2008-11-17 Evi Vanoost <vanooste@rcbi.rochester.edu>

* operations/snmpconsole/snmp_view.php: Removed 
	lang_string references in favor of __ ()
	
	* index.php: Style updates and function name update
	
	* include/functions_db.php: Removed lang_string function
	
	* include/functions.php: parameter_extra_clean is now 
	safe_url_extraclean. Also updated it slightly
	
	* godmode/admin_access_logs: Updated for style and speed

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1248 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-11-17 15:49:29 +00:00
parent af6a758a9c
commit 89fbb48b11
6 changed files with 109 additions and 126 deletions

View File

@ -1,3 +1,17 @@
2008-11-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
* operations/snmpconsole/snmp_view.php: Removed
lang_string references in favor of __ ()
* index.php: Style updates and function name update
* include/functions_db.php: Removed lang_string function
* include/functions.php: parameter_extra_clean is now
safe_url_extraclean. Also updated it slightly
* godmode/admin_access_logs: Updated for style and speed
2008-11-17 Jorge Gonzalez <jorgegonz@svn.gnome.org>
* pandoradb_data.sql: Added Danish to available languages.

View File

@ -16,7 +16,8 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
require_once ("include/config.php");
check_login ();
@ -28,106 +29,84 @@ if (! give_acl ($config['id_user'], 0, "PM")) {
}
echo "<h2>".__('Pandora audit')." &gt ".__('Review Logs')."</h2>";
if (isset ($_GET["offset"]))
$offset=$_GET["offset"];
else
$offset=0;
$offset = get_parameter ("offset", 0);
$tipo_log = get_parameter ("tipo_log", 'all');
echo "<table width=100%>";
echo "<tr><td>";
echo "<table cellpadding='4' cellspacing='4' class='databox'>";
echo "<tr><td colspan='2' valign='top'>";
echo "<h3>".__('Filter')."</h3></td></tr>";
// Manage GET/POST parameter for subselect on action type. POST parameter are proccessed before GET parameter (if passed)
if (isset ($_GET["tipo_log"])) {
$tipo_log = $_GET["tipo_log"];
$tipo_log_select = " WHERE accion='".$tipo_log."' ";
} elseif (isset ($_POST["tipo_log"])) {
$tipo_log = $_POST["tipo_log"];
if ($tipo_log == "-1"){
$tipo_log_select = "";
unset($tipo_log);
} else {
$tipo_log_select = " WHERE accion='".$tipo_log."' ";
}
} else {
$tipo_log_select= "";
echo '<div style="width:450px; float:left;">';
echo '<h3>'.__('Filter').'</h3>';
// generate select
$rows = get_db_all_rows_sql ("SELECT DISTINCT(accion) FROM tsesion");
if (empty ($rows)) {
$rows = array ();
}
// generate select
echo "<form name='query_sel' method='post' action='index.php?sec=godmode&sec2=godmode/admin_access_logs'>";
echo "<tr><td>".__('Action')."</td><td valign='middle'>";
echo "<select name='tipo_log' onChange='javascript:this.form.submit();'>";
if (isset($tipo_log)) {
echo "<option>".$tipo_log."</option>";
$actions = array ();
foreach ($rows as $row) {
$actions[$row["accion"]] = $row["accion"];
}
echo "<option value='-1'>".__('All')."</option>";
$sql3="SELECT DISTINCT (accion) FROM `tsesion`";
// Prepare index for pagination
$result3=mysql_query($sql3);
while ($row3=mysql_fetch_array($result3)){
if (isset($tipo_log)) {
if ($tipo_log != $row3[0]) {
echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
}
} else {
echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
}
echo '<form name="query_sel" method="post" action="index.php?sec=godmode&sec2=godmode/admin_access_logs">';
echo __('Action').': ';
print_select ($actions, 'tipo_log', $tipo_log, 'this.form.submit();', __('All'), 'all');
echo '<br /><noscript><input name="uptbutton" type="submit" class="sub" value="'.__('Show').'"></noscript>';
echo '</form></div>';
echo '<div style="width:300px; height:140px; float:left;">';
echo '<img src="reporting/fgraph.php?tipo=user_activity&width=300&height=140" />';
echo '</div><div style="clear:both;">&nbsp;</div>';
$filter = '';
if ($tipo_log != 'all') {
