2009-02-17 Evi Vanoost <vanooste@rcbi.rochester.edu>

* general/login_page.php: Fixed HTML and use print_image function * include/functions.php: Added version compare for alternative to double encoding HTML for PHP < 5.2.3 * include/functions_ui.php: Check for empty string on print_string_substr so we don't print empty spans * include/functions_html.php: Better validation and correct output on print_input_text_extended. Now accepts an array for attributes * operations/user/user.php, operations/user/user_edit.php, godmode/user/user_list.php: Small cosmetic fixes * index.php: flush and print closing html tag on exits. This prevents automatic flushing to print tags after </html>. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1463 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2009-02-17 18:20:04 +00:00 · 2009-02-17 18:20:04 +00:00 · 6fb154591d
parent b5f580239a
commit 6fb154591d
9 changed files with 111 additions and 60 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,22 @@
+2009-02-17  Evi Vanoost  <vanooste@rcbi.rochester.edu>
+
+	* general/login_page.php: Fixed HTML and use print_image function
+	
+	* include/functions.php: Added version compare for alternative to
+	double encoding HTML for PHP < 5.2.3
+	
+	* include/functions_ui.php: Check for empty string on print_string_substr
+	so we don't print empty spans
+	
+	* include/functions_html.php: Better validation and correct output on
+	print_input_text_extended. Now accepts an array for attributes
+	
+	* operations/user/user.php, operations/user/user_edit.php, 
+	godmode/user/user_list.php: Small cosmetic fixes
+	
+	* index.php: flush and print closing html tag on exits. This prevents
+	automatic flushing to print tags after </html>.
+
 2009-02-17  Esteban Sanchez  <estebans@artica.es>

 	* godmode/agentes/module_manager_editor.php: Added
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@ -25,7 +25,7 @@ if (!empty ($page) && !empty ($sec)) {
 }

 echo '<div class="databox" id="login">
-	<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br>
+	<h1 id="log">'.__('Pandora FMS Web Console').'</h1><br />
 	<div class="databox" id="login_in">
 		<form method="post" action="index.php'.$url.'">
 		<table cellpadding="4" cellspacing="1" width="400">';
@ -49,8 +49,8 @@ if (!empty ($page) && !empty ($sec)) {

 // Replace the following with your own URL and logo.
 // A mashup of the Pandora FMS logo and your companies highly preferred
-echo '<a href="http://pandorafms.org" title="Go to pandorafms.org..." alt="Pandora FMS - Free Monitoring System">';
-echo '<img src="images/pandora_logo.png" border="0" alt="logo" />';
+echo '<a href="http://pandorafms.org" title="Go to pandorafms.org...">';
+print_image ("images/pandora_logo.png", false, array ("alt" => "logo", "border" => 0));
 echo '</a><br />';

 // This prints the current pandora console version.
--- a/pandora_console/godmode/users/user_list.php
+++ b/pandora_console/godmode/users/user_list.php
@ -65,7 +65,7 @@ $info = array ();
 $info = get_users ();

 foreach ($info as $user_id => $user_info) {
-	$data[0] = '<a href="index.php?sec=gusuarios&sec2=godmode/users/configure_user&id='.$user_id.'">'.$user_id.'</a>';
+	$data[0] = '<a href="index.php?sec=gusuarios&amp;sec2=godmode/users/configure_user&amp;id='.$user_id.'">'.$user_id.'</a>';
 	$data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>';
 	$data[1] .= __('First name').': '.$user_info["firstname"].'<br />';
 	$data[1] .= __('Last name').': '.$user_info["lastname"].'<br />';
@ -75,9 +75,9 @@ foreach ($info as $user_id => $user_info) {
 	$data[2] = print_timestamp ($user_info["last_connect"], true);
 	
 	if ($user_info["is_admin"]) {
-		$data[3] = '<img src="images/user_suit.png" />&nbsp;';
+		$data[3] = print_image ("images/user_suit.png", true, array ("alt" => __('Admin'), "title" => __('Administrator'))).'&nbsp;';
 	} else {
-		$data[3] = '<img src="images/user_green.png" />&nbsp;';
+		$data[3] = print_image ("images/user_green.png", true, array ("alt" => __('User'), "title" => __('Standard User'))).'&nbsp;';
 	}
 	
 	$data[3] .= '<a href="#" class="tip"><span>';
@ -103,7 +103,7 @@ foreach ($info as $user_id => $user_info) {
 	array_push ($table->data, $data);
 }

-echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/user_list&user_del=1">';
+echo '<form method="post" action="index.php?sec=gusuarios&amp;sec2=godmode/users/user_list&amp;user_del=1">';
 print_table ($table);
 echo '</form>';
 unset ($table);
@ -111,7 +111,7 @@ unset ($table);
 	
 echo '<div style="width:680px; text-align:right">';
 if ($config["admin_can_add_user"] !== false) {
-	echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/configure_user&create=1">';
+	echo '<form method="post" action="index.php?sec=gusuarios&amp;sec2=godmode/users/configure_user&amp;create=1">';
 	print_submit_button (__('Create user'), "crt", false, 'class="sub next"');
 	echo '</form>';
 } else {
@ -170,7 +170,7 @@ foreach ($profiles as $profile) {
 	array_push ($table->data, $data);
 }

-echo '<form method="post" action="index.php?sec=gusuarios&sec2=godmode/users/user_list&profile_del=1">';
+echo '<form method="post" action="index.php?sec=gusuarios&amp;sec2=godmode/users/user_list&amp;profile_del=1">';
 print_table ($table);
 echo '</form>';
 unset ($table);
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@ -34,11 +34,19 @@ define ('ENTERPRISE_NOT_HOOK', -1);
 function safe_input ($value) {
 	if (is_numeric ($value))
 		return $value;
+
 	if (is_array ($value)) {
 		array_walk ($value, 'safe_input');
 		return $value;
 	}
-	return htmlentities (utf8_encode ($value), ENT_QUOTES, "UTF-8", false); 
+
+	if (version_compare(PHP_VERSION, '5.2.3') === 1) {
+		return htmlentities (utf8_encode ($value), ENT_QUOTES, "UTF-8", false);
+	} else {
+		$translation_table = get_html_translation_table (HTML_ENTITIES,ENT_QUOTES);
+		$translation_table[chr(38)] = '&';
+		return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&amp;", strtr ($value, $translation_table));
+	}
 }

 /**
--- a/pandora_console/include/functions_html.php
+++ b/pandora_console/include/functions_html.php
@ -130,12 +130,12 @@ function print_select_from_sql ($sql, $name, $selected = '', $script = '', $noth
 * @param string $name Input name.
 * @param string $value Input value.
 * @param string $id Input HTML id.
- * @param string $alt Alternative HTML string.
+ * @param string $alt Do not use, invalid for text and password. Use print_input_image
 * @param int $size Size of the input.
 * @param int $maxlength Maximum length allowed.
 * @param bool $disabled Disable the button (optional, button enabled by default).
 * @param string $script JavaScript to attach to this 
- * @param string $attributes Attributes to add to this tag
+ * @param mixed $attributes Attributes to add to this tag. Should be an array for correction.
 * @param bool $return Whether to return an output string or echo now (optional, echo by default).
 * @param bool $password Whether it is a password input or not. Not password by default.
 *
@ -146,38 +146,50 @@ function print_input_text_extended ($name, $value, $id, $alt, $size, $maxlength,
 	
 	++$idcounter;
 	
-	$type = $password ? 'password' : 'text';
+	$valid_attrs = array ("accept", "disabled", "maxlength", "name", "readonly", "size", "value",
+					"accesskey", "class", "dir", "id", "lang", "style", "tabindex", "title", "xml:lang",
+					"onfocus", "onblur", "onselect", "onchange", "onclick", "ondblclick", "onmousedown", 
+					"onmouseup", "onmouseover", "onmousemove", "onmouseout", "onkeypress", "onkeydown", "onkeyup");

-	if (empty ($name)) {
-		$name = 'unnamed';
-	}
-	
-	if (empty ($alt)) {
-		$alt = 'textfield';
-	}
-	
-	if (! empty ($maxlength)) {
-		$maxlength = ' maxlength="'.$maxlength.'" ';
-	}
-	
-	$output = '<input name="'.$name.'" type="'.$type.'" value="'.$value.'" size="'.$size.'" '.$maxlength.' alt="'.$alt.'" ';
+	$output = '<input '.($password ? 'type="password" ' : 'type="text" ');

