2009-11-25 Miguel de Dios <miguel.dedios@artica.es>

* include/functions_io.php, include/functions.php: change and add functions
	for manage the input output with correct encoding and decoding.

	*include/functions_html.php, include/functions_ui.php,
	operation/agentes/status_monitor.php,
	operation/agentes/estado_ultimopaquete.php,
	operation/agentes/estado_monitores.php: change the function "salida_limpia"
	for "safe_output" and other changes.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2128 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,14 @@
+2009-11-25  Miguel de Dios <miguel.dedios@artica.es>
+
+	* include/functions_io.php, include/functions.php: change and add functions
+	for manage the input output with correct encoding and decoding.
+
+	*include/functions_html.php, include/functions_ui.php,
+	operation/agentes/status_monitor.php,
+	operation/agentes/estado_ultimopaquete.php,
+	operation/agentes/estado_monitores.php: change the function "salida_limpia"
+	for "safe_output" and other changes.
+
 2009-11-25  Miguel de Dios <miguel.dedios@artica.es>
 
 	* godmode/alerts/alert_list.php: add column status of alert in alert

pandora_console/include/functions.php

@@ -25,111 +25,10 @@
  */
 require_once ('functions_html.php');
 require_once ('functions_ui.php');
+require_once('functions_io.php');
 
 define ('ENTERPRISE_NOT_HOOK', -1);
 
-/** 
- * Cleans a string by encoding to UTF-8 and replacing the HTML
- * entities. UTF-8 is necessary for foreign chars like asian 
- * and our databases are (or should be) UTF-8
- * 
- * @param mixed String or array of strings to be cleaned.
- * 
- * @return mixed The cleaned string or array.
- */
-//function safe_input ($value) {
-//	if (is_numeric ($value))
-//		return $value;
-//
-//	if (is_array ($value)) {
-//		array_walk ($value, 'safe_input');
-//		return $value;
-//	}
-//
-//	if (version_compare (PHP_VERSION, '5.2.3') === 1) {
-//		if (! mb_check_encoding ($value, 'UTF-8'))
-//			$value = utf8_encode ($value);
-//		return htmlentities ($value, ENT_QUOTES, "UTF-8", false);
-//	} else {
-//		$translation_table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES);
-//		$translation_table[chr(38)] = '&';
-//		return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&", strtr ($value, $translation_table));
-//	}
-//}
-
-/** 
- * Cleans a string by encoding to UTF-8 and replacing the HTML
- * entities. UTF-8 is necessary for foreign chars like asian 
- * and our databases are (or should be) UTF-8
- * 
- * @param mixed String or array of strings to be cleaned.
- * 
- * @return mixed The cleaned string or array.
- */
-function safe_input($value) {
-	//Stop!! Are you sure to modify this critical code? Because the older
-	//versions are serius headache in many places of Pandora.
-	
-	if (is_numeric($value))
-		return $value;
-		
-	if (is_array($value)) {
-		array_walk($value, "safe_input");
-		return $value;
-	}
-	
-	//Clean the trash mix into string because of magic quotes.
-	if (get_magic_quotes_gpc() == 1) {
-		$value = stripslashes($value);
-	}
-	
-	if (! mb_check_encoding ($value, 'UTF-8'))
-		$value = utf8_encode ($value);
-	
-	$valueHtmlEncode =  htmlentities ($value, ENT_QUOTES, "UTF-8", true);
-		
-	//Replace the character '\' for the equivalent html entitie
-	$valueHtmlEncode = str_replace('\\', "\", $valueHtmlEncode);
-	
-	return $valueHtmlEncode;
-}
-
-/** 
- * Cleans a string by encoding to UTF-8 and replacing the HTML
- * entities to their numeric counterparts (possibly double encoding)
- * 
- * @param mixed String or array of strings to be cleaned.
- * 
- * @return mixed The cleaned string or array.
- */	
-function safe_output_xml ($string) {
-	if (is_numeric ($string))
-		return $string;
-	
-	if (is_array ($string)) {
-		array_walk ($string, 'safe_output_xml');
-		return $string;
-	}
-	
-	static $table;
-	static $replace;
-	
-	if (empty ($table)) {
-		$table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES);	
-		$replace = array ();
-		
-		foreach ($table as $key => $value){
-			$table[$key] = "/".$value."/";
-			$char = htmlentities ($key, ENT_QUOTES, "UTF-8");
-			$replace[$char] = "&#".ord ($key).";";
-		}
-	}
-	
-	//now perform a replacement using preg_replace
-	//each matched value in $table will be replaced with the corresponding value in $replace
-	return preg_replace ($table, $replace, $string);
-}
-
 /**
  * Cleans an object or an array and casts all values as integers
  *
@@ -160,28 +59,6 @@ function safe_int ($value, $min = false, $max = false) {
 	return $value;
 }
 
