Updating master to dev

.devcontainer/devcontainer.json

@@ -53,5 +53,6 @@
     "NODE_OPTIONS": "--use-openssl-ca"
   },
   "remoteUser": "vscode",
+  "overrideCommand": false,
   "postStartCommand": "composer install --working-dir=/var/www/html/"
 }

.vscode/launch.json

@@ -6,7 +6,10 @@
             "name": "Listen for Xdebug",
             "type": "php",
             "request": "launch",
-            "port": 9003
+            "port": 9003,
+            "xdebugSettings": {
+              "max_data": 10240
+          }
         },
         {
             "name": "Launch currently open script",

Dockerfile

@@ -93,11 +93,12 @@ ENTRYPOINT [ "docker-entrypoint.sh" ]
 FROM hashtopolis-server-base as hashtopolis-server-dev
 
 # Setting up development requirements, install xdebug
-RUN yes | pecl install xdebug \
+RUN yes | pecl install xdebug && docker-php-ext-enable xdebug \
     && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
     && echo "xdebug.mode = debug" >> /usr/local/etc/php/conf.d/xdebug.ini \
     && echo "xdebug.start_with_request = yes" >> /usr/local/etc/php/conf.d/xdebug.ini \
 	&& echo "xdebug.client_port = 9003" >> /usr/local/etc/php/conf.d/xdebug.ini \
+	&& echo "xdebug.idekey = PHPSTORM" >> /usr/local/etc/php/conf.d/xdebug.ini \
     \
     # Configuring PHP
     && touch "/usr/local/etc/php/conf.d/custom.ini" \

src/dba/models/Agent.class.php

@@ -68,7 +68,7 @@ static function getFeatures() {
     $dict['uid'] = ['read_only' => False, "type" => "str(100)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "uid"];
     $dict['os'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "os"];
     $dict['devices'] = ['read_only' => False, "type" => "str(65535)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "devices"];
-    $dict['cmdPars'] = ['read_only' => False, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "cmdPars"];
+    $dict['cmdPars'] = ['read_only' => False, "type" => "str(65535)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "cmdPars"];
     $dict['ignoreErrors'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => [0 => "Deactivate agent on error", 1 => "Keep agent running, but save errors", 2 => "Keep agent running and discard errors", ], "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "ignoreErrors"];
     $dict['isActive'] = ['read_only' => False, "type" => "bool", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "isActive"];
     $dict['isTrusted'] = ['read_only' => False, "type" => "bool", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "isTrusted"];

src/dba/models/HealthCheck.class.php

@@ -46,7 +46,7 @@ static function getFeatures() {
     $dict['hashtypeId'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "hashtypeId"];
     $dict['crackerBinaryId'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "crackerBinaryId"];
     $dict['expectedCracks'] = ['read_only' => True, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "expectedCracks"];
-    $dict['attackCmd'] = ['read_only' => True, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "attackCmd"];
+    $dict['attackCmd'] = ['read_only' => True, "type" => "str(65535)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "attackCmd"];
 
     return $dict;
   }

src/dba/models/Pretask.class.php

@@ -56,7 +56,7 @@ static function getFeatures() {
     $dict = array();
     $dict['pretaskId'] = ['read_only' => True, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => True, "protected" => True, "private" => False, "alias" => "pretaskId"];
     $dict['taskName'] = ['read_only' => False, "type" => "str(100)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "taskName"];
-    $dict['attackCmd'] = ['read_only' => False, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "attackCmd"];
+    $dict['attackCmd'] = ['read_only' => False, "type" => "str(65535)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "attackCmd"];
     $dict['chunkTime'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "chunkTime"];
     $dict['statusTimer'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "statusTimer"];
     $dict['color'] = ['read_only' => False, "type" => "str(20)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "color"];

src/dba/models/Task.class.php

@@ -89,7 +89,7 @@ static function getFeatures() {
     $dict = array();
     $dict['taskId'] = ['read_only' => True, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => True, "protected" => True, "private" => False, "alias" => "taskId"];
     $dict['taskName'] = ['read_only' => False, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "taskName"];
-    $dict['attackCmd'] = ['read_only' => False, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "attackCmd"];
+    $dict['attackCmd'] = ['read_only' => False, "type" => "str(65535)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "attackCmd"];
     $dict['chunkTime'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "chunkTime"];
     $dict['statusTimer'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "statusTimer"];
     $dict['keyspace'] = ['read_only' => True, "type" => "int64", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "keyspace"];

