From 89fbb48b112029cc1ed3d10a0e3b363df4406a5e Mon Sep 17 00:00:00 2001
From: guruevi <noreply@pandorafms.org>
Date: Mon, 17 Nov 2008 15:49:29 +0000
Subject: [PATCH] 2008-11-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
* operations/snmpconsole/snmp_view.php: Removed
lang_string references in favor of __ ()
* index.php: Style updates and function name update
* include/functions_db.php: Removed lang_string function
* include/functions.php: parameter_extra_clean is now
safe_url_extraclean. Also updated it slightly
* godmode/admin_access_logs: Updated for style and speed
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1248 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
pandora_console/ChangeLog | 14 ++
pandora_console/godmode/admin_access_logs.php | 155 ++++++++----------
pandora_console/include/functions.php | 11 +-
pandora_console/include/functions_db.php | 12 --
pandora_console/index.php | 31 ++--
.../operation/snmpconsole/snmp_view.php | 12 +-
6 files changed, 109 insertions(+), 126 deletions(-)
diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index b71ce3168a..f47a1c47f7 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,17 @@
+2008-11-17 Evi Vanoost <vanooste@rcbi.rochester.edu>
+
+ * operations/snmpconsole/snmp_view.php: Removed
+ lang_string references in favor of __ ()
+
+ * index.php: Style updates and function name update
+
+ * include/functions_db.php: Removed lang_string function
+
+ * include/functions.php: parameter_extra_clean is now
+ safe_url_extraclean. Also updated it slightly
+
+ * godmode/admin_access_logs: Updated for style and speed
+
2008-11-17 Jorge Gonzalez <jorgegonz@svn.gnome.org>
* pandoradb_data.sql: Added Danish to available languages.
diff --git a/pandora_console/godmode/admin_access_logs.php b/pandora_console/godmode/admin_access_logs.php
index 38a0e7549f..ab3bca87fd 100644
--- a/pandora_console/godmode/admin_access_logs.php
+++ b/pandora_console/godmode/admin_access_logs.php
@@ -16,7 +16,8 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
-require("include/config.php");
+
+require_once ("include/config.php");
check_login ();
@@ -28,106 +29,84 @@ if (! give_acl ($config['id_user'], 0, "PM")) {
}
echo "<h2>".__('Pandora audit')." > ".__('Review Logs')."</h2>";
-if (isset ($_GET["offset"]))
- $offset=$_GET["offset"];
-else
- $offset=0;
+$offset = get_parameter ("offset", 0);
+$tipo_log = get_parameter ("tipo_log", 'all');
-echo "<table width=100%>";
-echo "<tr><td>";
-echo "<table cellpadding='4' cellspacing='4' class='databox'>";
-echo "<tr><td colspan='2' valign='top'>";
-echo "<h3>".__('Filter')."</h3></td></tr>";
-// Manage GET/POST parameter for subselect on action type. POST parameter are proccessed before GET parameter (if passed)
-if (isset ($_GET["tipo_log"])) {
- $tipo_log = $_GET["tipo_log"];
- $tipo_log_select = " WHERE accion='".$tipo_log."' ";
-} elseif (isset ($_POST["tipo_log"])) {
- $tipo_log = $_POST["tipo_log"];
- if ($tipo_log == "-1"){
- $tipo_log_select = "";
- unset($tipo_log);
- } else {
- $tipo_log_select = " WHERE accion='".$tipo_log."' ";
- }
-} else {
- $tipo_log_select= "";
