From 056b429230f6d014dac0e5643205aea48f4da901 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Sun, 9 May 2021 15:50:29 +0200 Subject: [PATCH 01/16] Updated minimal version of phpmailer CVE-2020-36326. PHPMailer 6.4.1 has been patched. --- composer.json | 2 +- composer.lock | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/composer.json b/composer.json index 31228c8a..3c30fe5e 100644 --- a/composer.json +++ b/composer.json @@ -9,7 +9,7 @@ "ext-json": "*", "ext-pdo": "*", "ext-xml": "*", - "phpmailer/phpmailer": ">=6.0.6 ~6.0", + "phpmailer/phpmailer": ">=6.4.1 ~6.0", "symfony/config": "~3.4", "symfony/dependency-injection": "~3.4", "symfony/event-dispatcher": "~3.4", diff --git a/composer.lock b/composer.lock index ffe1962e..4a08830b 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "984f0f8f41cf0e1d0b08397e6bb565a0", + "content-hash": "21bf20f2a7d6602e659723ca99c80d66", "packages": [ { "name": "jaxl/jaxl", @@ -133,16 +133,16 @@ }, { "name": "paragonie/random_compat", - "version": "v2.0.19", + "version": "v2.0.20", "source": { "type": "git", "url": "https://github.com/paragonie/random_compat.git", - "reference": "446fc9faa5c2a9ddf65eb7121c0af7e857295241" + "reference": "0f1f60250fccffeaf5dda91eea1c018aed1adc2a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/paragonie/random_compat/zipball/446fc9faa5c2a9ddf65eb7121c0af7e857295241", - "reference": "446fc9faa5c2a9ddf65eb7121c0af7e857295241", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/0f1f60250fccffeaf5dda91eea1c018aed1adc2a", + "reference": "0f1f60250fccffeaf5dda91eea1c018aed1adc2a", "shasum": "" }, "require": { @@ -178,7 +178,7 @@ "pseudorandom", "random" ], - "time": "2020-10-15T10:06:57+00:00" + "time": "2021-04-17T09:33:01+00:00" }, { "name": "php-pushover/php-pushover", @@ -212,16 +212,16 @@ }, { "name": "phpmailer/phpmailer", - "version": "v6.4.0", + "version": "v6.4.1", "source": { "type": "git", "url": "https://github.com/PHPMailer/PHPMailer.git", - "reference": "050d430203105c27c30efd1dce7aa421ad882d01" + "reference": "9256f12d8fb0cd0500f93b19e18c356906cbed3d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/050d430203105c27c30efd1dce7aa421ad882d01", - "reference": "050d430203105c27c30efd1dce7aa421ad882d01", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/9256f12d8fb0cd0500f93b19e18c356906cbed3d", + "reference": "9256f12d8fb0cd0500f93b19e18c356906cbed3d", "shasum": "" }, "require": { @@ -274,7 +274,7 @@ } ], "description": "PHPMailer is a full-featured email creation and transfer class for PHP", - "time": "2021-03-31T20:06:42+00:00" + "time": "2021-04-29T12:25:04+00:00" }, { "name": "psr/container", From c0401fd14370bd259bfb6c3132fbe30d114c4915 Mon Sep 17 00:00:00 2001 From: TimZ99 Date: Sun, 9 May 2021 16:39:30 +0200 Subject: [PATCH 02/16] Updated translation Fixes #1121. Fixes #1123. --- src/lang/fr_FR.lang.php | 47 ++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/src/lang/fr_FR.lang.php b/src/lang/fr_FR.lang.php index e2bac203..6527f921 100644 --- a/src/lang/fr_FR.lang.php +++ b/src/lang/fr_FR.lang.php @@ -136,7 +136,7 @@ $sm_lang = array( rel="noopener">
Cela va ouvrir une conversation avec le BOT. Vous devez appuyer sur \'/start\' ou le saisir.', - 'telegram_bot_username_error_token' => '401 - Unauthorized. Assuez-vous que le Token API soit valide.', + 'telegram_bot_username_error_token' => '401 - Unauthorized. Assurez-vous que le Token API soit valide.', 'telegram_bot_error' => 'Une erreur s\'est produite en tentant d\'activer les notifications Telegram : %s', 'delete_title' => 'Supprimer un utilisateur', 'delete_message' => 'Êtes-vous sûr de vouloir supprimer l\'utilisateur \'%1\' ?', @@ -194,7 +194,7 @@ $sm_lang = array( 'custom_request_method' => 'Type de requête personalisée', 'popular_request_methods' => 'Type de requête prédéfinie', 'post_field' => 'Champ POST', - 'post_field_description' => 'Les données qui seront envoyés en utilisant le type de requête choisi.', + 'post_field_description' => 'Les données qui seront envoyées en utilisant le type de requête choisi.', 'please_select' => 'Veuillez choisir', 'type' => 'Type', 'type_website' => 'Site Web', @@ -209,14 +209,14 @@ $sm_lang = array( site, le serveur sera considéré hors-ligne.', 'redirect_check' => 'La redirection vers un autre domaine est', 'redirect_check_description' => 'Une redirection vers un autre domaine est généralement mauvais signe.', - 'allow_http_status' => 'Autoriser les codes de status HTTP', - 'allow_http_status_description' => 'Marquer le serveur en ligne. Les codes de status HTTP inférieur à 400 - sont considérés comme en ligne par défaut. Séparés les valeurs avec + 'allow_http_status' => 'Autoriser Les codes de statuts HTTP', + 'allow_http_status_description' => 'Marquer le serveur en ligne. Les codes de statuts HTTP inférieur à 400 + sont considérés comme en ligne par défaut. Séparer les valeurs avec |.', 'header_name' => 'Nom d\'en-têtes', 'header_value' => 'Valeur d\'en-tête', 'header_name_description' => 'Sensible à la casse.', - 'header_value_description' => 'Les expréssions régulières sont autorisées.', + 'header_value_description' => 'Les expressions régulières sont autorisées.', 'last_check' => 'Dernière vérification', 'last_online' => 'Dernière fois OK', 'last_offline' => 'Dernière fois hors-ligne', @@ -277,11 +277,10 @@ $sm_lang = array( 'general' => 'Général', 'language' => 'Langue', 'show_update' => 'Vérifier les nouvelles mises à jour chaque semaine', - 'password_encrypt_key' => 'Clée de cryptage des mots de passe', - 'password_encrypt_key_note' => 'Cette clée est utilisée pour crypter les mots de passe qui sont enregistrés - dans la base de donnée pour les serveurs qui requiert une authentification. - Si la clé est modifié, les mots de passe enregistré ne seront plus - valide !', + 'password_encrypt_key' => 'Clé de chiffrement des mots de passe', + 'password_encrypt_key_note' => 'password_encrypt_key_note' => 'Cette clé est utilisée pour chiffrer les mots +de passe qui sont enregistrés dans la base de données pour les serveurs qui requierent une authentification. Si la clé +est modifiée, les mots de passe enregistrés ne seront plus valide !', 'proxy' => 'Activer le proxy', 'proxy_url' => 'URL du proxy', 'proxy_user' => 'Nom d\'utilisateur du proxy', @@ -358,8 +357,8 @@ $sm_lang = array( 'settings_notification' => 'Configuration des notifications', 'settings_log' => 'Configuration des événements', 'settings_proxy' => 'Configuration du proxy', - 'auto_refresh' => 'Auto-rachaîchissement', - 'auto_refresh_description' => 'Auto-rachaîchissement de la page serveurs.
