php8: Compatibility fixes

app/admin/password-policy/save.php

@@ -12,12 +12,13 @@ $Database 	= new Database_PDO;
 $User 		= new User ($Database);
 $Admin	 	= new Admin ($Database);
 $Result 	= new Result ();
+$Params 	= new Params ($_POST);
 
 # verify that user is logged in
 $User->check_user_session();
 
 # validate csrf cookie
-$User->Crypto->csrf_cookie ("validate", "settings", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
+$User->Crypto->csrf_cookie ("validate", "settings", $Params->csrf_cookie) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
 
 # valid params
 $passwordPolicy = [
@@ -46,9 +47,9 @@ foreach ($passwordPolicy as $k=>$f) {
 	}
 }
 # symbols
-if (!is_blank($_POST['allowedSymbols'])) {
-	$_POST['passwordPolicy'] = str_replace(" ", "", $_POST['passwordPolicy']);
-	$passwordPolicy['allowedSymbols'] = $_POST['allowedSymbols'];
+if (!is_blank($Params->allowedSymbols)) {
+	$Params->allowedSymbols = str_replace(" ", "", $Params->allowedSymbols);
+	$passwordPolicy['allowedSymbols'] = $Params->allowedSymbols;
 }
 
 # set update values
@@ -58,7 +59,7 @@ if(!$Admin->object_modify("settings", "edit", "id", $values))	{ $Result->show("d
 else															{ $Result->show("success", _("Settings updated successfully"), false); }
 
 # if required check all user sertings and force them to update password
-if(@$_POST['enforce']==1) {
+if($Params->enforce==1) {
 	try { $Database->runQuery("update `users` set `passChange` = 'Yes' where `authMethod` = 1;"); }
 	catch (Exception $e) {
 		$Result->show("danger", _('Error updating users: ').$e->getMessage(), false);

app/saml2/idp.php

 <?php
+/* @config file ------------------ */
+require_once(dirname(__FILE__) . '/../../functions/classes/class.Config.php');
 
 # verify php build
-include('functions/checks/check_php_build.php');		// check for support for PHP modules and database connection
+require_once('functions/checks/check_php_build.php');        // check for support for PHP modules and database connection
 define("TOOLKIT_PATH", dirname(__FILE__) . '/../../functions/php-saml/');
 require_once(TOOLKIT_PATH . '../xmlseclibs/xmlseclibs.php'); // We load the xmlsec libs required by OneLogin's SAML
 require_once(TOOLKIT_PATH . '_toolkit_loader.php');   // We load the SAML2 lib
@@ -9,19 +11,23 @@ require_once(TOOLKIT_PATH . '_toolkit_loader.php');   // We load the SAML2 lib
 // get SAML2 settings from db
 $dbobj = $Tools->fetch_object("usersAuthMethod", "type", "SAML2");
 if (!$dbobj) {
-    $Result->show("danger", "SAML settings not found in database", true);
+    $Result->show("danger", _("SAML settings not found in database"), true);
 }
 
 //decode authentication module params
-$params=pf_json_decode($dbobj->params);
+$params = new Params(pf_json_decode($dbobj->params, true));
 
+if (empty($params->idpx509cert) && !empty($params->idpcertfingerprint)) {
+    $Result->show("danger", _("Please login as admin and update SAML authentication settings"), true);
+}
+
+try {
     //if using advanced settings, instantiate without db settings
     if (filter_var($params->advanced, FILTER_VALIDATE_BOOLEAN)) {
         $auth = new OneLogin\Saml2\Auth();
-}
-else{
-	// If not set use prior default value for clientId
-	if (!isset($params->clientId)) $params->clientId = $Tools->createURL();
+    } else {
+        if (!isset($params->clientId))              // If not set use prior default value for clientId
+            $params->clientId = $Tools->createURL();
 
         $settings = array(
             'strict' => filter_var($params->strict, FILTER_VALIDATE_BOOLEAN),
@@ -56,9 +62,11 @@ else{
                 'authnRequestsSigned' => filter_var($params->spsignauthn, FILTER_VALIDATE_BOOLEAN),
             ),
         );
-}
-try {
+
+        OneLogin\Saml2\Utils::setProxyVars(true);
         $auth = new OneLogin\Saml2\Auth($settings);
+    }
+
     $idp_settings = $auth->getSettings();
     $metadata = $idp_settings->getSPMetadata();
     $errors = $idp_settings->validateMetadata($metadata);
@@ -72,6 +80,11 @@ try {
         );
     }
 } catch (Exception $e) {
-    echo $e->getMessage();
+    print _("Fatal SAML error") . ": ";
+
+    if (!filter_var($params->debugprotocol, FILTER_VALIDATE_BOOLEAN)) {
+        print escape_input($e->getMessage());
+    }
+    exit();
 }
-die();
+exit();

app/saml2/index.php

@@ -3,7 +3,7 @@
 require_once(dirname(__FILE__) . '/../../functions/classes/class.Config.php');
 
