tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-21 17:08:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v3-stable' into beta

Browse Source 
Conflicts:

	src/include/functions_common.php
This commit is contained in:
Andre Lorbach 2012-06-19 12:15:42 +02:00
commit 0c9bd09097
4 changed files with 29 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
---------------------------------------------------------------------------
Version 3.5.5 (beta), 2012-06-19
- Merged security fixes into beta branch
---------------------------------------------------------------------------
Version 3.4.4 (stable), 2012-06-19
- Fixed cross-site scripting vulnerability of highlight parameter
on index.php page.
---------------------------------------------------------------------------
Version 3.5.4 (beta), 2012-05-22 Version 3.5.4 (beta), 2012-05-22
- Merged security fixes into beta branch - Merged security fixes into beta branch
--------------------------------------------------------------------------- ---------------------------------------------------------------------------

2
src/include/functions_common.php
View File

@ -66,7 +66,7 @@ $LANG_EN = "en"; // Used for fallback
$LANG = "en"; // Default language $LANG = "en"; // Default language
// Default Template vars // Default Template vars
$content['BUILDNUMBER'] = "3.5.4"; $content['BUILDNUMBER'] = "3.5.5";
$content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt"; $content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt";
$content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER']; // Default page title $content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER']; // Default page title
$content['BASEPATH'] = $gl_root_path; $content['BASEPATH'] = $gl_root_path;

32
src/index.php
View File

@ -124,6 +124,7 @@ $content['sorting'] = "";
$content['searchstr'] = ""; $content['searchstr'] = "";
$content['searchstr_htmlform'] = ""; $content['searchstr_htmlform'] = "";
$content['highlightstr'] = ""; $content['highlightstr'] = "";
$content['highlightstr_htmlform'] = "";
$content['EXPAND_HIGHLIGHT'] = "false"; $content['EXPAND_HIGHLIGHT'] = "false";
// --- Read and process filters from search dialog! // --- Read and process filters from search dialog!
@ -142,18 +143,21 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte
// Optionally read highlight words // Optionally read highlight words
if ( isset($_POST['highlight']) ) if ( isset($_POST['highlight']) )
$content['highlightstr'] = $_POST['highlight'];
else if ( isset($_GET['highlight']) )
$content['highlightstr'] = $_GET['highlight'];
// else if ( $mysearch == $content['LN_SEARCH'])
{ {
// Message is just appended $content['highlightstr'] = $_POST['highlight'];
if ( isset($myfilter) && strlen($myfilter) > 0 ) $content['highlightstr_htmlform'] = htmlspecialchars($_POST['highlight']);
{ }
$content['searchstr'] = $myfilter; else if ( isset($_GET['highlight']) )
$content['searchstr_htmlform'] = htmlspecialchars($myfilter); {
} $content['highlightstr'] = $_GET['highlight'];
$content['highlightstr_htmlform'] = htmlspecialchars($_GET['highlight']);
}
// Message is just appended
if ( isset($myfilter) && strlen($myfilter) > 0 )
{
$content['searchstr'] = $myfilter;
$content['searchstr_htmlform'] = htmlspecialchars($myfilter);
} }
if ( strlen($content['highlightstr']) > 0 ) if ( strlen($content['highlightstr']) > 0 )
@ -165,7 +169,7 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte
if ( strpos($content['highlightstr'], ",") === false) if ( strpos($content['highlightstr'], ",") === false)
{ {
$content['highlightwords'][0]['highlight_raw'] = $content['highlightstr']; $content['highlightwords'][0]['highlight_html'] = htmlspecialchars($content['highlightstr']);
$content['highlightwords'][0]['highlight'] = str_replace( $searchArray, $replaceArray, $content['highlightstr']); $content['highlightwords'][0]['highlight'] = str_replace( $searchArray, $replaceArray, $content['highlightstr']);
$content['highlightwords'][0]['cssclass'] = "highlight_1"; $content['highlightwords'][0]['cssclass'] = "highlight_1";
$content['highlightwords'][0]['htmlcode'] = '<span class="' . $content['highlightwords'][0]['cssclass'] . '">' . $content['highlightwords'][0]['highlight']. '</span>'; $content['highlightwords'][0]['htmlcode'] = '<span class="' . $content['highlightwords'][0]['cssclass'] . '">' . $content['highlightwords'][0]['highlight']. '</span>';
@ -175,12 +179,12 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte
// Split array into words // Split array into words
$tmparray = explode( ",", $content['highlightstr'] ); $tmparray = explode( ",", $content['highlightstr'] );
foreach( $tmparray as $word ) foreach( $tmparray as $word )
$content['highlightwords'][]['highlight_raw'] = $word; $content['highlightwords'][]['highlight_html'] = htmlspecialchars($word);
// Assign other variables needed for this array entry // Assign other variables needed for this array entry
for ($i = 0; $i < count($content['highlightwords']); $i++) for ($i = 0; $i < count($content['highlightwords']); $i++)
{ {
$content['highlightwords'][$i]['highlight'] = str_replace( $searchArray, $replaceArray, $content['highlightwords'][$i]['highlight_raw']); $content['highlightwords'][$i]['highlight'] = str_replace( $searchArray, $replaceArray, $content['highlightwords'][$i]['highlight_html']);
$content['highlightwords'][$i]['cssclass'] = "highlight_" . ($i+1); $content['highlightwords'][$i]['cssclass'] = "highlight_" . ($i+1);
$content['highlightwords'][$i]['htmlcode'] = '<span class="' . $content['highlightwords'][$i]['cssclass'] . '">' . $content['highlightwords'][$i]['highlight']. '</span>'; $content['highlightwords'][$i]['htmlcode'] = '<span class="' . $content['highlightwords'][$i]['cssclass'] . '">' . $content['highlightwords'][$i]['highlight']. '</span>';
} }

4
src/templates/index.html
View File

@ -65,7 +65,7 @@
</tr> </tr>
<tr> <tr>
<td align="left" class="line1" nowrap> <td align="left" class="line1" nowrap>
<input maxlength="2048" name="highlight" size="75" title="Search" value="{highlightstr}"> <input maxlength="2048" name="highlight" size="75" title="Search" value="{highlightstr_htmlform}">
<input name="search" type="submit" value="{LN_SEARCH}" class="SearchFormControl"> <input name="search" type="submit" value="{LN_SEARCH}" class="SearchFormControl">
</td> </td>
</tr> </tr>
@ -75,7 +75,7 @@
<table border="0" cellpadding="1" cellspacing="1" width="100%" align="center"> <table border="0" cellpadding="1" cellspacing="1" width="100%" align="center">
<tr> <tr>
<!-- BEGIN highlightwords --> <!-- BEGIN highlightwords -->
<td class="{cssclass}" align="center"><b>{highlight_raw}</b></td> <td class="{cssclass}" align="center"><b>{highlight_html}</b></td>
<!-- END highlightwords --> <!-- END highlightwords -->
</tr> </tr>
</table> </table>