+echo '<div style="width:450px; float:left;">';
+echo '<h3>'.__('Filter').'</h3>';
+
+// generate select
+
+$rows = get_db_all_rows_sql ("SELECT DISTINCT(accion) FROM tsesion");
+if (empty ($rows)) {
+ $rows = array ();
}
-// generate select
-echo "<form name='query_sel' method='post' action='index.php?sec=godmode&sec2=godmode/admin_access_logs'>";
-echo "<tr><td>".__('Action')."</td><td valign='middle'>";
-echo "<select name='tipo_log' onChange='javascript:this.form.submit();'>";
-if (isset($tipo_log)) {
- echo "<option>".$tipo_log."</option>";
+$actions = array ();
+
+foreach ($rows as $row) {
+ $actions[$row["accion"]] = $row["accion"];
}
-echo "<option value='-1'>".__('All')."</option>";
-$sql3="SELECT DISTINCT (accion) FROM `tsesion`";
-// Prepare index for pagination
-$result3=mysql_query($sql3);
-while ($row3=mysql_fetch_array($result3)){
- if (isset($tipo_log)) {
- if ($tipo_log != $row3[0]) {
- echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
- }
- } else {
- echo "<option value='".$row3[0]."'>".$row3[0]."</option>";
- }
+
+echo '<form name="query_sel" method="post" action="index.php?sec=godmode&sec2=godmode/admin_access_logs">';
+echo __('Action').': ';
+print_select ($actions, 'tipo_log', $tipo_log, 'this.form.submit();', __('All'), 'all');
+echo '<br /><noscript><input name="uptbutton" type="submit" class="sub" value="'.__('Show').'"></noscript>';
+echo '</form></div>';
+
+echo '<div style="width:300px; height:140px; float:left;">';
+echo '<img src="reporting/fgraph.php?tipo=user_activity&width=300&height=140" />';
+echo '</div><div style="clear:both;"> </div>';
+
+$filter = '';
+if ($tipo_log != 'all') {
+ $filter = sprintf (" WHERE accion = '%s'", $tipo_log);
}
-echo "</select>";
-echo "<td valign='middle'><noscript><input name='uptbutton' type='submit' class='sub' value='".__('Show')."'></noscript>";
-echo "</table></form>";
-echo "</td><td align='right'>";
-echo "<img src='reporting/fgraph.php?tipo=user_activity&width=300&height=140'>";
-echo "</table>";
+$sql = "SELECT COUNT(*) FROM tsesion".$filter;
+$count = get_db_sql ($sql);
+$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
-$sql2="SELECT COUNT(*) FROM tsesion ".$tipo_log_select." ORDER BY fecha DESC";
-$result2=mysql_query($sql2);
-$row2=mysql_fetch_array($result2);
-$counter = $row2[0];
-if (isset ($tipo_log))
- $url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
-else
- $url = "index.php?sec=godmode&sec2=godmode/admin_access_logs";
+pagination ($count, $url, $offset);
-// Prepare query and pagination
-$query1 = "SELECT * FROM tsesion " . $tipo_log_select." ORDER BY fecha DESC";
-if ( $counter > $config["block_size"]) {
- pagination ($counter, $url, $offset);
- $query1 .= " LIMIT $offset , ".$config["block_size"];
+
+$sql = sprintf ("SELECT * FROM tsesion%s ORDER BY fecha DESC LIMIT %d, %d", $filter, $offset, $config["block_size"]);
+$result = get_db_all_rows_sql ($sql);
+
+if (empty ($result)) {
+ $result = array ();
}
-$result=mysql_query($query1);
-// table header
-echo '<table cellpadding="4" cellspacing="4" width="700" class="databox">';
-echo '<tr>';
-echo '<th width="80px">'.__('User').'</th>';