Temps en + 'auto_refresh' => 'Auto-rafraîchissement', + 'auto_refresh_description' => 'Auto-rafraîchissement de la page serveurs.
Temps en secondes. Si 0, la page n\'est pas rafraîchie.', 'test' => 'Tester', 'test_email' => 'Un email va vous être envoyé à l\'adresse définie dans votre profil utilisateur.', @@ -385,9 +384,9 @@ $sm_lang = array( définie dans votre profil.', 'telegram_sent' => 'Notification Telegram envoyée', 'telegram_error' => 'Une erreur s\'est produite lors de l\'envoi de la notification : %s', - 'telegram_error_notoken' => 'Impossible d\'envoyé la notification de test : aucun token APII token + 'telegram_error_notoken' => 'Impossible d\'envoyer la notification de test : aucun token APII token trouvé dans la configuration.', - 'telegram_error_noid' => 'Impossible d\'envoyé la notification de test : aucun ID de conversation + 'telegram_error_noid' => 'Impossible d\'envoyer la notification de test : aucun ID de conversation trouvé dans votre profil utilisateur.', 'log_retention_period' => 'Durée de conservation', 'log_retention_period_description' => 'Nombre de jours de conservation des événements envoyés et des temps @@ -416,7 +415,7 @@ $sm_lang = array( 'on_pushover_message' => 'Le Serveur \'%LABEL%\' est de nouveau OK, il était hors-ligne pendant %LAST_OFFLINE_DURATION%:

Serveur: %LABEL%
IP: %IP%
Port: %PORT%
Date: %DATE%', - 'on_telegram_message' => 'Server \'%LABEL%\' is running again, it was down for: + 'on_telegram_message' => 'Server \'%LABEL%\' est de nouveau OK, il était hors-ligne pendant: %LAST_OFFLINE_DURATION%

Server: %LABEL%
IP: %IP%
Port: %PORT%
Date: %DATE%', 'combi_off_email_message' => '
  • Serveur : %LABEL%
  • IP : %IP%
  • Port : @@ -433,15 +432,15 @@ $sm_lang = array( %DATE%
', 'combi_on_telegram_message' => '- Serveur : %LABEL%
- IP: %IP%
- Port : %PORT%
- Durée : %LAST_OFFLINE_DURATION%
- Date : %DATE%

', - 'combi_email_subject' => 'IMPORTANT : \'%UP%\' serveurs de nouveaux en ligne, \'%DOWN%\' serveurs + 'combi_email_subject' => 'IMPORTANT : \'%UP%\' serveur(s) de nouveau en ligne, \'%DOWN%\' hors-ligne', - 'combi_pushover_subject' => '\'%UP%\' serveurs de nouveaux en ligne, \'%DOWN%\' serveurs hors-ligne', - 'combi_email_message' => 'Les serveurs suivants sont hors-ligne :
%DOWN_SERVERS%
Les - serveurs suivants sont en ligne :
%UP_SERVERS%', - 'combi_pushover_message' => 'Les serveurs suivants sont hors-ligne :
%DOWN_SERVERS%
Les - serveurs suivants sont en ligne :
%UP_SERVERS%', - 'combi_telegram_message' => 'Les serveurs suivants sont hors-ligne :
%DOWN_SERVERS%
Les - serveurs suivants sont en ligne :
%UP_SERVERS%', + 'combi_pushover_subject' => '\'%UP%\' serveur(s) de nouveaux en ligne, \'%DOWN%\' serveur(s) hors-ligne', + 'combi_email_message' => 'Le(s) serveur(s) suivant(s) hors-ligne :
%DOWN_SERVERS%
Le(s) + serveur(s) suivant(s) en ligne :
%UP_SERVERS%', + 'combi_pushover_message' => 'Le(s) serveur(s) suivant(s) hors-ligne :
%DOWN_SERVERS%
Le(s) + serveur(s) suivant(s) en ligne :
%UP_SERVERS%', + 'combi_telegram_message' => 'Le(s) serveur(s) suivant(s) hors-ligne :
%DOWN_SERVERS%
Le(s) + serveur(s) suivant(s) en ligne :
%UP_SERVERS%', ), 'login' => array( 'welcome_usermenu' => 'Bonjour %user_name%', From 9c8ed8120316cb5670ec4f7c70c599321294fce1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luke=E2=88=9A?= <61581931+lukeTHD@users.noreply.github.com> Date: Mon, 31 May 2021 08:57:02 +0700 Subject: [PATCH 03/16] Update translation (fix typo issue) (#1125) --- src/lang/fr_FR.lang.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lang/fr_FR.lang.php b/src/lang/fr_FR.lang.php index 6527f921..35ca0f36 100644 --- a/src/lang/fr_FR.lang.php +++ b/src/lang/fr_FR.lang.php @@ -278,7 +278,7 @@ $sm_lang = array( 'language' => 'Langue', 'show_update' => 'Vérifier les nouvelles mises à jour chaque semaine', 'password_encrypt_key' => 'Clé de chiffrement des mots de passe', - 'password_encrypt_key_note' => 'password_encrypt_key_note' => 'Cette clé est utilisée pour chiffrer les mots + 'password_encrypt_key_note' => 'Cette clé est utilisée pour chiffrer les mots de passe qui sont enregistrés dans la base de données pour les serveurs qui requierent une authentification. Si la clé est modifiée, les mots de passe enregistrés ne seront plus valide !', 'proxy' => 'Activer le proxy', From 88708240c766b34ade49a0f0828d27d86c8f2179 Mon Sep 17 00:00:00 2001 From: Michael <33117529+mtelgkamp@users.noreply.github.com> Date: Mon, 31 May 2021 04:02:20 +0200 Subject: [PATCH 04/16] Add error message for missing/invalid header (#1017) * add error message for missing/invalid header * Code cleanup - simplify the check - do not invert the result of `preg_match()` - do not set the `$result` in loop, it is already set after the loop - fix the order of code, first set `$this->error` then `$result` --- src/psm/Util/Server/Updater/StatusUpdater.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/psm/Util/Server/Updater/StatusUpdater.php b/src/psm/Util/Server/Updater/StatusUpdater.php index 5cc42f1c..e299ae98 100644 --- a/src/psm/Util/Server/Updater/StatusUpdater.php +++ b/src/psm/Util/Server/Updater/StatusUpdater.php @@ -331,19 +331,19 @@ class StatusUpdater list ($key, $value) = explode(': ', $line); // Header found (case-insensitive) if (strcasecmp($key, $this->server['header_name']) == 0) { - // The value doesn't match what we needed - if (!preg_match("/{$this->server['header_value']}/i", $value)) { - $result = false; - } else { + // The value matches what we need, everything is fine + if (preg_match("/{$this->server['header_value']}/i", $value)) { $header_flag = true; - break; // No need to go further + break; // The correct header is found, we leave the loop } } } } if (!