diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 5835a587ca..a587238fa6 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,18 @@ +2012-07-02 Juan Manuel Ramon + + * include/javascript/jquery.pandora.js: Changed size of modal + windows to avoid scroll. + + * include/functions_ui.php + include/functions.php: Changes in autorefresh. When user is not + logged then don't autorefresh (except public url of visual console) + + index.php: Restrict get_parameter to post when password in renewed + in login. + + operation/visual_console/public_console.php: Fixed jquery path in + this view. + 2012-06-28 Miguel de Dios * include/functions_config.php: added lost lines for the text sizes diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index b2b9a7aca0..4bd0332250 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -25,6 +25,11 @@ require_once ('functions_html.php'); require_once ('functions_ui.php'); require_once('functions_io.php'); +/** + * Check referer to avoid external attacks + * + * @return bool true if all is ok, false if referer is not equal to current web page + */ function check_refererer() { global $config; diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index bea6f3d6cf..69495e454c 100644 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -1055,14 +1055,16 @@ function ui_require_jquery_file ($name, $path = 'include/javascript/') { */ function ui_process_page_head ($string, $bitfield) { global $config; + global $vc_public_view; if (isset ($config['ignore_callback']) && $config['ignore_callback'] == true) { return; } $output = ''; - - if ($config["refr"] > 0) { + + // If user is logged or displayed view is the public view of visual console + if ($config["refr"] > 0 && (isset($config['id_user']) || $vc_public_view == 1)) { $query = ui_get_url_refresh (false); $output .= ''; @@ -1238,7 +1240,7 @@ function ui_process_page_head ($string, $bitfield) { $output .= "\n".'/* ]]> */'; } else { - $output .= ''."\n\t"; + $output .= ''."\n\t"; } } diff --git a/pandora_console/include/javascript/jquery.pandora.js b/pandora_console/include/javascript/jquery.pandora.js index 14aed14b82..8424b0db5e 100644 --- a/pandora_console/include/javascript/jquery.pandora.js +++ b/pandora_console/include/javascript/jquery.pandora.js @@ -150,8 +150,8 @@ $(document).ready (function () { resizable: true, draggable: true, modal: true, - height: 140, - width: 300, + height: 180, + width: 400, overlay: { opacity: 0.5, background: "black" diff --git a/pandora_console/index.php b/pandora_console/index.php index c0600eb4bf..0297206bc6 100644 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -132,13 +132,13 @@ $sec = safe_url_extraclean ($sec); $process_login = false; // Update user password -$change_pass = get_parameter('renew_password', 0); +$change_pass = get_parameter_post('renew_password', 0); if ($change_pass == 1) { - $password_new = (string) get_parameter ('new_password', ''); - $password_confirm = (string) get_parameter ('confirm_new_password', ''); - $id = (string) get_parameter ('login', ''); + $password_new = (string) get_parameter_post ('new_password', ''); + $password_confirm = (string) get_parameter_post ('confirm_new_password', ''); + $id = (string) get_parameter_post ('login', ''); $changed_pass = login_update_password_check ($password_new, $password_confirm, $id); } diff --git a/pandora_console/operation/visual_console/public_console.php b/pandora_console/operation/visual_console/public_console.php index 4f25295138..5c99eec6d6 100644 --- a/pandora_console/operation/visual_console/public_console.php +++ b/pandora_console/operation/visual_console/public_console.php @@ -26,10 +26,13 @@ echo ''."\n"; echo ''; +global $vc_public_view; +$vc_public_view = true; // This starts the page head. In the call back function, // things from $page['head'] array will be processed into the head ob_start ('ui_process_page_head'); + require ('include/functions_visual_map.php'); // Auto Refresh page (can now be disabled anywhere in the script)