From c687e6a97babd16d9fd4bfd66956d08175474b18 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Fri, 27 Oct 2017 13:25:17 +0200 Subject: [PATCH 1/5] [Console] Fixed an XSS vulnerability into the 'ui_print_truncate_text' function --- pandora_console/include/functions_ui.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index de10fcaf91..77f3764618 100755 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -94,7 +94,9 @@ function ui_print_truncate_text($text, $numChars = GENERIC_SIZE_TEXT, $showTextI } } - $text = io_safe_output($text); + $text_html_decoded = io_safe_output($text); + $text_has_entities = $text != $text_html_decoded; + if (mb_strlen($text, "UTF-8") > ($numChars)) { // '/2' because [...] is in the middle of the word. $half_length = intval(($numChars - 3) / 2); @@ -102,14 +104,17 @@ function ui_print_truncate_text($text, $numChars = GENERIC_SIZE_TEXT, $showTextI // Depending on the strange behavior of mb_strimwidth() itself, // the 3rd parameter is not to be $numChars but the length of // original text (just means 'large enough'). - $truncateText2 = mb_strimwidth($text, - (mb_strlen($text, "UTF-8") - $half_length), - mb_strlen($text, "UTF-8"), "", "UTF-8" ); + $truncateText2 = mb_strimwidth($text_html_decoded, + (mb_strlen($text_html_decoded, "UTF-8") - $half_length), + mb_strlen($text_html_decoded, "UTF-8"), "", "UTF-8" ); - $truncateText = mb_strimwidth($text, 0, - ($numChars - $half_length), "", "UTF-8") . $suffix; + $truncateText = mb_strimwidth($text_html_decoded, 0, + ($numChars - $half_length), "", "UTF-8"); - $truncateText = $truncateText . $truncateText2; + // Recover the html entities to avoid XSS attacks + $truncateText = ($text_has_entities) + ? io_safe_input($truncateText) . $suffix . io_safe_input($truncateText2) + : $truncateText . $suffix . $truncateText2; if ($showTextInTitle) { if ($style === null) { From 64ec82f9d6cea68350fa307747c1b8fbd0bd8ccd Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Mon, 30 Oct 2017 16:04:58 +0100 Subject: [PATCH 2/5] [Console] Added a notice to warn the users about the php files uploaded with the files manager --- pandora_console/include/functions_filemanager.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php index 5e0ef6c718..1297ea50b2 100644 --- a/pandora_console/include/functions_filemanager.php +++ b/pandora_console/include/functions_filemanager.php @@ -720,6 +720,17 @@ function filemanager_file_explorer($real_directory, $relative_directory, $hash = md5($relative_path . $config['dbpass']); $data[1] = ''.$fileinfo['name'].''; } + + // Notice that uploaded php files could be dangerous + if (pathinfo($fileinfo['realpath'], PATHINFO_EXTENSION) == 'php' && + (is_readable($fileinfo['realpath']) || is_executable($fileinfo['realpath']))) { + $error_message = __('This file could be executed by any user'); + $error_message .= '. ' . __('Make sure it can\'t perform dangerous tasks'); + $data[1] = '' + . $data[1] + . ''; + } + $data[2] = ui_print_timestamp ($fileinfo['last_modified'], true, array ('prominent' => true)); if ($fileinfo['is_dir']) { From 849eba10d454c6f6a5ab323610c5fd5498414cd8 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Mon, 30 Oct 2017 18:03:09 +0100 Subject: [PATCH 3/5] [Console] Fixed a vulnerability into the 'fgraph.php' script --- .../visual_console_builder.editor.js | 27 ++------ pandora_console/include/functions_graph.php | 10 +-- pandora_console/include/graphs/fgraph.php | 64 ++++++------------- 3 files changed, 30 insertions(+), 71 deletions(-) diff --git a/pandora_console/godmode/reporting/visual_console_builder.editor.js b/pandora_console/godmode/reporting/visual_console_builder.editor.js index bc69c22351..42fc68d165 100755 --- a/pandora_console/godmode/reporting/visual_console_builder.editor.js +++ b/pandora_console/godmode/reporting/visual_console_builder.editor.js @@ -32,8 +32,6 @@ var SIZE_GRID = 16; //Const the size (for width and height) of grid. var img_handler_start; var img_handler_end; -var font; - function toggle_advance_options_palette(close) { if ($("#advance_options").css('display') == 'none') { $("#advance_options").css('display', ''); @@ -58,23 +56,6 @@ function visual_map_main() { img_handler_end = data; }); - //Get the actual system font. - parameter = Array(); - parameter.push ({name: "page", value: "include/ajax/visual_console_builder.ajax"}); - parameter.push ({name: "action", value: "get_font"}); - parameter.push ({name: "id_visual_console", - value: id_visual_console}); - jQuery.ajax({ - url: get_url_ajax(), - data: parameter, - type: "POST", - dataType: 'json', - success: function (data) - { - font = data['font']; - } - }); - //Get the list of posible parents parents = Base64.decode($("input[name='parents_load']").val()); parents = eval("(" + parents + ")"); @@ -1912,9 +1893,9 @@ function setPercentileBar(id_data, values) { value_text = module_value + " " + unit_text; } - var img = url_hack_metaconsole + 'include/graphs/fgraph.php?homeurl=../../&graph_type=progressbar&height=15&' + + var img = url_hack_metaconsole + 'include/graphs/fgraph.php?graph_type=progressbar&height=15&' + 'width=' + width_percentile + '&mode=1&progress=' + percentile + - '&font=' + font + '&value_text=' + value_text + '&colorRGB=' + colorRGB; + '&value_text=' + value_text + '&colorRGB=' + colorRGB; $("#"+ id_data).attr('src', img); @@ -2035,9 +2016,9 @@ function setPercentileBubble(id_data, values) { value_text = module_value + " " + unit_text; } - var img = url_hack_metaconsole + 'include/graphs/fgraph.php?homeurl=../../&graph_type=progressbubble&height=' + width_percentile + '&' + + var img = url_hack_metaconsole + 'include/graphs/fgraph.php?graph_type=progressbubble&height=' + width_percentile + '&' + 'width=' + width_percentile + '&mode=1&progress=' + percentile + - '&font=' + font + '&value_text=' + value_text + '&colorRGB=' + colorRGB; + '&value_text=' + value_text + '&colorRGB=' + colorRGB; $("#image_" + id_data).attr('src', img); diff --git a/pandora_console/include/functions_graph.php b/pandora_console/include/functions_graph.php index c97867733b..754e1b684c 100644 --- a/pandora_console/include/functions_graph.php +++ b/pandora_console/include/functions_graph.php @@ -2457,10 +2457,10 @@ function progress_bar($progress, $width, $height, $title = '', $mode = 1, $value require_once("include_graph_dependencies.php"); include_graphs_dependencies($config['homedir'].'/'); $src = ui_get_full_url( - "/include/graphs/fgraph.php?homeurl=../../&graph_type=progressbar" . - "&width=".$width."&homedir=".$config['homedir']."&height=".$height."&progress=".$progress. + "/include/graphs/fgraph.php?graph_type=progressbar" . + "&width=".$width."&height=".$height."&progress=".$progress. "&mode=" . $mode . "&out_of_lim_str=".$out_of_lim_str . - "&title=".$title."&font=".$config['fontpath']."&value_text=". $value_text . + "&title=".$title."&value_text=". $value_text . "&colorRGB=". $colorRGB, false, false, false ); @@ -2492,10 +2492,10 @@ function progress_bubble($progress, $width, $height, $title = '', $mode = 1, $va include_graphs_dependencies($config['homedir'].'