From 9f47bef1f45fb88983d205ca4f2b2a5cd2c7ffa5 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Fri, 11 Oct 2024 08:05:01 +0200
Subject: [PATCH 01/13] Code review fixes

---
 api/Controller/Api/BaseController.php         |  3 +-
 api/Controller/Api/ItemController.php         | 53 +++++++++++--------
 api/index.php                                 | 13 ++++-
 includes/config/include.php                   |  2 +-
 includes/tables_integrity.json                | 16 +++---
 index.php                                     |  4 +-
 pages/admin.php                               |  2 +-
 pages/uploads.js.php                          |  4 +-
 pages/uploads.php                             |  4 +-
 scripts/background_tasks___items_handler.php  |  2 +-
 ...ckground_tasks___items_handler_subtask.php |  2 +-
 scripts/task_maintenance_purge_old_files.php  |  1 -
 sources/backups.queries.php                   |  2 +-
 sources/core.php                              | 12 ++---
 sources/downloadFile.php                      |  5 +-
 sources/folders.class.php                     |  1 -
 sources/folders.queries.php                   |  3 +-
 sources/import.queries.php                    |  7 +--
 sources/logs.datatables.php                   |  2 +-
 sources/main.functions.php                    |  9 ++--
 sources/main.queries.php                      |  7 +--
 sources/tree.php                              |  3 --
 sources/upload.attachments.php                |  7 +--
 sources/upload.files.php                      |  4 +-
 sources/users.queries.php                     |  3 +-
 25 files changed, 88 insertions(+), 83 deletions(-)

diff --git a/api/Controller/Api/BaseController.php b/api/Controller/Api/BaseController.php
index e75544a91..21dc48f06 100755
--- a/api/Controller/Api/BaseController.php
+++ b/api/Controller/Api/BaseController.php
@@ -80,8 +80,7 @@ public function sanitizeUrl(array $array)
         
         return dataSanitizer(
             $array,
-            $filters,
-            __DIR__.'/../../..'
+            $filters
         );
     }
 
diff --git a/api/Controller/Api/ItemController.php b/api/Controller/Api/ItemController.php
index f2a1dc438..e92a6455f 100755
--- a/api/Controller/Api/ItemController.php
+++ b/api/Controller/Api/ItemController.php
@@ -185,29 +185,38 @@ public function createAction(array $userData)
                 // get parameters
                 $arrQueryStringParams = $this->getQueryStringParams();
 
-                // check parameters
-                $arrCheck = $this->checkNewItemData($arrQueryStringParams, $userData);
-                if ($arrCheck['error'] === true) {
-                    $strErrorDesc = $arrCheck['strErrorDesc'];
-                    $strErrorHeader = $arrCheck['strErrorHeader'];
+                // Check that the parameters are indeed an array before using them
+                if (is_array($arrQueryStringParams)) {
+                    // check parameters
+                    $arrCheck = $this->checkNewItemData($arrQueryStringParams, $userData);
+
+                    if ($arrCheck['error'] === true) {
+                        $strErrorDesc = $arrCheck['strErrorDesc'];
+                        $strErrorHeader = $arrCheck['strErrorHeader'];
+                    } else {
+                        // launch
+                        $itemModel = new ItemModel();
+                        $ret = $itemModel->addItem(
+                            $arrQueryStringParams['folder_id'],
+                            $arrQueryStringParams['label'],
+                            $arrQueryStringParams['password'],
+                            $arrQueryStringParams['description'],
+                            $arrQueryStringParams['login'],
+                            $arrQueryStringParams['email'],
+                            $arrQueryStringParams['url'],
+                            $arrQueryStringParams['tags'],
+                            $arrQueryStringParams['anyone_can_modify'],
+                            $arrQueryStringParams['icon'],
+                            $userData['id'],
+                            $userData['username'],
+                        );
+                        $responseData = json_encode($ret);
+                    }
+                
                 } else {
-                    // launch
-                    $itemModel = new ItemModel();
-                    $ret = $itemModel->addItem(
-                        $arrQueryStringParams['folder_id'],
-                        $arrQueryStringParams['label'],
-                        $arrQueryStringParams['password'],
-                        $arrQueryStringParams['description'],
-                        $arrQueryStringParams['login'],
-                        $arrQueryStringParams['email'],
-                        $arrQueryStringParams['url'],
-                        $arrQueryStringParams['tags'],
-                        $arrQueryStringParams['anyone_can_modify'],
-                        $arrQueryStringParams['icon'],
-                        $userData['id'],
-                        $userData['username'],
-                    );
-                    $responseData = json_encode($ret);
+                    // Gérer le cas où les paramètres ne sont pas un tableau
+                    $strErrorDesc = 'Data not consistent';
+                    $strErrorHeader = 'Expected array, received ' . gettype($arrQueryStringParams);
                 }
             }
         } else {
diff --git a/api/index.php b/api/index.php
index c6c356a4a..2d0db62c8 100755
--- a/api/index.php
+++ b/api/index.php
@@ -23,7 +23,18 @@
  * @see       https://www.teampass.net
  */
 
-header("Access-Control-Allow-Origin: ".$_SERVER['HTTP_HOST']);
+// Determine the protocol used
+$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
+
+// Validate and filter the host
+$host = filter_var($_SERVER['HTTP_HOST'], FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME);
+
+// Allocate the correct CORS header
+if ($host !== false) {
+    header("Access-Control-Allow-Origin: $protocol$host");
+} else {
+    header("Access-Control-Allow-Origin: 'null'");
+}
 header("Content-Type: application/json; charset=UTF-8");
 header("Access-Control-Allow-Methods: POST, GET");
 header("Access-Control-Max-Age: 3600");
diff --git a/includes/config/include.php b/includes/config/include.php
index fb65e0561..99e6f5076 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '134');
+define('TP_VERSION_MINOR', '6');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 032f20dc3..1d4d296d6 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -13,19 +13,19 @@
     },
     {
         "table_name": "background_tasks",
-        "structure_hash": "824ea4c3db1b930b8655191a54d6c09415fca3e0c104117da14ecaa924f05c06"
+        "structure_hash": "d31e1bf6f7d08b0f7f327fc5403e7226a0e6ba661c4d60058953b314adf9428f"
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "8825f1d0e45b66d4245eb0a7d9d8e0937c504110294ff7e2774511ccc67c5c9b"
+        "structure_hash": "63c8be2cbe7e9d672dd8b7d68ed1a710370c134861e29942fc39485954e34a17"
     },
     {
         "table_name": "cache",
-        "structure_hash": "a5988fbb32009d30106453eb5434d90b1f10135fb988fb3736bbf5fa254a39db"
+        "structure_hash": "59952248e90c52b35880b1bb62539d8706407406b1759860d3ed44b5081e07ad"
     },
     {
         "table_name": "cache_tree",
-        "structure_hash": "322846a049a63afa03479daf66c370de76831bde4f0b0cd34e63fc4887b11f1d"
+        "structure_hash": "54a46ee10114cbd70f1199a88dd51c6a25d668919e709283bc915b3d0d6e85c8"
     },
     {
         "table_name": "categories",
@@ -97,15 +97,15 @@
     },
     {
         "table_name": "log_items",
-        "structure_hash": "470b020e4d7578366bf8299b3fd14c9a4681057a77dc018587ba08a24a6be7bb"
+        "structure_hash": "e6284adabbddae673d2fd4e85edaf52adef7418ad42bbd2f185e6fa032964d04"
     },
     {
         "table_name": "log_system",
-        "structure_hash": "8e396ef59c43500907160db66b009e41e29c6ed9d9a6aa8e324abd31be0d5777"
+        "structure_hash": "23229fe42f9dee7df3d95d4718b8d23244e1655aee2d4554d6b37f07892e4613"
     },
     {
         "table_name": "misc",
-        "structure_hash": "3cc8939148fb17fabdabcea7eeef550f261c1b62bcbf863e5f9cb5984ad448d1"
+        "structure_hash": "66fbea921b5ab4f91eec2a157c327c1d17a798a1a7854a2290c6abce5c90975d"
     },
     {
         "table_name": "nested_tree",
@@ -193,7 +193,7 @@
     },
     {
         "table_name": "tokens",
-        "structure_hash": "4c7f59e6e8cc4e8b95626a6c8ef05987e9660b3c8f2ffbb24e7c432d956a6cb7"
+        "structure_hash": "904d889fdbf82770ba0c18eecb834017576dd6631259276c86a50f99c6a4edcf"
     },
     {
         "table_name": "user_requests",
diff --git a/index.php b/index.php
index 829b7a705..a50b39cc3 100755
--- a/index.php
+++ b/index.php
@@ -687,9 +687,9 @@
                     <!-- /.sidebar-menu -->
                 <div class="menu-footer">
                     <div class="" id="sidebar-footer">
-                        <i class="fa-solid fa-clock-o mr-2 infotip text-info pointer" title="<?php echo $lang->get('server_time') . ' ' .
+                        <i class="fa-solid fa-clock-o mr-2 infotip text-info pointer" title="<?php echo htmlspecialchars($lang->get('server_time') . ' ' .
                             date($date_format, (int) $server['request_time']) . ' - ' .
-                            date($time_format, (int) $server['request_time']); ?>"></i>
+                            date($time_format, (int) $server['request_time']), ENT_QUOTES, 'UTF-8'); ?>"></i>
                         <i class="fa-solid fa-users mr-2 infotip text-info pointer" title="<?php echo $session_nb_users_online . ' ' . $lang->get('users_online'); ?>"></i>
                         <a href="<?php echo DOCUMENTATION_URL; ?>" target="_blank" class="text-info"><i class="fa-solid fa-book mr-2 infotip" title="<?php echo $lang->get('documentation_canal'); ?>"></i></a>
                         <a href="<?php echo HELP_URL; ?>" target="_blank" class="text-info"><i class="fa-solid fa-life-ring mr-2 infotip" title="<?php echo $lang->get('admin_help'); ?>"></i></a>
diff --git a/pages/admin.php b/pages/admin.php
index ad38b1802..705718b05 100755
--- a/pages/admin.php
+++ b/pages/admin.php
@@ -306,7 +306,7 @@
 
                         // Test internet access
                         $connected = @fsockopen("www.cloudflare.com", 443, $errno, $errstr, 1); // API Duo API (MFA).
-                        if ($connected){
+                        if ($connected !== false) {
                             fclose($connected);
                             $internetAccess = '
                             <p>
diff --git a/pages/uploads.js.php b/pages/uploads.js.php
index b734ed50f..20f7eb587 100755
--- a/pages/uploads.js.php
+++ b/pages/uploads.js.php
@@ -32,7 +32,7 @@
 use TeampassClasses\PerformChecks\PerformChecks;
 use TeampassClasses\SessionManager\SessionManager;
 use TeampassClasses\ConfigManager\ConfigManager;
-use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Request as RequestLocal;
 use TeampassClasses\Language\Language;
 // Load functions
 require_once __DIR__.'/../sources/main.functions.php';
@@ -40,7 +40,7 @@
 // init
 loadClasses();
 $session = SessionManager::getSession();
-$request = Request::createFromGlobals();
+$request = RequestLocal::createFromGlobals();
 $lang = new Language(); 
 
 if ($session->get('key') === null) {
diff --git a/pages/uploads.php b/pages/uploads.php
index ff0013a38..626d6f58c 100755
--- a/pages/uploads.php
+++ b/pages/uploads.php
@@ -28,7 +28,7 @@
  */
 
 use TeampassClasses\SessionManager\SessionManager;
-use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Request as RequestLocal;
 use TeampassClasses\Language\Language;
 use TeampassClasses\NestedTree\NestedTree;
 use TeampassClasses\PerformChecks\PerformChecks;
@@ -40,7 +40,7 @@
 // init
 loadClasses('DB');
 $session = SessionManager::getSession();
-$request = Request::createFromGlobals();
+$request = RequestLocal::createFromGlobals();
 $lang = new Language(); 
 
 // Load config if $SETTINGS not defined
diff --git a/scripts/background_tasks___items_handler.php b/scripts/background_tasks___items_handler.php
index 082fe6ae4..f189625f1 100755
--- a/scripts/background_tasks___items_handler.php
+++ b/scripts/background_tasks___items_handler.php
@@ -344,7 +344,7 @@ function handleTaskStep(
             0,
             -1,
             (int) $ProcessArguments['item_id'],
-            (string) array_key_exists('pwd', $ProcessArguments) === true ? $ProcessArguments['pwd'] : (array_key_exists('object_key', $ProcessArguments) === true ? $ProcessArguments['object_key'] : ''),
+            (string) (array_key_exists('pwd', $ProcessArguments) === true ? $ProcessArguments['pwd'] : (array_key_exists('object_key', $ProcessArguments) === true ? $ProcessArguments['object_key'] : '')),
             false,
             false,
             [],
diff --git a/scripts/background_tasks___items_handler_subtask.php b/scripts/background_tasks___items_handler_subtask.php
index bd28b9841..89bc08cf6 100644
--- a/scripts/background_tasks___items_handler_subtask.php
+++ b/scripts/background_tasks___items_handler_subtask.php
@@ -109,7 +109,7 @@
         0,
         -1,
         (int) $ProcessArguments['item_id'],
-        (string) array_key_exists('pwd', $ProcessArguments) === true ? $ProcessArguments['pwd'] : (array_key_exists('object_key', $ProcessArguments) === true ? $ProcessArguments['object_key'] : ''),
+        (string) (array_key_exists('pwd', $ProcessArguments) === true ? $ProcessArguments['pwd'] : (array_key_exists('object_key', $ProcessArguments) === true ? $ProcessArguments['object_key'] : '')),
         false,
         false,
         [],
diff --git a/scripts/task_maintenance_purge_old_files.php b/scripts/task_maintenance_purge_old_files.php
index 6d144c47f..c6284e8ce 100755
--- a/scripts/task_maintenance_purge_old_files.php
+++ b/scripts/task_maintenance_purge_old_files.php
@@ -110,5 +110,4 @@ function purgeTemporaryFiles(): void
             }
         }
     }
-    
 }
\ No newline at end of file
diff --git a/sources/backups.queries.php b/sources/backups.queries.php
index dda4e20cc..12e118f16 100755
--- a/sources/backups.queries.php
+++ b/sources/backups.queries.php
@@ -352,7 +352,7 @@
                 $post_totalSize = filesize($post_backupFile);
             }
 
