glpi-project · cedric-anne · Oct 17, 2024 · Oct 15, 2024 · Oct 15, 2024 · Oct 15, 2024
diff --git a/ajax/map.php b/ajax/map.php
@@ -33,18 +33,16 @@
  * ---------------------------------------------------------------------
  */
 
+use Glpi\Exception\Http\BadRequestHttpException;
+
 header("Content-Type: application/json; charset=UTF-8");
 Html::header_nocache();
 
 Session::checkLoginUser();
 
 $result = [];
 if (!isset($_POST['itemtype']) || !isset($_POST['params'])) {
-    http_response_code(500);
-    $result = [
-        'success'   => false,
-        'message'   => __('Required argument missing!')
-    ];
+    throw new BadRequestHttpException();
 } else {
     $itemtype = $_POST['itemtype'];
     $params   = $_POST['params'];

diff --git a/front/central.php b/front/central.php
@@ -45,7 +45,7 @@
     Html::zeroSecurityIframedHeader($grid->getDashboard()->getTitle(), 'central', 'central');
     $grid->embed($_REQUEST);
     Html::popFooter();
-    exit;
+    return;
 }
 
 // Change profile system

diff --git a/front/crontask.form.php b/front/crontask.form.php
@@ -33,6 +33,8 @@
  * ---------------------------------------------------------------------
  */
 
+use Glpi\Exception\Http\BadRequestHttpException;
+
 /**
  * Form to edit Cron Task
  */
@@ -79,7 +81,7 @@
     Html::back();
 } else {
     if (!isset($_GET["id"]) || empty($_GET["id"])) {
-        exit();
+        throw new BadRequestHttpException();
     }
     $menus = ['config', 'crontask'];
     CronTask::displayFullPageForItem($_GET['id'], $menus);

diff --git a/front/initpassword.php b/front/initpassword.php
@@ -54,7 +54,7 @@
         'title'         => __('Forgotten initialization'),
         'messages_only' => true,
     ]);
-    exit();
+    return;
 }
 
 $user = new User();
@@ -74,5 +74,3 @@
         User::showPasswordInitRequestForm();
     }
 }
-
-exit();
diff --git a/front/locale.php b/front/locale.php
@@ -83,7 +83,8 @@
 if (!($messages instanceof \Laminas\I18n\Translator\TextDomain)) {
    // No TextDomain found means that there is no translations for given domain.
    // It is mostly related to plugins that does not provide any translations.
-    exit($default_response);
+    echo $default_response;
+    return;
 }
 
 // Extract headers from main po file
@@ -98,7 +99,8 @@
 );
 if (false === $po_file_handle) {
     trigger_error(sprintf('Unable to extract locales data from "%s".', $po_file), E_USER_WARNING);
-    exit($default_response);
+    echo $default_response;
+    return;
 }
 $in_headers = false;
 $headers = [];
@@ -122,7 +124,8 @@
 }
 if (count(array_diff($header_keys, array_keys($headers))) > 0) {
     trigger_error(sprintf('Missing mandatory locale headers in "%s".', $po_file), E_USER_WARNING);
-    exit($default_response);
+    echo $default_response;
+    return;
 }
 
 // Output messages and headers

diff --git a/front/login.php b/front/login.php
@@ -33,12 +33,12 @@
  * ---------------------------------------------------------------------
  */
 
+use Glpi\Exception\AuthenticationFailedException;
+
 /**
  * @since 0.85
  */
 
-use Glpi\Application\View\TemplateRenderer;
-
 /**
  * @var array $CFG_GLPI
  */
@@ -77,14 +77,6 @@
 
 $remember = isset($_SESSION['rmbfield']) && isset($_POST[$_SESSION['rmbfield']]) && $CFG_GLPI["login_remember_time"];
 
-// Redirect management
-$REDIRECT = "";
-if (isset($_POST['redirect']) && (strlen($_POST['redirect']) > 0)) {
-    $REDIRECT = "?redirect=" . rawurlencode($_POST['redirect']);
-} else if (isset($_GET['redirect']) && strlen($_GET['redirect']) > 0) {
-    $REDIRECT = "?redirect=" . rawurlencode($_GET['redirect']);
-}
-
 $auth = new Auth();
 
 
@@ -102,10 +94,5 @@
 if ($auth->login($login, $password, (isset($_REQUEST["noAUTO"]) ? $_REQUEST["noAUTO"] : false), $remember, $login_auth, $mfa_params)) {
     Auth::redirectIfAuthenticated();
 } else {
-    http_response_code(401);
-    TemplateRenderer::getInstance()->display('pages/login_error.html.twig', [
-        'errors'    => $auth->getErrors(),
-        'login_url' => $CFG_GLPI["root_doc"] . '/front/logout.php?noAUTO=1' . str_replace("?", "&", $REDIRECT),
-    ]);
-    exit();
+    throw new AuthenticationFailedException(authentication_errors: $auth->getErrors());
 }
diff --git a/front/logout.php b/front/logout.php
@@ -71,9 +71,9 @@
 
