Merge pull request #1116 from hashtopolis/bug/1112-bug-encoding-error-in-the-database-or-api

Bug/1112 bug encoding error in the database or api

Author: jessevz

src/inc/apiv2/common/AbstractBaseAPI.class.php

@@ -398,7 +398,10 @@ protected static function db2json(array $feature, mixed $val): mixed
       $obj = array_map('intval', preg_split("/,/", $val, -1, PREG_SPLIT_NO_EMPTY));
     } elseif ($feature['type'] == 'dict' && $feature['subtype'] = 'bool') {
       $obj = unserialize($val);
-    } else {
+    } elseif (str_starts_with($feature['type'], 'str') && $val !== null) {
+      $obj = html_entity_decode($val, ENT_COMPAT, "UTF-8");
+    }
+    else {
       // TODO: Check all objects, instead of wild cast to hopefully-JSON compatible object
       $obj = $val;
     }
@@ -420,7 +423,7 @@ protected static function json2db(array $feature, mixed $obj): mixed
       $val = htmlentities($obj, ENT_QUOTES, "UTF-8");
     } elseif ($feature['type'] == 'array' && $feature['subtype'] == 'int') {
       $val = implode(",", $obj);
-    } elseif ($feature['type'] == 'dict' && $feature['subtype'] = 'bool') {
+    } elseif ($feature['type'] == 'dict' && $feature['subtype'] == 'bool') {
       $val = serialize($obj);
     } else {
       $val = strval($obj);

src/inc/utils/HashlistUtils.class.php

@@ -34,7 +34,7 @@ public static function editNotes($hashlistId, $notes, $user) {
     if (!AccessUtils::userCanAccessHashlists($hashlist, $user)) {
       throw new HTException("No access to hashlist!");
     }
-    Factory::getHashlistFactory()->set($hashlist, Hashlist::NOTES, htmlentities($notes, ENT_QUOTES, "UTF-8"));
+    Factory::getHashlistFactory()->set($hashlist, Hashlist::NOTES, $notes);
   }
 
   /**
@@ -744,7 +744,6 @@ public static function export($hashlistId, $user) {
    * @throws HTException
    */
   public static function createHashlist($name, $isSalted, $isSecret, $isHexSalted, $separator, $format, $hashtype, $saltSeparator, $accessGroupId, $source, $post, $files, $user, $brainId, $brainFeatures) {
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $salted = ($isSalted) ? "1" : "0";
     $secret = ($isSecret) ? "1" : "0";
     $hexsalted = ($isHexSalted) ? "1" : "0";

src/inc/utils/SupertaskUtils.class.php

@@ -28,7 +28,6 @@ class SupertaskUtils {
    * @throws HTException
    */
   public static function bulkSupertask($name, $command, $isCpuOnly, $maxAgents, $isSmall, $crackerBinaryTypeId, $benchtype, $basefiles, $iterfiles, $user) {
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $isCpuOnly = ($isCpuOnly) ? 1 : 0;
     $isSmall = ($isSmall) ? 1 : 0;
     $benchtype = ($benchtype == 'speed') ? 1 : 0;
@@ -146,7 +145,7 @@ public static function createIterationPretasks($command, $name, $basefiles, $ite
    */
   public static function renameSupertask($supertaskId, $newName) {
     $supertask = SupertaskUtils::getSupertask($supertaskId);
-    Factory::getSupertaskFactory()->set($supertask, Supertask::SUPERTASK_NAME, htmlentities($newName, ENT_QUOTES, "UTF-8"));
+    Factory::getSupertaskFactory()->set($supertask, Supertask::SUPERTASK_NAME, $newName);
   }
 
   /**
@@ -327,7 +326,6 @@ public static function createSupertask($name, $pretasks) {
     if (!is_array($pretasks) || sizeof($pretasks) == 0) {
       throw new HTException("Cannot create empty supertask!");
     }
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $tasks = [];
     foreach ($pretasks as $pretaskId) {
       $pretask = Factory::getPretaskFactory()->get($pretaskId);
@@ -360,7 +358,6 @@ public static function createSupertask($name, $pretasks) {
    * @throws HTException
    */
   public static function importSupertask($name, $isCpuOnly, $maxAgents, $isSmall, $useOptimized, $crackerBinaryTypeId, $masks, $benchtype) {
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $isCpuOnly = ($isCpuOnly) ? 1 : 0;
     $isSmall = ($isSmall) ? 1 : 0;
     $useOptimized = ($useOptimized) ? true : false;

src/inc/utils/TaskUtils.class.php

@@ -99,7 +99,6 @@ public static function getDefault() {
    * @throws HTException
    */
   public static function editNotes($taskId, $notes, $user) {
-    $notes = htmlentities($notes, ENT_QUOTES, "UTF-8");
     $task = TaskUtils::getTask($taskId, $user);
     Factory::getTaskFactory()->set($task, Task::NOTES, $notes);
   }
@@ -186,7 +185,7 @@ public static function archiveTask($taskId, $user) {
    */
   public static function renameSupertask($taskWrapperId, $newName, $user) {
     $taskWrapper = TaskUtils::getTaskWrapper($taskWrapperId, $user);
-    Factory::getTaskWrapperFactory()->set($taskWrapper, TaskWrapper::TASK_WRAPPER_NAME, htmlentities($newName, ENT_QUOTES, "UTF-8"));
+    Factory::getTaskWrapperFactory()->set($taskWrapper, TaskWrapper::TASK_WRAPPER_NAME, $newName);
   }
 
   /**
@@ -635,7 +634,7 @@ public static function updateColor($taskId, $color, $user) {
   public static function rename($taskId, $name, $user) {
     // change task name
     $task = TaskUtils::getTask($taskId, $user);
-    Factory::getTaskFactory()->set($task, Task::TASK_NAME, htmlentities($name, ENT_QUOTES, "UTF-8"));
+    Factory::getTaskFactory()->set($task, Task::TASK_NAME, $name);
   }
 
   /**
@@ -745,7 +744,6 @@ public static function createTask($hashlistId, $name, $attackCmd, $chunkTime, $s
       throw new HTException("You cannot create a task for an archived hashlist!");
     }
 
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     if (strlen($name) == 0) {
       $name = "Task_" . $hashlist->getId() . "_" . date("Ymd_Hi");
     }