search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.63k stars 532 forks source link

PHP Fatal error: Uncaught TypeError: htmlspecialchars_decode() #4232

Open asferreir opened 1 week ago

asferreir commented 1 week ago

Page on which it happened

Steps to reproduce

  1. Open some items
  2. Edit some items

Expected behaviour

Open an item to view information, or Edit an item and save changes.

Actual behaviour

After the MariaDB upgrade from 10.6.0 to 11.5.1. When I try to view or edit some items, I display the message: Loading item...

Captura de tela 2024-06-24 134858

Server configuration

Operating system: Linux b5e22f649def 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64

Web server: nginx/1.24.0

Database: 11.5.1-MariaDB-ubu2204-log

PHP version: 8.2.7

Teampass version: 3.1.2

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '0',
'log_connections' => '1',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '0',
'item_duplicate_in_same_folder' => '0',
'duplicate_item' => '0',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html',
'cpassman_url' => 'https://<anonym_url>
'favicon' => 'https://<anonym_url>/favicon.ico',
'path_to_upload_folder' => '/var/www/html/upload',
'url_to_upload_folder' => 'https://<anonym_url>/upload',
'path_to_files_folder' => '/var/www/html/files',
'url_to_files_folder' => 'https://<anonym_url>/files',
'activate_expiration' => '1',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'cpassman_version' => '2.1.27',
'ldap_mode' => '1',
'ldap_type' => 'ActiveDirectory',
'ldap_suffix' => '',
'ldap_domain_dn' => '',
'ldap_domain_controler' => '',
'ldap_user_attribute' => 'samaccountname',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_search_base' => '',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '0',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => '',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;cb_select_all;',
'send_stats_time' => '1550671342',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '25',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '80',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '1',
'proxy_ip' => '<removed>'
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '0',
'subfolder_rights_as_parent' => '1',
'show_only_accessible_folders' => '1',
'enable_suggestion' => '1',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => 'user',
'bck_script_path' => '/var/www/html/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => '<removed>'
'syslog_port' => '514',
'manager_move_item' => '0',
'create_item_without_password' => '0',
'otv_is_enabled' => '1',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '1',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'America/Sao_Paulo',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '1',
'offline_key_level' => '20',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '1',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '0',
'ldap_allowed_usergroup' => '',
'ldap_bind_dn' => '',
'ldap_bind_passwd' => '<removed>'
'ldap_usergroup' => '',
'ga_reset_by_user' => '0',
'yubico_authentication' => '0',
'item_creation_templates' => '0',
'teampass_version' => '3.1.2',
'password_overview_delay' => '4',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '30',
'mfa_for_roles' => '',
'tree_counters' => '0',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'copy_to_clipboard_small_icons' => '0',
'enable_massive_move_delete' => '0',
'email_debug_level' => '1',
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'ldap_user_dn_attribute' => 'distinguishedname',
'ldap_dn_additional_user_dn' => '',
'ldap_user_object_filter' => '',
'ldap_bdn' => '',
'ldap_hosts' => '<removed>'
'ldap_password' => '<removed>'
'ldap_username' => '',
'api_token_duration' => '60',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '300',
'maximum_number_of_items_to_treat' => '300',
'tasks_manager_refreshing_period' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '0',
'enable_ad_users_with_ad_groups' => '1',
'enable_ad_user_auto_creation' => '0',
'ldap_group_object_filter' => '',
'ldap_guid_attibute' => 'objectSid',
'sending_emails_job_frequency' => '2',
'user_keys_job_frequency' => '5',
'items_statistics_job_frequency' => '10',
'reload_cache_table_task' => 'daily;00:01',
'rebuild_config_file' => '',
'purge_temporary_files_task' => 'monthly;00:00;1',
'clean_orphan_objects_task' => 'monthly;00:00;1',
'users_personal_folder_task' => 'monthly;00:00;1',
'maximum_session_expiration_time' => '60',
'items_ops_job_frequency' => '5',
'upgrade_timestamp' => '1710792552',
'enable_refresh_task_last_execution' => '1',
'ldap_group_objectclasses_attibute' => '',
'pwd_default_length' => '14',
'tasks_log_retention_delay' => '3650',
'duo_ikey' => '<removed>'

Updated from an older Teampass or fresh install: Updated from 2.1.27.36

Client configuration

Browser: -

Operating system: - bits

Logs

Web server error log

teampass_app.1.9hgn8aeown5n@spit114    | 2024-06-24 14:12:01,127 INFO reaped unknown pid 201 (exit status 0)
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:17] WARNING: [pool www] child 186 said into stderr: "NOTICE: PHP message: TEAMPASS - Folder: 4 - User: 10000049 - access: W - edit: 1 - delete: 1"
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:17] WARNING: [pool www] child 186 said into stderr: "NOTICE: PHP message: TEAMPASS - Folder: 4 - User: 10000049 - access: W - edit: 1 - delete: 1"
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:17] WARNING: [pool www] child 186 said into stderr: "NOTICE: PHP message: TEAMPASS - Folder: 4 - User: 10000049 - access: W - edit: 1 - delete: 1"
teampass_app.1.9hgn8aeown5n@spit114    | 10.0.1.17 - - [24/Jun/2024:14:12:17 -0300] "POST /sources/items.queries.php HTTP/1.1" 200 956 "https://teampass.atech.com.br/index.php?page=items" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0"
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:18] WARNING: [pool www] child 55 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught TypeError: htmlspecialchars_decode(): Argument #1 ($string) must be of type string, null given in /var/www/html/sources/items.queries.php:2832"
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:18] WARNING: [pool www] child 55 said into stderr: "Stack trace:"
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:18] WARNING: [pool www] child 55 said into stderr: "#0 /var/www/html/sources/items.queries.php(2832): htmlspecialchars_decode(NULL, 3)"
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:18] WARNING: [pool www] child 55 said into stderr: "#1 {main}"
teampass_app.1.9hgn8aeown5n@spit114    | [24-Jun-2024 14:12:18] WARNING: [pool www] child 55 said into stderr: "  thrown in /var/www/html/sources/items.queries.php on line 2832"
teampass_app.1.9hgn8aeown5n@spit114    | 10.0.1.17 - - [24/Jun/2024:14:12:18 -0300] "POST /sources/items.queries.php HTTP/1.1" 500 5 "https://teampass.atech.com.br/index.php?page=items" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0"

Log from the web-browser developer console (CTRL + SHIFT + i)

index.php:1  Mixed Content: The page at 'https://<anonym_url>/index.php?page=items' was loaded over HTTPS, but requested an insecure script 'http://<anonym_url>/includes/libraries/csrfp/js/csrfprotector.js'. This request has been blocked; the content must be served over HTTPS.
index.php?page=items:3364 Key appel get_teampass_settings : 2gb5gv7nk1plfs7k655g9fnims
index.php?page=items:7291 4
POST https://<anonym_url>/sources/items.queries.php 500 (Internal Server Error).