From ff2a1acfc459f5cffe419636bd9c002eaa3f09c9 Mon Sep 17 00:00:00 2001
From: FrancisTicgal <francisco@ticgal.com>
Date: Mon, 8 Apr 2024 16:18:09 +0200
Subject: [PATCH] 2.1.2 - fix scaped secrets

---
 CHANGELOG.md        | 4 ++++
 front/link.form.php | 3 +++
 setup.php           | 8 ++++----
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5638dd5..7466a21 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # One-Time Secret GLPI Plugin CHANGELOG
 
+## 2.1.2 - 2024-04-08
+### Bugfixes
+- Fix scaped characters in secret and passphrase #21465
+
 ## 2.1.1 - 2023-10-18
 ### Bugfixes
 - Fix unused field that generates warning php logs #17969
diff --git a/front/link.form.php b/front/link.form.php
index 59e1803..c6c4ff9 100644
--- a/front/link.form.php
+++ b/front/link.form.php
@@ -41,6 +41,9 @@
     Session::addMessageAfterRedirect(__("Secret is missing", "onetimesecret"));
 } else {
     PluginOnetimesecretSecret::authentication();
+    // remove slashes
+    $_POST['password'] = stripslashes($_POST['password']);
+    $_POST['passphrase'] = stripslashes($_POST['passphrase']);
     $link = PluginOnetimesecretSecret::createSecret($_POST);
     if ($link) {
         PluginOnetimesecretSecret::addFollowup($_POST, $link);
diff --git a/setup.php b/setup.php
index 166e9c3..ac80c2c 100644
--- a/setup.php
+++ b/setup.php
@@ -32,7 +32,7 @@
 
 use Glpi\Plugin\Hooks;
 
-define('PLUGIN_ONETIMESECRET_VERSION', '2.1.1');
+define('PLUGIN_ONETIMESECRET_VERSION', '2.1.2');
 define('PLUGIN_ONETIMESECRET_MIN_GLPI', '10.0.10');
 define('PLUGIN_ONETIMESECRET_MAX_GLPI', '11.0');
 
@@ -45,13 +45,13 @@ function plugin_init_onetimesecret()
 {
     global $PLUGIN_HOOKS;
 
-    $PLUGIN_HOOKS['csrf_compliant']['onetimesecret'] = true;
+    $PLUGIN_HOOKS[Hooks::CSRF_COMPLIANT]['onetimesecret'] = true;
 
     $plugin = new Plugin();
     if ($plugin->isActivated('onetimesecret')) {
-        Plugin::registerClass('PluginOnetimesecretConfig', ['addtabon' => 'Config']);
+        Plugin::registerClass(PluginOnetimesecretConfig::class, ['addtabon' => 'Config']);
 
-        Plugin::registerClass('PluginOnetimesecretProfile', ['addtabon' => 'Profile']);
+        Plugin::registerClass(PluginOnetimesecretProfile::class, ['addtabon' => 'Profile']);
 
         $PLUGIN_HOOKS['config_page']['onetimesecret'] = 'front/config.form.php';