-            if ($handle) {
+            if ($handle !== false) {
                 // Déplacer le pointeur de fichier à l'offset actuel
                 fseek($handle, $post_offset);
 
diff --git a/sources/core.php b/sources/core.php
index 95bd3fc5e..ba07f93a9 100755
--- a/sources/core.php
+++ b/sources/core.php
@@ -365,16 +365,14 @@ function() {
     $server_cert = openssl_x509_parse($server['ssl_server_cert']);
     $cert_name = $server_cert['name'];
     $cert_issuer = '';
-    /** @var array $issuer */
-    $issuer = $server_cert['issuer'];
+    $issuer = (array) $server_cert['issuer']; // $issuer is always an array (according to the structure of $server_cert)
 
-    if (is_array($issuer)) {
-        foreach ($issuer as $key => $value) {
-            if (is_array($value) === false) {
-                $cert_issuer .= "/{$key}={$value}";
-            }
+    foreach ($issuer as $key => $value) {
+        if (is_array($value) === false) {
+            $cert_issuer .= "/{$key}={$value}";
         }
     }
+    
     if (isset($cert_name) === true && empty($cert_name) === false && $cert_name !== $cert_issuer) {
         if (isset($server['https'])) {
             header('Strict-Transport-Security: max-age=500');
diff --git a/sources/downloadFile.php b/sources/downloadFile.php
index 1ce536d9e..79dc88a65 100755
--- a/sources/downloadFile.php
+++ b/sources/downloadFile.php
@@ -99,8 +99,11 @@
 // Remove newline characters from the filename
 $get_filename = str_replace(array("\r", "\n"), '', $get_filename);
 
+// Validate the filename to ensure it does not contain unwanted characters
+$get_filename = preg_replace('/[^a-zA-Z0-9_\.-]/', '', basename($get_filename));
+
 // prepare Encryption class calls
-header('Content-disposition: attachment; filename=' . rawurldecode(basename($get_filename)));
+header('Content-disposition: attachment; filename=' . rawurldecode($get_filename));
 header('Content-Type: application/octet-stream');
 header('Cache-Control: must-revalidate, no-cache, no-store');
 header('Expires: 0');
diff --git a/sources/folders.class.php b/sources/folders.class.php
index 9dafd03fc..1dedbfe17 100644
--- a/sources/folders.class.php
+++ b/sources/folders.class.php
@@ -311,7 +311,6 @@ private function updateTimestamp()
      */
     private function rebuildFolderTree($user_is_admin, $title, $parent_id, $isPersonal, $user_id, $newId)
     {
-        $session = SessionManager::getSession();
         $tree = new NestedTree(prefixTable('nested_tree'), 'id', 'parent_id', 'title');
         $tree->rebuild();
         
diff --git a/sources/folders.queries.php b/sources/folders.queries.php
index d94505490..eed994e27 100755
--- a/sources/folders.queries.php
+++ b/sources/folders.queries.php
@@ -336,8 +336,7 @@
             ];            
             $inputData = dataSanitizer(
                 $data,
-                $filters,
-                $SETTINGS['cpassman_dir']
+                $filters
             );
 
             // Init
diff --git a/sources/import.queries.php b/sources/import.queries.php
index dcd739d0e..bfc8ba12a 100755
--- a/sources/import.queries.php
+++ b/sources/import.queries.php
@@ -341,9 +341,7 @@
         }
 
         // Clean each array entry
-        if (is_array($post_items) === true) {
-            array_walk_recursive($post_items, 'cleanOutput');
-        }
+        array_walk_recursive($post_items, 'cleanOutput');
         
         // Loop on array
         foreach ($post_items as $item) {
@@ -616,9 +614,6 @@ function handleGroups($groups, string $previousFolder, array $newItemsToAdd, int
                 $groups = [$groups];
             }
 
-            // Save the current folder ID to restore it after recursion
-            $currentFolderId = $previousFolder;
-
             foreach ($groups as $group) {
                 // Add the current group (folder) to the list
                 $newItemsToAdd['folders'][] = [
diff --git a/sources/logs.datatables.php b/sources/logs.datatables.php
index 1ea6ed565..b437877bd 100755
--- a/sources/logs.datatables.php
+++ b/sources/logs.datatables.php
@@ -140,7 +140,7 @@
             foreach ($aColumns as $column) {
                 $sWhere .= $column . " LIKE '%" . $searchValue . "%' OR ";
             }
-            $sWhere = substr_replace($sWhere, '', -3) . ')';
+            $sWhere = substr_replace((string) $sWhere, '', -3) . ')';
         }
     }
 
diff --git a/sources/main.functions.php b/sources/main.functions.php
index 2d2d8850e..4cb7c6ac9 100755
--- a/sources/main.functions.php
+++ b/sources/main.functions.php
@@ -1285,8 +1285,11 @@ function prepareExchangedData($data, string $type, ?string $key = null)
                 $session->get('key')
             );
         } else {
-            // Double html encoding received
-            $data = html_entity_decode(html_entity_decode($data));
+            // Check if $data is a string before decoding
+            if (is_string($data)) {
+                // Double html encoding received
+                $data = html_entity_decode(html_entity_decode($data));
+            }
         }
 
         // Return data array
@@ -2404,7 +2407,7 @@ function encryptUserObjectKey(string $key, string $publicKey): string
     $rsa->loadKey($decodedPublicKey);
     // Encrypt
     $encrypted = $rsa->encrypt(base64_decode($key));
-    if ($encrypted === false) {
+    if (empty($encrypted)) {  // Check if key is empty or null
         throw new RuntimeException("Error while encrypting key.");
     }
     // Return
diff --git a/sources/main.queries.php b/sources/main.queries.php
index d92865eaf..942bf9478 100755
--- a/sources/main.queries.php
+++ b/sources/main.queries.php
@@ -291,13 +291,12 @@ function userHandler(string $post_type, array|null|string $dataReceived, array $
         (int) $session->get('user-can_manage_all_users') !== 1 &&
         !in_array($post_type, $all_users_can_access)) {
 
-        echo prepareExchangedData(
+        return prepareExchangedData(
             array(
                 'error' => true,
             ),
             'encode'
         );
-        exit;
     }
 
     if (isset($dataReceived['user_id'])) {
@@ -392,8 +391,7 @@ function userHandler(string $post_type, array|null|string $dataReceived, array $
                 (string) filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
                 (string) filter_var($dataReceived['pwd'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
                 (string) filter_var($dataReceived['token'], FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-                $SETTINGS,
-                (string) $post_key
+                $SETTINGS
             );
 
         /*
@@ -467,7 +465,6 @@ function mailHandler(string $post_type, /*php8 array|null|string */$dataReceived
                     ),
                     'encode'
                 );
-                break;
             }
 
             // Only administrators and managers can send mails
diff --git a/sources/tree.php b/sources/tree.php
index 9e16ff1eb..11aafc2c8 100755
--- a/sources/tree.php
+++ b/sources/tree.php
@@ -421,7 +421,6 @@ function handleNode(
         (int) $nbItemsInSubfolders,
         (int) $nbSubfolders,
         $inputData['limitedFolders'],
-        (int) $SETTINGS['show_only_accessible_folders'],
         isset($SETTINGS['tree_counters']) === true && isset($SETTINGS['enable_tasks_manager']) === true && (int) $SETTINGS['enable_tasks_manager'] === 1 && (int) $SETTINGS['tree_counters'] === 1 ? 1 : 0,
         (bool) $inputData['userReadOnly'],
         $listFoldersLimitedKeys,
@@ -575,7 +574,6 @@ function prepareNodeJson(
  * @param integer $nbItemsInSubfolders
  * @param integer $nbSubfolders
  * @param array $session_list_folders_limited
- * @param integer $show_only_accessible_folders
  * @param integer $tree_counters
  * @param bool $session_user_read_only
  * @param array $listFoldersLimitedKeys
@@ -594,7 +592,6 @@ function prepareNodeData(
     int $nbItemsInSubfolders,
     int $nbSubfolders,
     array $session_list_folders_limited,
-    int $show_only_accessible_folders,
     int $tree_counters,
     bool $session_user_read_only,
     array $listFoldersLimitedKeys,
diff --git a/sources/upload.attachments.php b/sources/upload.attachments.php
index 147c0cba3..25d80f4de 100755
--- a/sources/upload.attachments.php
+++ b/sources/upload.attachments.php
@@ -29,7 +29,7 @@
  * @see       https://www.teampass.net
  */
 
-use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Request as RequestLocal;
 use TeampassClasses\SessionManager\SessionManager;
 use TeampassClasses\Language\Language;
 use TeampassClasses\PerformChecks\PerformChecks;
@@ -39,7 +39,7 @@
 // Load functions
 require_once 'main.functions.php';
 $session = SessionManager::getSession();
-$request = Request::createFromGlobals();
+$request = RequestLocal::createFromGlobals();
 // init
 loadClasses('DB');
 $lang = new Language();
@@ -484,7 +484,4 @@ function handleAttachmentError($message, $code, $http_code = 400)
 
     // json error message
     echo '{"jsonrpc" : "2.0", "error" : {"code": ' . htmlentities((string) $code, ENT_QUOTES) . ', "message": "' . htmlentities((string) $message, ENT_QUOTES) . '"}, "id" : "id"}';
-    
-    // Force exit to avoid bypass filters.
-    exit;
 }
diff --git a/sources/upload.files.php b/sources/upload.files.php
index 7ab910e7f..d8c64537e 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -33,7 +33,7 @@
 use voku\helper\AntiXSS;
 use TeampassClasses\NestedTree\NestedTree;
 use TeampassClasses\SessionManager\SessionManager;
-use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Request as RequestLocal;
 use TeampassClasses\Language\Language;
 use EZimuel\PHPSecureSession;
 use TeampassClasses\PerformChecks\PerformChecks;
@@ -45,7 +45,7 @@
 // init
 loadClasses('DB');
 $session = SessionManager::getSession();
-$request = Request::createFromGlobals();
+$request = RequestLocal::createFromGlobals();
 $lang = new Language(); 
 
 
diff --git a/sources/users.queries.php b/sources/users.queries.php
index 97d826d52..7f711c2d5 100755
--- a/sources/users.queries.php
+++ b/sources/users.queries.php
@@ -2160,8 +2160,7 @@
             
             $inputData = dataSanitizer(
                 $data,
-                $filters,
-                $SETTINGS['cpassman_dir']
+                $filters
             );
 
             // Check send values

From 3a90db1c98e9314492073b09e44bf92bf49c0201 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Fri, 11 Oct 2024 08:11:39 +0200
Subject: [PATCH 02/13] Bad minor version

---
 includes/config/include.php    | 2 +-
 includes/tables_integrity.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index 99e6f5076..2a5a4525f 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '6');
+define('TP_VERSION_MINOR', '7');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 1d4d296d6..98a289470 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -17,7 +17,7 @@
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "63c8be2cbe7e9d672dd8b7d68ed1a710370c134861e29942fc39485954e34a17"
+        "structure_hash": "2d2688d649b49b2031140553ba5773d70ca14f27464154426d61692748a4ddda"
     },
     {
         "table_name": "cache",

From 2d99ca9d1f4fc982b9fb2e72940b24f11786afd9 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Fri, 11 Oct 2024 13:26:31 +0200
Subject: [PATCH 03/13] code_review

Revert one change
---
 includes/config/include.php    | 2 +-
 includes/tables_integrity.json | 4 ++--
 sources/upload.attachments.php | 3 +++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index 2a5a4525f..1f33708e2 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '7');
+define('TP_VERSION_MINOR', '10');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 98a289470..b14cadd87 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -17,7 +17,7 @@
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "2d2688d649b49b2031140553ba5773d70ca14f27464154426d61692748a4ddda"
+        "structure_hash": "5cf6a9a1eff3a195366663140c237425bdbb9e35d75ca27f78ea0c2e68751246"
     },
     {
         "table_name": "cache",
@@ -101,7 +101,7 @@
     },
     {
         "table_name": "log_system",
-        "structure_hash": "23229fe42f9dee7df3d95d4718b8d23244e1655aee2d4554d6b37f07892e4613"
+        "structure_hash": "fdac46aa016fbe85016158178c511cc2f72328e6ee04b3b292970ee02f9361c7"
     },
     {
         "table_name": "misc",
diff --git a/sources/upload.attachments.php b/sources/upload.attachments.php
index 25d80f4de..82c0bb0f7 100755
--- a/sources/upload.attachments.php
+++ b/sources/upload.attachments.php
@@ -484,4 +484,7 @@ function handleAttachmentError($message, $code, $http_code = 400)
 
     // json error message
     echo '{"jsonrpc" : "2.0", "error" : {"code": ' . htmlentities((string) $code, ENT_QUOTES) . ', "message": "' . htmlentities((string) $message, ENT_QUOTES) . '"}, "id" : "id"}';
+    
+    // Force exit to avoid bypass filters.
+    exit;
 }

From be1cd81cddc6e8efb44d4b7ae452a7a3cfd93b8a Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Sat, 12 Oct 2024 10:13:08 +0200
Subject: [PATCH 04/13] Several fixes based upon Scrutinizer analysis