 # verify php build
-include('functions/checks/check_php_build.php');		// check for support for PHP modules and database connection
+require_once('functions/checks/check_php_build.php');        // check for support for PHP modules and database connection
 define("TOOLKIT_PATH", dirname(__FILE__) . '/../../functions/php-saml/');
 require_once(TOOLKIT_PATH . '../xmlseclibs/xmlseclibs.php'); // We load the xmlsec libs required by OneLogin's SAML
 require_once(TOOLKIT_PATH . '_toolkit_loader.php');   // We load the SAML2 lib
@@ -15,19 +15,19 @@ if(!$dbobj){
 }
 
 //decode authentication module params
-$params=pf_json_decode($dbobj->params);
+$params = new Params(pf_json_decode($dbobj->params, true));
 
 if (empty($params->idpx509cert) && !empty($params->idpcertfingerprint)) {
     $Result->show("danger", _("Please login as admin and update SAML authentication settings"), true);
 }
 
+try {
     //if using advanced settings, instantiate without db settings
     if (filter_var($params->advanced, FILTER_VALIDATE_BOOLEAN)) {
         $auth = new OneLogin\Saml2\Auth();
-}
-else{
-	// If not set use prior default value for clientId
-	if (!isset($params->clientId)) $params->clientId = $Tools->createURL();
+    } else {
+        if (!isset($params->clientId))              // If not set use prior default value for clientId
+            $params->clientId = $Tools->createURL();
 
         $settings = array(
             'strict' => filter_var($params->strict, FILTER_VALIDATE_BOOLEAN),
@@ -63,9 +63,18 @@ else{
                 'authnRequestsSigned' => filter_var($params->spsignauthn, FILTER_VALIDATE_BOOLEAN),
             ),
         );
+
         OneLogin\Saml2\Utils::setProxyVars(true);
         $auth = new OneLogin\Saml2\Auth($settings);
     }
+} catch (Exception $e) {
+    print _("Fatal SAML error") . ": ";
+
+    if (!filter_var($params->debugprotocol, FILTER_VALIDATE_BOOLEAN)) {
+        print escape_input($e->getMessage());
+    }
+    exit();
+}
 
 //if SAMLResponse is not in the request, create an authnrequest and send it to the idp
 if (!isset($_POST["SAMLResponse"])) {
@@ -75,8 +84,7 @@ if(!isset($_POST["SAMLResponse"])){
     header('Cache-Control: no-cache, must-revalidate');
     header('Location: ' . $ssoBuiltUrl);
     exit();
-}
-else{
+} else {
     //process the authentication response
     if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
         $requestID = $_SESSION['AuthNRequestID'];
@@ -148,8 +156,7 @@ else{
 
         if (empty($auth->getAttribute("display_name")[0])) {
             $Result->show("danger", _("Mandatory SAML JIT attribute missing") . " : display_name (string)", true);
-        }
-        elseif (!filter_var($auth->getAttribute("email")[0], FILTER_VALIDATE_EMAIL)) {
+        } elseif (!filter_var($auth->getAttribute("email")[0], FILTER_VALIDATE_EMAIL)) {
             $Result->show("danger", _("Mandatory SAML JIT attribute missing") . " : email (string)", true);
         }
 
@@ -166,8 +173,7 @@ else{
 
             $action = "edit";
             $values["id"] = $existing_user->id;
-        }
-        else {
+        } else {
             // User does not exist in DB. Auto-provision user.
 
             $action = "add";
@@ -214,12 +220,17 @@ else{
 
         // Construct admin object for helper functions
         $Admin = new Admin($Database, false);
-        if (!$Admin->object_modify("users", $action, "id", $values)) { $Result->show("danger", _("Failed to create/update SAML JIT user")." : ".escape_input($username), true); }
+        if (!$Admin->object_modify("users", $action, "id", $values)) {
+            $Result->show("danger", _("Failed to create/update SAML JIT user") . " : " . escape_input($username), true);
+        }
     }
 
     $User->authenticate($username, '', true);
 