$header_flag) { - // Header was not present + // Header was not present, set error message and $result variable + $this->error = 'HEADER ERROR : Header "' . $this->server['header_name'] . + '" not found or does not match "/' . $this->server['header_value'] . '/i".'; $result = false; } } @@ -447,7 +447,7 @@ class StatusUpdater socket_send($socket, $package, strLen($package), 0); // socket_read returns a string or false $status = socket_read($socket, 255) !== false ? true : false; - + if ($status) { $this->header = "Success."; } else { From cfe3a6f61c90f31332339e7104486478c5f8f603 Mon Sep 17 00:00:00 2001 From: imsoftware Date: Mon, 31 May 2021 04:06:52 +0200 Subject: [PATCH 05/16] Make updater.sh more robust #898 (#979) Integrate updater.sh changes from #898 for more robust updates e.g. for Synology, see: https://github.com/phpservermon/phpservermon/issues/898 Closes #898 --- updater.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/updater.sh b/updater.sh index be51f55a..630f3702 100755 --- a/updater.sh +++ b/updater.sh @@ -43,14 +43,15 @@ else fi # get latest version -version=$(curl -s https://api.github.com/repos/phpservermon/phpservermon/releases/latest | grep browser_download_url | cut -d '/' -f 8) +version=$(curl -s https://api.github.com/repos/phpservermon/phpservermon/releases/latest | grep tag_name | cut -d ':' -f 2 | cut -d ',' -f 1 | cut -d '"' -f 2) echo Downloading latest Version of PHPServerMonitor \($version\) # get download URL -downloadfile=$(curl -s https://api.github.com/repos/phpservermon/phpservermon/releases/latest | grep "zipball" | cut -d '"' -f 4) +downloadfile=$(curl -s https://api.github.com/repos/phpservermon/phpservermon/releases/latest | grep "browser_download_url" | grep "zip\"" | cut -d ' ' -f 8 | cut -d '"' -f 2) +echo Using url $downloadfile # download latest release -curl -Lso update.zip.keep $downloadfile +curl -sLo update.zip.keep $downloadfile echo Save config.php mv config.php config.php.keep From 2eb190e07e5e3b9554c6bce4b7bd9ade0118b468 Mon Sep 17 00:00:00 2001 From: Unknown Date: Sun, 30 May 2021 21:12:18 -0500 Subject: [PATCH 07/16] Adding LabsMobile SMS Gateway (#961) * Adding LabsMobile SMS Gateway * Adding LabsMobile SMS Gateway Reference * Update LabsMobile.php Co-authored-by: Tim --- README.rst | 2 +- src/includes/functions.inc.php | 2 + src/psm/Txtmsg/LabsMobile.php | 115 +++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 src/psm/Txtmsg/LabsMobile.php diff --git a/README.rst b/README.rst index 45b1685f..acba4de8 100644 --- a/README.rst +++ b/README.rst @@ -64,7 +64,7 @@ The following SMS gateways are currently available: * OVH SMS PRO - * PromoSMS - * Infobip - - +* LabsMobile - Please note: for these gateways you will need an account with sufficient credits. diff --git a/src/includes/functions.inc.php b/src/includes/functions.inc.php index f0560f17..9df630f8 100644 --- a/src/includes/functions.inc.php +++ b/src/includes/functions.inc.php @@ -805,6 +805,8 @@ namespace { break; case 'promosms': $sms = new \psm\Txtmsg\PromoSMS(); + case 'labsmobile': + $sms = new \psm\Txtmsg\LabsMobile(); break; } diff --git a/src/psm/Txtmsg/LabsMobile.php b/src/psm/Txtmsg/LabsMobile.php new file mode 100644 index 00000000..68310ef8 --- /dev/null +++ b/src/psm/Txtmsg/LabsMobile.php @@ -0,0 +1,115 @@ +. + * + * @package phpservermon + * @author Erik Shupingahua + * @copyright Copyright (c) 2008-2017 Pepijn Over + * @license http://www.gnu.org/licenses/gpl.txt GNU GPL v3 + * @version Release: @package_version@ + * @link http://www.phpservermonitor.org/ + * @since phpservermon 3.5 + **/ + +namespace psm\Txtmsg; + +class LabsMobile extends Core +{ + + /** + * Send sms using the Smsglobal API + * @var string $message + * @var string $this->password + * @var array $this->recipients + * @var array $this->originator + * + * @var resource $curl + * @var string $err + * @var string $recipient + * @var string $from + * @var mixed $result + * + * @var int $success + * @var string $error + * + * @return bool|string + */ + + public function sendSMS($message) + { + $error = ""; + $success = 1; + + //$recipients = join(',', $this->recipients); Remove this + + $from = substr($this->originator, 0, 15); // Max 15 Characters + $message = substr(rawurlencode($message), 0, 153); + + $curl = curl_init(); + + //PREPARE RECIPIENTS: + $recipients=$this->recipients; + $recipentsWorked; + foreach ($recipients as & $row){ + $recipentsWorked.='{"msisdn":"'.$row.'"}'; + } + $auth_basic = base64_encode($this->username.":".$this->password); + curl_setopt_array($curl, array( + CURLOPT_URL => "https://api.labsmobile.com/json/send", + CURLOPT_RETURNTRANSFER => true, + CURLOPT_ENCODING => "", + CURLOPT_MAXREDIRS => 10, + CURLOPT_TIMEOUT => 30, + CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, + CURLOPT_CUSTOMREQUEST => "POST", + CURLOPT_POSTFIELDS => '{"message":"'.$message.'", "tpoa":"Sender","recipient":['.$recipentsWorked.']}', + CURLOPT_HTTPHEADER => array( + "Authorization: Basic ".