diff --git a/pandora_console/godmode/setup/setup.php b/pandora_console/godmode/setup/setup.php index 7dcbe7c2db..b6d7f42bc7 100644 --- a/pandora_console/godmode/setup/setup.php +++ b/pandora_console/godmode/setup/setup.php @@ -51,6 +51,7 @@ if (! check_acl ($config['id_user'], 0, "PM") && ! is_user_admin ($config['id_us } // Load enterprise extensions enterprise_include_once ('include/functions_setup.php'); +enterprise_include_once ('include/functions_io.php'); enterprise_include_once ('godmode/setup/setup.php'); /* diff --git a/pandora_console/godmode/setup/setup_general.php b/pandora_console/godmode/setup/setup_general.php index 89d018a76d..e699a8e887 100644 --- a/pandora_console/godmode/setup/setup_general.php +++ b/pandora_console/godmode/setup/setup_general.php @@ -54,7 +54,7 @@ $table->data[0][1] = html_print_select_from_sql ( $table->data[1][0] = __('Remote config directory') . ui_print_help_tip (__("Directory where agent remote configuration is stored."), true); -$table->data[1][1] = html_print_input_text ('remote_config', $config["remote_config"], '', 30, 100, true); +$table->data[1][1] = html_print_input_text ('remote_config', io_safe_output($config["remote_config"]), '', 30, 100, true); $table->data[6][0] = __('Auto login (hash) password'); $table->data[6][1] = html_print_input_text ('loginhash_pwd', io_output_password($config["loginhash_pwd"]), '', 15, 15, true); @@ -73,7 +73,7 @@ $table->data[11][1] = __('Yes').'   '.html_print_radio_button_ext $table->data[11][1] .= __('No').'   '.html_print_radio_button ('https', 0, '', $config["https"], true); $table->data[14][0] = __('Attachment store') . ui_print_help_tip (__("Directory where temporary data is stored."), true); -$table->data[14][1] = html_print_input_text ('attachment_store', $config["attachment_store"], '', 50, 255, true); +$table->data[14][1] = html_print_input_text ('attachment_store', io_safe_output($config["attachment_store"]), '', 50, 255, true); $table->data[15][0] = __('IP list with API access') . ui_print_help_icon ("ip_api_list", true); if (isset($_POST["list_ACL_IPs_for_API"])) { diff --git a/pandora_console/godmode/setup/setup_visuals.php b/pandora_console/godmode/setup/setup_visuals.php index 830632f5b5..7d415106dc 100755 --- a/pandora_console/godmode/setup/setup_visuals.php +++ b/pandora_console/godmode/setup/setup_visuals.php @@ -187,7 +187,7 @@ $row++; $table->data[$row][0] = __('Font path'); $fonts = load_fonts(); -$table->data[$row][1] = html_print_select($fonts, 'fontpath', $config["fontpath"], '', '', 0, true); +$table->data[$row][1] = html_print_select($fonts, 'fontpath', io_safe_output($config["fontpath"]), '', '', 0, true); $row++; diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index 9ebd5b8746..20c65078cd 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -51,7 +51,7 @@ function config_update_value ($token, $value) { if (!isset ($config[$token])) { $config[$token] = $value; - return (bool) config_create_value ($token, $value); + return (bool) config_create_value ($token, io_safe_input($value)); } /* If it has not changed */ @@ -59,9 +59,10 @@ function config_update_value ($token, $value) { return true; $config[$token] = $value; + $value = io_safe_output($value); $result = db_process_sql_update ('tconfig', - array ('value' => $value), + array ('value' => io_safe_input($value)), array ('token' => $token)); if ($result === 0) @@ -119,7 +120,7 @@ function config_update_config () { case 'general': if (!config_update_value ('language', (string) get_parameter ('language'))) $error_update[] = __('Language code for Pandora'); - if (!config_update_value ('remote_config', io_safe_input((string) get_parameter ('remote_config')))) + if (!config_update_value ('remote_config', (string) get_parameter ('remote_config'))) $error_update[] = __('Remote config directory'); if (!config_update_value ('loginhash_pwd', io_input_password((string) get_parameter ('loginhash_pwd')))) $error_update[] = __('Auto login (hash) password'); @@ -130,7 +131,7 @@ function config_update_config () { $error_update[] = __('Automatic check for updates'); if (!config_update_value ('https', (bool) get_parameter ('https'))) $error_update[] = __('Enforce https'); - if (!config_update_value ('attachment_store', io_safe_input((string) get_parameter ('attachment_store')))) + if (!config_update_value ('attachment_store', (string) get_parameter ('attachment_store'))) $error_update[] = __('Attachment store'); if (!config_update_value ('list_ACL_IPs_for_API', (string) get_parameter('list_ACL_IPs_for_API'))) $error_update[] = __('IP list with API access'); @@ -413,7 +414,7 @@ function config_update_config () { $error_update[] = __('Show QR code header'); if (!config_update_value ('status_images_set', (string) get_parameter ('status_images_set'))) $error_update[] = __('Status icon set'); - if (!config_update_value ('fontpath', io_safe_input((string) get_parameter ('fontpath')))) + if (!config_update_value ('fontpath', (string) get_parameter ('fontpath'))) $error_update[] = __('Font path'); if (!config_update_value ('font_size', get_parameter('font_size'))) $error_update[] = __('Font size'); @@ -451,7 +452,7 @@ function config_update_config () { $error_update[] = __('Fixed menu'); if (!config_update_value ('paginate_module', get_parameter('paginate_module'))) $error_update[] = __('Paginate module'); - if (!config_update_value ('graphviz_bin_dir', io_safe_input(get_parameter('graphviz_bin_dir')))) + if (!config_update_value ('graphviz_bin_dir', get_parameter('graphviz_bin_dir'))) $error_update[] = __('Custom graphviz directory'); if (!config_update_value ('networkmap_max_width', get_parameter('networkmap_max_width'))) $error_update[] = __('Networkmap max width'); @@ -627,7 +628,7 @@ function config_update_config () { enterprise_include_once('include/functions_policies.php'); $enterprise = enterprise_include_once ('include/functions_skins.php'); if ($enterprise !== ENTERPRISE_NOT_HOOK) { - $config['relative_path'] = get_parameter('relative_path', io_safe_input($config['relative_path'])); + $config['relative_path'] = get_parameter('relative_path', $config['relative_path']); } } @@ -655,7 +656,7 @@ function config_process_config () { if (isset ($config['homeurl']) && (strlen($config['homeurl']) > 0)) { if ($config['homeurl'][0] != '/') { - $config['homeurl'] = '/'.io_safe_input($config['homeurl']); + $config['homeurl'] = '/'.$config['homeurl']; } } @@ -872,14 +873,14 @@ function config_process_config () { //after the first uses. if (!is_dir($config['attachment_store'])) { config_update_value('attachment_store', - io_safe_input($config['homedir']) . '/attachment'); + $config['homedir'] . '/attachment'); } } if (!isset ($config['fontpath'])) { config_update_value('fontpath', - io_safe_input($config['homedir']) . '/include/fonts/smallfont.ttf'); + $config['homedir'] . '/include/fonts/smallfont.ttf'); } if (!isset ($config['style'])) {