-/** 
- * Use to clean HTML entities when get_parameter or safe_input functions dont work
- * 
- * @param string String to be cleaned
- * 
- * @return string Cleaned string
- */
-function salida_limpia ($string) {
-	$quote_style = ENT_QUOTES;
-	static $trans;
-	if (! isset ($trans)) {
-		$trans = get_html_translation_table (HTML_ENTITIES, $quote_style);
-		foreach ($trans as $key => $value)
-			$trans[$key] = '&#'.ord($key).';';
-		// dont translate the '&' in case it is part of &xxx;
-		$trans[chr(38)] = '&';
-	}
-	// after the initial translation, _do_ map standalone "&" into "&"
-	return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&",
-			strtr ($string, $trans));
-}
-
 /** 
  * Cleans a string of special characters (|,@,$,%,/,\,=,?,*,&,#)
  * Useful for filenames and graphs
@@ -996,17 +873,6 @@ if (!function_exists ("mb_strtoupper")) {
 	}
 }
 
-/**
- * Avoid magic_quotes protection
- *
- * @param string Text string to be stripped of magic_quotes protection
- */
-function unsafe_string ($string) {
-	if (get_magic_quotes_gpc ()) 
-		return stripslashes ($string);
-	return $string;
-}
-
 /**
  * Put quotes if magic_quotes protection
  *

pandora_console/include/functions_html.php

@@ -563,7 +563,8 @@ function print_textarea ($name, $rows, $columns, $value = '', $attributes = '',
 	}
 	
 	$output = '<textarea id="textarea_'.$name.'" name="'.$name.'" cols="'.$columns.'" rows="'.$rows.'" '.$attributes.' >';
-	$output .= safe_input ($value);
+	//$output .= safe_input ($value);
+	$output .= ($value);
 	$output .= '</textarea>';
 	
 	if ($return)

pandora_console/include/functions_io.php

@@ -0,0 +1,132 @@
+<?php
+/** 
+ * Cleans a string by encoding to UTF-8 and replacing the HTML
+ * entities. UTF-8 is necessary for foreign chars like asian 
+ * and our databases are (or should be) UTF-8
+ * 
+ * @param mixed String or array of strings to be cleaned.
+ * 
+ * @return mixed The cleaned string or array.
+ */
+function safe_input($value) {
+	//Stop!! Are you sure to modify this critical code? Because the older
+	//versions are serius headache in many places of Pandora.
+	
+	if (is_numeric($value))
+		return $value;
+		
+	if (is_array($value)) {
+		array_walk($value, "safe_input");
+		return $value;
+	}
+	
+	//Clean the trash mix into string because of magic quotes.
+	if (get_magic_quotes_gpc() == 1) {
+		$value = stripslashes($value);
+	}
+	
+	if (! mb_check_encoding ($value, 'UTF-8'))
+		$value = utf8_encode ($value);
+	
+	$valueHtmlEncode =  htmlentities ($value, ENT_QUOTES, "UTF-8", true);
+		
+	//Replace the character '\' for the equivalent html entitie
+	$valueHtmlEncode = str_replace('\\', "&#92;", $valueHtmlEncode);
+	
+	return $valueHtmlEncode;
+}
+
+/** 
+ * Use to clean HTML entities when get_parameter or safe_input functions dont work
+ * 
+ * @param string String to be cleaned
+ * 
+ * @return string Cleaned string
+ */
+function salida_limpia ($string) {
+	$quote_style = ENT_QUOTES;
+	static $trans;
+	if (! isset ($trans)) {
+		$trans = get_html_translation_table (HTML_ENTITIES, $quote_style);
+		foreach ($trans as $key => $value)
+			$trans[$key] = '&#'.ord($key).';';
+		// dont translate the '&' in case it is part of &xxx;
+		$trans[chr(38)] = '&';
+	}
+	// after the initial translation, _do_ map standalone "&" into "&#38;"
+	return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&#38;",
+			strtr ($string, $trans));
+}
+
+/** 
+ * Cleans a string by encoding to UTF-8 and replacing the HTML
+ * entities to their numeric counterparts (possibly double encoding)
+ * 
+ * @param mixed String or array of strings to be cleaned.
+ * 
+ * @return mixed The cleaned string or array.
+ */	
+function safe_output_xml ($string) {
+	if (is_numeric ($string))
+		return $string;
+	
+	if (is_array ($string)) {
+		array_walk ($string, 'safe_output_xml');
+		return $string;
+	}
+	
+	static $table;
+	static $replace;
+	
+	if (empty ($table)) {
+		$table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES);	
+		$replace = array ();
+		
+		foreach ($table as $key => $value){
+			$table[$key] = "/".$value."/";
+			$char = htmlentities ($key, ENT_QUOTES, "UTF-8");
+			$replace[$char] = "&#".ord ($key).";";
+		}
+	}
+	
+	//now perform a replacement using preg_replace
+	//each matched value in $table will be replaced with the corresponding value in $replace
+	return preg_replace ($table, $replace, $string);
+}
+
+/**
+ * Avoid magic_quotes protection
+ *
+ * @param string Text string to be stripped of magic_quotes protection
+ */
+function unsafe_string ($string) {
+	if (get_magic_quotes_gpc ()) 
+		return stripslashes ($string);
+	return $string;
+}
+
+/**
+ * Convert the $value encode in html entity to clear char string.
+ * 
+ * @param mixed String or array of strings to be cleaned.
+ * 
+ * @return unknown_type
+ */
+function safe_output($value)
+{	
+	if (is_numeric($value))
+		return $value;
+		
+	if (is_array($value)) {
+		array_walk($value, "safe_output");
+		return $value;
+	}
+	
+	if (! mb_check_encoding ($value, 'UTF-8'))
+		$value = utf8_encode ($value);
+	
+	$valueHtmlEncode =  html_entity_decode ($value, ENT_QUOTES, "UTF-8");
+	
+	return $valueHtmlEncode;	
+}
+?>