$auth_basic, + "Cache-Control: no-cache", + "Content-Type: application/json" + ), + )); + + $result = curl_exec($curl); + $httpcode = curl_getinfo($curl, CURLINFO_HTTP_CODE); + $err = curl_error($curl); + curl_close($curl); + + //Error code: https://apidocs.labsmobile.com/#results-and-errors + $jsonresponse=(json_decode($result, true)); + $msgjson =$jsonresponse["message"]; + $codejson=$jsonresponse["code"]; + if ( in_array($codejson, range(21,41)) || $codejson==52 || $codejson==400 || $codejson==401 || $codejson==403 || $codejson==500 ) { + $success = 0; + $result =$codejson.':'. $msgjson; + $error = "HTTP_code: " . $httpcode . ".\ncURL error (" . $result . "): " . + curl_strerror($err) . ". \nResult: " . $result; + } + if ($err) { + $success = 0; + $result = ($result == '') ? 'Wrong input, please check if all values are correct!' : $result; + $error = "HTTP_code: " . $httpcode . ".\ncURL error (" . $err . "): " . + curl_strerror($err) . ". \nResult: " . $result; + + } if ( $codejson==0) { + return 1; + } + return $error; + } +} From ecc1c6649a52cc26b8e16326e88cbbd4116a0f5f Mon Sep 17 00:00:00 2001 From: wilhelch <34109428+wilhelch@users.noreply.github.com> Date: Mon, 14 Jun 2021 15:35:02 -0600 Subject: [PATCH 08/16] Fixed SMTPAutoTLS Default (#1129) PHPMailer will always try to connect to an SMTP server via TLS by default regardless of the SMTPSecure Setting. Added a check to set SMTPAutoTLS to false when email_smtp_security is empty. --- src/includes/functions.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/includes/functions.inc.php b/src/includes/functions.inc.php index 9df630f8..bff7dc6b 100644 --- a/src/includes/functions.inc.php +++ b/src/includes/functions.inc.php @@ -603,7 +603,9 @@ namespace { $phpmailer->Host = psm_get_conf('email_smtp_host'); $phpmailer->Port = (int)psm_get_conf('email_smtp_port'); $phpmailer->SMTPSecure = psm_get_conf('email_smtp_security'); - + if (psm_get_conf('email_smtp_security') == ''){ + $phpmailer->SMTPAutoTLS = false; + } $smtp_user = psm_get_conf('email_smtp_username'); $smtp_pass = psm_password_decrypt( psm_get_conf('password_encrypt_key'), From 6d74c45e0b649efcdb7d80b351f5eb8c5e4fc996 Mon Sep 17 00:00:00 2001 From: Tim Date: Mon, 21 Jun 2021 22:23:36 +0200 Subject: [PATCH 09/16] Added huntr badge --- README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index acba4de8..4f96b85f 100644 --- a/README.rst +++ b/README.rst @@ -4,7 +4,9 @@ PHP Server Monitor .. image:: https://badges.gitter.im/Join%20Chat.svg :alt: Join the chat at https://gitter.im/erickrf/nlpnet :target: https://gitter.im/phpservermon/phpservermon - +.. image:: https://cdn.huntr.dev/huntr_security_badge_mono.svg + :alt: huntr + :target: https://huntr.dev Version 3.6.0.beta2 PHP Server Monitor is a script that checks whether your websites and servers are up and running. From 32fcb8b0e80c5ab13f2ac131bf3e731ead7dea02 Mon Sep 17 00:00:00 2001 From: scheibling Date: Mon, 21 Jun 2021 22:49:40 +0200 Subject: [PATCH 10/16] Added Tele2 API (#1130) * Added Tele2 API * Fixed mistake, added to readme, added number formatting Co-authored-by: larsec Co-authored-by: Lars Scheibling Co-authored-by: Tim Zandbergen --- README.rst | 1 + src/includes/functions.inc.php | 3 + src/psm/Txtmsg/Tele2.php | 143 +++++++++++++++++++++++++++++++++ 3 files changed, 147 insertions(+) create mode 100644 src/psm/Txtmsg/Tele2.php diff --git a/README.rst b/README.rst index 4f96b85f..ad00a393 100644 --- a/README.rst +++ b/README.rst @@ -67,6 +67,7 @@ The following SMS gateways are currently available: * PromoSMS - * Infobip - * LabsMobile - +* Tele2 Messaging - Please note: for these gateways you will need an account with sufficient credits. diff --git a/src/includes/functions.inc.php b/src/includes/functions.inc.php index bff7dc6b..85e11b3c 100644 --- a/src/includes/functions.inc.php +++ b/src/includes/functions.inc.php @@ -810,6 +810,9 @@ namespace { case 'labsmobile': $sms = new \psm\Txtmsg\LabsMobile(); break; + case 'tele2': + $sms = new \psm\Txtmsg\Tele2(); + break; } // copy login information from the config file diff --git a/src/psm/Txtmsg/Tele2.php b/src/psm/Txtmsg/Tele2.php new file mode 100644 index 00000000..44f5aca0 --- /dev/null +++ b/src/psm/Txtmsg/Tele2.php @@ -0,0 +1,143 @@ +. + * + * @package phpservermon + * @author Victor Macko + * @copyright Copyright (c) 2008-2017 Pepijn Over + * @license http://www.gnu.org/licenses/gpl.txt GNU GPL v3 + * @version Release: @package_version@ + * @link http://www.phpservermonitor.org/ + * @since phpservermon 3.6.0 + **/ + +namespace psm\Txtmsg; + +class Tele2 extends Core +{ + /** + * Formats the number to e.g. 45701234567 instead of +45701234567/00451234567 + * Error if the number begins with a single 0, indicates no country code has been provided. + * Will still attempt to send to this and other numbers, but return an error message. + * Also remove spaces, braces and other special characters + */ + private function formatNumber( $number ) : string + { + $number = str_replace(['-', ' ', '(', ')'], '', $number); + + if (substr($number, 0, 1) === '+') { + return substr($number, 1); + } + elseif (substr($number, 0, 2) === '00') { + return substr($number, 2); + } + elseif (substr($number, 0, 1) === '0') { + return null; + } + else return $number; + + } + + + /** + * Send sms using the Tele2 Messaging API based on Infobip + * The username can be blank, password is the API key + * + * + * @var string $message + * @var string $this->baseurl + * @var string $this->password + * @var array $this->recipients + * @var array $this->originator + * @var string $recipients + * + * @var resource $curl + * @var string $err + * @var mixed $result + * + * @var int $success + * @var string $error + * + * @return bool|string + */ + + + + public function sendSMS($message) + { + $success = 1; + $error = ''; + + /** + * Creates a curl object, loops through participants to add them to the same message and makes a single API call to send to all + */ + $ch = curl_init("https://api.tele2messaging.com/sms/2/text/advanced"); + + + + $recipients = []; + + foreach ($this->recipients as $recipient) { + $format = $this->formatNumber($recipient); + if (!