2009-11-25 Miguel de Dios <miguel.dedios@artica.es>

* include/functions_io.php, include/functions.php: change and add functions for manage the input output with correct encoding and decoding. *include/functions_html.php, include/functions_ui.php, operation/agentes/status_monitor.php, operation/agentes/estado_ultimopaquete.php, operation/agentes/estado_monitores.php: change the function "salida_limpia" for "safe_output" and other changes. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2128 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2009-11-25 09:12:42 +00:00 · 2009-11-25 09:12:42 +00:00 · 006a81ff3f
parent a0bc3c235f
commit 006a81ff3f
8 changed files with 156 additions and 146 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,14 @@
 2009-11-25  Miguel de Dios <miguel.dedios@artica.es>
 	* include/functions_io.php, include/functions.php: change and add functions
 	for manage the input output with correct encoding and decoding.
 	*include/functions_html.php, include/functions_ui.php,
 	operation/agentes/status_monitor.php,
 	operation/agentes/estado_ultimopaquete.php,
 	operation/agentes/estado_monitores.php: change the function "salida_limpia"
 	for "safe_output" and other changes.
 2009-11-25  Miguel de Dios <miguel.dedios@artica.es>
 	* godmode/alerts/alert_list.php: add column status of alert in alert
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@ -25,111 +25,10 @@
 */
 require_once ('functions_html.php');
 require_once ('functions_ui.php');
 require_once('functions_io.php');
 define ('ENTERPRISE_NOT_HOOK', -1);
 /** 
 * Cleans a string by encoding to UTF-8 and replacing the HTML
 * entities. UTF-8 is necessary for foreign chars like asian 
 * and our databases are (or should be) UTF-8
 * 
 * @param mixed String or array of strings to be cleaned.
 * 
 * @return mixed The cleaned string or array.
 */
 //function safe_input ($value) {
 //	if (is_numeric ($value))
 //		return $value;
 //
 //	if (is_array ($value)) {
 //		array_walk ($value, 'safe_input');
 //		return $value;
 //	}
 //
 //	if (version_compare (PHP_VERSION, '5.2.3') === 1) {
 //		if (! mb_check_encoding ($value, 'UTF-8'))
 //			$value = utf8_encode ($value);
 //		return htmlentities ($value, ENT_QUOTES, "UTF-8", false);
 //	} else {
 //		$translation_table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES);
 //		$translation_table[chr(38)] = '&';
 //		return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&amp;", strtr ($value, $translation_table));
 //	}
 //}
 /** 
 * Cleans a string by encoding to UTF-8 and replacing the HTML
 * entities. UTF-8 is necessary for foreign chars like asian 
 * and our databases are (or should be) UTF-8
 * 
 * @param mixed String or array of strings to be cleaned.
 * 
 * @return mixed The cleaned string or array.
 */
 function safe_input($value) {
 	//Stop!! Are you sure to modify this critical code? Because the older
 	//versions are serius headache in many places of Pandora.
 	if (is_numeric($value))
 		return $value;
 	if (is_array($value)) {
 		array_walk($value, "safe_input");
 		return $value;
 	}
 	//Clean the trash mix into string because of magic quotes.
 	if (get_magic_quotes_gpc() == 1) {
 		$value = stripslashes($value);
 	}
 	if (! mb_check_encoding ($value, 'UTF-8'))
 		$value = utf8_encode ($value);
 	$valueHtmlEncode =  htmlentities ($value, ENT_QUOTES, "UTF-8", true);
 	//Replace the character '\' for the equivalent html entitie
 	$valueHtmlEncode = str_replace('\\', "&#92;", $valueHtmlEncode);
 	return $valueHtmlEncode;
 }
 /** 
 * Cleans a string by encoding to UTF-8 and replacing the HTML
 * entities to their numeric counterparts (possibly double encoding)
 * 
 * @param mixed String or array of strings to be cleaned.
 * 
 * @return mixed The cleaned string or array.