---
 api/Controller/Api/ItemController.php |  24 ++--
 includes/config/include.php           |   2 +-
 includes/tables_integrity.json        |  16 +--
 sources/downloadFile.php              |   7 +-
 sources/main.functions.php            |  16 ++-
 sources/main.queries.php              |  45 ++++---
 sources/tasks.queries.php             |  26 ++--
 sources/upload.files.php              | 181 ++++++++++++++------------
 8 files changed, 178 insertions(+), 139 deletions(-)

diff --git a/api/Controller/Api/ItemController.php b/api/Controller/Api/ItemController.php
index e92a6455f..727ee8417 100755
--- a/api/Controller/Api/ItemController.php
+++ b/api/Controller/Api/ItemController.php
@@ -197,18 +197,18 @@ public function createAction(array $userData)
                         // launch
                         $itemModel = new ItemModel();
                         $ret = $itemModel->addItem(
-                            $arrQueryStringParams['folder_id'],
-                            $arrQueryStringParams['label'],
-                            $arrQueryStringParams['password'],
-                            $arrQueryStringParams['description'],
-                            $arrQueryStringParams['login'],
-                            $arrQueryStringParams['email'],
-                            $arrQueryStringParams['url'],
-                            $arrQueryStringParams['tags'],
-                            $arrQueryStringParams['anyone_can_modify'],
-                            $arrQueryStringParams['icon'],
-                            $userData['id'],
-                            $userData['username'],
+                            (int) $arrQueryStringParams['folder_id'],
+                            (string) $arrQueryStringParams['label'],
+                            (string) $arrQueryStringParams['password'],
+                            (string) $arrQueryStringParams['description'],
+                            (string) $arrQueryStringParams['login'],
+                            (string) $arrQueryStringParams['email'],
+                            (string) $arrQueryStringParams['url'],
+                            (string) $arrQueryStringParams['tags'],
+                            (string) $arrQueryStringParams['anyone_can_modify'],
+                            (string) $arrQueryStringParams['icon'],
+                            (int) $userData['id'],
+                            (string) $userData['username'],
                         );
                         $responseData = json_encode($ret);
                     }
diff --git a/includes/config/include.php b/includes/config/include.php
index 1f33708e2..e1405a90d 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '10');
+define('TP_VERSION_MINOR', '135');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index b14cadd87..8344451c3 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -13,11 +13,11 @@
     },
     {
         "table_name": "background_tasks",
-        "structure_hash": "d31e1bf6f7d08b0f7f327fc5403e7226a0e6ba661c4d60058953b314adf9428f"
+        "structure_hash": "4becb78c282293cbe38d35a0400861a62b836a69e86042ac7508f9a492346c05"
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "5cf6a9a1eff3a195366663140c237425bdbb9e35d75ca27f78ea0c2e68751246"
+        "structure_hash": "e1a646c60604b3e46cd46eef920615152e66f67c0bc09fc827af15a39198e5d9"
     },
     {
         "table_name": "cache",
@@ -53,7 +53,7 @@
     },
     {
         "table_name": "files",
-        "structure_hash": "4fe2dba769c93b40e3519b8668e871be1eaab231045d1877b64d53128fe3cf9e"
+        "structure_hash": "81cd2a5ebf9200047d76457ddb9a23652e81230104ebe88191653a5162760a72"
     },
     {
         "table_name": "items",
@@ -65,7 +65,7 @@
     },
     {
         "table_name": "items_edition",
-        "structure_hash": "cf58c1c9b678dc0ece44492639d3c3bd23e095e69f8f65e7df67d147f90eb3b4"
+        "structure_hash": "6c25cbcd85c4f4a0aa34073ef10f69479dfabf9177ef1e21084c469fc584b1e2"
     },
     {
         "table_name": "items_otp",
@@ -97,11 +97,11 @@
     },
     {
         "table_name": "log_items",
-        "structure_hash": "e6284adabbddae673d2fd4e85edaf52adef7418ad42bbd2f185e6fa032964d04"
+        "structure_hash": "bbb411f1054c594e7fdc72218fff71540bd0859bc3231459ce389ca521acde09"
     },
     {
         "table_name": "log_system",
-        "structure_hash": "fdac46aa016fbe85016158178c511cc2f72328e6ee04b3b292970ee02f9361c7"
+        "structure_hash": "1375e8e483ac6ba605f62e3128a2d3097c6cc0c5b92d1bd9161cf836ca17e1f9"
     },
     {
         "table_name": "misc",
@@ -165,7 +165,7 @@
     },
     {
         "table_name": "sharekeys_files",
-        "structure_hash": "611b71f243e0a3d85734df89c1443cd5067eae7276876016abcf6ed67f9f5d41"
+        "structure_hash": "7f05b763fab08a9129db7252faf7c4c08466c8e6e40077b4cae397caffc2d358"
     },
     {
         "table_name": "sharekeys_items",
@@ -193,7 +193,7 @@
     },
     {
         "table_name": "tokens",
-        "structure_hash": "904d889fdbf82770ba0c18eecb834017576dd6631259276c86a50f99c6a4edcf"
+        "structure_hash": "b8518caf88d818c25298a2f9c8fb622a8783ac15bba0d8b1ff952c81ef019b00"
     },
     {
         "table_name": "user_requests",
diff --git a/sources/downloadFile.php b/sources/downloadFile.php
index 79dc88a65..053ea4b9f 100755
--- a/sources/downloadFile.php
+++ b/sources/downloadFile.php
@@ -102,8 +102,11 @@
 // Validate the filename to ensure it does not contain unwanted characters
 $get_filename = preg_replace('/[^a-zA-Z0-9_\.-]/', '', basename($get_filename));
 
-// prepare Encryption class calls
-header('Content-disposition: attachment; filename=' . rawurldecode($get_filename));
+// Further escape the filename to prevent header injection issues
+$get_filename = addslashes($get_filename);
+
+// Use Content-Disposition header with double quotes around filename
+header('Content-Disposition: attachment; filename="' . rawurldecode($get_filename) . '"');
 header('Content-Type: application/octet-stream');
 header('Cache-Control: must-revalidate, no-cache, no-store');
 header('Expires: 0');
diff --git a/sources/main.functions.php b/sources/main.functions.php
index 4cb7c6ac9..102a254a7 100755
--- a/sources/main.functions.php
+++ b/sources/main.functions.php
@@ -1277,6 +1277,7 @@ function prepareExchangedData($data, string $type, ?string $key = null)
 
         return $data;
     }
+
     if ($type === 'decode' && is_array($data) === false) {
         // Decrypt if needed
         if ($session->get('encryptClientServer') === 1) {
@@ -1285,16 +1286,17 @@ function prepareExchangedData($data, string $type, ?string $key = null)
                 $session->get('key')
             );
         } else {
-            // Check if $data is a string before decoding
-            if (is_string($data)) {
-                // Double html encoding received
-                $data = html_entity_decode(html_entity_decode($data));
-            }
+            // Double html encoding received
+            $data = html_entity_decode(html_entity_decode($data));
         }
 
-        // Return data array
-        return json_decode($data, true);
+        // Check if $data is a valid string before json_decode
+        if (is_string($data) && !empty($data)) {
+            // Return data array
+            return json_decode($data, true);
+        }
     }
+
     return '';
 }
 
diff --git a/sources/main.queries.php b/sources/main.queries.php
index 942bf9478..b8a26d46e 100755
--- a/sources/main.queries.php
+++ b/sources/main.queries.php
@@ -136,55 +136,66 @@ function mainQuery(array $SETTINGS)
     // User's language loading
     $session = SessionManager::getSession();
     $lang = new Language($session->get('user-language') ?? 'english');
+    $request = SymfonyRequest::createFromGlobals();
 
-    // Prepare post variables
-    $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-    $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-    $post_type_category = filter_input(INPUT_POST, 'type_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-    $post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
-
+    // Prepare POST variables
+    $inputData = dataSanitizer(
+        [
+            'type' => $request->request->filter('type', '', FILTER_SANITIZE_SPECIAL_CHARS),
+            'data' => $request->request->filter('data', '', FILTER_SANITIZE_SPECIAL_CHARS),
+            'key' => $request->request->filter('key', '', FILTER_SANITIZE_SPECIAL_CHARS),
+            'type_category' => $request->request->filter('type_category', '', FILTER_SANITIZE_SPECIAL_CHARS),
+        ],
+        [
+            'type' => 'trim|escape',
+            'data' => 'trim|escape',
+            'key' => 'trim|escape',
+            'type_category' => 'trim|escape',
+        ]
+    );
+    
     // Check KEY
-    if (isValueSetNullEmpty($post_key) === true) {
+    if (isValueSetNullEmpty($inputData['key']) === true) {
         echo prepareExchangedData(
             array(
                 'error' => true,
                 'message' => $lang->get('key_is_not_correct'),
             ),
             'encode',
-            $post_key
+            $inputData['key']
         );
         return false;
     }
     // decrypt and retreive data in JSON format
-    $dataReceived = empty($post_data) === false ? prepareExchangedData(
-        $post_data,
+    $dataReceived = empty($inputData['data']) === false ? prepareExchangedData(
+        $inputData['data'],
         'decode'
     ) : '';
     
-    switch ($post_type_category) {
+    switch ($inputData['type_category']) {
         case 'action_password':
-            echo passwordHandler($post_type, $dataReceived, $SETTINGS);
+            echo passwordHandler($inputData['type'], $dataReceived, $SETTINGS);
             break;
 
         case 'action_user':
-            echo userHandler($post_type, $dataReceived, $SETTINGS, $post_key);
+            echo userHandler($inputData['type'], $dataReceived, $SETTINGS, $inputData['key']);
             break;
 
         case 'action_mail':
-            echo mailHandler($post_type, $dataReceived, $SETTINGS);
+            echo mailHandler($inputData['type'], $dataReceived, $SETTINGS);
             break;
 
         case 'action_key':
             // deepcode ignore ServerLeak: All cases handled by keyHandler return an encrypted string that is sent back to the client
-            echo keyHandler($post_type, $dataReceived, $SETTINGS);
+            echo keyHandler($inputData['type'], $dataReceived, $SETTINGS);
             break;
 
         case 'action_system':
-            echo systemHandler($post_type, $dataReceived, $SETTINGS);
+            echo systemHandler($inputData['type'], $dataReceived, $SETTINGS);
             break;
 
         case 'action_utils':
-            echo utilsHandler($post_type, $dataReceived, $SETTINGS);
+            echo utilsHandler($inputData['type'], $dataReceived, $SETTINGS);
             break;
     }
     
diff --git a/sources/tasks.queries.php b/sources/tasks.queries.php
index 8df2ef386..e3b46b732 100755
--- a/sources/tasks.queries.php
+++ b/sources/tasks.queries.php
@@ -90,14 +90,24 @@
 // --------------------------------- //
 
 // Prepare POST variables
-$post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
-$post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-$post_task = filter_input(INPUT_POST, 'task', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+$inputData = dataSanitizer(
+    [
+        'type' => $request->request->filter('type', '', FILTER_SANITIZE_SPECIAL_CHARS),
+        //'data' => $request->request->filter('data', '', FILTER_SANITIZE_SPECIAL_CHARS),
+        'key' => $request->request->filter('key', '', FILTER_SANITIZE_SPECIAL_CHARS),
+        'task' => $request->request->filter('task', '', FILTER_SANITIZE_SPECIAL_CHARS),
+    ],
+    [
+        'type' => 'trim|escape',
+        //'data' => 'trim|escape',
+        'key' => 'trim|escape',
+        'type_category' => 'trim|escape',
+    ]
+);
 
-if (null !== $post_type) {
+if (null !== $inputData['type']) {
     // Do checks
-    if ($post_key !== $session->get('key')) {
+    if ($inputData['key'] !== $session->get('key')) {
         echo prepareExchangedData(
             array(
                 'error' => true,
@@ -120,9 +130,9 @@
     // Get PHP binary
     $phpBinaryPath = getPHPBinary();
 
-    switch ($post_type) {
+    switch ($inputData['type']) {
         case 'perform_task':
-            echo performTask($post_task, $phpBinaryPath, $SETTINGS['date_format'].' '.$SETTINGS['time_format']);
+            echo performTask($inputData['task'], $phpBinaryPath, $SETTINGS['date_format'].' '.$SETTINGS['time_format']);
 
             break;
 
diff --git a/sources/upload.files.php b/sources/upload.files.php
index d8c64537e..ab36164b8 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -34,6 +34,7 @@
 use TeampassClasses\NestedTree\NestedTree;
 use TeampassClasses\SessionManager\SessionManager;
 use Symfony\Component\HttpFoundation\Request as RequestLocal;
+use Symfony\Component\HttpFoundation\File\Exception\FileException;
 use TeampassClasses\Language\Language;
 use EZimuel\PHPSecureSession;
 use TeampassClasses\PerformChecks\PerformChecks;
@@ -185,69 +186,71 @@
     return false;
 }
 
-// Validate the file size (Warning: the largest files supported by this code is 2GB)
-$file_size = @filesize($_FILES['file']['tmp_name']);
-if ($file_size === false || $file_size > $max_file_size_in_bytes) {
-    echo handleUploadError('File exceeds the maximum allowed size');
-    return false;
-}
-if ($file_size <= 0) {
-    echo handleUploadError('File size outside allowed lower bound');
-    return false;
-}
+// Validate file size (Warning: the largest files supported by this code is 2GB)
+$file = $request->files->get('file');
 
-// 5 minutes execution time
-set_time_limit(5 * 60);
+if ($file) {
+    // Get the size of the uploaded file
+    $file_size = $file->getSize();
 
-// Validate the upload
-if (isset($_FILES['file']) === false) {
-    echo handleUploadError('No upload found in $_FILES for Filedata');
-    return false;
-} elseif (
-    isset($_FILES['file']['error']) === true
-    && $_FILES['file']['error'] != 0
-) {
-    echo handleUploadError($uploadErrors[$_FILES['Filedata']['error']]);
-    return false;
-} elseif (
-    isset($_FILES['file']['tmp_name']) === false
-    || @is_uploaded_file($_FILES['file']['tmp_name']) === false
-) {
-    echo handleUploadError('Upload failed is_uploaded_file test.');
-    return false;
-} elseif (isset($_FILES['file']['name']) === false) {
-    echo handleUploadError('File has no name.');
-    return false;
-}
+    if ($file_size === false || $file_size > $max_file_size_in_bytes) {
+        echo handleUploadError('File exceeds the maximum allowed size');
+        return false;
+    }
+    
+    if ($file_size <= 0) {
+        echo handleUploadError('File size outside allowed lower bound');
+        return false;
+    }
 
-// Validate file name (for our purposes we'll just remove invalid characters)
-$file_name = preg_replace('/[^a-zA-Z0-9-_\.]/', '', strtolower(basename($_FILES['file']['name'])));
-if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
-    echo handleUploadError('Invalid file name: ' . $file_name . '.');
-    return false;
-}
+    // 5 minutes execution time
+    set_time_limit(5 * 60);
 