src/dba/models/generator.php

@@ -56,7 +56,7 @@
     ['name' => 'uid', 'read_only' => False, 'type' => 'str(100)'],
     ['name' => 'os', 'read_only' => False, 'type' => 'int'],
     ['name' => 'devices', 'read_only' => False, 'type' => 'str(65535)'],
-    ['name' => 'cmdPars', 'read_only' => False, 'type' => 'str(256)'],
+    ['name' => 'cmdPars', 'read_only' => False, 'type' => 'str(65535)'],
     ['name' => 'ignoreErrors', 'read_only' => False, 'type' => 'int', 'choices' => $FieldIgnoreErrorsChoices],
     ['name' => 'isActive', 'read_only' => False, 'type' => 'bool'],
     ['name' => 'isTrusted', 'read_only' => False, 'type' => 'bool'],
@@ -267,7 +267,7 @@
     ['name' => 'hashtypeId', 'read_only' => False, 'type' => 'int'],
     ['name' => 'crackerBinaryId', 'read_only' => False, 'type' => 'int'],
     ['name' => 'expectedCracks', 'read_only' => True, 'type' => 'int', 'protected' => True],
-    ['name' => 'attackCmd', 'read_only' => True, 'type' => 'str(256)', 'protected' => True],
+    ['name' => 'attackCmd', 'read_only' => True, 'type' => 'str(65535)', 'protected' => True],
   ],
 ];
 $CONF['HealthCheckAgent'] = [
@@ -319,7 +319,7 @@
   'columns' => [
     ['name' => 'pretaskId', 'read_only' => True, 'type' => 'int', 'protected' => True],
     ['name' => 'taskName', 'read_only' => False, 'type' => 'str(100)'],
-    ['name' => 'attackCmd', 'read_only' => False, 'type' => 'str(256)'],
+    ['name' => 'attackCmd', 'read_only' => False, 'type' => 'str(65535)'],
     ['name' => 'chunkTime', 'read_only' => False, 'type' => 'int'],
     ['name' => 'statusTimer', 'read_only' => False, 'type' => 'int'],
     ['name' => 'color', 'read_only' => False, 'type' => 'str(20)'],
@@ -382,7 +382,7 @@
   'columns' => [
     ['name' => 'taskId', 'read_only' => True, 'type' => 'int', 'protected' => True],
     ['name' => 'taskName', 'read_only' => False, 'type' => 'str(256)'],
-    ['name' => 'attackCmd', 'read_only' => False, 'type' => 'str(256)'],
+    ['name' => 'attackCmd', 'read_only' => False, 'type' => 'str(65535)'],
     ['name' => 'chunkTime', 'read_only' => False, 'type' => 'int'],
     ['name' => 'statusTimer', 'read_only' => False, 'type' => 'int'],
     ['name' => 'keyspace', 'read_only' => True, 'type' => 'int64', 'protected' => True],

src/inc/apiv2/common/AbstractBaseAPI.class.php

@@ -398,7 +398,10 @@ protected static function db2json(array $feature, mixed $val): mixed
       $obj = array_map('intval', preg_split("/,/", $val, -1, PREG_SPLIT_NO_EMPTY));
     } elseif ($feature['type'] == 'dict' && $feature['subtype'] = 'bool') {
       $obj = unserialize($val);
-    } else {
+    } elseif (str_starts_with($feature['type'], 'str') && $val !== null) {
+      $obj = html_entity_decode($val, ENT_COMPAT, "UTF-8");
+    }
+    else {
       // TODO: Check all objects, instead of wild cast to hopefully-JSON compatible object
       $obj = $val;
     }
@@ -420,7 +423,7 @@ protected static function json2db(array $feature, mixed $obj): mixed
       $val = htmlentities($obj, ENT_QUOTES, "UTF-8");
     } elseif ($feature['type'] == 'array' && $feature['subtype'] == 'int') {
       $val = implode(",", $obj);
-    } elseif ($feature['type'] == 'dict' && $feature['subtype'] = 'bool') {
+    } elseif ($feature['type'] == 'dict' && $feature['subtype'] == 'bool') {
       $val = serialize($obj);
     } else {
       $val = strval($obj);

src/inc/utils/HashlistUtils.class.php

@@ -34,7 +34,7 @@ public static function editNotes($hashlistId, $notes, $user) {
     if (!AccessUtils::userCanAccessHashlists($hashlist, $user)) {
       throw new HTException("No access to hashlist!");
     }
-    Factory::getHashlistFactory()->set($hashlist, Hashlist::NOTES, htmlentities($notes, ENT_QUOTES, "UTF-8"));
+    Factory::getHashlistFactory()->set($hashlist, Hashlist::NOTES, $notes);
   }
 
