diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 14f105b470..da63fdcebb 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,14 @@ +2009-11-25 Miguel de Dios + + * include/functions_io.php, include/functions.php: change and add functions + for manage the input output with correct encoding and decoding. + + *include/functions_html.php, include/functions_ui.php, + operation/agentes/status_monitor.php, + operation/agentes/estado_ultimopaquete.php, + operation/agentes/estado_monitores.php: change the function "salida_limpia" + for "safe_output" and other changes. + 2009-11-25 Miguel de Dios * godmode/alerts/alert_list.php: add column status of alert in alert diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 1dc3bc94ae..67c98bd0f4 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -25,111 +25,10 @@ */ require_once ('functions_html.php'); require_once ('functions_ui.php'); +require_once('functions_io.php'); define ('ENTERPRISE_NOT_HOOK', -1); -/** - * Cleans a string by encoding to UTF-8 and replacing the HTML - * entities. UTF-8 is necessary for foreign chars like asian - * and our databases are (or should be) UTF-8 - * - * @param mixed String or array of strings to be cleaned. - * - * @return mixed The cleaned string or array. - */ -//function safe_input ($value) { -// if (is_numeric ($value)) -// return $value; -// -// if (is_array ($value)) { -// array_walk ($value, 'safe_input'); -// return $value; -// } -// -// if (version_compare (PHP_VERSION, '5.2.3') === 1) { -// if (! mb_check_encoding ($value, 'UTF-8')) -// $value = utf8_encode ($value); -// return htmlentities ($value, ENT_QUOTES, "UTF-8", false); -// } else { -// $translation_table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES); -// $translation_table[chr(38)] = '&'; -// return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&", strtr ($value, $translation_table)); -// } -//} - -/** - * Cleans a string by encoding to UTF-8 and replacing the HTML - * entities. UTF-8 is necessary for foreign chars like asian - * and our databases are (or should be) UTF-8 - * - * @param mixed String or array of strings to be cleaned. - * - * @return mixed The cleaned string or array. - */ -function safe_input($value) { - //Stop!! Are you sure to modify this critical code? Because the older - //versions are serius headache in many places of Pandora. - - if (is_numeric($value)) - return $value; - - if (is_array($value)) { - array_walk($value, "safe_input"); - return $value; - } - - //Clean the trash mix into string because of magic quotes. - if (get_magic_quotes_gpc() == 1) { - $value = stripslashes($value); - } - - if (! mb_check_encoding ($value, 'UTF-8')) - $value = utf8_encode ($value); - - $valueHtmlEncode = htmlentities ($value, ENT_QUOTES, "UTF-8", true); - - //Replace the character '\' for the equivalent html entitie - $valueHtmlEncode = str_replace('\\', "\", $valueHtmlEncode); - - return $valueHtmlEncode; -} - -/** - * Cleans a string by encoding to UTF-8 and replacing the HTML - * entities to their numeric counterparts (possibly double encoding) - * - * @param mixed String or array of strings to be cleaned. - * - * @return mixed The cleaned string or array. - */ -function safe_output_xml ($string) { - if (is_numeric ($string)) - return $string; - - if (is_array ($string)) { - array_walk ($string, 'safe_output_xml'); - return $string; - } - - static $table; - static $replace; - - if (empty ($table)) { - $table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES); - $replace = array (); - - foreach ($table as $key => $value){ - $table[$key] = "/".$value."/"; - $char = htmlentities ($key, ENT_QUOTES, "UTF-8"); - $replace[$char] = "&#".ord ($key).";"; - } - } - - //now perform a replacement using preg_replace - //each matched value in $table will be replaced with the corresponding value in $replace - return preg_replace ($table, $replace, $string); -} - /** * Cleans an object or an array and casts all values as integers * @@ -160,28 +59,6 @@ function safe_int ($value, $min = false, $max = false) { return $value; } -/** - * Use to clean HTML entities when get_parameter or safe_input functions dont work - * - * @param string String to be cleaned - * - * @return string Cleaned string - */ -function salida_limpia ($string) { - $quote_style = ENT_QUOTES; - static $trans; - if (! isset ($trans)) { - $trans = get_html_translation_table (HTML_ENTITIES, $quote_style); - foreach ($trans as $key => $value) - $trans[$key] = '&#'.ord($key).';'; - // dont translate the '&' in case it is part of &xxx; - $trans[chr(38)] = '&'; - } - // after the initial translation, _do_ map standalone "&" into "&" - return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&", - strtr ($string, $trans)); -} - /** * Cleans a string of special characters (|,@,$,%,/,\,=,?,*,&,#) * Useful for filenames and graphs @@ -996,17 +873,6 @@ if (!function_exists ("mb_strtoupper")) { } } -/** - * Avoid magic_quotes protection - * - * @param string Text string to be stripped of magic_quotes protection - */ -function unsafe_string ($string) { - if (get_magic_quotes_gpc ()) - return stripslashes ($string); - return $string; -} - /** * Put quotes if magic_quotes protection * diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index 1e7ebdae24..d0507ad74f 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -563,7 +563,8 @@ function print_textarea ($name, $rows, $columns, $value = '', $attributes = '', } $output = ''; if ($return) diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php