-	if ($id != '') {
-		$output .= ' id="'.$id.'"';
+	if ($disabled && (!is_array ($attributes) || !array_key_exists ("disabled", $attributes))) {
+		$output .= 'readonly="readonly" ';
+	}
+				
+	if (is_array ($attributes)) {
+		foreach ($attributes as $attribute => $value) {
+			if (!in_array ($valid_attrs)) {
+				continue;
+			}
+			$output .= $attribute.'="'.$value.'" ';
+		}
 	} else {
-		$htmlid = 'text-'.sprintf ('%04d', $idcounter);
-		$output .= ' id="'.$htmlid.'"';
+		$output .= trim ($attributes)." ";
+		$attributes = array ();
 	}
-	if ($disabled) //We want readonly, not disabled - disabled disables copying from the field as well
-		$output .= ' readonly="readonly"';
 	
-	if ($attributes != '')
-		$output .= ' '.$attributes;
-	$output .= ' />';
+	//Attributes specified by function call
+	$attrs = array ("name" => "unnamed", "value" => "", "id" => "text-".sprintf ('%04d', $idcounter), "size" => "", "maxlength" => "");
+
+	foreach ($attrs as $attribute => $default) {
+		if (array_key_exists ($attribute, $attributes)) {
+			continue;
+		} //If the attribute was already processed, skip
+		
+		if ($$attribute) {
+			$output .= $attribute.'="'.$$attribute.'" ';
+		} elseif ($default != '') {
+			$output .= $attribute.'="'.$default.'" ';
+		}
+	}
+
+	$output .= '/>';
 	
-	if ($return)
-		return $output;
-	echo $output;
+	if (!$return)
+		echo $output;
+	
+	return $output;
 }

 /**
@ -238,7 +250,10 @@ function print_input_text ($name, $value, $alt = '', $size = 50, $maxlength = 0,
 * @return string HTML code if return parameter is true.
 */
 function print_input_image ($name, $src, $value, $style = '', $return = false) {
-	$output = '<input id="image-'.$name.'" src="'.$src.'" style="'.$style.'" name="'.$name.'" type="image" value="'.$value.'" />';
+	static $idcounter = 0;
+	
+	++$idcounter;
+	$output = '<input id="image-'.$name.$idcounter.'" src="'.$src.'" style="'.$style.'" name="'.$name.'" type="image" value="'.$value.'" />';
 	
 	if ($return)
 		return $output;
@ -278,16 +293,18 @@ function print_input_hidden ($name, $value, $return = false) {
 * @return string HTML code if return parameter is true.
 */
 function print_submit_button ($label = 'OK', $name = '', $disabled = false, $attributes = '', $return = false) {
-	$output = '';
-
-	$output .= '<input type="submit" id="submit-'.$name.'" name="'.$name.'" value="'. $label .'" '. $attributes;
+	if (!$name) {
+		$name="unnamed";
+	} 
+	
+	$output = '<input type="submit" id="submit-'.$name.'" name="'.$name.'" value="'. $label .'" '. $attributes;
 	if ($disabled)
 		$output .= ' disabled="disabled"';
 	$output .= ' />';
-	if ($return)
-		return $output;
-
-	echo $output;
+	if (!$return)
+		echo $output;
+	
+	return $output;
 }

 /**
--- a/pandora_console/include/functions_ui.php
+++ b/pandora_console/include/functions_ui.php
@ -314,6 +314,9 @@ function format_alert_row ($alert, $compound = false, $agent = true, $url = '')
 * @return An HTML string
 */
 function print_string_substr ($string, $cutoff = 16, $return = false) {
+	if (empty ($string)) {
+		return "";
+	}
 	$string = '<span title="'.safe_input ($string).'">'.mb_substr ($string, 0, $cutoff, "UTF-8").(mb_strlen ($string. "UTF-8") > $cutoff ? '...' : '').'</span>';
 	if ($return === false) {
 		echo $string;
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -137,7 +137,8 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) {
 	} else {
 		require_once ('general/login_page.php');
 		audit_db ("system", $REMOTE_ADDR, "Logon Failed (loginhash", "");
-		exit;
+		while (@ob_end_flush ());
+		exit ("</html>");
 	}
 } elseif (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {
 	// Login process 
@ -165,13 +166,14 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) {
 		$login_failed = true;
 		require_once ('general/login_page.php');
 		audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick);
-		exit;
+		while (@ob_end_flush ());
+		exit ("</html>");
 	}
 } elseif (! isset ($_SESSION['id_usuario'])) {
 	// There is no user connected
 	require_once ('general/login_page.php');
-	echo '</body></html>';
-	exit;
+	while (@ob_end_flush ());
+	exit ("</html>");
 } else {
 	// There is session for id_usuario
 	$config["id_user"] = $_SESSION["id_usuario"];
@ -183,7 +185,8 @@ if (isset ($_GET["bye"])) {
 	$iduser = $_SESSION["id_usuario"];
 	logoff_db ($iduser, $REMOTE_ADDR);
 	session_unregister ("id_usuario");
-	exit;
+	while (@ob_end_flush ());
+	exit ("</html>");
 }