$format) { + $error = "ERROR: Incorrect format, needs to include country code (e.g. 45123456789 instead of 0123456789/450123456789/+45123456789/0045123456789)"; + } + $recipients[] = [ + 'to' => $format ?? $recipient + ]; + } + + $postfields = [ + 'messages' => [ + [ + 'from' => $this->originator, + 'destinations' => $recipients, + 'text' => "$message" + ] + ] + ]; + + curl_setopt_array($ch, [ + CURLOPT_POST => 1, + CURLOPT_RETURNTRANSFER => false, + CURLOPT_MAXREDIRS => 10, + CURLOPT_TIMEOUT => 0, + CURLOPT_FOLLOWLOCATION => true, + CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, + CURLOPT_CUSTOMREQUEST => 'POST', + CURLOPT_POSTFIELDS => json_encode($postfields), + CURLOPT_HTTPHEADER => [ + 'AUTHORIZATION: App '.$this->password, + 'Content-Type: application/json', + 'Accept: application/json' + ], + ]); + + $result = curl_exec($ch); + $returncode = curl_getinfo($ch, CURLINFO_RESPONSE_CODE); + + if ($returncode !== 200 || $error !== '') { + $success = 0; + $error .= $result; + } + + return ($success === 1 ? 1 : $error); + } +} + From bb10a5f3c68527c58073258cb12446782d223bc3 Mon Sep 17 00:00:00 2001 From: Tim Zandbergen Date: Wed, 23 Jun 2021 22:05:58 +0200 Subject: [PATCH 11/16] SECURITY: Replaced mt_rand with random_bytes https://huntr.dev/bounties/1-phpservermon/phpservermon/ CWE-1241: Use of Predictable Algorithm in Random Number Generator --- src/psm/Service/User.php | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/psm/Service/User.php b/src/psm/Service/User.php index bc01db2a..92979ede 100644 --- a/src/psm/Service/User.php +++ b/src/psm/Service/User.php @@ -198,9 +198,9 @@ class User { if (isset($_COOKIE['rememberme'])) { // extract data from the cookie - list ($user_id, $token, $hash) = explode(':', $_COOKIE['rememberme']); + list($user_id, $token, $hash) = explode('_', $_COOKIE['rememberme']); // check cookie hash validity - if ($hash == hash('sha256', $user_id . ':' . $token . PSM_LOGIN_COOKIE_SECRET_KEY) && !empty($token)) { + if ($hash == hash('sha256', $user_id . '_' . $token . PSM_LOGIN_COOKIE_SECRET_KEY) && !empty($token)) { // cookie looks good, try to select corresponding user // get real token from database (and all other data) $user = $this->getUser($user_id); @@ -321,15 +321,15 @@ class User protected function newRememberMeCookie() { // generate 64 char random string and store it in current user data - $random_token_string = hash('sha256', mt_rand()); + $random_token_string = hash('sha256', random_bytes(64)); $sth = $this->db_connection->prepare('UPDATE ' . PSM_DB_PREFIX . 'users SET rememberme_token = :user_rememberme_token WHERE user_id = :user_id'); $sth->execute(array(':user_rememberme_token' => $random_token_string, ':user_id' => $this->getUserId())); // generate cookie string that consists of userid, randomstring and combined hash of both - $cookie_string_first_part = $this->getUserId() . ':' . $random_token_string; + $cookie_string_first_part = $this->getUserId() . '_' . $random_token_string; $cookie_string_hash = hash('sha256', $cookie_string_first_part . PSM_LOGIN_COOKIE_SECRET_KEY); - $cookie_string = $cookie_string_first_part . ':' . $cookie_string_hash; + $cookie_string = $cookie_string_first_part . '_' . $cookie_string_hash; // set cookie setcookie('rememberme', $cookie_string, time() + PSM_LOGIN_COOKIE_RUNTIME, "/", PSM_LOGIN_COOKIE_DOMAIN); @@ -526,10 +526,8 @@ class User } $this->user_preferences = array(); - foreach ( - $this->db_connection->query('SELECT `key`,`value` FROM `' . - PSM_DB_PREFIX . 'users_preferences` WHERE `user_id` = ' . $this->user_id) as $row - ) { + foreach ($this->db_connection->query('SELECT `key`,`value` FROM `' . + PSM_DB_PREFIX . 'users_preferences` WHERE `user_id` = ' . $this->user_id) as $row) { $this->user_preferences[$row['key']] = $row['value']; } } From 3daa804d5f56c55b3ae13bfac368bb84ec632193 Mon Sep 17 00:00:00 2001 From: Tim Zandbergen Date: Wed, 23 Jun 2021 22:06:34 +0200 Subject: [PATCH 12/16] SECURITY: Replaced mt_rand with random_bytes https://huntr.dev/bounties/2-phpservermon/phpservermon/ CWE-1241: Use of Predictable Algorithm in Random Number Generator --- src/includes/psmconfig.inc.php | 2 +- src/psm/Service/User.php | 40 +++++++++++++++--------------- src/psm/Util/Install/Installer.php | 7 ++++-- 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/src/includes/psmconfig.inc.php b/src/includes/psmconfig.inc.php index 862ccda4..9e190a6a 100644 --- a/src/includes/psmconfig.inc.php +++ b/src/includes/psmconfig.inc.php @@ -30,7 +30,7 @@ /** * Current PSM version */ -define('PSM_VERSION', '3.6.0.beta2'); +define('PSM_VERSION', '3.6.0'); /** * URL to check for updates. Will not be checked if turned off on config page. diff --git a/src/psm/Service/User.php b/src/psm/Service/User.php index 92979ede..fcd07183 100644 --- a/src/psm/Service/User.php +++ b/src/psm/Service/User.php @@ -72,7 +72,7 @@ class User protected $user_id; /** - *Current user preferences + * Current user preferences * @var array $user_preferences */ protected $user_preferences; @@ -237,15 +237,15 @@ class User } $dirauthconfig = psm_get_conf('dirauth_status'); - + // LDAP auth enabled if ($dirauthconfig === '1') { $ldaplibpath = realpath( PSM_PATH_SRC . '..' . DIRECTORY_SEPARATOR . - 'vendor' . DIRECTORY_SEPARATOR . - 'viharm' . DIRECTORY_SEPARATOR . - 'psm-ldap-auth' . DIRECTORY_SEPARATOR . - 'psmldapauth.php' + 'vendor' . DIRECTORY_SEPARATOR . + 'viharm' . DIRECTORY_SEPARATOR . + 'psm-ldap-auth' . DIRECTORY_SEPARATOR . + 'psmldapauth.php' ); // If the library is found if ($ldaplibpath) { @@ -260,20 +260,20 @@ class User // Authenticated if ($ldapauthstatus === true) { - // Remove password to prevent it from being saved in the DB. - // Otherwise, user may still be authenticated if LDAP is disabled later. - $user_password = null; - @fn_Debug('Authenticated', $user); + // Remove password to prevent it from being saved in the DB. + // Otherwise, user may still be authenticated if LDAP is disabled later. + $user_password = null; + @fn_Debug('Authenticated', $user); } else { - // using PHP 5.5's password_verify() function to check if the provided passwords - // fits to the hash of that user's password - if (!isset($user->user_id)) { - password_verify($user_password, 'dummy_call_against_timing'); - return false; - } elseif (!password_verify($user_password, $user->password)) { - return false; - } + // using PHP 5.5's password_verify() function to check if the provided passwords + // fits to the hash of that user's password + if (!isset($user->user_id)) { + password_verify($user_password, 'dummy_call_against_timing'); + return false; + } elseif (!password_verify($user_password, $user->password)) { + return false; + } } // not authenticated $this->setUserLoggedIn($user->user_id, true); @@ -390,8 +390,8 @@ class User } // generate timestamp (to see when exactly the user (or an attacker) requested the password reset mail) $temporary_timestamp = time(); - // generate random hash for email password reset verification (40 char string) - $user_password_reset_hash = sha1(uniqid(mt_rand(), true)); + // generate random hash for email password reset verification (64 char string) + $user_password_reset_hash = hash('sha256', uniqid(random_bytes(64), true)); $query_update = $this->db_connection->prepare('UPDATE ' . PSM_DB_PREFIX . 'users SET password_reset_hash = :user_password_reset_hash, diff --git a/src/psm/Util/Install/Installer.php b/src/psm/Util/Install/Installer.php index c15b0322..5728007e 100644 --- a/src/psm/Util/Install/Installer.php +++ b/src/psm/Util/Install/Installer.php @@ -212,7 +212,7 @@ class Installer `user_id` int(11) unsigned NOT NULL AUTO_INCREMENT, `user_name` varchar(64) NOT NULL COMMENT 'user''s name, unique', `password` varchar(255) NOT NULL COMMENT 'user''s password in salted and hashed format', - `password_reset_hash` char(40) DEFAULT NULL COMMENT 'user''s password reset code', + `password_reset_hash` varchar(64) DEFAULT NULL COMMENT 'user''s password reset code', `password_reset_timestamp` bigint(20) DEFAULT NULL COMMENT 'timestamp of the password reset request', `rememberme_token` varchar(64) DEFAULT NULL COMMENT 'user''s remember-me cookie token', `level` tinyint(2) unsigned NOT NULL DEFAULT '20', @@ -230,7 +230,7 @@ class Installer UNIQUE KEY `unique_username` (`user_name`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;", PSM_DB_PREFIX . - 'users_preferences' => "CREATE TABLE IF NOT EXISTS `" . PSM_DB_PREFIX . "users_preferences` ( + 'users_preferences' => "CREATE TABLE IF NOT EXISTS `" . PSM_DB_PREFIX . "users_preferences` ( `user_id` int(11) unsigned NOT NULL, `key` varchar(255) NOT NULL, `value` varchar(255) NOT NULL, @@ -732,6 +732,7 @@ class Installer /** * Patch for v3.6.0 release * Added support for Discord and webhooks + * Password_reset_hash varchar 40 -> 64 to allow for SHA256 hash */ protected function upgrade360() { @@ -758,6 +759,8 @@ class Installer $queries[] = "INSERT INTO `" . PSM_DB_PREFIX . "users` ( `user_name`, `level`, `name`, `email`) VALUES ('__PUBLIC__', 30, 'Public page', 'publicpage@psm.psm')"; + $queries[] = "ALTER TABLE `" . PSM_DB_PREFIX . "users` + CHANGE `password_reset_hash` `password_reset_hash` VARCHAR( 64 ) DEFAULT NULL COMMENT 'user''s password reset code';"; $this->execSQL($queries); $this->log('Public page is now available. Added user \'__PUBLIC__\'. See documentation for more info.'); From e28192278c9b32d65444b5c893f2a8984fbd8a44 Mon Sep 17 00:00:00 2001 From: scheibling Date: Wed, 23 Jun 2021 22:47:27 +0200 Subject: [PATCH 13/16] Update FreeMobileSMS.php - Fix encoding bug (#1132) Fix the URL encoding by changing urlencode to rawurlencode, since the former uses + instead of %20 to encode an URL and is meant for form submissions. Rawurlencode is meant for creating URLs, and should fix bug #1120 --- src/psm/Txtmsg/FreeMobileSMS.