   /**
@@ -744,7 +744,6 @@ public static function export($hashlistId, $user) {
    * @throws HTException
    */
   public static function createHashlist($name, $isSalted, $isSecret, $isHexSalted, $separator, $format, $hashtype, $saltSeparator, $accessGroupId, $source, $post, $files, $user, $brainId, $brainFeatures) {
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $salted = ($isSalted) ? "1" : "0";
     $secret = ($isSecret) ? "1" : "0";
     $hexsalted = ($isHexSalted) ? "1" : "0";

src/inc/utils/PretaskUtils.class.php

@@ -305,8 +305,8 @@ public static function createPretask($name, $cmdLine, $chunkTime, $statusTimer,
     else if (strpos($cmdLine, SConfig::getInstance()->getVal(DConfig::HASHLIST_ALIAS)) === false) {
       throw new HTException("The attack command does not contain the hashlist alias!");
     }
-    else if (strlen($cmdLine) > 256) {
-      throw new HTException("Attack command is too long (max 256 characters)!");
+    else if (strlen($cmdLine) > 65535) {
+      throw new HTException("Attack command is too long (max 65535 characters)!");
     }
     else if (Util::containsBlacklistedChars($cmdLine)) {
       throw new HTException("The command must contain no blacklisted characters!");

src/inc/utils/SupertaskUtils.class.php

@@ -28,7 +28,6 @@ class SupertaskUtils {
    * @throws HTException
    */
   public static function bulkSupertask($name, $command, $isCpuOnly, $maxAgents, $isSmall, $crackerBinaryTypeId, $benchtype, $basefiles, $iterfiles, $user) {
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $isCpuOnly = ($isCpuOnly) ? 1 : 0;
     $isSmall = ($isSmall) ? 1 : 0;
     $benchtype = ($benchtype == 'speed') ? 1 : 0;
@@ -146,7 +145,7 @@ public static function createIterationPretasks($command, $name, $basefiles, $ite
    */
   public static function renameSupertask($supertaskId, $newName) {
     $supertask = SupertaskUtils::getSupertask($supertaskId);
-    Factory::getSupertaskFactory()->set($supertask, Supertask::SUPERTASK_NAME, htmlentities($newName, ENT_QUOTES, "UTF-8"));
+    Factory::getSupertaskFactory()->set($supertask, Supertask::SUPERTASK_NAME, $newName);
   }
 
   /**
@@ -327,7 +326,6 @@ public static function createSupertask($name, $pretasks) {
     if (!is_array($pretasks) || sizeof($pretasks) == 0) {
       throw new HTException("Cannot create empty supertask!");
     }
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $tasks = [];
     foreach ($pretasks as $pretaskId) {
       $pretask = Factory::getPretaskFactory()->get($pretaskId);
@@ -360,7 +358,6 @@ public static function createSupertask($name, $pretasks) {
    * @throws HTException
    */
   public static function importSupertask($name, $isCpuOnly, $maxAgents, $isSmall, $useOptimized, $crackerBinaryTypeId, $masks, $benchtype) {
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     $isCpuOnly = ($isCpuOnly) ? 1 : 0;
     $isSmall = ($isSmall) ? 1 : 0;
     $useOptimized = ($useOptimized) ? true : false;

src/inc/utils/TaskUtils.class.php

@@ -99,7 +99,6 @@ public static function getDefault() {
    * @throws HTException
    */
   public static function editNotes($taskId, $notes, $user) {
-    $notes = htmlentities($notes, ENT_QUOTES, "UTF-8");
     $task = TaskUtils::getTask($taskId, $user);
     Factory::getTaskFactory()->set($task, Task::NOTES, $notes);
   }
@@ -186,7 +185,7 @@ public static function archiveTask($taskId, $user) {
    */
   public static function renameSupertask($taskWrapperId, $newName, $user) {
     $taskWrapper = TaskUtils::getTaskWrapper($taskWrapperId, $user);
-    Factory::getTaskWrapperFactory()->set($taskWrapper, TaskWrapper::TASK_WRAPPER_NAME, htmlentities($newName, ENT_QUOTES, "UTF-8"));
+    Factory::getTaskWrapperFactory()->set($taskWrapper, TaskWrapper::TASK_WRAPPER_NAME, $newName);
   }
 
   /**
@@ -635,7 +634,7 @@ public static function updateColor($taskId, $color, $user) {
   public static function rename($taskId, $name, $user) {
     // change task name
     $task = TaskUtils::getTask($taskId, $user);
-    Factory::getTaskFactory()->set($task, Task::TASK_NAME, htmlentities($name, ENT_QUOTES, "UTF-8"));
+    Factory::getTaskFactory()->set($task, Task::TASK_NAME, $name);
   }
 