-// Validate file extension
-$ext = strtolower(
-    getFileExtension(
-        filter_var($_FILES['file']['name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS)
-    )
-);
-if (
-    in_array(
-        $ext,
-        explode(
-            ',',
-            $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] .
-                ',' . $SETTINGS['upload_pkgext'] . ',' . $SETTINGS['upload_otherext']
-        )
-    ) === false
-    && $post_type_upload !== 'import_items_from_keepass'
-    && $post_type_upload !== 'import_items_from_csv'
-    && $post_type_upload !== 'restore_db'
-    && $post_type_upload !== 'upload_profile_photo'
-) {
-    echo handleUploadError('Invalid file extension.');
+    // Validate upload
+    if ($file->getError() !== UPLOAD_ERR_OK) {
+        echo handleUploadError($uploadErrors[$file->getError()]);
+        return false;
+    }
+
+    // Validate file name (for our purposes we'll just remove invalid characters)
+    $file_name = preg_replace('/[^a-zA-Z0-9-_\.]/', '', strtolower(basename($file->getClientOriginalName())));
+    
+    if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
+        error_log('Invalid file name: ' . $file_name . '.'); // Log for debugging
+        echo handleUploadError('Invalid file name provided.'); // Generic message for user
+        return false;
+    }
+
+    // Validate file extension
+    $ext = strtolower(pathinfo($file->getClientOriginalName(), PATHINFO_EXTENSION));
+
+    // Optionally, you could validate against a list of allowed extensions
+    $allowed_extensions = explode(
+        ',',
+        $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] .
+            ',' . $SETTINGS['upload_pkgext'] . ',' . $SETTINGS['upload_otherext']
+    );
+    if (
+        !in_array($ext, $allowed_extensions) 
+        && $post_type_upload !== 'import_items_from_keepass'
+        && $post_type_upload !== 'import_items_from_csv'
+        && $post_type_upload !== 'restore_db'
+        && $post_type_upload !== 'upload_profile_photo'
+    ) {
+        echo handleUploadError('Invalid file extension.');
+        return false;
+    }
+
+    // Move the file to the desired location
+    try {
+        $file->move($destinationPath, $file_name);
+    } catch (FileException $e) {
+        error_log('File upload error: ' . $e->getMessage());
+        echo handleUploadError('File upload failed. Please try again.'); // Generic message for user
+        return false;
+    }
+} else {
+    echo handleUploadError('No upload found for Filedata');
     return false;
 }
 
@@ -257,9 +260,6 @@
     return false;
 }
 
-// Clean the fileName for security reasons
-$fileName = preg_replace('/[^a-zA-Z0-9-_\.]/', '', strtolower(basename($fileName)));
-
 // Make sure the fileName is unique but only if chunking is disabled
 if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
     $fileNameA = substr($fileName, 0, strlen($ext));
@@ -286,12 +286,12 @@
 
 // Remove old temp files
 if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
-    while (($file = readdir($dir)) !== false) {
-        $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
+    while (($fileClean = readdir($dir)) !== false) {
+        $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $fileClean;
 
         // Remove temp file if it is older than the max age and is not the current file
         if (
-            preg_match('/\.part$/', $file)
+            preg_match('/\.part$/', $fileClean)
             && (filemtime($tmpfilePath) < time() - $maxFileAge)
             && ($tmpfilePath != "{$filePath}.part")
         ) {
@@ -316,28 +316,41 @@
 
 // Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
 if (strpos($contentType, 'multipart') !== false) {
-    if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {        
-        // Open temp file
-        // deepcode ignore PT: $filePath is escaped and secured previously
-        $out = fopen("{$filePath}.part", $chunk == 0 ? 'wb' : 'ab');
-        error_log($_FILES['file']['tmp_name']);
-        if ($out !== false) {
-            // Read binary input stream and append it to temp file
-            $in = fopen($_FILES['file']['tmp_name'], 'rb');
-
-            if ($in !== false) {
-                while ($buff = fread($in, 4096)) {
-                    fwrite($out, $buff);
-                }
-            } else {
-                echo handleUploadError('Failed to open input stream ' . $SETTINGS['path_to_files_folder'] . '.');
-                return false;
+    if ($file && $file->isValid()) {
+        // Chemin pour le fichier temporaire
+        $tempFilePath = "{$filePath}.part";
+        
+        // Ouvrir le fichier de sortie
+        try {
+            $out = fopen($tempFilePath, $chunk == 0 ? 'wb' : 'ab');
+            
+            if ($out === false) {
+                throw new FileException('Failed to open output stream.');
+            }
+    
+            // Ouvrir le fichier temporaire uploadé
+            $in = fopen($file->getPathname(), 'rb'); // getPathname() récupère le chemin du fichier temporaire
+    
+            if ($in === false) {
+                throw new FileException('Failed to open input stream.');
+            }
+    
+            // Lire et écrire dans le fichier de sortie
+            while ($buff = fread($in, 4096)) {
+                fwrite($out, $buff);
             }
+    
+            // Fermer les fichiers
             fclose($in);
             fclose($out);
-            fileDelete($_FILES['file']['tmp_name'], $SETTINGS);
-        } else {
-            echo handleUploadError('Failed to open output stream ' . $SETTINGS['path_to_files_folder'] . '.');
+    
+            // Supprimer le fichier temporaire si nécessaire
+            fileDelete($file->getPathname(), $SETTINGS);
+            
+        } catch (FileException $e) {
+            // Log l'erreur pour le débogage
+            error_log($e->getMessage());
+            echo handleUploadError('File processing failed: ' . $e->getMessage());
             return false;
         }
     } else {

From 05a04f0204b1513db893145dc8188ffa77b821b3 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Sat, 12 Oct 2024 10:17:01 +0200
Subject: [PATCH 05/13] Several fixes based upon Scrutinizer analysis - update

---
 includes/config/include.php    |  2 +-
 includes/tables_integrity.json |  2 +-
 sources/upload.files.php       | 18 +++++++++---------
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index e1405a90d..7303cf0d2 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '135');
+define('TP_VERSION_MINOR', '136');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 8344451c3..8338d2165 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -17,7 +17,7 @@
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "e1a646c60604b3e46cd46eef920615152e66f67c0bc09fc827af15a39198e5d9"
+        "structure_hash": "9786039a0edfe1f57856bbb0cd2a99a03ab2729422db004c9d6d7517580cd8db"
     },
     {
         "table_name": "cache",
diff --git a/sources/upload.files.php b/sources/upload.files.php
index ab36164b8..9ba8ae209 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -224,7 +224,7 @@
     // Validate file extension
     $ext = strtolower(pathinfo($file->getClientOriginalName(), PATHINFO_EXTENSION));
 
-    // Optionally, you could validate against a list of allowed extensions
+    // Validate against a list of allowed extensions
     $allowed_extensions = explode(
         ',',
         $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] .
@@ -317,10 +317,10 @@
 // Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
 if (strpos($contentType, 'multipart') !== false) {
     if ($file && $file->isValid()) {
-        // Chemin pour le fichier temporaire
+        // Path for the temporary file
         $tempFilePath = "{$filePath}.part";
         
-        // Ouvrir le fichier de sortie
+        // Open the output file
         try {
             $out = fopen($tempFilePath, $chunk == 0 ? 'wb' : 'ab');
             
@@ -328,27 +328,27 @@
                 throw new FileException('Failed to open output stream.');
             }
     
-            // Ouvrir le fichier temporaire uploadé
-            $in = fopen($file->getPathname(), 'rb'); // getPathname() récupère le chemin du fichier temporaire
+            // Open the uploaded temporary file
+            $in = fopen($file->getPathname(), 'rb'); // getPathname() retrieves the temporary file path
     
             if ($in === false) {
                 throw new FileException('Failed to open input stream.');
             }
     
-            // Lire et écrire dans le fichier de sortie
+            // Read and write to the output file
             while ($buff = fread($in, 4096)) {
                 fwrite($out, $buff);
             }
     
-            // Fermer les fichiers
+            // Close the files
             fclose($in);
             fclose($out);
     
-            // Supprimer le fichier temporaire si nécessaire
+            // Delete temporary file if needed
             fileDelete($file->getPathname(), $SETTINGS);
             
         } catch (FileException $e) {
-            // Log l'erreur pour le débogage
+            // On error log
             error_log($e->getMessage());
             echo handleUploadError('File processing failed: ' . $e->getMessage());
             return false;

From 3d0d90471bb2e890af43d1eb166c6e2856eed62c Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Sat, 12 Oct 2024 10:56:25 +0200
Subject: [PATCH 06/13] Fixes based upon Scrutinizer analysis - update

---
 includes/config/include.php                         |  2 +-
 includes/tables_integrity.json                      |  4 ++--
 ...ckground_tasks___userKeysCreation_subtaskHdl.php | 10 +++++++++-
 sources/main.functions.php                          | 12 ++++++++++--
 sources/upload.files.php                            | 13 +++++++++++--
 5 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index 7303cf0d2..ef5f3c8b8 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '136');
+define('TP_VERSION_MINOR', '137');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 8338d2165..d316ac825 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -17,7 +17,7 @@
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "9786039a0edfe1f57856bbb0cd2a99a03ab2729422db004c9d6d7517580cd8db"
+        "structure_hash": "7bafa0f82926da16f4d87669fa4d645ed751d94fb58b96a03675d784076fbd1b"
     },
     {
         "table_name": "cache",
@@ -101,7 +101,7 @@
     },
     {
         "table_name": "log_system",
-        "structure_hash": "1375e8e483ac6ba605f62e3128a2d3097c6cc0c5b92d1bd9161cf836ca17e1f9"
+        "structure_hash": "717fc56a78ae32a5597dbd70286010edfd1476daa61e52831895d3be97d2cb05"
     },
     {
         "table_name": "misc",
diff --git a/scripts/background_tasks___userKeysCreation_subtaskHdl.php b/scripts/background_tasks___userKeysCreation_subtaskHdl.php
index 2a46e7979..5d1ecb833 100644
--- a/scripts/background_tasks___userKeysCreation_subtaskHdl.php
+++ b/scripts/background_tasks___userKeysCreation_subtaskHdl.php
@@ -58,9 +58,17 @@
 // Once all items are processed, the subtask is marked as FINISHED
 
 $arguments = $_SERVER['argv'];
-array_shift($arguments);
 
+// Is there any arguments in array ?
+if (!is_array($arguments)) {
+    // Stop the script
+    echo "Erreur : Les arguments ne sont pas disponibles ou ne sont pas un tableau.\n";
+    error_log('Error: Arguments are not available or not an array. (background_tasks___userKeysCreation_subtaskHdl.php)');
+    exit(1);
+}
+array_shift($arguments);
 
+// Get the arguments
 $inputData = [
     'subTaskId' => $_SERVER['argv'][1],
     'index' => $_SERVER['argv'][2],
diff --git a/sources/main.functions.php b/sources/main.functions.php
index 102a254a7..d9ef2fc95 100755
--- a/sources/main.functions.php
+++ b/sources/main.functions.php
@@ -4334,7 +4334,12 @@ function sendMailToUser(
     $emailSettings = new EmailSettings($SETTINGS);
     $emailService = new EmailService();
 
-    if (count($post_replace) > 0 && is_null($post_replace) === false) {
+    // Sanitize inputs
+    $post_receipt = filter_var($post_receipt, FILTER_SANITIZE_EMAIL);
+    $post_subject = htmlspecialchars($post_subject, ENT_QUOTES, 'UTF-8');
+    $post_body = htmlspecialchars($post_body, ENT_QUOTES, 'UTF-8');
+
+    if (count($post_replace) > 0) {
         $post_body = str_replace(
             array_keys($post_replace),
             array_values($post_replace),
@@ -4342,8 +4347,11 @@ function sendMailToUser(
         );
     }
 
+    // Remove newlines to prevent header injection
+    $post_body = str_replace(array("\r", "\n"), '', $post_body);    
+
     if ($immediate_email === true) {
-        
+        // Send email
         $ret = $emailService->sendMail(
             $post_subject,
             $post_body,
diff --git a/sources/upload.files.php b/sources/upload.files.php
index 9ba8ae209..87139c3c4 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -221,8 +221,17 @@
         return false;
     }
 
-    // Validate file extension
-    $ext = strtolower(pathinfo($file->getClientOriginalName(), PATHINFO_EXTENSION));
+    // Check that file is a valid string
+    $originalName = $file->getClientOriginalName();
+    if (is_string($originalName)) {
+        // Get file extension
+        $ext = strtolower(pathinfo($originalName, PATHINFO_EXTENSION));
+    } else {
+        // Case where the file name is not a string
+        error_log('Invalid file name: ' . $file_name . '.'); // Log for debugging
+        echo handleUploadError('Invalid file.'); // Generic message for user
+        exit(1);
+    }
 
     // Validate against a list of allowed extensions
     $allowed_extensions = explode(

From 972161dece9ee5bc1b3fbd329f91d5a80943aba2 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Sun, 13 Oct 2024 18:33:30 +0200
Subject: [PATCH 07/13] Bug fixes based upon code review by Scrutinizer

---
 includes/config/include.php    |  2 +-
 includes/tables_integrity.json |  8 ++++----
 sources/downloadFile.php       | 22 +++++++++++++++++-----
 sources/upload.files.php       | 21 ++++++++++++++-------
 4 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index ef5f3c8b8..03d97ef27 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '137');
+define('TP_VERSION_MINOR', '138');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index d316ac825..5827ef037 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -13,11 +13,11 @@
     },
     {
         "table_name": "background_tasks",
-        "structure_hash": "4becb78c282293cbe38d35a0400861a62b836a69e86042ac7508f9a492346c05"
+        "structure_hash": "9c82128b7ac255a48b5e53ce903bfd931417eea61c3565c38daf86c9cee076a9"
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "7bafa0f82926da16f4d87669fa4d645ed751d94fb58b96a03675d784076fbd1b"
+        "structure_hash": "5c4260e46fb4238c93d810ef96c39165ab62504cb655de166f8b55ccbaf882da"
     },
     {
         "table_name": "cache",
@@ -97,11 +97,11 @@
     },
     {
         "table_name": "log_items",
-        "structure_hash": "bbb411f1054c594e7fdc72218fff71540bd0859bc3231459ce389ca521acde09"
+        "structure_hash": "209dc4e70781f3fe9d4bdc633aa83b015ce115dd2c258de37c0c3cf149bebb1d"
     },
     {
         "table_name": "log_system",
-        "structure_hash": "717fc56a78ae32a5597dbd70286010edfd1476daa61e52831895d3be97d2cb05"
+        "structure_hash": "be4277560c1b97df5a9bffb57ad1372b78fb2f42f906691005d4a5b3ed13614a"
     },
     {
         "table_name": "misc",
diff --git a/sources/downloadFile.php b/sources/downloadFile.php
index 053ea4b9f..99f35419b 100755
--- a/sources/downloadFile.php
+++ b/sources/downloadFile.php
@@ -92,9 +92,21 @@
 // --------------------------------- //
 