/'); return "" . $title . ""; } diff --git a/pandora_console/include/graphs/fgraph.php b/pandora_console/include/graphs/fgraph.php index c36529b7f7..15cf6eeeb7 100644 --- a/pandora_console/include/graphs/fgraph.php +++ b/pandora_console/include/graphs/fgraph.php @@ -10,48 +10,29 @@ // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -$ttl = 1; -$homeurl = ''; - -if (isset($_GET['homeurl'])) { - $homeurl = $_GET['homeurl']; -} -else $homeurl = ''; - -$homeurl = ((bool)filter_var($homeurl, FILTER_VALIDATE_URL) == 1) ? '' : $homeurl; - -if (isset($_GET['ttl'])) { - $ttl = $_GET['ttl']; -} -else $ttl_param = 1; - -if (isset($_GET['graph_type'])) { - $graph_type = $_GET['graph_type']; -} -else $graph_type = ''; - -//$graph_type = get_parameter('graph_type', ''); -//$ttl_param = get_parameter('ttl', 1); -//$homeurl_param = get_parameter('homeurl', ''); - // Turn on output buffering. // The entire buffer will be discarded later so that any accidental output // does not corrupt images generated by fgraph. -ob_start (); +ob_start(); + +global $config; + +if (empty($config['homedir'])) { + require_once ('../../include/config.php'); + global $config; +} + +include_once($config['homedir'] . '/include/functions.php'); + +$ttl = get_parameter('ttl', 1); +$graph_type = get_parameter('graph_type', ''); if (!empty($graph_type)) { - $homedir = $_GET['homedir']; - if ($homedir != null) { - $config['homedir'] = $homedir; - } - - include_once($homeurl . 'include/functions.php'); - include_once($homeurl . 'include/functions_html.php'); - - include_once($homeurl . 'include/graphs/functions_gd.php'); - include_once($homeurl . 'include/graphs/functions_utils.php'); - include_once($homeurl . 'include/graphs/functions_d3.php'); - include_once($homeurl . 'include/graphs/functions_flot.php'); + include_once($config['homedir'] . '/include/functions_html.php'); + include_once($config['homedir'] . '/include/graphs/functions_gd.php'); + include_once($config['homedir'] . '/include/graphs/functions_utils.php'); + include_once($config['homedir'] . '/include/graphs/functions_d3.php'); + include_once($config['homedir'] . '/include/graphs/functions_flot.php'); } // Clean the output buffer and turn off output buffering @@ -61,13 +42,12 @@ switch($graph_type) { case 'histogram': $width = get_parameter('width'); $height = get_parameter('height'); - $font = get_parameter('font'); $data = json_decode(io_safe_output(get_parameter('data')), true); $max = get_parameter('max'); $title = get_parameter('title'); $mode = get_parameter ('mode', 1); - gd_histogram ($width, $height, $mode, $data, $max, $font, $title); + gd_histogram ($width, $height, $mode, $data, $max, $config['fontpath'], $title); break; case 'progressbar': $width = get_parameter('width'); @@ -77,7 +57,6 @@ switch($graph_type) { $out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false)); $out_of_lim_image = get_parameter('out_of_lim_image', false); - $font = get_parameter('font'); $title = get_parameter('title'); $mode = get_parameter('mode', 1); @@ -87,7 +66,7 @@ switch($graph_type) { $value_text = get_parameter('value_text', ''); $colorRGB = get_parameter('colorRGB', ''); - gd_progress_bar ($width, $height, $progress, $title, $font, + gd_progress_bar ($width, $height, $progress, $title, $config['fontpath'], $out_of_lim_str, $out_of_lim_image, $mode, $fontsize, $value_text, $colorRGB); break; @@ -99,7 +78,6 @@ switch($graph_type) { $out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false)); $out_of_lim_image = get_parameter('out_of_lim_image', false); - $font = get_parameter('font'); $title = get_parameter('title'); $mode = get_parameter('mode', 1); @@ -109,7 +87,7 @@ switch($graph_type) { $value_text = get_parameter('value_text', ''); $colorRGB = get_parameter('colorRGB', ''); - gd_progress_bubble ($width, $height, $progress, $title, $font, + gd_progress_bubble ($width, $height, $progress, $title, $config['fontpath'], $out_of_lim_str, $out_of_lim_image, $mode, $fontsize, $value_text, $colorRGB); break; From 83becb3e80d0def59b0415274fa2f4a642bc52a2 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Mon, 6 Nov 2017 15:18:55 +0100 Subject: [PATCH 4/5] [Console] Fixed an error into the 'ui_print_truncate_text' function --- pandora_console/include/functions_ui.