tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed inserts paths in DB. Tiquet: #2325

This commit is contained in:
m-lopez-f 2015-06-22 10:30:57 +02:00
parent 06c10bcc6a
commit 2754bfeeb0
4 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pandora_console/godmode/setup/setup.php
View File

@ -51,6 +51,7 @@ if (! check_acl ($config['id_user'], 0, "PM") && ! is_user_admin ($config['id_us
} }
// Load enterprise extensions // Load enterprise extensions
enterprise_include_once ('include/functions_setup.php'); enterprise_include_once ('include/functions_setup.php');
enterprise_include_once ('include/functions_io.php');
enterprise_include_once ('godmode/setup/setup.php'); enterprise_include_once ('godmode/setup/setup.php');
/* /*

4
pandora_console/godmode/setup/setup_general.php
View File

@ -54,7 +54,7 @@ $table->data[0][1] = html_print_select_from_sql (
$table->data[1][0] = __('Remote config directory') . $table->data[1][0] = __('Remote config directory') .
ui_print_help_tip (__("Directory where agent remote configuration is stored."), true); ui_print_help_tip (__("Directory where agent remote configuration is stored."), true);
$table->data[1][1] = html_print_input_text ('remote_config', $config["remote_config"], '', 30, 100, true); $table->data[1][1] = html_print_input_text ('remote_config', io_safe_output($config["remote_config"]), '', 30, 100, true);
$table->data[6][0] = __('Auto login (hash) password'); $table->data[6][0] = __('Auto login (hash) password');
$table->data[6][1] = html_print_input_text ('loginhash_pwd', io_output_password($config["loginhash_pwd"]), '', 15, 15, true); $table->data[6][1] = html_print_input_text ('loginhash_pwd', io_output_password($config["loginhash_pwd"]), '', 15, 15, true);
@ -73,7 +73,7 @@ $table->data[11][1] = __('Yes').'   '.html_print_radio_button_ext
$table->data[11][1] .= __('No').'   '.html_print_radio_button ('https', 0, '', $config["https"], true); $table->data[11][1] .= __('No').'   '.html_print_radio_button ('https', 0, '', $config["https"], true);
$table->data[14][0] = __('Attachment store') . ui_print_help_tip (__("Directory where temporary data is stored."), true); $table->data[14][0] = __('Attachment store') . ui_print_help_tip (__("Directory where temporary data is stored."), true);
$table->data[14][1] = html_print_input_text ('attachment_store', $config["attachment_store"], '', 50, 255, true); $table->data[14][1] = html_print_input_text ('attachment_store', io_safe_output($config["attachment_store"]), '', 50, 255, true);
$table->data[15][0] = __('IP list with API access') . ui_print_help_icon ("ip_api_list", true); $table->data[15][0] = __('IP list with API access') . ui_print_help_icon ("ip_api_list", true);
if (isset($_POST["list_ACL_IPs_for_API"])) { if (isset($_POST["list_ACL_IPs_for_API"])) {

2
pandora_console/godmode/setup/setup_visuals.php
View File

@ -187,7 +187,7 @@ $row++;
$table->data[$row][0] = __('Font path'); $table->data[$row][0] = __('Font path');
$fonts = load_fonts(); $fonts = load_fonts();
$table->data[$row][1] = html_print_select($fonts, 'fontpath', $config["fontpath"], '', '', 0, true); $table->data[$row][1] = html_print_select($fonts, 'fontpath', io_safe_output($config["fontpath"]), '', '', 0, true);
$row++; $row++;