     // Redirect user where he came from, if unknown go to dashboard.
-	if ($redirect = $User->get_redirect_cookie()) { header("Location: " . $redirect); }
-	else                                          { header("Location: " . create_link("dashboard")); }
+    if ($redirect = $User->get_redirect_cookie()) {
+        header("Location: " . $redirect);
+    } else {
+        header("Location: " . create_link("dashboard"));
+    }
 }

app/sections/user-menu.php

@@ -4,19 +4,19 @@
  * Display usermenu on top right
  */
 
- $Params = new Params();
- $Params->read($_REQUEST);
+ $Params = new Params($_GET);
 
 # filter ip value
 if(!is_blank($Params->ip)) {
-	$Params->ip = $Subnets->strip_input_tags(urldecode(trim($Params->ip)));
+	$Params->ip = urldecode(trim($Params->ip));
 }
 
 # verify that user is logged in
 $User->check_user_session();
 
 // set parameters form cookie
-$params = pf_json_decode($Params->search_parameters, true) ?: [];
+$sp = isset($_COOKIE['search_parameters']) ? $_COOKIE['search_parameters'] : '';
+$params = json_decode($sp, true) ?: [];
 foreach ($params as $k => $p) {
 	if ($p == "on") {
 		$Params->{$k} = $p;

app/tools/search/search-results.php

@@ -10,6 +10,7 @@ $User->check_user_session();
 # change * to % for database wildchar
 $searchTerm = trim($searchTerm);
 $searchTerm = str_replace("*", "%", $searchTerm);
+$searchTerm_edited = null;
 
 // IP address low/high reformat
 if (preg_match('/^[a-f0-9.:\/]+$/i', $searchTerm)) {
@@ -32,8 +33,7 @@ $hidden_fields = pf_json_decode($User->settings->hiddenCustomFields, true);
 $selected_ip_fields = $User->settings->IPfilter;
 $selected_ip_fields = pf_explode(";", $selected_ip_fields);
 
-$Params = new Params();
-$Params->read($_GET);
+$Params = new Params($_GET);
 
 // all are off?
 if (is_blank($Params->addresses) && is_blank($Params->subnets) && is_blank($Params->vlans) && is_blank($Params->vrf) && is_blank($Params->pstn) && is_blank($Params->circuits) && is_blank($Params->customers)) {

app/tools/search/search_results/search-results_addresses.php

@@ -5,10 +5,10 @@ $User->check_user_session();
 
 # get all custom fields
 $custom_address_fields = $Params->addresses=="on" ? $Tools->fetch_custom_fields ("ipaddresses") : array();
-$hidden_address_fields = is_array(@$hidden_fields['ipaddresses']) ? $hidden_fields['ipaddresses'] : array();
+$hidden_address_fields = isset($hidden_fields['ipaddresses']) ? $hidden_fields['ipaddresses'] : array();
 
 # search addresses
-$result_addresses = $Tools->search_addresses($searchTerm, $searchTerm_edited['high'], $searchTerm_edited['low'], $custom_address_fields);
+$result_addresses = is_array($searchTerm_edited) ? $Tools->search_addresses($searchTerm, $searchTerm_edited['high'], $searchTerm_edited['low'], $custom_address_fields) : [];
 ?>
 
 <br>

app/tools/search/search_results/search-results_subnets.php

@@ -9,10 +9,10 @@ $User->check_user_session();
 
 # get all custom fields
 $custom_subnet_fields = $Params->subnets=="on"   ? $Tools->fetch_custom_fields ("subnets") : array();
-$hidden_subnet_fields = is_array(@$hidden_fields['subnets']) ? $hidden_fields['subnets'] : array();
+$hidden_subnet_fields = isset($hidden_fields['subnets']) ? $hidden_fields['subnets'] : array();
 
 # search subnets
-$result_subnets   = $Tools->search_subnets($searchTerm, $searchTerm_edited['high'], $searchTerm_edited['low'], $Params->ip, $custom_subnet_fields);
+$result_subnets   = is_array($searchTerm_edited) ? $Tools->search_subnets($searchTerm, $searchTerm_edited['high'], $searchTerm_edited['low'], $Params->ip, $custom_subnet_fields) : [];
 ?>
 
 <!-- !subnets -->

functions/classes/class.Params.php

@@ -10,8 +10,7 @@
  *
  *        vs
  *
- *    $Params = new Params();
- *    $Params.read($_POST);
+ *    $Params = new Params($_POST);
  *
  *    if ($Params->ip==....)    // No warning if $_POST['ip'] is undefined.
  */
@@ -30,10 +29,12 @@ class Params extends stdClass
     /**
      * Class constructor
      *
+     * @param array $args
      * @param mixed $default
      */
-    public function __construct($default = null)
+    public function __construct($args = [], $default = null)
     {
+        $this->read($args);
         $this->____default = $default;
     }