 // Prepare GET variables
-$get_filename = (string) $antiXss->xss_clean($request->query->get('name'));
-$get_fileid = $antiXss->xss_clean($request->query->get('fileid'));
-$get_pathIsFiles = (string) $antiXss->xss_clean($request->query->get('pathIsFiles'));
+$getData = dataSanitizer(
+    [
+        'filename' => $request->query->get('name'),
+        'fileid' => $request->query->get('fileid'),
+        'pathIsFiles' => $request->query->get('pathIsFiles'),
+    ],
+    [
+        'filename' => 'trim|escape',
+        'fileid' => 'cast:integer',
+        'pathIsFiles' => 'trim|escape',
+    ]
+);
+$get_filename = (string) $antiXss->xss_clean($getData['filename']);
+$get_fileid = (int) $antiXss->xss_clean($getData['fileid']);
+$get_pathIsFiles = (string) $antiXss->xss_clean($getData['pathIsFiles']);
 
 // Remove newline characters from the filename
 $get_filename = str_replace(array("\r", "\n"), '', $get_filename);
@@ -102,8 +114,8 @@
 // Validate the filename to ensure it does not contain unwanted characters
 $get_filename = preg_replace('/[^a-zA-Z0-9_\.-]/', '', basename($get_filename));
 
-// Further escape the filename to prevent header injection issues
-$get_filename = addslashes($get_filename);
+// Escape quotes to prevent header injection
+$get_filename = str_replace('"', '\"', $get_filename);
 
 // Use Content-Disposition header with double quotes around filename
 header('Content-Disposition: attachment; filename="' . rawurldecode($get_filename) . '"');
diff --git a/sources/upload.files.php b/sources/upload.files.php
index 87139c3c4..2fef75299 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -216,8 +216,8 @@
     $file_name = preg_replace('/[^a-zA-Z0-9-_\.]/', '', strtolower(basename($file->getClientOriginalName())));
     
     if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
-        error_log('Invalid file name: ' . $file_name . '.'); // Log for debugging
-        echo handleUploadError('Invalid file name provided.'); // Generic message for user
+        error_log('Invalid file name: ' . $file_name . '.');
+        echo handleUploadError('Invalid file name provided.');
         return false;
     }
 
@@ -225,12 +225,19 @@
     $originalName = $file->getClientOriginalName();
     if (is_string($originalName)) {
         // Get file extension
-        $ext = strtolower(pathinfo($originalName, PATHINFO_EXTENSION));
+        $ext = pathinfo($originalName, PATHINFO_EXTENSION);
+        if (is_string($ext)) {
+            $ext = strtolower($ext);
+        } else {
+            // Case where the file extension is not a string
+            error_log('Invalid file name: ' . $file_name . '.');
+            echo handleUploadError('Invalid file extension.');
+        }
     } else {
         // Case where the file name is not a string
-        error_log('Invalid file name: ' . $file_name . '.'); // Log for debugging
-        echo handleUploadError('Invalid file.'); // Generic message for user
-        exit(1);
+        error_log('Invalid file name: ' . $file_name . '.');
+        echo handleUploadError('Invalid file.');
+        return false;
     }
 
     // Validate against a list of allowed extensions
@@ -255,7 +262,7 @@
         $file->move($destinationPath, $file_name);
     } catch (FileException $e) {
         error_log('File upload error: ' . $e->getMessage());
-        echo handleUploadError('File upload failed. Please try again.'); // Generic message for user
+        echo handleUploadError('File upload failed. Please try again.');
         return false;
     }
 } else {

From ff2c609e7d0721316159c8e818d40c7f64dc6c2d Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Sun, 13 Oct 2024 18:45:11 +0200
Subject: [PATCH 08/13] Bug fixes based upon code review by Scrutinizer

---
 api/inc/jwt_utils.php                        |  3 +-
 api/index.php                                |  2 +-
 includes/config/include.php                  |  2 +-
 includes/tables_integrity.json               |  2 +-
 scripts/task_maintenance_purge_old_files.php | 57 ++++++++++----------
 sources/folders.queries.php                  |  3 +-
 6 files changed, 36 insertions(+), 33 deletions(-)

diff --git a/api/inc/jwt_utils.php b/api/inc/jwt_utils.php
index 0df070d47..bfa33614b 100755
--- a/api/inc/jwt_utils.php
+++ b/api/inc/jwt_utils.php
@@ -88,7 +88,8 @@ function get_authorization_header()
 	$authorizationHeader = $request->headers->get('Authorization');
 	$headers = null;
 	
-	if (null !== $authorizationHeader) {
+	// Check if the authorization header is not empty
+	if (!empty($authorizationHeader)) {
 		$headers = trim($authorizationHeader);
 	} else if (function_exists('apache_request_headers') === true) {
 		$requestHeaders = (array) apache_request_headers();
diff --git a/api/index.php b/api/index.php
index 2d0db62c8..4fea17350 100755
--- a/api/index.php
+++ b/api/index.php
@@ -44,7 +44,7 @@
 // sanitize url segments
 $base = new BaseController();
 $uri = $base->getUriSegments();
-if (is_array($uri) === false || is_string($uri) === true) {
+if (!is_array($uri)) {
     $uri = [$uri];  // ensure $uril is table
 }
 
diff --git a/includes/config/include.php b/includes/config/include.php
index 03d97ef27..4bf9a51ea 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '138');
+define('TP_VERSION_MINOR', '139');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 5827ef037..d42c8d21f 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -17,7 +17,7 @@
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "5c4260e46fb4238c93d810ef96c39165ab62504cb655de166f8b55ccbaf882da"
+        "structure_hash": "c19188a7adbe7feef231bbdc4f06f4289a8d3e3b792e77616f6e912f450f0b1c"
     },
     {
         "table_name": "cache",
diff --git a/scripts/task_maintenance_purge_old_files.php b/scripts/task_maintenance_purge_old_files.php
index c6284e8ce..2c913cb96 100755
--- a/scripts/task_maintenance_purge_old_files.php
+++ b/scripts/task_maintenance_purge_old_files.php
@@ -73,41 +73,44 @@ function purgeTemporaryFiles(): void
     // Load expected files
     require_once __DIR__. '/../sources/main.functions.php';
 
-    if (isset($SETTINGS) === true) {
-        //read folder
-        if (is_dir($SETTINGS['path_to_files_folder']) === true) {
-            $dir = opendir($SETTINGS['path_to_files_folder']);
-            if ($dir !== false) {
-                //delete file FILES
-                while (false !== ($f = readdir($dir))) {
-                    if ($f !== '.' && $f !== '..' && $f !== '.htaccess') {
-                        if (file_exists($dir . $f) && ((time() - filectime($dir . $f)) > 604800)) {
-                            fileDelete($dir . '/' . $f, $SETTINGS);
-                        }
+    // Verify if $SETTINGS is defined
+    if (isset($SETTINGS) === false) {
+        throw new \RuntimeException('Settings are not defined.');
+    }
+
+    // $SETTINGS is set then read folder
+    if (is_dir($SETTINGS['path_to_files_folder']) === true) {
+        $dir = opendir($SETTINGS['path_to_files_folder']);
+        if ($dir !== false) {
+            //delete file FILES
+            while (false !== ($f = readdir($dir))) {
+                if ($f !== '.' && $f !== '..' && $f !== '.htaccess') {
+                    if (file_exists($dir . $f) && ((time() - filectime($dir . $f)) > 604800)) {
+                        fileDelete($dir . '/' . $f, $SETTINGS);
                     }
                 }
-
-                //Close dir
-                closedir($dir);
             }
+
+            //Close dir
+            closedir($dir);
         }
+    }
+
+    //read folder  UPLOAD
+    if (is_dir($SETTINGS['path_to_upload_folder']) === true) {
+        $dir = opendir($SETTINGS['path_to_upload_folder']);
 
-        //read folder  UPLOAD
-        if (is_dir($SETTINGS['path_to_upload_folder']) === true) {
-            $dir = opendir($SETTINGS['path_to_upload_folder']);
-
-            if ($dir !== false) {
-                //delete file
-                while (false !== ($f = readdir($dir))) {
-                    if ($f !== '.' && $f !== '..') {
-                        if (strpos($f, '_delete.') > 0) {
-                            fileDelete($SETTINGS['path_to_upload_folder'] . '/' . $f, $SETTINGS);
-                        }
+        if ($dir !== false) {
+            //delete file
+            while (false !== ($f = readdir($dir))) {
+                if ($f !== '.' && $f !== '..') {
+                    if (strpos($f, '_delete.') > 0) {
+                        fileDelete($SETTINGS['path_to_upload_folder'] . '/' . $f, $SETTINGS);
                     }
                 }
-                //Close dir
-                closedir($dir);
             }
+            //Close dir
+            closedir($dir);
         }
     }
 }
\ No newline at end of file
diff --git a/sources/folders.queries.php b/sources/folders.queries.php
index eed994e27..5cf7561b3 100755
--- a/sources/folders.queries.php
+++ b/sources/folders.queries.php
@@ -588,8 +588,7 @@
             ];            
             $inputData = dataSanitizer(
                 $data,
-                $filters,
-                $SETTINGS['cpassman_dir']
+                $filters
             );
 
             // Check if parent folder is personal

From ffde47317d9124e97f0814e3f96ab6487d6108fa Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Mon, 14 Oct 2024 20:32:11 +0200
Subject: [PATCH 09/13] Error management on image preview if the file does not
 exist

---
 includes/config/include.php    |  2 +-
 includes/tables_integrity.json | 20 ++++++++++----------
 sources/items.queries.php      | 12 ++++++++++++
 sources/main.functions.php     | 12 ++++++++++--
 4 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index 4bf9a51ea..b5a43192a 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '139');
+define('TP_VERSION_MINOR', '140');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index d42c8d21f..d3583df4f 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -9,15 +9,15 @@
     },
     {
         "table_name": "background_subtasks",
-        "structure_hash": "f507743c03dd88462fdf4ca17ff687ab878d6977002e412c7769db5db45a8182"
+        "structure_hash": "54f2e975e46967ae42ae5402f68f6748db047a9b7c6cd4beffb2d18155a9acf3"
     },
     {
         "table_name": "background_tasks",
-        "structure_hash": "9c82128b7ac255a48b5e53ce903bfd931417eea61c3565c38daf86c9cee076a9"
+        "structure_hash": "698a0fc49c0f821a65047e2e2f9c9238440d18721a798fe957eedad8f9da7468"
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "c19188a7adbe7feef231bbdc4f06f4289a8d3e3b792e77616f6e912f450f0b1c"
+        "structure_hash": "3828e176c576a9c54c70737b616f59029970cfa92dd60c69a6776dd3319f7e60"
     },
     {
         "table_name": "cache",
@@ -53,7 +53,7 @@
     },
     {
         "table_name": "files",
-        "structure_hash": "81cd2a5ebf9200047d76457ddb9a23652e81230104ebe88191653a5162760a72"
+        "structure_hash": "153ef36df5b0094b34ff0a610c45cbd4b6a313f0ef48b58b9752f59570addb0c"
     },
     {
         "table_name": "items",
@@ -65,7 +65,7 @@
     },
     {
         "table_name": "items_edition",
-        "structure_hash": "6c25cbcd85c4f4a0aa34073ef10f69479dfabf9177ef1e21084c469fc584b1e2"
+        "structure_hash": "9636c40fac70ba346a01c57510c79a70b5319c4e48802fa4bba6afb52b3c517c"
     },
     {
         "table_name": "items_otp",
@@ -97,11 +97,11 @@
     },
     {
         "table_name": "log_items",
-        "structure_hash": "209dc4e70781f3fe9d4bdc633aa83b015ce115dd2c258de37c0c3cf149bebb1d"
+        "structure_hash": "dbca92fb747483318fa4efdea4761c40ba25adb5d6ff54971e7d29a3df7012cf"
     },
     {
         "table_name": "log_system",
-        "structure_hash": "be4277560c1b97df5a9bffb57ad1372b78fb2f42f906691005d4a5b3ed13614a"
+        "structure_hash": "a32f9caab0f7480bdf4a546daccef24bbdffef49af9d47be0e925aac17322a00"
     },
     {
         "table_name": "misc",
@@ -165,11 +165,11 @@
     },
     {
         "table_name": "sharekeys_files",
-        "structure_hash": "7f05b763fab08a9129db7252faf7c4c08466c8e6e40077b4cae397caffc2d358"
+        "structure_hash": "7a909b59b6b67614313ceccd76b8a2c62dc938dc20ff5cd75c47f97a07b2264f"
     },
     {
         "table_name": "sharekeys_items",
-        "structure_hash": "eedece29bce054b48d0f5525a6349072a6f9aec1a234c9980c36d6077fadaa75"
+        "structure_hash": "55967b16b132e739d0437fd9e006c37559d9a123c2979aaab72637614c145a4c"
     },
     {
         "table_name": "sharekeys_logs",
@@ -193,7 +193,7 @@
     },
     {
         "table_name": "tokens",
-        "structure_hash": "b8518caf88d818c25298a2f9c8fb622a8783ac15bba0d8b1ff952c81ef019b00"
+        "structure_hash": "15c1c0b51e64d8e07b3a77ff7893d6dcf54cecb8d9faf37818a71afdf82c5036"
     },
     {
         "table_name": "user_requests",
diff --git a/sources/items.queries.php b/sources/items.queries.php
index c5ff365b2..1b6f8d590 100755
--- a/sources/items.queries.php
+++ b/sources/items.queries.php
@@ -6435,6 +6435,18 @@
             decryptUserObjectKey($file_info['share_key'], $session->get('user-private_key'))
         );
 