 */	
 function safe_output_xml ($string) {
 	if (is_numeric ($string))
 		return $string;
 	if (is_array ($string)) {
 		array_walk ($string, 'safe_output_xml');
 		return $string;
 	}
 	static $table;
 	static $replace;
 	if (empty ($table)) {
 		$table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES);	
 		$replace = array ();
 		foreach ($table as $key => $value){
 			$table[$key] = "/".$value."/";
 			$char = htmlentities ($key, ENT_QUOTES, "UTF-8");
 			$replace[$char] = "&#".ord ($key).";";
 		}
 	}
 	//now perform a replacement using preg_replace
 	//each matched value in $table will be replaced with the corresponding value in $replace
 	return preg_replace ($table, $replace, $string);
 }
 /**
 * Cleans an object or an array and casts all values as integers
 *
@ -160,28 +59,6 @@ function safe_int ($value, $min = false, $max = false) {
 	return $value;
 }
 /** 
 * Use to clean HTML entities when get_parameter or safe_input functions dont work
 * 
 * @param string String to be cleaned
 * 
 * @return string Cleaned string
 */
 function salida_limpia ($string) {
 	$quote_style = ENT_QUOTES;
 	static $trans;
 	if (! isset ($trans)) {
 		$trans = get_html_translation_table (HTML_ENTITIES, $quote_style);
 		foreach ($trans as $key => $value)
 			$trans[$key] = '&#'.ord($key).';';
 		// dont translate the '&' in case it is part of &xxx;
 		$trans[chr(38)] = '&';
 	}
 	// after the initial translation, _do_ map standalone "&" into "&#38;"
 	return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&#38;",
 			strtr ($string, $trans));
 }
 /** 
 * Cleans a string of special characters (|,@,$,%,/,\,=,?,*,&,#)
 * Useful for filenames and graphs
@ -996,17 +873,6 @@ if (!function_exists ("mb_strtoupper")) {
 	}
 }
 /**
 * Avoid magic_quotes protection
 *
 * @param string Text string to be stripped of magic_quotes protection
 */
 function unsafe_string ($string) {
 	if (get_magic_quotes_gpc ()) 
 		return stripslashes ($string);
 	return $string;
 }
 /**
 * Put quotes if magic_quotes protection
 *
--- a/pandora_console/include/functions_html.php
+++ b/pandora_console/include/functions_html.php
@ -563,7 +563,8 @@ function print_textarea ($name, $rows, $columns, $value = '', $attributes = '',
 	}
 	$output = '<textarea id="textarea_'.$name.'" name="'.$name.'" cols="'.$columns.'" rows="'.$rows.'" '.$attributes.' >';
-	$output .= safe_input ($value);
+	//$output .= safe_input ($value);
 	$output .= ($value);
 	$output .= '</textarea>';
 	if ($return)
--- a/pandora_console/include/functions_io.php
+++ b/pandora_console/include/functions_io.php
@ -0,0 +1,132 @@
 <?php
 /** 
 * Cleans a string by encoding to UTF-8 and replacing the HTML
 * entities. UTF-8 is necessary for foreign chars like asian 
 * and our databases are (or should be) UTF-8
 * 
 * @param mixed String or array of strings to be cleaned.
 * 
 * @return mixed The cleaned string or array.
 */
 function safe_input($value) {
 	//Stop!! Are you sure to modify this critical code? Because the older
 	//versions are serius headache in many places of Pandora.
 	if (is_numeric($value))
 		return $value;
 	if (is_array($value)) {
 		array_walk($value, "safe_input");
 		return $value;
 	}
 	//Clean the trash mix into string because of magic quotes.
 	if (get_magic_quotes_gpc() == 1) {
 		$value = stripslashes($value);
 	}
 	if (! mb_check_encoding ($value, 'UTF-8'))
 		$value = utf8_encode ($value);
 	$valueHtmlEncode =  htmlentities ($value, ENT_QUOTES, "UTF-8", true);
 	//Replace the character '\' for the equivalent html entitie
 	$valueHtmlEncode = str_replace('\\', "&#92;", $valueHtmlEncode);
 	return $valueHtmlEncode;
 }
 /** 
 * Use to clean HTML entities when get_parameter or safe_input functions dont work
 * 
 * @param string String to be cleaned
 * 
 * @return string Cleaned string
 */
 function salida_limpia ($string) {
 	$quote_style = ENT_QUOTES;
 	static $trans;
 	if (! isset ($trans)) {
 		$trans = get_html_translation_table (HTML_ENTITIES, $quote_style);
 		foreach ($trans as $key => $value)
 			$trans[$key] = '&#'.ord($key).';';
 		// dont translate the '&' in case it is part of &xxx;
 		$trans[chr(38)] = '&';
 	}
 	// after the initial translation, _do_ map standalone "&" into "&#38;"
 	return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&#38;",
 			strtr ($string, $trans));
 }
 /** 
 * Cleans a string by encoding to UTF-8 and replacing the HTML
 * entities to their numeric counterparts (possibly double encoding)
 * 
 * @param mixed String or array of strings to be cleaned.
 * 
 * @return mixed The cleaned string or array.
 */	
 function safe_output_xml ($string) {
 	if (is_numeric ($string))
 		return $string;
 	if (is_array ($string)) {
 		array_walk ($string, 'safe_output_xml');
 		return $string;
 	}
 	static $table;
 	static $replace;
 	if (empty ($table)) {
 		$table = get_html_translation_table (HTML_ENTITIES, ENT_QUOTES);	
 		$replace = array ();
 		foreach ($table as $key => $value){
 			$table[$key] = "/".$value."/";
 			$char = htmlentities ($key, ENT_QUOTES, "UTF-8");
 			$replace[$char] = "&#".ord ($key).";";
 		}
 	}
 	//now perform a replacement using preg_replace
 	//each matched value in $table will be replaced with the corresponding value in $replace
 	return preg_replace ($table, $replace, $string);
 }
 /**
 * Avoid magic_quotes protection
 *
 * @param string Text string to be stripped of magic_quotes protection
 */
 function unsafe_string ($string) {
 	if (get_magic_quotes_gpc ()) 
 		return stripslashes ($string);
 	return $string;
 }
 /**
 * Convert the $value encode in html entity to clear char string.