$filter = sprintf (" WHERE accion = '%s'", $tipo_log);
}
echo "</select>";
echo "<td valign='middle'><noscript><input name='uptbutton' type='submit' class='sub' value='".__('Show')."'></noscript>";
echo "</table></form>";
echo "</td><td align='right'>";
echo "<img src='reporting/fgraph.php?tipo=user_activity&width=300&height=140'>";
echo "</table>";
$sql = "SELECT COUNT(*) FROM tsesion".$filter;
$count = get_db_sql ($sql);
$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
$sql2="SELECT COUNT(*) FROM tsesion ".$tipo_log_select." ORDER BY fecha DESC";
$result2=mysql_query($sql2);
$row2=mysql_fetch_array($result2);
$counter = $row2[0];
if (isset ($tipo_log))
$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
else
$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs";
pagination ($count, $url, $offset);
// Prepare query and pagination
$query1 = "SELECT * FROM tsesion " . $tipo_log_select." ORDER BY fecha DESC";
if ( $counter > $config["block_size"]) {
pagination ($counter, $url, $offset);
$query1 .= " LIMIT $offset , ".$config["block_size"];
$sql = sprintf ("SELECT * FROM tsesion%s ORDER BY fecha DESC LIMIT %d, %d", $filter, $offset, $config["block_size"]);
$result = get_db_all_rows_sql ($sql);
if (empty ($result)) {
$result = array ();
}
$result=mysql_query($query1);
// table header
echo '<table cellpadding="4" cellspacing="4" width="700" class="databox">';
echo '<tr>';
echo '<th width="80px">'.__('User').'</th>';
echo '<th>'.__('Action').'</th>';
echo '<th width="130px">'.__('Date').'</th>';
echo '<th width="100px">'.__('Source IP').'</th>';
echo '<th width="200px">'.__('Comments').'</th>';
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->width = 700;
$table->class = "databox";
$table->size = array ();
$table->data = array ();
$table->head = array ();
$table->head[0] = __('User');
$table->head[1] = __('Action');
$table->head[2] = __('Date');
$table->head[3] = __('Source IP');
$table->head[4] = __('Comments');
$table->size[0] = 80;
$table->size[2] = 130;
$table->size[3] = 100;
$table->size[4] = 200;
$color=1;
// Get data
while ($row=mysql_fetch_array($result)) {
if ($color == 1){
$tdcolor = "datos";
$color = 0;
}
else {
$tdcolor = "datos2";
$color = 1;
}
echo '<tr><td class="'.$tdcolor.'_id">'.$row["ID_usuario"];
echo '<td class="'.$tdcolor.'">'.$row["accion"];
echo '<td class="'.$tdcolor.'f9">'.$row["fecha"];
echo '<td class="'.$tdcolor.'f9">'.$row["IP_origen"];
echo '<td class="'.$tdcolor.'">'.$row["descripcion"];
echo '</tr>';
foreach ($result as $row) {
$data = array ();
$data[0] = $row["ID_usuario"];
$data[1] = $row["accion"];
$data[2] = $row["fecha"];
$data[3] = $row["IP_origen"];
$data[4] = $row["descripcion"];
array_push ($table->data, $data);
}
// end table
echo "</table>";
print_table ($table);
?>

View File

@ -148,15 +148,18 @@ function entrada_limpia ($string) {
*
* @return
*/
function parameter_extra_clean ($string) {
function safe_url_extraclean ($string) {
/* Clean "://" from the strings
See: http://seclists.org/lists/incidents/2004/Jul/0034.html
*/
$pos = strpos ($string, "://");
if ($pos != 0)
$string = substr_replace ($string, "", $pos, +3);
if ($pos != 0) {
//Strip the string from (protocol[://] to protocol[://] + 125 chars)
$string = substr ($string, $pos + 3, $pos + 128);
} else {
$string = substr ($string, 0, 125);
}
/* Strip the string to 125 characters */
$string = substr_replace ($string, "", 125);
return preg_replace ('/[^a-z0-9_\/]/i', '', $string);
}

View File

@ -1898,18 +1898,6 @@ function __ ($string) {
return $l10n->translate ($string);
}
/**
* Get a translated string. (DEPRECATED IN FAVOR OF __ )
* Calls to the __ function will automatically be picked up by the translators
*
* @param string String to translate
*
* @return The translated string. If not defined, the same string will be returned
*/
function lang_string ($string) {
return __ ($string);
}
/**
* Get the numbers of servers up.
*