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index 77f3764618..698fbdb545 100755 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -97,7 +97,7 @@ function ui_print_truncate_text($text, $numChars = GENERIC_SIZE_TEXT, $showTextI $text_html_decoded = io_safe_output($text); $text_has_entities = $text != $text_html_decoded; - if (mb_strlen($text, "UTF-8") > ($numChars)) { + if (mb_strlen($text_html_decoded, "UTF-8") > ($numChars)) { // '/2' because [...] is in the middle of the word. $half_length = intval(($numChars - 3) / 2); From ac70caac71d8297292c736c6801bf340419bac47 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Mon, 6 Nov 2017 15:20:24 +0100 Subject: [PATCH 5/5] [Console] Fixed XSS vulnerabilities --- .../include/functions_networkmap.php | 10 +++--- .../include/functions_pandora_networkmap.php | 9 +++-- .../functions_pandora_networkmap.js | 34 ++++++++++++------- .../agentes/pandora_networkmap.view.php | 12 +++---- 4 files changed, 36 insertions(+), 29 deletions(-) diff --git a/pandora_console/include/functions_networkmap.php b/pandora_console/include/functions_networkmap.php index e1417ceec1..34ca395db0 100644 --- a/pandora_console/include/functions_networkmap.php +++ b/pandora_console/include/functions_networkmap.php @@ -1060,8 +1060,8 @@ function networkmap_create_agent_node ($agent, $simple = 0, $font_size = 10, $cu } // Short name - $name = io_safe_output($agent["nombre"]); - if ((strlen ($name) > 16) && ($cut_names)) { + $name = $agent["nombre"]; + if ($cut_names) { $name = ui_print_truncate_text($name, 16, false, true, false); } @@ -1111,7 +1111,7 @@ function networkmap_create_agent_node ($agent, $simple = 0, $font_size = 10, $cu } $node = "\n" . $agent['id_node'].' [ parent="' . $agent['id_parent'] . '", color="'.$status_color.'", fontsize='.$font_size.', style="filled", fixedsize=true, width=0.40, height=0.40, label=< -
' . $img_node . '
'.io_safe_output($name).'
>, + '.$name.'>, shape="doublecircle", URL="'.$url.'", tooltip="' . $url_tooltip . '"];' . "\n"; } @@ -1174,7 +1174,7 @@ function networkmap_create_module_group_node ($module_group, $simple = 0, $font_ '", fontsize='.$font_size.', style="filled", ' . 'fixedsize=true, width=0.30, height=0.30, ' . 'label=<
' . - io_safe_output($module_group['name']) . '
>, + $module_group['name'] . '>, shape="square", URL="' . $url . '", tooltip="' . $url_tooltip . '"];'; } @@ -1268,7 +1268,7 @@ function networkmap_create_module_node ($module, $simple = 0, $font_size = 10, $ 'fixedsize=true, width=0.30, height=0.30, ' . 'label=< -
' . $img_node . '
' . io_safe_output($module['nombre']) . '
>, + ' . $module['nombre'] . '>, shape="circle", URL="' . $url . '", tooltip="' . $url_tooltip . '"];'; } diff --git a/pandora_console/include/functions_pandora_networkmap.php b/pandora_console/include/functions_pandora_networkmap.php index 0bbb4dd124..e09a20f3bc 100644 --- a/pandora_console/include/functions_pandora_networkmap.php +++ b/pandora_console/include/functions_pandora_networkmap.php @@ -374,6 +374,7 @@ function networkmap_db_node_to_js_node($node, &$count, &$count_item_holding_area $item['image_width'] = (int)$image_size[0]; $item['image_height'] = (int)$image_size[1]; } + $item['raw_text'] = $node['style']['label']; $item['text'] = io_safe_output($node['style']['label']); $item['shape'] = $node['style']['shape']; switch ($node['type']) { @@ -548,7 +549,7 @@ function networkmap_links_to_js_links($relations, $nodes_graph) { $item['arrow_end'] = 'module'; $item['status_end'] = modules_get_agentmodule_status((int)$id_target_module, false, false, null); $item['id_module_end'] = (int)$id_target_module; - $text_end = io_safe_output(modules_get_agentmodule_name((int)$id_target_module)); + $text_end = modules_get_agentmodule_name((int)$id_target_module); if (preg_match ("/(.