 * 
 * @param mixed String or array of strings to be cleaned.
 * 
 * @return unknown_type
 */
 function safe_output($value)
 {	
 	if (is_numeric($value))
 		return $value;
 	if (is_array($value)) {
 		array_walk($value, "safe_output");
 		return $value;
 	}
 	if (! mb_check_encoding ($value, 'UTF-8'))
 		$value = utf8_encode ($value);
 	$valueHtmlEncode =  html_entity_decode ($value, ENT_QUOTES, "UTF-8");
 	return $valueHtmlEncode;	
 }
 ?>
--- a/pandora_console/include/functions_ui.php
+++ b/pandora_console/include/functions_ui.php
@ -317,7 +317,7 @@ function format_alert_row ($alert, $compound = false, $agent = true, $url = '')
 	else {
 		$id_agent = get_agentmodule_agent ($alert['id_agent_module']);
 		$template = get_alert_template ($alert['id_alert_template']);
-		$description = $template['name'];
+		$description = safe_output($template['name']);
 	}
 	$data = array ();
--- a/pandora_console/operation/agentes/estado_monitores.php
+++ b/pandora_console/operation/agentes/estado_monitores.php
@ -115,7 +115,7 @@ foreach ($modules as $module) {
 	if (is_numeric($module["datos"])) {
 		$title .= " : " . format_for_graph($module["datos"]);
 	} else {
-		$title .= " : " . substr(salida_limpia($module["datos"]),0,42);
+		$title .= " : " . substr(safe_output($module["datos"]),0,42);
 	}
 	$data[4] = print_status_image($status, $title, true);
@ -123,7 +123,7 @@ foreach ($modules as $module) {
 	if (is_numeric($module["datos"])){
 		$salida = format_numeric($module["datos"]);
 	} else {
-		$salida = "<span title='".$module['datos']."' style='white-space: nowrap;'>".substr(salida_limpia($module["datos"]),0,12)."</span>";
+		$salida = "<span title='".$module['datos']."' style='white-space: nowrap;'>".substr(safe_output($module["datos"]),0,12)."</span>";
 	}
 	$data[5] = $salida;
--- a/pandora_console/operation/agentes/estado_ultimopaquete.php
+++ b/pandora_console/operation/agentes/estado_ultimopaquete.php
@ -118,7 +118,7 @@ foreach ($modules as $module) {
 		}
 	}
 	$nombre_tipo_modulo = get_moduletype_name ($module["id_tipo_modulo"]);
-	echo "<td class='".$tdcolor."_id' title='".salida_limpia($module["nombre"])."'>";
+	echo "<td class='".$tdcolor."_id' title='".safe_output($module["nombre"])."'>";
 	print_string_substr ($module["nombre"]);
 	echo "</td><td class='".$tdcolor."'> ";
@ -136,8 +136,8 @@ foreach ($modules as $module) {
 	AND ($module["id_tipo_modulo"] != 10)
 	AND ($module["id_tipo_modulo"] != 17)
 	AND ($module["id_tipo_modulo"] != 23)){
-		echo "</td><td class='".$tdcolor."f9' title='".salida_limpia($module["descripcion"])."'>"; 
+		echo "</td><td class='".$tdcolor."f9' title='".safe_output($module["descripcion"])."'>"; 
-		echo salida_limpia(substr($module["descripcion"],0,32));
+		echo safe_output(substr($module["descripcion"],0,32));
 		if (strlen($module["descripcion"]) > 32){
 			echo "...";
 		}
@ -145,7 +145,7 @@ foreach ($modules as $module) {
 	} 
 	if (($module["id_tipo_modulo"] == 100) OR ($module['history_data'] == 0)) {
 		echo "<td class='".$tdcolor."f9' colspan='2' title='".$module["datos"]."'>";
-		echo substr(salida_limpia($module["datos"]),0,12);
+		echo substr(safe_output($module["datos"]),0,12);
 	} else {
@ -154,8 +154,8 @@ foreach ($modules as $module) {
 			echo "<td class=".$tdcolor.">";
 			echo format_for_graph($module["datos"] );
 		} else {
-			echo "<td class='".$tdcolor."f9' colspan=2 title='".salida_limpia($module["datos"])."'>";
+			echo "<td class='".$tdcolor."f9' colspan=2 title='".safe_output($module["datos"])."'>";
-			echo substr(salida_limpia($module["datos"]),0,42);
+			echo substr(safe_output($module["datos"]),0,42);
 		}
--- a/pandora_console/operation/agentes/status_monitor.php
+++ b/pandora_console/operation/agentes/status_monitor.php
@ -243,7 +243,7 @@ foreach ($result as $row) {
 	if (is_numeric($row["datos"]))
 		$data[7] = format_numeric($row["datos"]);
 	else
-		$data[7] = "<span title='".$row['datos']."' style='white-space: nowrap;'>".substr(salida_limpia($row["datos"]),0,12)."</span>";
+		$data[7] = "<span title='".$row['datos']."' style='white-space: nowrap;'>".substr(safe_output($row["datos"]),0,12)."</span>";
 	$seconds = get_system_time () - $row["utimestamp"];