From d3971a3f909d73400a481c090b876541756e933e Mon Sep 17 00:00:00 2001
From: Ramon Novoa <rnovoa@artica.es>
Date: Fri, 25 Oct 2019 11:07:21 +0200
Subject: [PATCH 1/5] Encode the agent alias with HTML entities.

Ref pandora_enterprise#3584
---
 pandora_server/lib/PandoraFMS/Core.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm
index ae67d5ca70..f575d8e02b 100644
--- a/pandora_server/lib/PandoraFMS/Core.pm
+++ b/pandora_server/lib/PandoraFMS/Core.pm
@@ -3258,7 +3258,7 @@ sub pandora_create_agent ($$$$$$$$$$;$$$$$$$$$$) {
 	                                                 'custom_id' => $custom_id,
 	                                                 'url_address' => $url_address,
 	                                                 'timezone_offset' => $timezone_offset,
-	                                                 'alias' => $alias,
+	                                                 'alias' => safe_input($alias),
 													 'update_module_count' => 1, # Force to replicate in metaconsole
 	                                                });                           
 	                                                

From 2a24e223350502d78ccee2794f491e894f9bbc41 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Fri, 25 Oct 2019 12:23:00 +0200
Subject: [PATCH 2/5] Avoid close cron sessions while gc

---
 pandora_console/include/load_session.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pandora_console/include/load_session.php b/pandora_console/include/load_session.php
index 80fb8643ef..4caa2d86fa 100644
--- a/pandora_console/include/load_session.php
+++ b/pandora_console/include/load_session.php
@@ -191,8 +191,7 @@ function pandora_session_gc($max_lifetime=300)
     );
 
     // Deleting cron and empty sessions.
-    $sql = "DELETE FROM tsessions_php WHERE 
-        data IS NULL OR id_session REGEXP '^cron-'";
+    $sql = 'DELETE FROM tsessions_php WHERE data IS NULL';
     db_process_sql($sql);
 
     return $retval;

From a2e96270a7a6b0a40cbf8d84c5ea1b05045c0615 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Fri, 25 Oct 2019 12:24:02 +0200
Subject: [PATCH 3/5] Avoid close cron sessions while gc

---
 pandora_console/include/load_session.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pandora_console/include/load_session.php b/pandora_console/include/load_session.php
index 4caa2d86fa..7d06cea88d 100644
--- a/pandora_console/include/load_session.php
+++ b/pandora_console/include/load_session.php
@@ -161,7 +161,7 @@ function pandora_session_gc($max_lifetime=300)
     if (isset($config['session_timeout'])) {
         $session_timeout = $config['session_timeout'];
     } else {
-        // if $config doesn`t work ...
+        // If $config doesn`t work ...
         $session_timeout = db_get_value(
             'value',
             'tconfig',
@@ -170,9 +170,9 @@ function pandora_session_gc($max_lifetime=300)
         );
     }
 
-    if (!empty($session_timeout)) {
+    if (empty($session_timeout) === false) {
         if ($session_timeout == -1) {
-            // The session expires in 10 years
+            // The session expires in 10 years.
             $session_timeout = 315576000;
         } else {
             $session_timeout *= 60;
@@ -198,7 +198,7 @@ function pandora_session_gc($max_lifetime=300)
 }
 
 
-// FIXME: SAML should work with pandora session handlers
+// TODO: SAML should work with pandora session handlers.
 if (db_get_value('value', 'tconfig', 'token', 'auth') != 'saml') {
     $result_handler = session_set_save_handler(
         'pandora_session_open',

From 440874d436adfa3ced14e5421646f2e332facbec Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Fri, 25 Oct 2019 12:51:33 +0200
Subject: [PATCH 4/5] More controls for phantom web2image