+        // Check error
+        if (isset($fileContent['error']) === true) {
+            echo (string) prepareExchangedData(
+                array(
+                    'error' => true,
+                    'message' => $fileContent['message'],
+                ),
+                'encode'
+            );
+            break;
+        }
+
         // Encrypt data to return
         echo (string) prepareExchangedData(
             array(
diff --git a/sources/main.functions.php b/sources/main.functions.php
index d9ef2fc95..2f62913b3 100755
--- a/sources/main.functions.php
+++ b/sources/main.functions.php
@@ -2510,7 +2510,7 @@ function encryptFile(string $fileInName, string $fileInPath): array
  *
  * @return string
  */
-function decryptFile(string $fileName, string $filePath, string $key): string
+function decryptFile(string $fileName, string $filePath, string $key): string|array
 {
     if (! defined('FILE_BUFFER_SIZE')) {
         define('FILE_BUFFER_SIZE', 128 * 1024);
@@ -2530,7 +2530,15 @@ function decryptFile(string $fileName, string $filePath, string $key): string
     $cipher->disablePadding();
     // Get file content
     $safeFilePath = realpath($filePath . '/' . TP_FILE_PREFIX . $safeFileName);
-    $ciphertext = file_get_contents(filter_var($safeFilePath, FILTER_SANITIZE_URL));
+    if ($safeFilePath !== false && file_exists($safeFilePath)) {
+        $ciphertext = file_get_contents(filter_var($safeFilePath, FILTER_SANITIZE_URL));
+    } else {
+        // Handle the error: file doesn't exist or path is invalid
+        return [
+            'error' => true,
+            'message' => 'This file has not been found.',
+        ];
+    }
 
     if (WIP) error_log('DEBUG: File image url -> '.filter_var($safeFilePath, FILTER_SANITIZE_URL));
 

From 0febd6e4971378dfed6a7cb2e8516ae4e953464e Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Thu, 17 Oct 2024 18:07:11 +0200
Subject: [PATCH 10/13] Fixes using Scrutinizer anaysis results

---
 includes/config/include.php                  | 2 +-
 includes/tables_integrity.json               | 8 ++++----
 scripts/task_maintenance_purge_old_files.php | 3 ++-
 sources/downloadFile.php                     | 6 +++++-
 sources/folders.queries.php                  | 2 +-
 sources/upload.files.php                     | 1 +
 6 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index b5a43192a..f6e48f2f9 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '140');
+define('TP_VERSION_MINOR', '141');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index d3583df4f..39c27a0a8 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -13,15 +13,15 @@
     },
     {
         "table_name": "background_tasks",
-        "structure_hash": "698a0fc49c0f821a65047e2e2f9c9238440d18721a798fe957eedad8f9da7468"
+        "structure_hash": "bdfbc5078cdfe4d92f67aec6827b6f1dbc9c8ffddbfc2b73c84907dff42ca4ab"
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "3828e176c576a9c54c70737b616f59029970cfa92dd60c69a6776dd3319f7e60"
+        "structure_hash": "d6331c2f9e999d47b2a9994e6b3bd3cbdfba953087e0841bcbff5de26d76a065"
     },
     {
         "table_name": "cache",
-        "structure_hash": "59952248e90c52b35880b1bb62539d8706407406b1759860d3ed44b5081e07ad"
+        "structure_hash": "a5988fbb32009d30106453eb5434d90b1f10135fb988fb3736bbf5fa254a39db"
     },
     {
         "table_name": "cache_tree",
@@ -101,7 +101,7 @@
     },
     {
         "table_name": "log_system",
-        "structure_hash": "a32f9caab0f7480bdf4a546daccef24bbdffef49af9d47be0e925aac17322a00"
+        "structure_hash": "091e8c0701fc96bcc3516620c738085c71db085e2609c92ddd6f2267c577488e"
     },
     {
         "table_name": "misc",
diff --git a/scripts/task_maintenance_purge_old_files.php b/scripts/task_maintenance_purge_old_files.php
index 2c913cb96..027bf615a 100755
--- a/scripts/task_maintenance_purge_old_files.php
+++ b/scripts/task_maintenance_purge_old_files.php
@@ -85,7 +85,8 @@ function purgeTemporaryFiles(): void
             //delete file FILES
             while (false !== ($f = readdir($dir))) {
                 if ($f !== '.' && $f !== '..' && $f !== '.htaccess') {
-                    if (file_exists($dir . $f) && ((time() - filectime($dir . $f)) > 604800)) {
+                    $filePath = $SETTINGS['path_to_files_folder'] . '/' . $f;
+                    if (file_exists($filePath) && ((time() - filectime($filePath)) > 604800)) {
                         fileDelete($dir . '/' . $f, $SETTINGS);
                     }
                 }
diff --git a/sources/downloadFile.php b/sources/downloadFile.php
index 99f35419b..08dba32f9 100755
--- a/sources/downloadFile.php
+++ b/sources/downloadFile.php
@@ -182,8 +182,12 @@
         if (empty($fileContent) === true) {
             // deepcode ignore PT: File and path are secured directly inside the function decryptFile()
             readfile($filePath); // Read the file from disk
-        } else {
+        } else if (is_string($fileContent)) {
             exit(base64_decode($fileContent));
+        } else {
+            // $fileContent is not a string
+            echo 'ERROR_No_file_found';
+        exit;
         }
         exit;
     } else {
diff --git a/sources/folders.queries.php b/sources/folders.queries.php
index 5cf7561b3..93dd3a835 100755
--- a/sources/folders.queries.php
+++ b/sources/folders.queries.php
@@ -1287,7 +1287,7 @@
                                 }
                                 fwrite(
                                     $outstream,
-                                    base64_decode($fileContent)
+                                    base64_decode((string) $fileContent)
                                 );
 
                                 // Step3 - encrypt the file
diff --git a/sources/upload.files.php b/sources/upload.files.php
index 2fef75299..53b1a1f0f 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -232,6 +232,7 @@
             // Case where the file extension is not a string
             error_log('Invalid file name: ' . $file_name . '.');
             echo handleUploadError('Invalid file extension.');
+            return false;
         }
     } else {
         // Case where the file name is not a string

From a28c9751d5af3ec5cbdd898814dd74fa536e83fb Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Sat, 19 Oct 2024 07:37:19 +0200
Subject: [PATCH 11/13] Fixes based upon Scrutinizer analysis - update

---
 includes/config/include.php    |  2 +-
 includes/tables_integrity.json |  4 ++--
 sources/folders.queries.php    | 11 +++++++++++
 sources/main.functions.php     |  2 +-
 sources/upload.files.php       |  5 +++--
 5 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index f6e48f2f9..13f2dd901 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '141');
+define('TP_VERSION_MINOR', '142');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 39c27a0a8..cf748f879 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -17,7 +17,7 @@
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "d6331c2f9e999d47b2a9994e6b3bd3cbdfba953087e0841bcbff5de26d76a065"
+        "structure_hash": "ea5b7254fdc0beccd811fe10a6e94a4a943265b6de126bca98f05deda111b88e"
     },
     {
         "table_name": "cache",
@@ -101,7 +101,7 @@
     },
     {
         "table_name": "log_system",
-        "structure_hash": "091e8c0701fc96bcc3516620c738085c71db085e2609c92ddd6f2267c577488e"
+        "structure_hash": "3a4d1b038fd99aca40280bb0fc59735cef5570bcbda5f081b052650d23b7dd65"
     },
     {
         "table_name": "misc",
diff --git a/sources/folders.queries.php b/sources/folders.queries.php
index 93dd3a835..633871f34 100755
--- a/sources/folders.queries.php
+++ b/sources/folders.queries.php
@@ -1269,6 +1269,17 @@
                                     $SETTINGS['path_to_upload_folder'],
                                     decryptUserObjectKey($file['share_key'], $session->get('user-private_key'))
                                 );
+                                if (!is_string($fileContent)) {
+                                    // Case where $fileContent is not a string
+                                    echo prepareExchangedData(
+                                        array(
+                                            'error' => true,
+                                            'message' => 'Invalid file content',
+                                        ),
+                                        'encode'
+                                    );
+                                    break;
+                                }
 
                                 // Step2 - create file
                                 // deepcode ignore InsecureHash: Is not a password, just a random string for a file name
diff --git a/sources/main.functions.php b/sources/main.functions.php
index 2f62913b3..24bab5733 100755
--- a/sources/main.functions.php
+++ b/sources/main.functions.php
@@ -2508,7 +2508,7 @@ function encryptFile(string $fileInName, string $fileInPath): array
  * @param string $filePath Path to file
  * @param string $key      Key to use
  *
- * @return string
+ * @return string|array
  */
 function decryptFile(string $fileName, string $filePath, string $key): string|array
 {
diff --git a/sources/upload.files.php b/sources/upload.files.php
index 53b1a1f0f..a6a2cacab 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -279,8 +279,9 @@
 
 // Make sure the fileName is unique but only if chunking is disabled
 if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
-    $fileNameA = substr($fileName, 0, strlen($ext));
-    $fileNameB = substr($fileName, strlen($ext));
+    // $ext is guaranteed to be a string due to prior checks
+    $fileNameA = substr($fileName, 0, strlen(/** @scrutinizer ignore-type */$ext));
+    $fileNameB = substr($fileName, strlen(/** @scrutinizer ignore-type */$ext));
 
     $count = 1;
     while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileNameA . '_' . $count . $fileNameB)) {

From 1e04654fd72ef70d3241078042e400a6308e83f7 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Sat, 19 Oct 2024 08:41:10 +0200
Subject: [PATCH 12/13] Fixes based upon Scrutinizer analysis - update

---
 .snyk                                         |  9 ++++
 includes/config/include.php                   |  2 +-
 includes/core/login.php                       |  3 +-
 includes/tables_integrity.json                | 16 +++----
 pages/admin.php                               |  4 +-
 pages/tasks.php                               |  4 +-
 scripts/background_tasks___functions.php      |  4 +-
 .../background_tasks___userKeysCreation.php   |  9 ++--
 ...nd_tasks___userKeysCreation_subtaskHdl.php |  5 +-
 sources/admin.queries.php                     | 17 +++----
 sources/identify.php                          |  5 +-
 sources/items.queries.php                     | 10 ++--
 sources/ldap.queries.php                      | 14 +++---
 sources/main.functions.php                    | 34 ++++++--------
 sources/main.queries.php                      |  4 +-
 sources/roles.queries.php                     |  5 +-
 sources/tasks.queries.php                     |  4 +-
 sources/upload.files.php                      | 46 +++++++++++++++++--
 sources/users.datatable.php                   |  1 -
 sources/users.queries.php                     |  8 +---
 20 files changed, 121 insertions(+), 83 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..3984df3ed
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,9 @@
+ignore:
+  - "vendor/**"
+  - "plugins/**"
+  - "includes/libraries/cryptojs/**"
+  - "includes/libraries/csrfp/**"
+  - "includes/libraries/ezimuel/**"
+  - "includes/libraries/plupload/**"
+  - "includes/libraries/yubico/**"
+  - "install/**"
\ No newline at end of file
diff --git a/includes/config/include.php b/includes/config/include.php
index 13f2dd901..7c30a8877 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '142');
+define('TP_VERSION_MINOR', '143');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/core/login.php b/includes/core/login.php
index 01bb265ca..4310d73ad 100755
--- a/includes/core/login.php
+++ b/includes/core/login.php
@@ -77,7 +77,7 @@
         exit;
     } else {
         // Gérer les erreurs
-        echo 'Erreur lors de la récupération des informations utilisateur : ' . $userInfo['message'];
+        echo 'Erreur lors de la récupération des informations utilisateur : ' . htmlspecialchars($userInfo['message'], ENT_QUOTES, 'UTF-8');
     };
 }
 
@@ -87,7 +87,6 @@
     // Check if user exists in Teampass
     if (WIP === true) {
         error_log('---- CALLBACK LOGIN ----');
-        //error_log('Info : ' . print_r($session->get('userOauth2Info'), true));
     }
 
     $session->set('user-login', strstr($session->get('userOauth2Info')['userPrincipalName'], '@', true));
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index cf748f879..80b9fc17b 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -13,11 +13,11 @@
     },
     {
         "table_name": "background_tasks",
-        "structure_hash": "bdfbc5078cdfe4d92f67aec6827b6f1dbc9c8ffddbfc2b73c84907dff42ca4ab"
+        "structure_hash": "815c06160b84f44936440b5166e199b49d837d843a79660ed4f251b059fa8b8d"
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "ea5b7254fdc0beccd811fe10a6e94a4a943265b6de126bca98f05deda111b88e"
+        "structure_hash": "ba2d4cf853e8671aabed59ed59d393eb8eadd2e7e03ef234fc6524d36bf65419"
     },
     {
         "table_name": "cache",
@@ -53,7 +53,7 @@
     },
     {
         "table_name": "files",
-        "structure_hash": "153ef36df5b0094b34ff0a610c45cbd4b6a313f0ef48b58b9752f59570addb0c"
+        "structure_hash": "1622108fd8cba8ca53350fa5b2b94fb8bdd710bf9b201eba3d1647e2e40a48dc"
     },
     {
         "table_name": "items",
@@ -65,7 +65,7 @@
     },
     {
         "table_name": "items_edition",
-        "structure_hash": "9636c40fac70ba346a01c57510c79a70b5319c4e48802fa4bba6afb52b3c517c"
+        "structure_hash": "6136a16c129449448ebfc7266ca42e86f020b3892e1c4aa869c2255176bd284e"
     },
     {
         "table_name": "items_otp",
@@ -97,11 +97,11 @@
     },
     {
         "table_name": "log_items",
-        "structure_hash": "dbca92fb747483318fa4efdea4761c40ba25adb5d6ff54971e7d29a3df7012cf"
+        "structure_hash": "a996fd9d5d8a5a0b2f38f8c7c776b1de8468c71bfcdc7668dc05042dc2c5128a"
     },
     {
         "table_name": "log_system",
-        "structure_hash": "3a4d1b038fd99aca40280bb0fc59735cef5570bcbda5f081b052650d23b7dd65"
+        "structure_hash": "a2134e60ecc8055b34f9015692b09672d1c61bc205fbae460344503f0cc6cc21"
     },
     {
         "table_name": "misc",
@@ -165,7 +165,7 @@
     },
     {
         "table_name": "sharekeys_files",
-        "structure_hash": "7a909b59b6b67614313ceccd76b8a2c62dc938dc20ff5cd75c47f97a07b2264f"
+        "structure_hash": "7c9e6963f429c254e9027ba56092ac2c906a2fad18de0e071d0bb91e61e28dda"
     },
     {
         "table_name": "sharekeys_items",
@@ -193,7 +193,7 @@
     },
     {
         "table_name": "tokens",
-        "structure_hash": "15c1c0b51e64d8e07b3a77ff7893d6dcf54cecb8d9faf37818a71afdf82c5036"
+        "structure_hash": "698fd57be1f55099b0b24828cf3bc40bb9565600c1571e73aed3a07a7fc6a0bf"
     },
     {
         "table_name": "user_requests",
diff --git a/pages/admin.php b/pages/admin.php
index 705718b05..a3f9ed4a7 100755
--- a/pages/admin.php
+++ b/pages/admin.php
@@ -224,7 +224,9 @@
     }
 }
 catch (Exception $e) {
-    error_log('TEAMPASS Error - admin page - '.$e->getMessage());
+    if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+        error_log('TEAMPASS Error - admin page - '.$e->getMessage());
+    }
     // deepcode ignore ServerLeak: no critical information is provided
     echo 'An error occurred. Please refer to server logs.';
 }
diff --git a/pages/tasks.php b/pages/tasks.php
index bdbc464ea..84fc15c4d 100755
--- a/pages/tasks.php
+++ b/pages/tasks.php
@@ -151,7 +151,9 @@
     }
 }
 catch (Exception $e) {
-    error_log('TEAMPASS Error - tasks page - '.$e->getMessage());
+    if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+        error_log('TEAMPASS Error - tasks page - '.$e->getMessage());
+    }
     // deepcode ignore ServerLeak: no critical information is provided
     echo "An error occurred.";
 }?>
diff --git a/scripts/background_tasks___functions.php b/scripts/background_tasks___functions.php
index aefb36af0..dac172797 100755
--- a/scripts/background_tasks___functions.php
+++ b/scripts/background_tasks___functions.php
@@ -101,7 +101,9 @@ function clearTasksLog()
  */
 function provideLog(string $message, array $SETTINGS)
 {
-    error_log((string) date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], time()) . ' - '.$message);
+    if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+        error_log((string) date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], time()) . ' - '.$message);
+    }
 }
 