 // Redirect management
 if (isset($_POST['redirect']) && (strlen($_POST['redirect']) > 0)) {
-    $toADD = "?redirect=" . $_POST['redirect'];
+    $toADD = "?redirect=" . rawurlencode($_POST['redirect']);
 } else if (isset($_GET['redirect']) && (strlen($_GET['redirect']) > 0)) {
-    $toADD = "?redirect=" . $_GET['redirect'];
+    $toADD = "?redirect=" . rawurlencode($_GET['redirect']);
 }
 
 if (isset($_SESSION["noAUTO"]) || isset($_GET['noAUTO'])) {

diff --git a/front/lostpassword.php b/front/lostpassword.php
@@ -55,7 +55,7 @@
     TemplateRenderer::getInstance()->display('forgotpassword.html.twig', [
         'messages_only' => true,
     ]);
-    exit();
+    return;
 }
 
 $user = new User();
@@ -75,5 +75,3 @@
         User::showPasswordForgetRequestForm();
     }
 }
-
-exit();
diff --git a/front/massiveaction.php b/front/massiveaction.php
@@ -53,7 +53,7 @@
     echo "</div>";
 
     Html::popFooter();
-    exit();
+    return;
 }
 Html::popHeader(__('Bulk modification'), $_SERVER['PHP_SELF']);
 

diff --git a/front/palette_preview.php b/front/palette_preview.php
@@ -52,7 +52,7 @@
     $blank = base64_decode('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=');
     header(sprintf('Content-Length: %s', strlen($blank)));
     echo $blank;
-    exit();
+    return;
 }
 
 header('Cache-Control: public, max-age=2592000, must-revalidate'); // 1 month cache

diff --git a/front/pluginimage.send.php b/front/pluginimage.send.php
@@ -43,6 +43,7 @@
  */
 
 use Glpi\Event;
+use Glpi\Exception\Http\AccessDeniedHttpException;
 
 /** @var array $CFG_GLPI */
 global $CFG_GLPI;
@@ -56,7 +57,7 @@
         //TRANS: %s is user name
         sprintf(__('%s makes a bad usage.'), $_SESSION["glpiname"])
     );
-    die("security");
+    throw new AccessDeniedHttpException();
 }
 
 $dir = GLPI_PLUGIN_DOC_DIR . "/" . $_GET["plugin"] . "/";
@@ -78,7 +79,7 @@
         "security",
         sprintf(__('%s tries to use a non standard path.'), $_SESSION["glpiname"])
     );
-    die("security");
+    throw new AccessDeniedHttpException();
 }
 
 // Now send the file with header() magic

diff --git a/front/report.dynamic.php b/front/report.dynamic.php
@@ -112,7 +112,7 @@
            // Plugin case
             if ($plug = isPluginItemType($itemtype)) {
                 if (Plugin::doOneHook($plug['plugin'], 'dynamicReport', $_GET)) {
-                    exit();
+                    return;
                 }
             }
             $params = Search::manageParams($itemtype, $_GET);

diff --git a/front/rule.common.php b/front/rule.common.php
@@ -95,7 +95,7 @@
         && $rulecollection->warningBeforeReplayRulesOnExistingDB($_SERVER['PHP_SELF'])
     ) {
         Html::footer();
-        exit();
+        return;
     }
 
     echo "<table class='tab_cadrehov'>";
@@ -143,7 +143,7 @@
     }
 
     Html::footer();
-    exit();
+    return;
 }
 
 Html::header(

diff --git a/front/rule.test.php b/front/rule.test.php
@@ -33,6 +33,8 @@
  * ---------------------------------------------------------------------
  */
 
+use Glpi\Exception\Http\BadRequestHttpException;
+
 Session::checkCentralAccess();
 
 if (isset($_POST["sub_type"])) {
@@ -53,7 +55,7 @@
 
 /** @var Rule $rule */
 if (!$rule = getItemForItemtype($sub_type)) {
-    exit;
+    throw new BadRequestHttpException();
 }
 $rule->checkGlobal(READ);
 

diff --git a/front/smtp_oauth2_callback.php b/front/smtp_oauth2_callback.php
@@ -56,7 +56,7 @@
     <body></body>
 </html>
 HTML;
-    exit;
+    return;
 }
 
 Session::checkRight("config", UPDATE);

diff --git a/front/stat.global.php b/front/stat.global.php
@@ -33,6 +33,7 @@
  * ---------------------------------------------------------------------
  */
 
+use Glpi\Exception\Http\BadRequestHttpException;
 use Glpi\Stat\Data\Sglobal\StatDataAverageSatisfaction;
 use Glpi\Stat\Data\Sglobal\StatDataSatisfaction;
 use Glpi\Stat\Data\Sglobal\StatDataTicketAverageTime;
@@ -67,7 +68,7 @@
 Stat::title();
 
 if (!$item = getItemForItemtype($_GET['itemtype'])) {
-    exit;
+    throw new BadRequestHttpException();
 }
 