---
 pandora_console/include/chart_generator.php | 119 ++++++++++++--------
 pandora_console/include/web2image.js        |  56 +++++++++
 2 files changed, 128 insertions(+), 47 deletions(-)

diff --git a/pandora_console/include/chart_generator.php b/pandora_console/include/chart_generator.php
index cdd1b88460..0d1d138ae6 100644
--- a/pandora_console/include/chart_generator.php
+++ b/pandora_console/include/chart_generator.php
@@ -1,16 +1,32 @@
 <?php
-// Pandora FMS - http://pandorafms.com
-// ==================================================
-// Copyright (c) 2005-2018 Artica Soluciones Tecnologicas
-// Please see http://pandorafms.org for full contribution list
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation for version 2.
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-// Global & session manageme
+/**
+ * Generate charts with given parameters.
+ *
+ * @category   ChartGenerator.
+ * @package    Pandora FMS
+ * @subpackage Opensource.
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */
+
+// Begin.
 require_once 'config.php';
 
 require_once __DIR__.'/config.php';
@@ -26,6 +42,29 @@ require_once $config['homedir'].'/include/functions_agents.php';
 require_once $config['homedir'].'/include/functions_tags.php';
 
 
+/**
+ * Echo to stdout a PhantomJS callback call.
+ *
+ * @return void
+ */
+function echoPhantomCallback()
+{
+    ?>
+    <script type="text/javascript">
+        $('document').ready(function () {
+            setTimeout(function () {
+                try {
+                    var status = window.callPhantom({ status: "loaded" });
+                } catch (error) {
+                    console.log("CALLBACK ERROR", error.message)
+                }
+            }, 100);
+        });
+    </script>
+    <?php
+}
+
+
 // Initialize session.
 global $config;
 
@@ -48,17 +87,7 @@ if (check_login(false) === false) {
 </head>
 <body>
     <h1>Access is not granted</h1>
-    <script type="text/javascript">
-        $('document').ready(function () {
-            setTimeout(function () {
-                try {
-                    var status = window.callPhantom({ status: "loaded" });
-                } catch (error) {
-                    console.log("CALLBACK ERROR", error.message)
-                }
-            }, 100);
-        });
-    </script>
+    <?php echoPhantomCallback(); ?>
 </body>
 </html>
 
@@ -76,11 +105,18 @@ if ($config['metaconsole'] && !empty($server_id)) {
     $server = metaconsole_get_connection_by_id($server_id);
     // Error connecting.
     if (metaconsole_connect($server) !== NOERR) {
-        echo '<html>';
-            echo '<body>';
-                ui_print_error_message(__('There was a problem connecting with the node'));
-            echo '</body>';
-        echo '</html>';
+        ?>
+        <html>
+        <body>
+        <?php
+        ui_print_error_message(
+            __('There was a problem connecting with the node')
+        );
+        echoPhantomCallback();
+        ?>
+        </body>
+        </html>
+        <?php
         exit;
     }
 }
@@ -125,16 +161,18 @@ if (file_exists('languages/'.$user_language.'.mo') === true) {
     <body bgcolor="#ffffff" style='background:#ffffff;'>
     <?php
     $params['only_image'] = false;
-        $params['width']      = (int) $_REQUEST['viewport_width'];
-        $params['menu']       = false;
+    $params['width'] = (int) $_REQUEST['viewport_width'];
+    $params['menu'] = false;
 
-    if ((!isset($params['width']) || ($params['width'] <= 0))) {
+    if ((isset($params['width']) === false
+        || ($params['width'] <= 0))
+    ) {
         $params['width'] = 650;
     }
 
