Merge pull request #4438 from nilsteampassnet/fix_upload

Improved robustness for csv import
nilsteampassnet · Oct 31, 2024 · 0a5efec · 0a5efec
2 parents 35ff797 + a704d42
commit 0a5efec
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 18 deletions.
diff --git a/includes/tables_integrity.json b/includes/tables_integrity.json
@@ -21,7 +21,7 @@
     },
     {
         "table_name": "cache",
-        "structure_hash": "a42189363fa630ce50aa709ac271020e710dc46949eb102ef33fba59a9bb625a"
+        "structure_hash": "bd647a43bca7c3f30e7aaa83ca2dc2d33b1adf7bc015e70fd4ecf8859c174a63"
     },
     {
         "table_name": "cache_tree",
@@ -57,7 +57,7 @@
     },
     {
         "table_name": "items",
-        "structure_hash": "5e157cc138f056349dca650057ca2ba8eea21fedc5b3f2a29cde43cd20378e10"
+        "structure_hash": "c3c01b0af464a2097d6704c8774d1784f6e7f7572d59b80c7e5069537b5a7e01"
     },
     {
         "table_name": "items_change",
@@ -97,7 +97,7 @@
     },
     {
         "table_name": "log_items",
-        "structure_hash": "d8bb457689d7e5e6343c0fa83c4d934323c4109f2eade8f3e365d6db031fd41f"
+        "structure_hash": "e4700bf04c326051918493ab471aa90d9e6cf20bce65f8f5302e31dfc5ef4e8e"
     },
     {
         "table_name": "log_system",
@@ -145,7 +145,7 @@
     },
     {
         "table_name": "restriction_to_roles",
-        "structure_hash": "abb09363fe79997ed4e9d8563cb70da357cd9ba06322b91ede72554b883a2e52"
+        "structure_hash": "c4f0c0258dd10a4350b068d1ac298ee292a45b75f0fafb136a191dafece8f891"
     },
     {
         "table_name": "rights",
@@ -169,7 +169,7 @@
     },
     {
         "table_name": "sharekeys_items",
-        "structure_hash": "6b6d714ea462093c90d2ae16970cc7b3753c130611fca3830fa03c6a4dca44da"
+        "structure_hash": "2dfcca0ebdca6a9dc10f9d1b75508ab1f096e726006afe370a631262b6e78ad0"
     },
     {
         "table_name": "sharekeys_logs",

diff --git a/pages/import.js.php b/pages/import.js.php
@@ -305,7 +305,9 @@ function ImportCSV() {
         toastr.remove();
         toastr.info('<?php echo $lang->get('reading_file'); ?><i class="fa-solid fa-ellipsis fa-2x fa-fade ml-2"></i>');
 
-        console.log("file: "+store.get('teampassApplication').uploadedFileId+" -- Folder id: "+$('#import-csv-target-folder').val())
+        if (debugJavascript === true) {
+            console.log("file: "+store.get('teampassApplication').uploadedFileId+" -- Folder id: "+$('#import-csv-target-folder').val());
+        }
 
         // Perform query
         $.post(
@@ -317,7 +319,9 @@ function ImportCSV() {
             },
             function(data) {
                 data = prepareExchangedData(data, "decode", "<?php echo $session->get('key'); ?>");
-                console.log(data)
+                if (debugJavascript === true) {
+                    console.log(data);
+                }
 
                 // CLear
                 store.update(
@@ -392,6 +396,19 @@ function(teampassApplication) {
 
     //get list of items checked by user
     function launchCSVItemsImport() {
+        // IS the folder selected?
+        if (parseInt($("#import-csv-target-folder").val()) === 0) {
+            toastr.remove();
+            toastr.error(
+                '<i class="fas fa-ban fa-lg mr-2"></i><?php echo $lang->get('please_select_a_folder'); ?>',
+                '', {
+                    timeOut: 10000,
+                    closeButton: true,
+                    progressBar: true
+                }
+            );
+            return false;
+        }
         // Show spinner
         toastr.remove();
         toastr.info('<i class="fas fa-cog fa-spin fa-2x"></i><?php echo $lang->get('please_wait'); ?>');
@@ -439,7 +456,9 @@ function launchCSVItemsImport() {
             'edit-role': $('#import-csv-edit-role-checkbox').prop('checked') === true ? 1 : 0,
             'folder-id' : parseInt($("#import-csv-target-folder").val()),
         }
-        console.log(data);
+        if (debugJavascript === true) {
+            console.log(data);
+        }
         // Lauchn ajax query that will insert items into DB
         $.post(
             "sources/import.queries.php", {
@@ -449,7 +468,9 @@ function launchCSVItemsImport() {
             },
             function(data) {
                 data = prepareExchangedData(data, "decode", "<?php echo $session->get('key'); ?>");
-                console.log(data)
+                if (debugJavascript === true) {
+                    console.log(data);
+                }
 
                 if (data.error === true) {
                     toastr.remove();

diff --git a/sources/import.queries.php b/sources/import.queries.php
@@ -171,13 +171,13 @@
                 $valuesToImport[] = array(
                     'Label' => $rowData['label'],
                     'Login' => $rowData['login'],
-                    'Password' => $rowData['pw'],
+                    'Password' => $rowData['password'],
                     'url' => $rowData['url'],
                     'Comments' => $rowData['description'],
                 );
             });
             $lexer->parse($file, $interpreter);
-
+            
             // extract one line
             foreach ($valuesToImport as $key => $row) {
                 //increment number of lines found
@@ -194,7 +194,7 @@
                 }
 
                 //If any comment is on several lines, then replace 'lf' character
-                $row['Comments'] = str_replace(array("\r\n", "\n", "\r"), '<br>', $row['Comments']);
+                $row['Comments'] = isset($row['Comments']) ? str_replace(array("\r\n", "\n", "\r"), '<br>', $row['Comments']) : '';
 
                 // Check if current line contains a "<br>" character in order to identify an ITEM on several CSV lines
                 if (substr_count($row['Comments'], '<br>') > 0 || substr_count($row['Label'], '<br>') > 0) {
@@ -221,13 +221,13 @@
                         }
                     }
                 }
-
+                
                 // Get values of current line
                 if ($account === '' && $continue_on_next_line === false) {
-                    $account = trim(htmlspecialchars($row['Label'], ENT_QUOTES, 'UTF-8'));
-                    $login = trim(htmlspecialchars($row['Login'], ENT_QUOTES, 'UTF-8'));
-                    $pwd = trim(str_replace('"', '&quot;', $row['Password']));
-                    $url = trim($row['url']);
+                    $account = isset($row['Label']) && is_string($row['Label']) ? trim(htmlspecialchars($row['Label'], ENT_QUOTES, 'UTF-8')) : '';
+                    $login = isset($row['Login']) && is_string($row['Login']) ? trim(htmlspecialchars($row['Login'], ENT_QUOTES, 'UTF-8')) : '';
+                    $pwd = isset($row['Password']) && is_string($row['Password']) ? trim(str_replace('"', '&quot;', $row['Password'])) : '';
+                    $url = isset($row['url']) && is_string($row['url']) ? trim($row['url']) : '';
                     $to_find = array('"', "'");
                     $to_ins = array('&quot', '&#39;');
                     $comment = htmlentities(
@@ -361,7 +361,7 @@
                 $cryptedStuff['encrypted'] = '';
             }
             $post_password = $cryptedStuff['encrypted'];
-
+            
             // Insert new item in table ITEMS
             DB::insert(
                 prefixTable('items'),