 function performVisibleFoldersHtmlUpdate (int $user_id)
diff --git a/scripts/background_tasks___userKeysCreation.php b/scripts/background_tasks___userKeysCreation.php
index 6e9da1435..74cb6dd49 100755
--- a/scripts/background_tasks___userKeysCreation.php
+++ b/scripts/background_tasks___userKeysCreation.php
@@ -250,14 +250,12 @@ function getSubTasks($taskId) {
  */
 function updateSubTask($subTaskId, $args) {
     if (empty($subTaskId) === true) {
-        error_log('Subtask ID is empty ... are we lost!?!');
+        if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+            error_log('Subtask ID is empty ... are we lost!?!');
+        }
         return;
     }
     // Convertir les paramètres de la tâche en JSON
-    //$taskParamsJson = json_encode($taskParams);
-
-    //error_log('Subtask update : '.$subTaskId." - ".print_r($taskParams,true));
-
     $query = [
         'updated_at' => time(), // Mettre à jour la date de dernière modification
         'is_in_progress' => 1,
@@ -293,7 +291,6 @@ function reloadSubTask($subTaskId) {
 }
 
 function updateTask($taskId) {
-    //error_log('Task update : '.$taskId);
     // Mettre à jour la tâche dans la base de données
     DB::update(prefixTable('background_tasks'), [
         'updated_at' => time(), // Mettre à jour la date de dernière modification
diff --git a/scripts/background_tasks___userKeysCreation_subtaskHdl.php b/scripts/background_tasks___userKeysCreation_subtaskHdl.php
index 5d1ecb833..551f58173 100644
--- a/scripts/background_tasks___userKeysCreation_subtaskHdl.php
+++ b/scripts/background_tasks___userKeysCreation_subtaskHdl.php
@@ -63,7 +63,10 @@
 if (!is_array($arguments)) {
     // Stop the script
     echo "Erreur : Les arguments ne sont pas disponibles ou ne sont pas un tableau.\n";
-    error_log('Error: Arguments are not available or not an array. (background_tasks___userKeysCreation_subtaskHdl.php)');
+    
+    if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+        error_log('Error: Arguments are not available or not an array. (background_tasks___userKeysCreation_subtaskHdl.php)');
+    }
     exit(1);
 }
 array_shift($arguments);
diff --git a/sources/admin.queries.php b/sources/admin.queries.php
index 235a326c4..b348ccf39 100755
--- a/sources/admin.queries.php
+++ b/sources/admin.queries.php
@@ -1800,7 +1800,9 @@
                 $SETTINGS['cpassman_url'].'/'.DUO_CALLBACK
             );
         } catch (DuoException $e) {
-            error_log('TEAMPASS Error - duo config - '.$e->getMessage());
+            if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                error_log('TEAMPASS Error - duo config - '.$e->getMessage());
+            }
             // deepcode ignore ServerLeak: Data is encrypted before being sent
             echo prepareExchangedData(
                     array(
@@ -1816,16 +1818,9 @@
         try {
             $duo_client->healthCheck();
         } catch (DuoException $e) {
-            /*if ($SETTINGS['duo_failmode'] == "OPEN") {
-                # If we're failing open, errors in 2FA still allow for success
-                $duo_error = $lang->get('duo_error_failopen');
-                $data["duo_check"] = "open";
-            } else {
-                # Duo has failed and is unavailable, redirect user to the login page
-                $duo_error = $lang->get('duo_error_secure');
-                $data["duo_check"] = "failed";
-            }*/
-            error_log('TEAMPASS Error - duo config - '.$e->getMessage());
+            if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                error_log('TEAMPASS Error - duo config - '.$e->getMessage());
+            }
             // deepcode ignore ServerLeak: Data is encrypted before being sent
             echo prepareExchangedData(
                     array(
diff --git a/sources/identify.php b/sources/identify.php
index a1f96d024..5e0b55b6c 100755
--- a/sources/identify.php
+++ b/sources/identify.php
@@ -2437,7 +2437,6 @@ function createOauth2User(
     int $userLdapHasBeenCreated
 ): array
 {
-    //error_log($SETTINGS['oauth2_enabled']." -- ".$username." -- ".$userInfo['oauth2_user_to_be_created']." -- ".$userLdapHasBeenCreated);
     // Prepare creating the new oauth2 user in Teampass
     if ((int) $SETTINGS['oauth2_enabled'] === 1
         && $username !== 'admin'
@@ -2476,7 +2475,7 @@ function createOauth2User(
         // Complete $userInfo
         $userInfo['has_been_created'] = 1;
 
-        error_log("--- USER CREATED ---");
+        if (WIP === true) error_log("--- USER CREATED ---");
 
         return [
             'error' => false,
@@ -2500,7 +2499,7 @@ function createOauth2User(
         }
         
         // Oauth2 user already exists and authenticated
-        error_log("--- USER AUTHENTICATED ---");
+        if (WIP === true) error_log("--- USER AUTHENTICATED ---");
         $userInfo['has_been_created'] = 0;
         return [
             'error' => false,
diff --git a/sources/items.queries.php b/sources/items.queries.php
index 1b6f8d590..f4a00c8f9 100755
--- a/sources/items.queries.php
+++ b/sources/items.queries.php
@@ -1089,7 +1089,9 @@
             $session->get('user-id')
         );
         if (DB::count() === 0) {
-            if (LOG_TO_SERVER === true) error_log('TEAMPASS | user '.$session->get('user-id').' has no sharekey for item '.$inputData['itemId']);
+            if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                error_log('TEAMPASS | user '.$session->get('user-id').' has no sharekey for item '.$inputData['itemId']);
+            }
             echo (string) prepareExchangedData(
                 array(
                     'error' => true,
@@ -2081,7 +2083,9 @@
 
             // Remove the edition lock if no  encryption steps are needed
             if ($encryptionTaskIsRequested === false) {
-                error_log('Remove the edition lock if no  encryption steps are needed');
+                if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                    error_log('Remove the edition lock if no  encryption steps are needed');
+                }
                 DB::delete(
                     prefixTable('items_edition'), 
                     'item_id = %i AND user_id = %i', 
@@ -2452,7 +2456,6 @@
             // Create new task for the new item
             // If it is not a personnal one
             if ((int) $dataDestination['personal_folder'] !== 1) {
-                //error_log('item_copy' . print_r($itemDataArray, true));
                 storeTask(
                     'item_copy',
                     $session->get('user-id'),
@@ -2743,7 +2746,6 @@
             }
         } else {
             $pwIsEmptyNormal == true;
-            //error_log('userKey: ' . print_r($userKey, true));
             $decryptedObject = decryptUserObjectKey($userKey['share_key'], $session->get('user-private_key'));
             // if null then we have an error.
             // suspecting bad password
diff --git a/sources/ldap.queries.php b/sources/ldap.queries.php
index 33f44a2cd..961060e5c 100755
--- a/sources/ldap.queries.php
+++ b/sources/ldap.queries.php
@@ -157,7 +157,9 @@
                     throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']);
             }
         } catch (Exception $e) {
-            error_log('TEAMPASS Error - ldap - '.$e->getMessage());
+            if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                error_log('TEAMPASS Error - ldap - '.$e->getMessage());
+            }
             // deepcode ignore ServerLeak: No important data is sent and is encrypted before being sent
             echo  prepareExchangedData(
                 array(
@@ -191,11 +193,9 @@
     
         } catch (\LdapRecord\Query\ObjectNotFoundException $e) {
             $error = $e->getDetailedError();
-            if ($error) {
+            if ($error && defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
                 error_log('TEAMPASS Error - LDAP - '.$error->getErrorCode()." - ".$error->getErrorMessage(). " - ".$error->getDiagnosticMessage());
-            } else {
-                error_log('TEAMPASS Error - LDAP - Code: '.$e->getCode().' - Message: '.$e->getMessage());
-            }
+            } 
             // deepcode ignore ServerLeak: No important data is sent and is encrypted before being sent
             echo prepareExchangedData(
                 array(
@@ -231,10 +231,8 @@
             }
         } catch (\LdapRecord\Query\ObjectNotFoundException $e) {
             $error = $e->getDetailedError();
-            if ($error) {
+            if ($error && defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
                 error_log('TEAMPASS Error - LDAP - '.$error->getErrorCode()." - ".$error->getErrorMessage(). " - ".$error->getDiagnosticMessage());
-            } else {
-                error_log('TEAMPASS Error - LDAP - Code: '.$e->getCode().' - Message: '.$e->getMessage());
             }
             // deepcode ignore ServerLeak: No important data is sent and is encrypted before being sent
             echo prepareExchangedData(
diff --git a/sources/main.functions.php b/sources/main.functions.php
index 24bab5733..e676ad25c 100755
--- a/sources/main.functions.php
+++ b/sources/main.functions.php
@@ -2454,7 +2454,9 @@ function decryptUserObjectKey(string $key, string $privateKey): string
             return '';
         }
     } catch (Exception $e) {
-        error_log('TEAMPASS Error - ldap - '.$e->getMessage());
+        if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+            error_log('TEAMPASS Error - ldap - '.$e->getMessage());
+        }
         return 'Exception: could not decrypt object';
     }
 }
@@ -2657,7 +2659,6 @@ function storeUsersShareKey(
         }
     } else {
         // Create sharekey for each user
-        //error_log('Building QUERY - all_users_except_id: '. $all_users_except_id);
         //DB::debugmode(true);
         $users = DB::query(
             'SELECT id, public_key
@@ -2786,10 +2787,8 @@ function ldapCheckUserPassword(string $login, string $password, array $SETTINGS)
         $connection->connect();
     } catch (\LdapRecord\Auth\BindException $e) {
         $error = $e->getDetailedError();
-        if ($error) {
+        if ($error && defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
             error_log('TEAMPASS Error - LDAP - '.$error->getErrorCode()." - ".$error->getErrorMessage(). " - ".$error->getDiagnosticMessage());
-        } else {
-            error_log('TEAMPASS Error - LDAP - Code: '.$e->getCode().' - Message: '.$e->getMessage());
         }
         // deepcode ignore ServerLeak: No important data is sent
         echo 'An error occurred.';
@@ -2805,10 +2804,8 @@ function ldapCheckUserPassword(string $login, string $password, array $SETTINGS)
         }
     } catch (\LdapRecord\Auth\BindException $e) {
         $error = $e->getDetailedError();
-        if ($error) {
+        if ($error && defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
             error_log('TEAMPASS Error - LDAP - '.$error->getErrorCode()." - ".$error->getErrorMessage(). " - ".$error->getDiagnosticMessage());
-        } else {
-            error_log('TEAMPASS Error - LDAP - Code: '.$e->getCode().' - Message: '.$e->getMessage());
         }
         // deepcode ignore ServerLeak: No important data is sent
         echo 'An error occurred.';
@@ -3539,16 +3536,12 @@ function upgradeRequired(): bool
         'admin',
         'upgrade_timestamp'
     );
-    
-    // if not exists then error
-    if (is_null($val) === true || count($val) === 0 || defined('UPGRADE_MIN_DATE') === false) return true;
 
-    // if empty or too old then error
-    if (empty($val['valeur']) === true || (int) $val['valeur'] < (int) UPGRADE_MIN_DATE) {
-        return true;
-    }
-
-    return false;
+    // Check if upgrade is required
+    return (
+        is_null($val) || count($val) === 0 || !defined('UPGRADE_MIN_DATE') || 
+        empty($val['valeur']) || (int) $val['valeur'] < (int) UPGRADE_MIN_DATE
+    );
 }
 