View File

@ -28,32 +28,32 @@ global $pandora_version;
// Set to 1 to do not check for installer or config file (for development!).
$develop_bypass = 0;
if ($develop_bypass != 1){
if ($develop_bypass != 1) {
// If no config file, automatically try to install
if (! file_exists("include/config.php")){
if (!file_exists("install.php")){
if (! file_exists ("include/config.php")) {
if (! file_exists ("install.php")) {
include ("general/error_noconfig.php");
exit;
} else
} else {
include ("install.php");
exit;
exit;
}
}
// Check for installer presence
if (file_exists("install.php")){
if (file_exists ("install.php")) {
include "general/error_install.php";
exit;
}
// Check perms for config.php
if ((substr(sprintf('%o', fileperms('include/config.php')), -4) != "0600") &&
(substr(sprintf('%o', fileperms('include/config.php')), -4) != "0660") &&
(substr(sprintf('%o', fileperms('include/config.php')), -4) != "0640"))
{
if ((substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0600") &&
(substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0660") &&
(substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0640")) {
include "general/error_perms.php";
exit;
}
}
if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))){
if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))) {
include ("general/error_noconfig.php");
exit;
}
@ -78,7 +78,7 @@ $config["pure"] = get_parameter ("pure", 0);
// Auto Refresh page
$intervalo = get_parameter ("refr", 0);
if ($intervalo > 0){
if ($intervalo > 0) {
// Agent selection filters and refresh
$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
@ -209,13 +209,13 @@ $sec2 = "";
$sec = "";
if (isset ($_GET["sec2"])) {
$sec2 = get_parameter_get ('sec2');
$sec2 = parameter_extra_clean ($sec2);
$sec2 = safe_url_extraclean ($sec2);
$page = $sec2;
}
if (isset ($_GET["sec"])) {
$sec = get_parameter_get ('sec');
$sec = parameter_extra_clean ($sec);
$sec = safe_url_extraclean ($sec);
$page = $sec2;
}
@ -277,5 +277,4 @@ if ($config["pure"] == 0) {
}
echo '</body></html>';
?>
?>

View File

@ -145,23 +145,23 @@ if ($config["pure"] == 1) {
}
// Agent select
$table->data[0][0] = '<strong>'.lang_string ('Agent').'</strong>';
$table->data[0][0] = '<strong>'.__('Agent').'</strong>';
$table->data[0][1] = print_select ($agents, 'filter_agent', $filter_agent, 'javascript:this.form.submit();', __('All'), '', true);
// OID select
$table->data[0][2] = '<strong>'.lang_string ('OID').'</strong>';
$table->data[0][2] = '<strong>'.__('OID').'</strong>';
$table->data[0][3] = print_select ($oids, 'filter_oid', $filter_oid, 'javascript:this.form.submit();', __('All'), '', true);
// Alert status select
$table->data[1][0] = '<strong>' . __('Alert') . '</strong>';
$table->data[1][0] = '<strong>'.__('Alert').'</strong>';
$table->data[1][1] = print_select ($alerted, "filter_fired", $filter_fired, 'javascript:this.form.submit();', __('All'), '-1', true);
// String search_string
$table->data[1][2] = '<strong>' . __('Search value') . '</strong>';
$table->data[1][2] = '<strong>'.__('Search value').'</strong>';
$table->data[1][3] = print_input_text ('search_string', $search_string, '', 25, 0, true);
// Block size for pagination select
$table->data[2][0] = '<strong>' . __('Block size for pagination') . '</strong>';
$table->data[2][0] = '<strong>'.__('Block size for pagination').'</strong>';
$lpagination[25]=25;
$lpagination[50]=50;
$lpagination[100]=100;
@ -170,7 +170,7 @@ $lpagination[500]=500;
$table->data[2][1] = print_select ($lpagination, "pagination", $config["block_size"], 'javascript:this.form.submit();', __('Default'), $config["block_size"], true);
// Severity select
$table->data[2][2] = '<strong>'.lang_string ('Severity').'</strong>';
$table->data[2][2] = '<strong>'.__('Severity').'</strong>';
$table->data[2][3] = print_select ($severities, 'filter_severity', $filter_severity, 'javascript:this.form.submit();', __('All'), -1, true);
print_table ($table);