 // http://es2.php.net/manual/en/ref.session.php#64525
@ -244,4 +247,4 @@ if ($config["pure"] == 0) {
 echo '</div>'; //container div
 while (@ob_end_flush ());
 echo '</html>';
-?>
+?>
--- a/pandora_console/operation/users/user.php
+++ b/pandora_console/operation/users/user.php
@ -22,7 +22,7 @@ require_once ("include/config.php");

 check_login ();

-echo '<h2>'.__('Pandora users').' &gt '.__('Users defined in Pandora').'</h2>';
+echo '<h2>'.__('Pandora users').' &gt; '.__('Users defined in Pandora').'</h2>';

 $table->cellpadding = 4;
 $table->cellspacing = 4;
@ -49,7 +49,7 @@ if (give_acl ($config["id_user"], 0, "UM") == 1) {
 }

 foreach ($info as $user_id => $user_info) {
-	$data[0] = '<a href="index.php?sec=usuarios&sec2=operation/users/user_edit&id='.$user_id.'">'.$user_id.'</a>';
+	$data[0] = '<a href="index.php?sec=usuarios&amp;sec2=operation/users/user_edit&amp;id='.$user_id.'">'.$user_id.'</a>';
 	$data[1] = $user_info["fullname"].'<a href="#" class="tip"><span>';
 	$data[1] .= __('First name').': '.$user_info["firstname"].'<br />';
 	$data[1] .= __('Last name').': '.$user_info["lastname"].'<br />';
@ -59,14 +59,14 @@ foreach ($info as $user_id => $user_info) {
 	$data[2] = print_timestamp ($user_info["last_connect"], true);
 	
 	if ($user_info["is_admin"]) {
-		$data[3] = '<img src="images/user_suit.png" />&nbsp;';
+		$data[3] = print_image ("images/user_suit.png", true, array ("alt" => __('Admin'), "title" => __('Administrator'))).'&nbsp;';
 	} else {
-		$data[3] = '<img src="images/user_green.png" />&nbsp;';
+		$data[3] = print_image ("images/user_green.png", true, array ("alt" => __('User'), "title" => __('Standard User'))).'&nbsp;';
 	}
 	
 	$data[3] .= '<a href="#" class="tip"><span>';
 	$result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_id);
-	if ($result !== false) {
+	if (!empty ($result)) {
 		foreach ($result as $row) {
 			$data[3] .= get_profile_name ($row["id_perfil"]);
 			$data[3] .= " / ";
@ -79,6 +79,7 @@ foreach ($info as $user_id => $user_info) {
 	$data[3] .= "</span></a>";
 	
 	$data[4] = print_string_substr ($user_info["comments"], 24, true);
+	
 	array_push ($table->data, $data);
 }

--- a/pandora_console/operation/users/user_edit.php
+++ b/pandora_console/operation/users/user_edit.php
@ -58,9 +58,9 @@ if (isset ($_GET["modified"]) && !$view_mode) {

 echo "<h2>".__('Pandora users')." &gt; ".__('User detail editor')."</h2>";

-echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&sec2=operation/users/user_edit&modified=1&id='.$id.'">';
+echo '<form name="user_mod" method="post" action="index.php?sec=usuarios&amp;sec2=operation/users/user_edit&amp;modified=1&amp;id='.$id.'">';

-echo '<table cellpadding="4" cellspacing="4" class="databox_color" width="600px">';
+echo '<table cellpadding="4" cellspacing="4" class="databox_color" width="600">';

 echo '<tr><td class="datos">'.__('User ID').'</td>';
 echo '<td class="datos">';
@ -95,7 +95,7 @@ echo '</td></tr><tr><td class="datos">'.__('Phone number').'</td><td class="dato
 print_input_text_extended ("phone", $user_info["phone"], '', '', '', '', $view_mode, '', 'class="input"');

 echo '</td></tr><tr><td class="datos2">'.__('Comments').'</td><td class="datos2">';
-print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly' : ''));
+print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly="readonly"' : ''));
 
 echo '</td></tr></table>';