From 06d9e0d137ff8cd8f5fbf3dcad209c1584d2a9bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Tue, 7 Jun 2022 10:51:37 +0200
Subject: [PATCH] Improve security message

---
 pandora_console/include/get_file.php | 48 ++++++++++++++--------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php
index 99217e5ba1..7c48c02d94 100644
--- a/pandora_console/include/get_file.php
+++ b/pandora_console/include/get_file.php
@@ -26,9 +26,10 @@
  * ============================================================================
  */
 
-// Get global data.
+// Begin.
 require_once 'config.php';
 require_once 'functions.php';
+require_once 'functions_ui.php';
 require_once 'functions_filemanager.php';
 
 global $config;
@@ -41,17 +42,13 @@ if ($auth_method !== 'ad' && $auth_method !== 'ldap') {
     include_once 'auth/'.$auth_method.'.php';
 }
 
-
-$styleError = 'background:url("../images/err.png") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;';
-
-$file_raw = get_parameter('file', null);
+$hash = get_parameter('hash');
+$file_raw = get_parameter('file');
 
 $file = base64_decode(urldecode($file_raw));
 
-$hash = get_parameter('hash', null);
-
-if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_unique_identifier']) || !isset($_SERVER['HTTP_REFERER'])) {
-    echo "<h3 style='".$styleError."'>".__('Security error. Please contact the administrator.').'</h3>';
+if (empty($file) === true || empty($hash) === true || $hash !== md5($file_raw.$config['server_unique_identifier']) || isset($_SERVER['HTTP_REFERER']) === false) {
+    $errorMessage = __('Security error. Please contact the administrator.');
 } else {
     $downloadable_file = '';
     $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
@@ -79,28 +76,16 @@ if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_uniq
             break;
 
             default:
+                // Wrong action.
                 $downloadable_file = '';
-                // Do nothing
             break;
         }
     }
 
     if (empty($downloadable_file) === true || file_exists($downloadable_file) === false) {
-        ?>
-            <div id="mainDiv"></div>
-            <script type="text/javascript">
-                var refererPath = '<?php echo $_SERVER['HTTP_REFERER']; ?>';
-                var errorOutput = '<?php echo __('File is missing in disk storage. Please contact the administrator.'); ?>';
-                document.addEventListener('DOMContentLoaded', function () {
-                    document.getElementById('mainDiv').innerHTML = `<form action="` + refererPath + `" name="failedReturn" method="post" style="display:none;">
-                        <input type="hidden" name="errorOutput" value="` + errorOutput + `" />
-                        </form>`;
-
-                    document.forms['failedReturn'].submit();
-                }, false);
-            </script>
-        <?php
+        $errorMessage = __('File is missing in disk storage. Please contact the administrator.');
     } else {
+        // Everything went well.
         header('Content-type: aplication/octet-stream;');
         header('Content-type: '.mime_content_type($downloadable_file).';');
         header('Content-Length: '.filesize($downloadable_file));
@@ -108,3 +93,18 @@ if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_uniq
         readfile($downloadable_file);
     }
 }
+
+?>
+
+<script type="text/javascript">
+    document.addEventListener('DOMContentLoaded', function () {
+        var refererPath = '<?php echo (($_SERVER['HTTP_REFERER']) ?? ui_get_full_url()); ?>';
+        var errorOutput = '<?php echo $errorMessage; ?>';
+
+        document.body.innerHTML = `<form action="` + refererPath + `" name="failedReturn" method="post" style="display:none;">
+                    <input type="hidden" name="errorOutput" value="` + errorOutput + `" />
+                    </form>`;
+
+        document.forms['failedReturn'].submit();
+    }, false);
+</script>