         $params_combined = json_decode($_REQUEST['data_combined'], true);
-        $module_list     = json_decode($_REQUEST['data_module_list'], true);
-        $type_graph_pdf  = $_REQUEST['type_graph_pdf'];
+        $module_list = json_decode($_REQUEST['data_module_list'], true);
+        $type_graph_pdf = $_REQUEST['type_graph_pdf'];
 
         echo '<div>';
     switch ($type_graph_pdf) {
@@ -253,20 +291,7 @@ if (file_exists('languages/'.$user_language.'.mo') === true) {
     }
 
         echo '</div>';
-
+        echoPhantomCallback();
     ?>
-
-    <script type="text/javascript">
-        $('document').ready(function () {
-            setTimeout(function () {
-                try {
-                    var status = window.callPhantom({ status: "loaded" });
-                } catch (error) {
-                    console.log("CALLBACK ERROR", error.message)
-                }
-            }, 100);
-        });
-    </script>
-
     </body>
 </html>
diff --git a/pandora_console/include/web2image.js b/pandora_console/include/web2image.js
index 29bac30e76..9c1ed0237c 100644
--- a/pandora_console/include/web2image.js
+++ b/pandora_console/include/web2image.js
@@ -50,6 +50,44 @@ if (type_graph_pdf == "combined") {
 
 var page = require("webpage").create();
 
+page.settings.resourceTimeout = 3600000; // 1 hour
+page.onResourceTimeout = function(e) {
+  console.log(e.errorCode);
+  console.log(e.errorString);
+  console.log(e.url);
+  phantom.exit(1);
+};
+
+page.onResourceError = function(resourceError) {
+  console.log(
+    "Unable to load resource (#" +
+      resourceError.id +
+      "URL:" +
+      resourceError.url +
+      ")"
+  );
+  console.log(
+    "Error code: " +
+      resourceError.errorCode +
+      ". Description: " +
+      resourceError.errorString
+  );
+  phantom.exit(1);
+};
+
+page.onUrlChanged = function(targetUrl) {
+  if (url == targetUrl) {
+    phantom.exit(1);
+  }
+  url = targetUrl;
+};
+
+// Not supposed to be prompted messages.
+page.onPrompt = function() {
+  console.log("Prompt message detected.");
+  phantom.exit(1);
+};
+
 page.viewportSize = {
   width: viewport_width,
   height: viewport_height
@@ -84,3 +122,21 @@ page.open(url, "POST", post_data, function(status) {
     phantom.exit();
   }
 });
+
+phantom.onError = function(msg, trace) {
+  var msgStack = ["PHANTOM ERROR: " + msg];
+  if (trace && trace.length) {
+    msgStack.push("TRACE:");
+    trace.forEach(function(t) {
+      msgStack.push(
+        " -> " +
+          (t.file || t.sourceURL) +
+          ": " +
+          t.line +
+          (t.function ? " (in function " + t.function + ")" : "")
+      );
+    });
+  }
+  console.log(msgStack.join("\n"));
+  phantom.exit(1);
+};

From 21dd69706d209d383f72a66b106c502334f8b3f0 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Fri, 25 Oct 2019 13:16:06 +0200
Subject: [PATCH 5/5] web2image

---
 pandora_console/include/web2image.js | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/pandora_console/include/web2image.js b/pandora_console/include/web2image.js
index 9c1ed0237c..8e2887aa26 100644
--- a/pandora_console/include/web2image.js
+++ b/pandora_console/include/web2image.js
@@ -50,14 +50,6 @@ if (type_graph_pdf == "combined") {
 
 var page = require("webpage").create();
 
-page.settings.resourceTimeout = 3600000; // 1 hour
-page.onResourceTimeout = function(e) {
-  console.log(e.errorCode);
-  console.log(e.errorString);
-  console.log(e.url);
-  phantom.exit(1);
-};
-
 page.onResourceError = function(resourceError) {
   console.log(
     "Unable to load resource (#" +
@@ -75,13 +67,6 @@ page.onResourceError = function(resourceError) {
   phantom.exit(1);
 };
 
-page.onUrlChanged = function(targetUrl) {
-  if (url == targetUrl) {
-    phantom.exit(1);
-  }
-  url = targetUrl;
-};
-
 // Not supposed to be prompted messages.
 page.onPrompt = function() {
   console.log("Prompt message detected.");