-echo '<th>'.__('Action').'</th>';
-echo '<th width="130px">'.__('Date').'</th>';
-echo '<th width="100px">'.__('Source IP').'</th>';
-echo '<th width="200px">'.__('Comments').'</th>';
+$table->cellpadding = 4;
+$table->cellspacing = 4;
+$table->width = 700;
+$table->class = "databox";
+$table->size = array ();
+$table->data = array ();
+$table->head = array ();
+
+$table->head[0] = __('User');
+$table->head[1] = __('Action');
+$table->head[2] = __('Date');
+$table->head[3] = __('Source IP');
+$table->head[4] = __('Comments');
+
+$table->size[0] = 80;
+$table->size[2] = 130;
+$table->size[3] = 100;
+$table->size[4] = 200;
-$color=1;
// Get data
-while ($row=mysql_fetch_array($result)) {
- if ($color == 1){
- $tdcolor = "datos";
- $color = 0;
- }
- else {
- $tdcolor = "datos2";
- $color = 1;
- }
- echo '<tr><td class="'.$tdcolor.'_id">'.$row["ID_usuario"];
- echo '<td class="'.$tdcolor.'">'.$row["accion"];
- echo '<td class="'.$tdcolor.'f9">'.$row["fecha"];
- echo '<td class="'.$tdcolor.'f9">'.$row["IP_origen"];
- echo '<td class="'.$tdcolor.'">'.$row["descripcion"];
- echo '</tr>';
+foreach ($result as $row) {
+ $data = array ();
+ $data[0] = $row["ID_usuario"];
+ $data[1] = $row["accion"];
+ $data[2] = $row["fecha"];
+ $data[3] = $row["IP_origen"];
+ $data[4] = $row["descripcion"];
+ array_push ($table->data, $data);
}
-// end table
-echo "</table>";
+print_table ($table);
?>
diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php
index 5c84ae7c03..51e7e4ecd5 100644
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@@ -148,15 +148,18 @@ function entrada_limpia ($string) {
*
* @return
*/
-function parameter_extra_clean ($string) {
+function safe_url_extraclean ($string) {
/* Clean "://" from the strings
See: http://seclists.org/lists/incidents/2004/Jul/0034.html
*/
$pos = strpos ($string, "://");
- if ($pos != 0)
- $string = substr_replace ($string, "", $pos, +3);
+ if ($pos != 0) {
+ //Strip the string from (protocol[://] to protocol[://] + 125 chars)
+ $string = substr ($string, $pos + 3, $pos + 128);
+ } else {
+ $string = substr ($string, 0, 125);
+ }
/* Strip the string to 125 characters */
- $string = substr_replace ($string, "", 125);
return preg_replace ('/[^a-z0-9_\/]/i', '', $string);
}
diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php
index 2d887a4065..b2f0613ab3 100644
--- a/pandora_console/include/functions_db.php
+++ b/pandora_console/include/functions_db.php
@@ -1898,18 +1898,6 @@ function __ ($string) {
return $l10n->translate ($string);
}
-/**
- * Get a translated string. (DEPRECATED IN FAVOR OF __ )
- * Calls to the __ function will automatically be picked up by the translators
- *
- * @param string String to translate
- *
- * @return The translated string. If not defined, the same string will be returned
- */
-function lang_string ($string) {
- return __ ($string);
-}
-
/**
* Get the numbers of servers up.
*
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 692c17fcaf..daa69b3fef 100644
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -28,32 +28,32 @@ global $pandora_version;
// Set to 1 to do not check for installer or config file (for development!).