   /**
@@ -745,7 +744,6 @@ public static function createTask($hashlistId, $name, $attackCmd, $chunkTime, $s
       throw new HTException("You cannot create a task for an archived hashlist!");
     }
 
-    $name = htmlentities($name, ENT_QUOTES, "UTF-8");
     if (strlen($name) == 0) {
       $name = "Task_" . $hashlist->getId() . "_" . date("Ymd_Hi");
     }
@@ -763,8 +761,8 @@ public static function createTask($hashlistId, $name, $attackCmd, $chunkTime, $s
     else if (strpos($attackCmd, SConfig::getInstance()->getVal(DConfig::HASHLIST_ALIAS)) === false) {
       throw new HTException("Attack command does not contain hashlist alias!");
     }
-    else if (strlen($attackCmd) > 256) {
-      throw new HTException("Attack command is too long (max 256 characters)!");
+    else if (strlen($attackCmd) > 65535) {
+      throw new HTException("Attack command is too long (max 65535 characters)!");
     }
     else if ($staticChunking < DTaskStaticChunking::NORMAL || $staticChunking > DTaskStaticChunking::NUM_CHUNKS) {
       throw new HTException("Invalid static chunk setting!");

src/install/hashtopolis.sql

@@ -31,7 +31,7 @@ CREATE TABLE `Agent` (
   `uid`             VARCHAR(100) NOT NULL,
   `os`              INT(11)      NOT NULL,
   `devices`         TEXT         NOT NULL,
-  `cmdPars`         VARCHAR(256) NOT NULL,
+  `cmdPars`         TEXT         NOT NULL,
   `ignoreErrors`    TINYINT(4)   NOT NULL,
   `isActive`        TINYINT(4)   NOT NULL,
   `isTrusted`       TINYINT(4)   NOT NULL,
@@ -786,7 +786,7 @@ CREATE TABLE `NotificationSetting` (
 CREATE TABLE `Pretask` (
   `pretaskId`           INT(11)      NOT NULL,
   `taskName`            VARCHAR(100) NOT NULL,
-  `attackCmd`           VARCHAR(256) NOT NULL,
+  `attackCmd`           TEXT         NOT NULL,
   `chunkTime`           INT(11)      NOT NULL,
   `statusTimer`         INT(11)      NOT NULL,
   `color`               VARCHAR(20)  NULL,
@@ -851,7 +851,7 @@ CREATE TABLE `SupertaskPretask` (
 CREATE TABLE `Task` (
   `taskId`              INT(11)      NOT NULL,
   `taskName`            VARCHAR(256) NOT NULL,
-  `attackCmd`           VARCHAR(256) NOT NULL,
+  `attackCmd`           TEXT         NOT NULL,
   `chunkTime`           INT(11)      NOT NULL,
   `statusTimer`         INT(11)      NOT NULL,
   `keyspace`            BIGINT(20)   NOT NULL,
@@ -954,7 +954,7 @@ CREATE TABLE `HealthCheck` (
   `hashtypeId`      INT(11)      NOT NULL,
   `crackerBinaryId` INT(11)      NOT NULL,
   `expectedCracks`  INT(11)      NOT NULL,
-  `attackCmd`       VARCHAR(256) NOT NULL
+  `attackCmd`       TEXT         NOT NULL
 ) ENGINE=InnoDB;
 
 CREATE TABLE `HealthCheckAgent` (

src/install/updates/update_v0.14.2_v0.14.x.php

@@ -0,0 +1,11 @@
+<?php /** @noinspection SqlNoDataSourceInspection */
+
+use DBA\Factory;
+
+if (!isset($PRESENT["v0.14.x_attackCmd"])) {
+  Factory::getAgentFactory()->getDB()->query("ALTER TABLE `Task` MODIFY `attackCmd` TEXT NOT NULL;");
+  Factory::getAgentFactory()->getDB()->query("ALTER TABLE `Pretask` MODIFY `attackCmd` TEXT NOT NULL;");
+  Factory::getAgentFactory()->getDB()->query("ALTER TABLE `HealthCheck` MODIFY `attackCmd` TEXT NOT NULL;");
+  Factory::getAgentFactory()->getDB()->query("ALTER TABLE `Agent` MODIFY `cmdPars` TEXT NOT NULL;");
+  $EXECUTED["v0.14.x_attackCmd"] = true;
+}

src/install/updates/update_v0.14.x_v0.14.2.php

@@ -1,7 +1,6 @@
 <?php /** @noinspection SqlNoDataSourceInspection */
 
 use DBA\Factory;
-use DBA\HashType;
 
 
 if (!isset($PRESENT["v0.14.x_maxAgents_taskwrapper"])) {