 $stat = new Stat();

diff --git a/front/stat.graph.php b/front/stat.graph.php
@@ -34,6 +34,7 @@
  */
 
 use Glpi\Application\View\TemplateRenderer;
+use Glpi\Exception\Http\BadRequestHttpException;
 use Glpi\Stat\Data\Graph\StatDataSatisfaction;
 use Glpi\Stat\Data\Graph\StatDataSatisfactionSurvey;
 use Glpi\Stat\Data\Graph\StatDataTicketAverageTime;
@@ -50,7 +51,7 @@
 
 /** @var CommonITILObject $item */
 if (!$item = getItemForItemtype($_GET['itemtype'])) {
-    exit;
+    throw new BadRequestHttpException();
 }
 
 //sanitize dates

diff --git a/front/stat.location.php b/front/stat.location.php
@@ -116,7 +116,7 @@
 ) {
    // Do nothing
     Html::footer();
-    exit();
+    return;
 }
 
 

diff --git a/front/stat.tracking.php b/front/stat.tracking.php
@@ -34,6 +34,7 @@
  */
 
 use Glpi\Application\View\TemplateRenderer;
+use Glpi\Exception\Http\BadRequestHttpException;
 use Glpi\Stat\Data\Location\StatDataClosed;
 use Glpi\Stat\Data\Location\StatDataLate;
 use Glpi\Stat\Data\Location\StatDataOpened;
@@ -48,7 +49,7 @@
 Session::checkRight("statistic", READ);
 
 if (!$item = getItemForItemtype($_GET['itemtype'])) {
-    exit;
+    throw new BadRequestHttpException();
 }
 
 //sanitize dates

diff --git a/front/transfer.action.php b/front/transfer.action.php
@@ -51,15 +51,15 @@
         echo "<div class='fw-bold text-center'>" . __s('Operation successful') . "<br>";
         echo "<a href='central.php' role='button' class='btn btn-primary'>" . __s('Back') . "</a></div>";
         Html::footer();
-        exit();
+        return;
     }
 } else if (isset($_POST['clear'])) {
     unset($_SESSION['glpitransfer_list']);
     echo "<div class='fw-bold text-center'>" . __s('Operation successful') . "<br>";
     echo "<a href='central.php' role='button' class='btn btn-primary'>" . __s('Back') . "</a></div>";
     echo "</div>";
     Html::footer();
-    exit();
+    return;
 }
 
 unset($_SESSION['glpimassiveactionselected']);

diff --git a/install/update.php b/install/update.php
@@ -226,7 +226,7 @@ function showSecurityKeyCheckForm()
         $result = Config::displayCheckDbEngine(true);
         echo "</p>";
         if ($result > 0) {
-            die(1);
+            return;
         }
         if (
             $update->isExpectedSecurityKeyFileMissing()

diff --git a/src/Glpi/Controller/ApiController.php b/src/Glpi/Controller/ApiController.php
@@ -82,7 +82,7 @@ private function call(): void
             // Include the legacy API entrypoint and then die
             $api = new \Glpi\Api\APIRest();
             $api->call();
-            die();
+            return;
         }
 
         $supported_versions = Router::getAPIVersions();

diff --git a/src/Glpi/Controller/IndexController.php b/src/Glpi/Controller/IndexController.php
@@ -104,15 +104,15 @@ private function call(): void
                 echo '</div>';
                 echo '</div>';
                 Html::nullFooter();
+                return;
             }
-            die();
         }
 
         //Try to detect GLPI agent calls
         $rawdata = file_get_contents("php://input");
         if (!isset($_POST['totp_code']) && !empty($rawdata) && $_SERVER['REQUEST_METHOD'] === 'POST') {
             include_once(GLPI_ROOT . '/front/inventory.php');
-            die();
+            return;
         }
 
         Session::checkCookieSecureConfig();
@@ -149,17 +149,16 @@ private function call(): void
             }
         }
 
-        // redirect to ticket
-        if ($redirect !== '') {
-            Toolbox::manageRedirect($redirect);
-        }
-
-        if (count($errors)) {
+        if (count($errors) > 0) {
             TemplateRenderer::getInstance()->display('pages/login_error.html.twig', [
                 'errors'    => $errors,
-                'login_url' => $CFG_GLPI["root_doc"] . '/front/logout.php?noAUTO=1&redirect=' . str_replace("?", "&", $redirect),
+                'login_url' => $CFG_GLPI["root_doc"] . '/front/logout.php?noAUTO=1&redirect=' . \rawurlencode($redirect),
             ]);
         } else {
+            if ($redirect !== '') {
+                Toolbox::manageRedirect($redirect);
+            }
+
             if (isset($_SESSION['mfa_pre_auth'], $_POST['skip_mfa'])) {
                 Html::redirect($CFG_GLPI['root_doc'] . '/front/login.php?skip_mfa=1');
             }