$develop_bypass = 0;
-if ($develop_bypass != 1){
+if ($develop_bypass != 1) {
// If no config file, automatically try to install
- if (! file_exists("include/config.php")){
- if (!file_exists("install.php")){
+ if (! file_exists ("include/config.php")) {
+ if (! file_exists ("install.php")) {
include ("general/error_noconfig.php");
exit;
- } else
+ } else {
include ("install.php");
- exit;
+ exit;
+ }
}
// Check for installer presence
- if (file_exists("install.php")){
+ if (file_exists ("install.php")) {
include "general/error_install.php";
exit;
}
// Check perms for config.php
- if ((substr(sprintf('%o', fileperms('include/config.php')), -4) != "0600") &&
- (substr(sprintf('%o', fileperms('include/config.php')), -4) != "0660") &&
- (substr(sprintf('%o', fileperms('include/config.php')), -4) != "0640"))
- {
+ if ((substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0600") &&
+ (substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0660") &&
+ (substr (sprintf ('%o', fileperms('include/config.php')), -4) != "0640")) {
include "general/error_perms.php";
exit;
}
}
-if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))){
+if ((! file_exists("include/config.php")) || (! is_readable("include/config.php"))) {
include ("general/error_noconfig.php");
exit;
}
@@ -78,7 +78,7 @@ $config["pure"] = get_parameter ("pure", 0);
// Auto Refresh page
$intervalo = get_parameter ("refr", 0);
-if ($intervalo > 0){
+if ($intervalo > 0) {
// Agent selection filters and refresh
$query = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE ? 's': '') . '://' . $_SERVER['SERVER_NAME'];
if ($_SERVER['SERVER_PORT'] != 80 && (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == TRUE && $_SERVER['SERVER_PORT'] != 443))
@@ -209,13 +209,13 @@ $sec2 = "";
$sec = "";
if (isset ($_GET["sec2"])) {
$sec2 = get_parameter_get ('sec2');
- $sec2 = parameter_extra_clean ($sec2);
+ $sec2 = safe_url_extraclean ($sec2);
$page = $sec2;
}
if (isset ($_GET["sec"])) {
$sec = get_parameter_get ('sec');
- $sec = parameter_extra_clean ($sec);
+ $sec = safe_url_extraclean ($sec);
$page = $sec2;
}
@@ -277,5 +277,4 @@ if ($config["pure"] == 0) {
}
echo '</body></html>';
-
-?>
+?>
\ No newline at end of file
diff --git a/pandora_console/operation/snmpconsole/snmp_view.php b/pandora_console/operation/snmpconsole/snmp_view.php
index 6ec0be2bd1..2c7b32bcf0 100644
--- a/pandora_console/operation/snmpconsole/snmp_view.php
+++ b/pandora_console/operation/snmpconsole/snmp_view.php
@@ -145,23 +145,23 @@ if ($config["pure"] == 1) {
}
// Agent select
-$table->data[0][0] = '<strong>'.lang_string ('Agent').'</strong>';
+$table->data[0][0] = '<strong>'.__('Agent').'</strong>';
$table->data[0][1] = print_select ($agents, 'filter_agent', $filter_agent, 'javascript:this.form.submit();', __('All'), '', true);
// OID select
-$table->data[0][2] = '<strong>'.lang_string ('OID').'</strong>';
+$table->data[0][2] = '<strong>'.__('OID').'</strong>';
$table->data[0][3] = print_select ($oids, 'filter_oid', $filter_oid, 'javascript:this.form.submit();', __('All'), '', true);
// Alert status select
-$table->data[1][0] = '<strong>' . __('Alert') . '</strong>';
+$table->data[1][0] = '<strong>'.__('Alert').'</strong>';
$table->data[1][1] = print_select ($alerted, "filter_fired", $filter_fired, 'javascript:this.form.submit();', __('All'), '-1', true);
// String search_string
-$table->data[1][2] = '<strong>' . __('Search value') . '</strong>';
+$table->data[1][2] = '<strong>'.__('Search value').'</strong>';
$table->data[1][3] = print_input_text ('search_string', $search_string, '', 25, 0, true);
// Block size for pagination select
-$table->data[2][0] = '<strong>' . __('Block size for pagination') . '</strong>';
+$table->data[2][0] = '<strong>'.__('Block size for pagination').'</strong>';
$lpagination[25]=25;
$lpagination[50]=50;
$lpagination[100]=100;
@@ -170,7 +170,7 @@ $lpagination[500]=500;
$table->data[2][1] = print_select ($lpagination, "pagination", $config["block_size"], 'javascript:this.form.submit();', __('Default'), $config["block_size"], true);
// Severity select
-$table->data[2][2] = '<strong>'.lang_string ('Severity').'</strong>';
+$table->data[2][2] = '<strong>'.__('Severity').'</strong>';
$table->data[2][3] = print_select ($severities, 'filter_severity', $filter_severity, 'javascript:this.form.submit();', __('All'), -1, true);
print_table ($table);