop("checked"),
                 import_csv_anyone_can_modify_in_role    : $("#import_csv_anyone_can_modify_in_role").prop("checked")
             },

items.load.php

@@ -4011,17 +4011,6 @@ function(data) {
 }
 
 
-function aes_encrypt(text)
-{
-    return Aes.Ctr.encrypt(text, "<?php echo $_SESSION['key']; ?>", 256);
-}
-
-
-function aes_decrypt(text)
-{
-    return Aes.Ctr.decrypt(text, "<?php echo $_SESSION['key']; ?>", 256);
-}
-
 /*
 * Launch the redirection to OTV page
 */

load.php

@@ -157,12 +157,6 @@ function MenuAction(val, user_id)
         }
     }
 
-    function aes_encrypt(text)
-    {
-        return Aes.Ctr.encrypt(text, "'.$_SESSION['key'].'", 256);
-    }
-
-
     function launchIdentify(isDuo, redirect, psk)
     {
         $("#connection_error").hide();

sources/import.queries.php

@@ -94,10 +94,6 @@ function sanitiseString($str, $crLFReplacement)
 $aes = new SplClassLoader('Encryption\Crypt', '../includes/libraries');
 $aes->register();
 
-// Load AntiXSS
-require_once $SETTINGS['cpassman_dir'].'/includes/libraries/protect/AntiXSS/AntiXss.php';
-$antiXss = new protect\AntiXSS\AntiXSS();
-
 //User's language loading
 $SETTINGS_EXT['langage'] = @$_SESSION['user_language'];
 require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user_language'].'.php';

sources/items.queries.php

@@ -89,10 +89,6 @@
 require_once $SETTINGS['cpassman_dir'].'/includes/libraries/phpcrypt/phpCrypt.php';
 use PHP_Crypt\PHP_Crypt as PHP_Crypt;
 
-// Load AntiXSS
-require_once $SETTINGS['cpassman_dir'].'/includes/libraries/protect/AntiXSS/AntiXss.php';
-$antiXss = new protect\AntiXSS\AntiXSS();
-
 // Prepare POST variables
 $post_page = filter_input(INPUT_POST, 'page', FILTER_SANITIZE_STRING);
 $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);

sources/main.functions.php

@@ -145,20 +145,21 @@ function decryptOld($text, $personalSalt = "")
                 )
             )
         );
-    } else {
-        return trim(
-            mcrypt_decrypt(
-                MCRYPT_RIJNDAEL_256,
-                SALT,
-                base64_decode($text),
-                MCRYPT_MODE_ECB,
-                mcrypt_create_iv(
-                    mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
-                    MCRYPT_RAND
-                )
-            )
-        );
     }
+
+    // No personal SK
+    return trim(
+        mcrypt_decrypt(
+            MCRYPT_RIJNDAEL_256,
+            SALT,
+            base64_decode($text),
+            MCRYPT_MODE_ECB,
+            mcrypt_create_iv(
+                mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
+                MCRYPT_RAND
+            )
+        )
+    );
 }
 
 /**
@@ -178,9 +179,9 @@ function encrypt($decrypted, $personalSalt = "")
     }
 
     if (!empty($personalSalt)) {
-            $staticSalt = $personalSalt;
+        $staticSalt = $personalSalt;
     } else {
-            $staticSalt = SALT;
+        $staticSalt = SALT;
     }
 
     //set our salt to a variable

users.load.php

@@ -1319,10 +1319,6 @@ function(data) {
     );
 }
 
-function aes_decrypt(text)
-{
-    return Aes.Ctr.decrypt(text, "<?php echo $_SESSION['key']; ?>", 256);
-}
 
 function htmlspecialchars_decode (string, quote_style)
 {