21
pandora_console/include/functions_config.php
View File

@ -51,7 +51,7 @@ function config_update_value ($token, $value) {
if (!isset ($config[$token])) { if (!isset ($config[$token])) {
$config[$token] = $value; $config[$token] = $value;
return (bool) config_create_value ($token, $value); return (bool) config_create_value ($token, io_safe_input($value));
} }
/* If it has not changed */ /* If it has not changed */
@ -59,9 +59,10 @@ function config_update_value ($token, $value) {
return true; return true;
$config[$token] = $value; $config[$token] = $value;
$value = io_safe_output($value);
$result = db_process_sql_update ('tconfig', $result = db_process_sql_update ('tconfig',
array ('value' => $value), array ('value' => io_safe_input($value)),
array ('token' => $token)); array ('token' => $token));
if ($result === 0) if ($result === 0)
@ -119,7 +120,7 @@ function config_update_config () {
case 'general': case 'general':
if (!config_update_value ('language', (string) get_parameter ('language'))) if (!config_update_value ('language', (string) get_parameter ('language')))
$error_update[] = __('Language code for Pandora'); $error_update[] = __('Language code for Pandora');
if (!config_update_value ('remote_config', io_safe_input((string) get_parameter ('remote_config')))) if (!config_update_value ('remote_config', (string) get_parameter ('remote_config')))
$error_update[] = __('Remote config directory'); $error_update[] = __('Remote config directory');
if (!config_update_value ('loginhash_pwd', io_input_password((string) get_parameter ('loginhash_pwd')))) if (!config_update_value ('loginhash_pwd', io_input_password((string) get_parameter ('loginhash_pwd'))))
$error_update[] = __('Auto login (hash) password'); $error_update[] = __('Auto login (hash) password');
@ -130,7 +131,7 @@ function config_update_config () {
$error_update[] = __('Automatic check for updates'); $error_update[] = __('Automatic check for updates');
if (!config_update_value ('https', (bool) get_parameter ('https'))) if (!config_update_value ('https', (bool) get_parameter ('https')))
$error_update[] = __('Enforce https'); $error_update[] = __('Enforce https');
if (!config_update_value ('attachment_store', io_safe_input((string) get_parameter ('attachment_store')))) if (!config_update_value ('attachment_store', (string) get_parameter ('attachment_store')))
$error_update[] = __('Attachment store'); $error_update[] = __('Attachment store');
if (!config_update_value ('list_ACL_IPs_for_API', (string) get_parameter('list_ACL_IPs_for_API'))) if (!config_update_value ('list_ACL_IPs_for_API', (string) get_parameter('list_ACL_IPs_for_API')))
$error_update[] = __('IP list with API access'); $error_update[] = __('IP list with API access');
@ -413,7 +414,7 @@ function config_update_config () {
$error_update[] = __('Show QR code header'); $error_update[] = __('Show QR code header');
if (!config_update_value ('status_images_set', (string) get_parameter ('status_images_set'))) if (!config_update_value ('status_images_set', (string) get_parameter ('status_images_set')))
$error_update[] = __('Status icon set'); $error_update[] = __('Status icon set');
if (!config_update_value ('fontpath', io_safe_input((string) get_parameter ('fontpath')))) if (!config_update_value ('fontpath', (string) get_parameter ('fontpath')))
$error_update[] = __('Font path'); $error_update[] = __('Font path');
if (!config_update_value ('font_size', get_parameter('font_size'))) if (!config_update_value ('font_size', get_parameter('font_size')))
$error_update[] = __('Font size'); $error_update[] = __('Font size');
@ -451,7 +452,7 @@ function config_update_config () {
$error_update[] = __('Fixed menu'); $error_update[] = __('Fixed menu');
if (!config_update_value ('paginate_module', get_parameter('paginate_module'))) if (!config_update_value ('paginate_module', get_parameter('paginate_module')))
$error_update[] = __('Paginate module'); $error_update[] = __('Paginate module');
if (!config_update_value ('graphviz_bin_dir', io_safe_input(get_parameter('graphviz_bin_dir')))) if (!config_update_value ('graphviz_bin_dir', get_parameter('graphviz_bin_dir')))
$error_update[] = __('Custom graphviz directory'); $error_update[] = __('Custom graphviz directory');
if (!config_update_value ('networkmap_max_width', get_parameter('networkmap_max_width'))) if (!config_update_value ('networkmap_max_width', get_parameter('networkmap_max_width')))
$error_update[] = __('Networkmap max width'); $error_update[] = __('Networkmap max width');
@ -627,7 +628,7 @@ function config_update_config () {
enterprise_include_once('include/functions_policies.php'); enterprise_include_once('include/functions_policies.php');
$enterprise = enterprise_include_once ('include/functions_skins.php'); $enterprise = enterprise_include_once ('include/functions_skins.php');
if ($enterprise !== ENTERPRISE_NOT_HOOK) { if ($enterprise !== ENTERPRISE_NOT_HOOK) {
$config['relative_path'] = get_parameter('relative_path', io_safe_input($config['relative_path'])); $config['relative_path'] = get_parameter('relative_path', $config['relative_path']);
} }
} }
@ -655,7 +656,7 @@ function config_process_config () {
if (isset ($config['homeurl']) && (strlen($config['homeurl']) > 0)) { if (isset ($config['homeurl']) && (strlen($config['homeurl']) > 0)) {
if ($config['homeurl'][0] != '/') { if ($config['homeurl'][0] != '/') {
$config['homeurl'] = '/'.io_safe_input($config['homeurl']); $config['homeurl'] = '/'.$config['homeurl'];
} }
} }
@ -872,14 +873,14 @@ function config_process_config () {
//after the first uses. //after the first uses.
if (!is_dir($config['attachment_store'])) { if (!is_dir($config['attachment_store'])) {
config_update_value('attachment_store', config_update_value('attachment_store',
io_safe_input($config['homedir']) . '/attachment'); $config['homedir'] . '/attachment');
} }
} }
if (!isset ($config['fontpath'])) { if (!isset ($config['fontpath'])) {
config_update_value('fontpath', config_update_value('fontpath',
io_safe_input($config['homedir']) . '/include/fonts/smallfont.ttf'); $config['homedir'] . '/include/fonts/smallfont.ttf');
} }
if (!isset ($config['style'])) { if (!isset ($config['style'])) {