pandora_console/include/functions_ui.php

@@ -317,7 +317,7 @@ function format_alert_row ($alert, $compound = false, $agent = true, $url = '')
 	else {
 		$id_agent = get_agentmodule_agent ($alert['id_agent_module']);
 		$template = get_alert_template ($alert['id_alert_template']);
-		$description = $template['name'];
+		$description = safe_output($template['name']);
 	}
 	$data = array ();
 	

pandora_console/operation/agentes/estado_monitores.php

@@ -115,7 +115,7 @@ foreach ($modules as $module) {
 	if (is_numeric($module["datos"])) {
 		$title .= " : " . format_for_graph($module["datos"]);
 	} else {
-		$title .= " : " . substr(salida_limpia($module["datos"]),0,42);
+		$title .= " : " . substr(safe_output($module["datos"]),0,42);
 	}
 
 	$data[4] = print_status_image($status, $title, true);
@@ -123,7 +123,7 @@ foreach ($modules as $module) {
 	if (is_numeric($module["datos"])){
 		$salida = format_numeric($module["datos"]);
 	} else {
-		$salida = "<span title='".$module['datos']."' style='white-space: nowrap;'>".substr(salida_limpia($module["datos"]),0,12)."</span>";
+		$salida = "<span title='".$module['datos']."' style='white-space: nowrap;'>".substr(safe_output($module["datos"]),0,12)."</span>";
 	}
 
 	$data[5] = $salida;

pandora_console/operation/agentes/estado_ultimopaquete.php

@@ -118,7 +118,7 @@ foreach ($modules as $module) {
 		}
 	}
 	$nombre_tipo_modulo = get_moduletype_name ($module["id_tipo_modulo"]);
-	echo "<td class='".$tdcolor."_id' title='".salida_limpia($module["nombre"])."'>";
+	echo "<td class='".$tdcolor."_id' title='".safe_output($module["nombre"])."'>";
 	print_string_substr ($module["nombre"]);
 	echo "</td><td class='".$tdcolor."'> ";
 	
@@ -136,8 +136,8 @@ foreach ($modules as $module) {
 	AND ($module["id_tipo_modulo"] != 10)
 	AND ($module["id_tipo_modulo"] != 17)
 	AND ($module["id_tipo_modulo"] != 23)){
-		echo "</td><td class='".$tdcolor."f9' title='".salida_limpia($module["descripcion"])."'>"; 
-		echo salida_limpia(substr($module["descripcion"],0,32));
+		echo "</td><td class='".$tdcolor."f9' title='".safe_output($module["descripcion"])."'>"; 
+		echo safe_output(substr($module["descripcion"],0,32));
 		if (strlen($module["descripcion"]) > 32){
 			echo "...";
 		}
@@ -145,7 +145,7 @@ foreach ($modules as $module) {
 	} 
 	if (($module["id_tipo_modulo"] == 100) OR ($module['history_data'] == 0)) {
 		echo "<td class='".$tdcolor."f9' colspan='2' title='".$module["datos"]."'>";
-		echo substr(salida_limpia($module["datos"]),0,12);
+		echo substr(safe_output($module["datos"]),0,12);
 	} else {
 
 
@@ -154,8 +154,8 @@ foreach ($modules as $module) {
 			echo "<td class=".$tdcolor.">";
 			echo format_for_graph($module["datos"] );
 		} else {
-			echo "<td class='".$tdcolor."f9' colspan=2 title='".salida_limpia($module["datos"])."'>";
-			echo substr(salida_limpia($module["datos"]),0,42);
+			echo "<td class='".$tdcolor."f9' colspan=2 title='".safe_output($module["datos"])."'>";
+			echo substr(safe_output($module["datos"]),0,42);
 		}
 		
 			

pandora_console/operation/agentes/status_monitor.php

@@ -243,7 +243,7 @@ foreach ($result as $row) {
 	if (is_numeric($row["datos"]))
 		$data[7] = format_numeric($row["datos"]);
 	else
-		$data[7] = "<span title='".$row['datos']."' style='white-space: nowrap;'>".substr(salida_limpia($row["datos"]),0,12)."</span>";
+		$data[7] = "<span title='".$row['datos']."' style='white-space: nowrap;'>".substr(safe_output($row["datos"]),0,12)."</span>";
 
 	$seconds = get_system_time () - $row["utimestamp"];