new file mode 100755 index 0000000000..9226c329fb --- /dev/null +++ b/pandora_console/include/functions_io.php @@ -0,0 +1,132 @@ + $value) + $trans[$key] = '&#'.ord($key).';'; + // dont translate the '&' in case it is part of &xxx; + $trans[chr(38)] = '&'; + } + // after the initial translation, _do_ map standalone "&" into "&" + return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&", + strtr ($string, $trans)); +} + +/** + * Cleans a string by encoding to UTF-8 and replacing the HTML + * entities to their numeric counterparts (possibly double encoding) + * + * @param mixed String or array of strings to be cleaned. + * + * @return mixed The cleaned string or array. + */ +function safe_output_xml ($string) { + if (is_numeric ($string)) + return $string; + + if (is_array ($string)) { + array_walk ($string, 'safe_output_xml'); + return $string; + } + + static $table; + static $replace; + + if (empty ($table)) { + $table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES); + $replace = array (); + + foreach ($table as $key => $value){ + $table[$key] = "/".$value."/"; + $char = htmlentities ($key, ENT_QUOTES, "UTF-8"); + $replace[$char] = "&#".ord ($key).";"; + } + } + + //now perform a replacement using preg_replace + //each matched value in $table will be replaced with the corresponding value in $replace + return preg_replace ($table, $replace, $string); +} + +/** + * Avoid magic_quotes protection + * + * @param string Text string to be stripped of magic_quotes protection + */ +function unsafe_string ($string) { + if (get_magic_quotes_gpc ()) + return stripslashes ($string); + return $string; +} + +/** + * Convert the $value encode in html entity to clear char string. + * + * @param mixed String or array of strings to be cleaned. + * + * @return unknown_type + */ +function safe_output($value) +{ + if (is_numeric($value)) + return $value; + + if (is_array($value)) { + array_walk($value, "safe_output"); + return $value; + } + + if (! mb_check_encoding ($value, 'UTF-8')) + $value = utf8_encode ($value); + + $valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES, "UTF-8"); + + return $valueHtmlEncode; +} +?> \ No newline at end of file diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index 050f0e577e..26401a2f22 100644 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -317,7 +317,7 @@ function format_alert_row ($alert, $compound = false, $agent = true, $url = '') else { $id_agent = get_agentmodule_agent ($alert['id_agent_module']); $template = get_alert_template ($alert['id_alert_template']); - $description = $template['name']; + $description = safe_output($template['name']); } $data = array (); diff --git a/pandora_console/operation/agentes/estado_monitores.php b/pandora_console/operation/agentes/estado_monitores.php index 55e27dba6b..9e8a080ec9 100644 --- a/pandora_console/operation/agentes/estado_monitores.php +++ b/pandora_console/operation/agentes/estado_monitores.php @@ -115,7 +115,7 @@ foreach ($modules as $module) { if (is_numeric($module["datos"])) { $title .= " : " . format_for_graph($module["datos"]); } else { - $title .= " : " . substr(salida_limpia($module["datos"]),0,42); + $title .= " : " . substr(safe_output($module["datos"]),0,42); } $data[4] = print_status_image($status, $title, true); @@ -123,7 +123,7 @@ foreach ($modules as $module) { if (is_numeric($module["datos"])){ $salida = format_numeric($module["datos"]); } else { - $salida = "".substr(salida_limpia($module["datos"]),0,12).""; + $salida = "".substr(safe_output($module["datos"]),0,12).""; } $data[5] = $salida; diff --git a/pandora_console/operation/agentes/estado_ultimopaquete.php b/pandora_console/operation/agentes/estado_ultimopaquete.php index afe2fa4c2f..a352f50f1d 100644 --- a/pandora_console/operation/agentes/estado_ultimopaquete.php +++ b/pandora_console/operation/agentes/estado_ultimopaquete.php @@ -118,7 +118,7 @@ foreach ($modules as $module) { } } $nombre_tipo_modulo = get_moduletype_name ($module["id_tipo_modulo"]); - echo ""; + echo ""; print_string_substr ($module["nombre"]); echo " "; @@ -136,8 +136,8 @@ foreach ($modules as $module) { AND ($module["id_tipo_modulo"] != 10) AND ($module["id_tipo_modulo"] != 17) AND ($module["id_tipo_modulo"] != 23)){ - echo ""; - echo salida_limpia(substr($module["descripcion"],0,32)); + echo ""; + echo safe_output(substr($module["descripcion"],0,32)); if (strlen($module["descripcion"]) > 32){ echo "..."; } @@ -145,7 +145,7 @@ foreach ($modules as $module) { } if (($module["id_tipo_modulo"] == 100) OR ($module['history_data'] == 0)) { echo ""; - echo substr(salida_limpia($module["datos"]),0,12); + echo substr(safe_output($module["datos"]),0,12); } else { @@ -154,8 +154,8 @@ foreach ($modules as $module) { echo ""; echo format_for_graph($module["datos"] ); } else { - echo ""; - echo substr(salida_limpia($module["datos"]),0,42); + echo ""; + echo substr(safe_output($module["datos"]),0,42); } diff --git a/pandora_console/operation/agentes/status_monitor.php b/pandora_console/operation/agentes/status_monitor.php index 7a4f48ddd0..8aedf5d049 100644 --- a/pandora_console/operation/agentes/status_monitor.php +++ b/pandora_console/operation/agentes/status_monitor.php @@ -243,7 +243,7 @@ foreach ($result as $row) { if (is_numeric($row["datos"])) $data[7] = format_numeric($row["datos"]); else - $data[7] = "".substr(salida_limpia($row["datos"]),0,12).""; + $data[7] = "".substr(safe_output($row["datos"]),0,12).""; $seconds = get_system_time () - $row["utimestamp"];