+)_ifOperStatus$/" , (string)$text_end, $matches)) { if ($matches[1]) { $item['text_end'] = $matches[1]; @@ -559,7 +560,7 @@ function networkmap_links_to_js_links($relations, $nodes_graph) { $item['arrow_start'] = 'module'; $item['status_start'] = modules_get_agentmodule_status((int)$id_source_module, false, false, null); $item['id_module_start'] = (int)$id_source_module; - $text_start = io_safe_output(modules_get_agentmodule_name((int)$id_source_module)); + $text_start = modules_get_agentmodule_name((int)$id_source_module); if (preg_match ("/(.+)_ifOperStatus$/" , (string)$text_start, $matches)) { if ($matches[1]) { $item['text_start'] = $matches[1]; @@ -874,7 +875,6 @@ function networkmap_loadfile($id = 0, $file = '', modules_get_agentmodule_agent($ids[$node_id]['id_module']); $text = modules_get_agentmodule_name($data['id_module']); - $text = io_safe_output($text); $text = ui_print_truncate_text($text, 'agent_medium', false, true, false, '...', false); @@ -885,7 +885,6 @@ function networkmap_loadfile($id = 0, $file = '', $data['id_agent'] = $ids[$node_id]['id_agent']; $text = agents_get_alias($ids[$node_id]['id_agent']); - $text = io_safe_output($text); $text = ui_print_truncate_text($text, 'agent_medium', false, true, false, '...', false); @@ -975,7 +974,7 @@ function duplicate_networkmap($id) { $values = db_get_row('tmap', 'id', $id); unset($values['id']); $free_name = false; - $values['name'] = io_safe_input(__('Copy of ') . io_safe_output($values['name'])); + $values['name'] = io_safe_input(__('Copy of ')) . $values['name']; $count = 1; while (!$free_name) { $exist = db_get_row_filter('tmap', array('name' => $values['name'])); diff --git a/pandora_console/include/javascript/functions_pandora_networkmap.js b/pandora_console/include/javascript/functions_pandora_networkmap.js index a9c36700a8..f53e055215 100644 --- a/pandora_console/include/javascript/functions_pandora_networkmap.js +++ b/pandora_console/include/javascript/functions_pandora_networkmap.js @@ -240,10 +240,11 @@ function update_node_name(id_db_node) { jQuery.each(graph.nodes, function (i, element) { if (element.id_db == id_db_node) { - graph.nodes[i].text = name; + graph.nodes[i]['text'] = data['text']; + graph.nodes[i]['raw_text'] = data['raw_text']; - $("#id_node_" + i + networkmap_id + " title").html(name); - $("#id_node_" + i + networkmap_id + " tspan").html(name); + $("#id_node_" + i + networkmap_id + " title").html(data['raw_text']); + $("#id_node_" + i + networkmap_id + " tspan").html(data['raw_text']); } }); @@ -664,7 +665,6 @@ function edit_node(data_node, dblClick) { $("#node_options-node_name-2 input") .attr("onclick", "update_node_name(" + node_selected.id_db + ");"); - $("#node_details-0-1").html('' + node_selected["text"] + ''); var params = []; params.push("get_agent_info=1"); params.push("id_agent=" + node_selected["id_agent"]); @@ -676,11 +676,19 @@ function edit_node(data_node, dblClick) { type: 'POST', url: action = "ajax.php", success: function (data) { - var adressess = ""; - for (adress in data['adressess']) { - adressess += adress + "
"; + $("#node_details-0-1").html('' + data['alias'] + ''); + + var addresses = ""; + if (data['adressess'] instanceof Array) { + for (var i; i < data['adressess'].length; i++) { + addresses += data['adressess'][i] + "
"; + } + } else { + for (address in data['adressess']) { + addresses += address + "