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psm/Txtmsg/FreeMobileSMS.php b/src/psm/Txtmsg/FreeMobileSMS.php index 43a7d2c0..bdfdd2eb 100644 --- a/src/psm/Txtmsg/FreeMobileSMS.php +++ b/src/psm/Txtmsg/FreeMobileSMS.php @@ -58,7 +58,7 @@ class FreeMobileSMS extends Core array( "user" => $this->username, "pass" => $this->password, - "msg" => urlencode($message), + "msg" => rawurlencode($message), ) )); From 689afca21fa04d5d2787c717625e7721993749f9 Mon Sep 17 00:00:00 2001 From: Tim Zandbergen Date: Thu, 24 Jun 2021 19:48:43 +0200 Subject: [PATCH 14/16] phpmailer/phpmailer update to non-vulnerable version Does not affect PSM, just a precocious. --- composer.json | 4 +- composer.lock | 243 +++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 221 insertions(+), 26 deletions(-) diff --git a/composer.json b/composer.json index 3c30fe5e..511ec417 100644 --- a/composer.json +++ b/composer.json @@ -9,7 +9,7 @@ "ext-json": "*", "ext-pdo": "*", "ext-xml": "*", - "phpmailer/phpmailer": ">=6.4.1 ~6.0", + "phpmailer/phpmailer": ">=6.5.0 ~6.0", "symfony/config": "~3.4", "symfony/dependency-injection": "~3.4", "symfony/event-dispatcher": "~3.4", @@ -30,4 +30,4 @@ "psm\\": "src/psm/" } } -} +} \ No newline at end of file diff --git a/composer.lock b/composer.lock index 4a08830b..990ffd04 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "21bf20f2a7d6602e659723ca99c80d66", + "content-hash": "c967e1466fd2a2effd7f76650bba60d7", "packages": [ { "name": "jaxl/jaxl", @@ -77,6 +77,11 @@ "php", "xmpp" ], + "support": { + "forum": "https://groups.google.com/forum/#!forum/jaxl", + "issues": "https://github.com/jaxl/JAXL/issues", + "source": "https://github.com/jaxl/JAXL" + }, "time": "2016-09-13T01:59:35+00:00" }, { @@ -129,6 +134,10 @@ "composer-installer", "composer-plugin" ], + "support": { + "issues": "https://github.com/mnsami/composer-custom-directory-installer/issues", + "source": "https://github.com/mnsami/composer-custom-directory-installer/tree/master" + }, "time": "2016-05-25T08:26:02+00:00" }, { @@ -178,6 +187,11 @@ "pseudorandom", "random" ], + "support": { + "email": "info@paragonie.com", + "issues": "https://github.com/paragonie/random_compat/issues", + "source": "https://github.com/paragonie/random_compat" + }, "time": "2021-04-17T09:33:01+00:00" }, { @@ -194,6 +208,7 @@ "reference": "ef1df985bf3acb17b1f1f8fe2df2c3c9a16bef32", "shasum": "" }, + "default-branch": true, "type": "library", "autoload": { "files": [ @@ -208,20 +223,24 @@ } ], "description": "PHP class for the Pushover.net project", + "support": { + "issues": "https://github.com/cschalenborgh/php-pushover/issues", + "source": "https://github.com/cschalenborgh/php-pushover/tree/master" + }, "time": "2021-01-12T12:43:39+00:00" }, { "name": "phpmailer/phpmailer", - "version": "v6.4.1", + "version": "v6.5.0", "source": { "type": "git", "url": "https://github.com/PHPMailer/PHPMailer.git", - "reference": "9256f12d8fb0cd0500f93b19e18c356906cbed3d" + "reference": "a5b5c43e50b7fba655f793ad27303cd74c57363c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/9256f12d8fb0cd0500f93b19e18c356906cbed3d", - "reference": "9256f12d8fb0cd0500f93b19e18c356906cbed3d", + "url": "https://api.github.com/repos/PHPMailer/PHPMailer/zipball/a5b5c43e50b7fba655f793ad27303cd74c57363c", + "reference": "a5b5c43e50b7fba655f793ad27303cd74c57363c", "shasum": "" }, "require": { @@ -274,7 +293,17 @@ } ], "description": "PHPMailer is a full-featured email creation and transfer class for PHP", - "time": "2021-04-29T12:25:04+00:00" + "support": { + "issues": "https://github.com/PHPMailer/PHPMailer/issues", + "source": "https://github.com/PHPMailer/PHPMailer/tree/v6.5.0" + }, + "funding": [ + { + "url": "https://github.com/Synchro", + "type": "github" + } + ], + "time": "2021-06-16T14:33:43+00:00" }, { "name": "psr/container", @@ -318,6 +347,10 @@ "container-interop", "psr" ], + "support": { + "issues": "https://github.com/php-fig/container/issues", + "source": "https://github.com/php-fig/container/tree/1.1.1" + }, "time": "2021-03-05T17:36:06+00:00" }, { @@ -377,6 +410,23 @@ ], "description": "Symfony Config Component", "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/config/tree/v3.4.47" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], "time": "2020-10-24T10:57:07+00:00" }, { @@ -443,6 +493,23 @@ ], "description": "Symfony DependencyInjection Component", "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/dependency-injection/tree/v3.4.47" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], "time": "2020-10-24T10:57:07+00:00" }, { @@ -502,6 +569,23 @@ ], "description": "Symfony EventDispatcher Component", "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/event-dispatcher/tree/v3.4.47" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], "time": "2020-10-24T10:57:07+00:00" }, { @@ -547,6 +631,23 @@ ], "description": "Symfony Filesystem Component", "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/filesystem/tree/v3.4.47" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], "time": "2020-10-24T10:57:07+00:00" }, { @@ -596,20 +697,37 @@ ], "description": "Symfony HttpFoundation Component", "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/http-foundation/tree/v3.4.47" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], "time": "2020-10-24T10:57:07+00:00" }, { "name": "symfony/polyfill-ctype", - "version": "v1.22.1", + "version": "v1.23.