 /**
@@ -3637,8 +3630,9 @@ function handleUserKeys(
             }
         } catch (Exception $e) {
             // Show error message to user and log event
-            error_log('ERROR: User '.$userId.' - '.$e->getMessage());
-
+            if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                error_log('ERROR: User '.$userId.' - '.$e->getMessage());
+            }
             return prepareExchangedData([
                     'error' => true,
                     'message' => $lang->get('pw_encryption_error'),
@@ -4015,7 +4009,7 @@ function createTaskForItem(
         $taskName = [$taskName];
     }
     foreach($taskName as $task) {
-        error_log('createTaskForItem - task: '.$task);
+        if (WIP === true) error_log('createTaskForItem - task: '.$task);
         switch ($task) {
             case 'item_password':
                 
diff --git a/sources/main.queries.php b/sources/main.queries.php
index b8a26d46e..9d1f2e6fe 100755
--- a/sources/main.queries.php
+++ b/sources/main.queries.php
@@ -1810,7 +1810,9 @@ function changePrivateKeyEncryptionPassword(
 
             // Should fail here to avoid break user private key.
             if (strlen($privateKey) === 0 || strlen($hashedPrivateKey) < 30) {
-                error_log("Error reencrypt user private key. User ID: {$post_user_id}, Given OTP: '{$post_current_code}'");
+                if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                    error_log("Error reencrypt user private key. User ID: {$post_user_id}, Given OTP: '{$post_current_code}'");
+                }
                 return prepareExchangedData(
                     array(
                         'error' => true,
diff --git a/sources/roles.queries.php b/sources/roles.queries.php
index b19dcba7f..727689443 100755
--- a/sources/roles.queries.php
+++ b/sources/roles.queries.php
@@ -726,7 +726,9 @@
                         throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']);
                 }
             } catch (Exception $e) {
-                error_log('TEAMPASS Error - ldap - '.$e->getMessage());
+                if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                    error_log('TEAMPASS Error - ldap - '.$e->getMessage());
+                }
                 // deepcode ignore ServerLeak: No important data is sent and it is encrypted before sending
                 echo prepareExchangedData(array(
                     'error' => true,
@@ -741,7 +743,6 @@
             } else {
                 // Handle successful retrieval of groups
                 // exists in Teampass
-                //error_log("Error: " . print_r($groupsData['userGroups'], true));
                 foreach($groupsData['userGroups'] as $key => $group) {
                     $role_detail = DB::queryfirstrow(
                         'SELECT a.increment_id as increment_id, a.role_id as role_id, r.title as title
diff --git a/sources/tasks.queries.php b/sources/tasks.queries.php
index e3b46b732..a707d6819 100755
--- a/sources/tasks.queries.php
+++ b/sources/tasks.queries.php
@@ -326,7 +326,9 @@ function performTask(string $task, string $phpBinaryPath, string $datetimeFormat
             $error = false;
         } catch (ProcessFailedException $exception) {
             $error = true;
-            error_log('TEAMPASS Error - ldap - '.$exception->getMessage());
+            if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                error_log('TEAMPASS Error - ldap - '.$exception->getMessage());
+            }
             $output = 'An error occurred.';
         }
 
diff --git a/sources/upload.files.php b/sources/upload.files.php
index a6a2cacab..719cf9061 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -262,7 +262,9 @@
     try {
         $file->move($destinationPath, $file_name);
     } catch (FileException $e) {
-        error_log('File upload error: ' . $e->getMessage());
+        if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+            error_log('File upload error: ' . $e->getMessage());
+        }
         echo handleUploadError('File upload failed. Please try again.');
         return false;
     }
@@ -347,7 +349,39 @@
             }
     
             // Open the uploaded temporary file
-            $in = fopen($file->getPathname(), 'rb'); // getPathname() retrieves the temporary file path
+            // But before we will move the file to a temporary location
+            // Temporary path of the uploaded file
+            $tmpFilePath = $file->getPathname();
+
+            // Has the file being uploaded via HPPT POST
+            if (is_uploaded_file($tmpFilePath)) {
+                // Clear file name
+                $fileName = basename($file->getClientOriginalName());
+                $fileName = preg_replace('/[^a-zA-Z0-9_\.-]/', '_', $fileName);
+
+                // Safe destination folder
+                $uploadDir = realpath($SETTINGS['path_to_upload_folder']);
+                $destinationPath = $uploadDir . DIRECTORY_SEPARATOR . $fileName;
+                
+                // Check if the destination path is secure
+                if (strpos(realpath($destinationPath), $uploadDir) === 0) {
+                    if (move_uploaded_file($tmpFilePath, $destinationPath)) {
+                        // Open the moved file in read mode
+                        $in = fopen($destinationPath, 'rb');
+                    } else {
+                        // Do we have errors
+                        echo handleUploadError('Error while moving the uploaded file.');
+                    }
+                } else {
+                    // Path is not secure
+                    echo handleUploadError('Error: attempt to reach a non authorized file.');
+                    exit;
+                }
+            } else {
+                // file has not being uploaded via HTTP POST
+                echo handleUploadError('FErreur : fichier non valide.');
+                exit;
+            }
     
             if ($in === false) {
                 throw new FileException('Failed to open input stream.');
@@ -363,12 +397,14 @@
             fclose($out);
     
             // Delete temporary file if needed
-            fileDelete($file->getPathname(), $SETTINGS);
+            fileDelete($destinationPath, $SETTINGS);
             
         } catch (FileException $e) {
             // On error log
-            error_log($e->getMessage());
-            echo handleUploadError('File processing failed: ' . $e->getMessage());
+            if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
+                error_log($e->getMessage());
+            }
+            echo handleUploadError('File processing failed.');
             return false;
         }
     } else {
diff --git a/sources/users.datatable.php b/sources/users.datatable.php
index 6b5a8c91e..9b85b3ce8 100755
--- a/sources/users.datatable.php
+++ b/sources/users.datatable.php
@@ -99,7 +99,6 @@
 
 // Build FUNCTIONS list
 $params = $request->query->all();
-//error_log(print_r($params, true));
 $rolesList = [];
 $titles = DB::query('SELECT id,title FROM '.prefixTable('roles_title').' ORDER BY title ASC');
 foreach ($titles as $title) {
diff --git a/sources/users.queries.php b/sources/users.queries.php
index 7f711c2d5..82461f9f8 100755
--- a/sources/users.queries.php
+++ b/sources/users.queries.php
@@ -2528,10 +2528,8 @@
             
             } catch (\LdapRecord\Auth\BindException $e) {
                 $error = $e->getDetailedError();
-                if ($error) {
+                if ($error && defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
                     error_log('TEAMPASS Error - LDAP - '.$error->getErrorCode()." - ".$error->getErrorMessage(). " - ".$error->getDiagnosticMessage());
-                } else {
-                    error_log('TEAMPASS Error - LDAP - Code: '.$e->getCode().' - Message: '.$e->getMessage());
                 }
                 // deepcode ignore ServerLeak: No important data is sent and it is encrypted before sending
                 echo prepareExchangedData(
@@ -2560,10 +2558,8 @@
                     ->paginate(100);
             } catch (\LdapRecord\Auth\BindException $e) {
                 $error = $e->getDetailedError();
-                if ($error) {
+                if ($error && defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
                     error_log('TEAMPASS Error - LDAP - '.$error->getErrorCode()." - ".$error->getErrorMessage(). " - ".$error->getDiagnosticMessage());
-                } else {
-                    error_log('TEAMPASS Error - LDAP - Code: '.$e->getCode().' - Message: '.$e->getMessage());
                 }
                 // deepcode ignore ServerLeak: No important data is sent and it is encrypted before sending
                 echo prepareExchangedData(

From 75234cf47bcb60684b411b4319272a4cb69ea8d7 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Wed, 23 Oct 2024 05:47:02 +0200
Subject: [PATCH 13/13] Code adaptation for file upload after previous change

---
 includes/config/include.php    |  2 +-
 includes/tables_integrity.json | 20 ++++++++++----------
 sources/upload.files.php       | 33 ++++++---------------------------
 3 files changed, 17 insertions(+), 38 deletions(-)

diff --git a/includes/config/include.php b/includes/config/include.php
index 7c30a8877..941ec9e71 100755
--- a/includes/config/include.php
+++ b/includes/config/include.php
@@ -28,7 +28,7 @@
 
 define('TP_VERSION', '3.1.2');
 define("UPGRADE_MIN_DATE", "1727110744");
-define('TP_VERSION_MINOR', '143');
+define('TP_VERSION_MINOR', '144');
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
index 80b9fc17b..a56c85b56 100644
--- a/includes/tables_integrity.json
+++ b/includes/tables_integrity.json
@@ -13,15 +13,15 @@
     },
     {
         "table_name": "background_tasks",
-        "structure_hash": "815c06160b84f44936440b5166e199b49d837d843a79660ed4f251b059fa8b8d"
+        "structure_hash": "cf4df81ed284839530fad60aca62c0877273a60199a648840116763949fc0de3"
     },
     {
         "table_name": "background_tasks_logs",
-        "structure_hash": "ba2d4cf853e8671aabed59ed59d393eb8eadd2e7e03ef234fc6524d36bf65419"
+        "structure_hash": "ebbae6acfb6ba2df19c1a1d3b09cdf725b007763c9b56b79a9fb7060a85be160"
     },
     {
         "table_name": "cache",
-        "structure_hash": "a5988fbb32009d30106453eb5434d90b1f10135fb988fb3736bbf5fa254a39db"
+        "structure_hash": "a42189363fa630ce50aa709ac271020e710dc46949eb102ef33fba59a9bb625a"
     },
     {
         "table_name": "cache_tree",
@@ -57,7 +57,7 @@
     },
     {
         "table_name": "items",
-        "structure_hash": "af8b6e0e7bf0fe17a709bba14dca6c7833ddf2f6e0a1e91acd0a5cf5ffb4e22d"
+        "structure_hash": "5e157cc138f056349dca650057ca2ba8eea21fedc5b3f2a29cde43cd20378e10"
     },
     {
         "table_name": "items_change",
@@ -97,15 +97,15 @@
     },
     {
         "table_name": "log_items",
-        "structure_hash": "a996fd9d5d8a5a0b2f38f8c7c776b1de8468c71bfcdc7668dc05042dc2c5128a"
+        "structure_hash": "45e3f52f657b61f890a123395999319f3b3967aee41ce4a126b49ce1c817abf6"
     },
     {
         "table_name": "log_system",
-        "structure_hash": "a2134e60ecc8055b34f9015692b09672d1c61bc205fbae460344503f0cc6cc21"
+        "structure_hash": "88d277f0daba59bf4b506dc8770b5bee9978f39424c4f435fc7b6ebf96cf3b9f"
     },
     {
         "table_name": "misc",
-        "structure_hash": "66fbea921b5ab4f91eec2a157c327c1d17a798a1a7854a2290c6abce5c90975d"
+        "structure_hash": "d3f4410ec4c37c578fb9486f889c7c714e6434d956d5d44c9049fb33d994bf0b"
     },
     {
         "table_name": "nested_tree",
@@ -145,7 +145,7 @@
     },
     {
         "table_name": "restriction_to_roles",
-        "structure_hash": "0726559346164ca2b7222f69f4080b325c3eb5d71e9e9d2e50bb2231986b4a93"
+        "structure_hash": "abb09363fe79997ed4e9d8563cb70da357cd9ba06322b91ede72554b883a2e52"
     },
     {
         "table_name": "rights",
@@ -169,7 +169,7 @@
     },
     {
         "table_name": "sharekeys_items",
-        "structure_hash": "55967b16b132e739d0437fd9e006c37559d9a123c2979aaab72637614c145a4c"
+        "structure_hash": "6b6d714ea462093c90d2ae16970cc7b3753c130611fca3830fa03c6a4dca44da"
     },
     {
         "table_name": "sharekeys_logs",
@@ -193,7 +193,7 @@
     },
     {
         "table_name": "tokens",
-        "structure_hash": "698fd57be1f55099b0b24828cf3bc40bb9565600c1571e73aed3a07a7fc6a0bf"
+        "structure_hash": "33d70cb41a8742d39628d926bc175f9eb23343c128998f7116c99ae7b0c542a9"
     },
     {
         "table_name": "user_requests",
diff --git a/sources/upload.files.php b/sources/upload.files.php
index 719cf9061..f47a1ed4e 100755
--- a/sources/upload.files.php
+++ b/sources/upload.files.php
@@ -29,14 +29,10 @@
  * @see       https://www.teampass.net
  */
 
-
-use voku\helper\AntiXSS;
-use TeampassClasses\NestedTree\NestedTree;
 use TeampassClasses\SessionManager\SessionManager;
 use Symfony\Component\HttpFoundation\Request as RequestLocal;
 use Symfony\Component\HttpFoundation\File\Exception\FileException;
 use TeampassClasses\Language\Language;
-use EZimuel\PHPSecureSession;
 use TeampassClasses\PerformChecks\PerformChecks;
 use TeampassClasses\ConfigManager\ConfigManager;
 
@@ -220,7 +216,7 @@
         echo handleUploadError('Invalid file name provided.');
         return false;
     }
-
+    
     // Check that file is a valid string
     $originalName = $file->getClientOriginalName();
     if (is_string($originalName)) {
@@ -257,17 +253,6 @@
         echo handleUploadError('Invalid file extension.');
         return false;
     }
-
-    // Move the file to the desired location
-    try {
-        $file->move($destinationPath, $file_name);
-    } catch (FileException $e) {
-        if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
-            error_log('File upload error: ' . $e->getMessage());
-        }
-        echo handleUploadError('File upload failed. Please try again.');
-        return false;
-    }
 } else {
     echo handleUploadError('No upload found for Filedata');
     return false;
@@ -363,18 +348,12 @@
                 $uploadDir = realpath($SETTINGS['path_to_upload_folder']);
                 $destinationPath = $uploadDir . DIRECTORY_SEPARATOR . $fileName;
                 
-                // Check if the destination path is secure
-                if (strpos(realpath($destinationPath), $uploadDir) === 0) {
-                    if (move_uploaded_file($tmpFilePath, $destinationPath)) {
-                        // Open the moved file in read mode
-                        $in = fopen($destinationPath, 'rb');
-                    } else {
-                        // Do we have errors
-                        echo handleUploadError('Error while moving the uploaded file.');
-                    }
+                if (move_uploaded_file($tmpFilePath, $destinationPath)) {
+                    // Open the moved file in read mode
+                    $in = fopen($destinationPath, 'rb');
                 } else {
-                    // Path is not secure
-                    echo handleUploadError('Error: attempt to reach a non authorized file.');
+                    // Do we have errors
+                    echo handleUploadError('Error while moving the uploaded file.');
                     exit;
                 }
             } else {