"; + } } - $("#node_details-1-1").html(adressess); + $("#node_details-1-1").html(addresses); $("#node_details-2-1").html(data["os"]); $("#node_details-3-1").html(data["group"]); @@ -693,7 +701,7 @@ function edit_node(data_node, dblClick) { $("#dialog_node_edit") .dialog("option", "title", - dialog_node_edit_title.replace("%s", node_selected.text)); + dialog_node_edit_title.replace("%s", node_selected['text'])); // It doesn't eval the possible XSS so it's ok $("#dialog_node_edit").dialog("open"); if (node_selected.id_agent == undefined || node_selected.id_agent == -2) { @@ -701,7 +709,7 @@ function edit_node(data_node, dblClick) { $("#node_options-fictional_node_name") .css("display", ""); $("input[name='edit_name_fictional_node']") - .val(node_selected.text); + .val(node_selected.text); // It doesn't eval the possible XSS so it's ok $("#node_options-fictional_node_networkmap_link") .css("display", ""); $("#edit_networkmap_to_link") @@ -715,7 +723,7 @@ function edit_node(data_node, dblClick) { } else { $("input[name='edit_name_node']") - .val(node_selected.text); + .val(node_selected.text); // It doesn't eval the possible XSS so it's ok $("#node_options-fictional_node_name") .css("display", "none"); $("#node_options-fictional_node_networkmap_link") @@ -866,9 +874,9 @@ function load_interfaces(selected_links) { }); $("#relations_table-template_row-node_source", template_relation_row) - .html(link_each.source.text); + .html(link_each.source['raw_text']); $("#relations_table-template_row-node_target", template_relation_row) - .html(link_each.target.text); + .html(link_each.target['raw_text']); $("#relations_table-template_row-edit", template_relation_row) .attr("align", "center"); $("#relations_table-template_row-edit .delete_icon", template_relation_row) diff --git a/pandora_console/operation/agentes/pandora_networkmap.view.php b/pandora_console/operation/agentes/pandora_networkmap.view.php index 5c5d2969c4..2ebc1447d2 100644 --- a/pandora_console/operation/agentes/pandora_networkmap.view.php +++ b/pandora_console/operation/agentes/pandora_networkmap.view.php @@ -72,7 +72,7 @@ if (is_ajax ()) { if ($update_fictional_point) { $id_node = (int)get_parameter('id_node', 0); - $name = io_safe_output(get_parameter('name', '')); + $name = get_parameter('name', ''); $shape = get_parameter('shape', 0); $radious = (int)get_parameter('radious', 20); $color = get_parameter('color', 0); @@ -123,7 +123,7 @@ if (is_ajax ()) { $id = (int)get_parameter('id', 0); $x = (int)get_parameter('x', 0); $y = (int)get_parameter('y', 0); - $id_agents = io_safe_output(get_parameter('id_agents', '')); + $id_agents = get_parameter('id_agents', ''); $id_agents = json_decode($id_agents, true); if ($id_agents === null) @@ -426,7 +426,7 @@ if (is_ajax ()) { if ($get_agent_pos_search) { $id = (int)get_parameter('id', 0); - $name = io_safe_output((string)get_parameter('name', 0)); + $name = (string)get_parameter('name'); $return = array(); $return['correct'] = true; @@ -447,7 +447,7 @@ if (is_ajax ()) { $id = (int)get_parameter('id', 0); /* q is what autocomplete plugin gives */ - $string = io_safe_output((string) get_parameter ('q')); + $string = (string) get_parameter('q'); $agents = db_get_all_rows_filter('titem', array('id_map' => $id, @@ -459,7 +459,7 @@ if (is_ajax ()) { $data = array(); foreach ($agents as $agent) { $style = json_decode($agent['style'], true); - $data[] = array('name' => io_safe_output($style['label'])); + $data[] = array('name' => $style['label']); } echo json_encode($data); @@ -750,7 +750,7 @@ else { } if (!$dash_mode) { - ui_print_page_header(io_safe_output($networkmap['name']), + ui_print_page_header($networkmap['name'], "images/bricks.png", false, "network_map_enterprise", false, $buttons, false, '', $config['item_title_size_text']); }