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "c6c942b1ac76c82448322025e084cadc56048b4e" + "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/c6c942b1ac76c82448322025e084cadc56048b4e", - "reference": "c6c942b1ac76c82448322025e084cadc56048b4e", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/46cd95797e9df938fdd2b03693b5fca5e64b01ce", + "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce", "shasum": "" }, "require": { @@ -621,7 +739,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.22-dev" + "dev-main": "1.23-dev" }, "thanks": { "name": "symfony/polyfill", @@ -658,20 +776,37 @@ "polyfill", "portable" ], - "time": "2021-01-07T16:49:33+00:00" + "support": { + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.23.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2021-02-19T12:13:01+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.22.1", + "version": "v1.23.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "5232de97ee3b75b0360528dae24e73db49566ab1" + "reference": "2df51500adbaebdc4c38dea4c89a2e131c45c8a1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/5232de97ee3b75b0360528dae24e73db49566ab1", - "reference": "5232de97ee3b75b0360528dae24e73db49566ab1", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/2df51500adbaebdc4c38dea4c89a2e131c45c8a1", + "reference": "2df51500adbaebdc4c38dea4c89a2e131c45c8a1", "shasum": "" }, "require": { @@ -683,7 +818,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.22-dev" + "dev-main": "1.23-dev" }, "thanks": { "name": "symfony/polyfill", @@ -721,7 +856,24 @@ "portable", "shim" ], - "time": "2021-01-22T09:19:47+00:00" + "support": { + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.23.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2021-05-27T09:27:20+00:00" }, { "name": "symfony/polyfill-php70", @@ -772,20 +924,37 @@ "portable", "shim" ], + "support": { + "source": "https://github.com/symfony/polyfill-php70/tree/v1.20.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], "time": "2020-10-23T14:02:19+00:00" }, { "name": "twig/twig", - "version": "v1.44.2", + "version": "v1.44.4", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "138c493c5b8ee7cff3821f80b8896d371366b5fe" + "reference": "4d400421528e9fa40caaffcf7824c172526dd99d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/138c493c5b8ee7cff3821f80b8896d371366b5fe", - "reference": "138c493c5b8ee7cff3821f80b8896d371366b5fe", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/4d400421528e9fa40caaffcf7824c172526dd99d", + "reference": "4d400421528e9fa40caaffcf7824c172526dd99d", "shasum": "" }, "require": { @@ -836,7 +1005,21 @@ "keywords": [ "templating" ], - "time": "2021-01-05T10:10:05+00:00" + "support": { + "issues": "https://github.com/twigphp/Twig/issues", + "source": "https://github.com/twigphp/Twig/tree/v1.44.4" + }, + "funding": [ + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/twig/twig", + "type": "tidelift" + } + ], + "time": "2021-05-16T12:11:20+00:00" }, { "name": "viharm/php-db-auth", @@ -884,6 +1067,10 @@ "database", "php" ], + "support": { + "issues": "https://bitbucket.org/viharm/phpdbauth/issues", + "source": "https://bitbucket.org/viharm/phpdbauth/src/60c1b0a28d26178d5e4960d49185af85734643c6/?at=master" + }, "time": "2020-01-05T11:48:12+00:00" }, { @@ -973,6 +1160,10 @@ "openldap", "php" ], + "support": { + "issues": "https://bitbucket.org/viharm/phpldapauth/issues", + "source": "https://bitbucket.org/viharm/phpldapauth/src/3a60e626bfb63eda786dad30f09bd75fd5172cb1/?at=v2.5.1" + }, "time": "2020-11-24T21:56:47+00:00" }, { @@ -1018,6 +1209,9 @@ "php server monitor", "psm" ], + "support": { + "issues": "https://gitlab.com/viharm/PsmLDAPauth/issues" + }, "time": "2020-11-24T22:57:57+00:00" } ], @@ -1036,5 +1230,6 @@ "ext-pdo": "*", "ext-xml": "*" }, - "platform-dev": [] + "platform-dev": [], + "plugin-api-version": "2.0.0" } From 76d0c276c0a61ad22bc3cc6ca5034bc5960efaf4 Mon Sep 17 00:00:00 2001 From: Akshay Jain <30288355+wr3nch0x1@users.noreply.github.com> Date: Wed, 28 Jul 2021 23:34:12 +0530 Subject: [PATCH 15/16] Update User.php (#1135) https://www.huntr.dev/bounties/3-phpservermon/phpservermon/ --- src/psm/Service/User.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psm/Service/User.php b/src/psm/Service/User.php index fcd07183..abf4c0e2 100644 --- a/src/psm/Service/User.php +++ b/src/psm/Service/User.php @@ -332,7 +332,7 @@ class User $cookie_string = $cookie_string_first_part . '_' . $cookie_string_hash; // set cookie - setcookie('rememberme', $cookie_string, time() + PSM_LOGIN_COOKIE_RUNTIME, "/", PSM_LOGIN_COOKIE_DOMAIN); + setcookie('rememberme', $cookie_string, time() + PSM_LOGIN_COOKIE_RUNTIME, "/", PSM_LOGIN_COOKIE_DOMAIN, TRUE); } /** From b81f173a05727a5c5b82acb94be8dcd6afa87c8c Mon Sep 17 00:00:00 2001 From: Tim Zandbergen Date: Fri, 3 Sep 2021 21:02:40 +0200 Subject: [PATCH 16/16] Update FUNDING.yml --- .github/FUNDING.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 42242799..e98dc7fb 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -9,4 +9,4 @@ community_bridge: # Replace with a single Community Bridge project-name e.g., cl liberapay: # Replace with a single Liberapay username issuehunt: # Replace with a single IssueHunt username otechie: # Replace with a single Otechie username -custom: ["https://www.paypal.me/TimZandbergen99", "https://bunq.me/t"] +custom: ["https://www.paypal.me/TimZandbergen99", "https://bunq.me/timz99"]