diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php
index cad1dbf91a..d22641d4c7 100755
--- a/pandora_console/include/functions_io.php
+++ b/pandora_console/include/functions_io.php
@@ -590,3 +590,32 @@ function io_output_password($password)
return io_safe_output($plaintext);
}
+
+
+/**
+ * Clean html tags symbols for prevent use JS
+ *
+ * @param string $string String for safe.
+ *
+ * @return string
+ */
+function io_safe_html_tags(string $string)
+{
+ // Must have safe output for work properly.
+ $string = io_safe_output($string);
+ if (strpos($string, '<') !== false && strpos($string, '>') !== false) {
+ $output = strstr($string, '<', true);
+ $tmpOutput = strstr($string, '<');
+ $output .= strstr(substr($tmpOutput, 1), '>', true);
+ $tmpOutput = strstr($string, '>');
+ $output .= substr($tmpOutput, 1);
+ // If the string still contains tags symbols.
+ if (strpos($string, '<') !== false && strpos($string, '>') !== false) {
+ $output = io_safe_html_tags($output);
+ }
+ } else {
+ $output = $string;
+ }
+
+ return $output;
+}
diff --git a/pandora_console/operation/messages/message_edit.php b/pandora_console/operation/messages/message_edit.php
index 2378372a2a..c2ce7529ec 100644
--- a/pandora_console/operation/messages/message_edit.php
+++ b/pandora_console/operation/messages/message_edit.php
@@ -1,9 +1,8 @@
false,
@@ -92,7 +94,7 @@ ui_print_page_header(
// Read a message.
if ($read_message) {
$message_id = (int) get_parameter('id_message');
- if ($show_sent) {
+ if ((bool) $show_sent === true) {
$message = messages_get_message_sent($message_id);
} else {
$message = messages_get_message($message_id);
@@ -196,26 +198,36 @@ if ($read_message) {
return;
}
-// Create message (destination user).
-if (($new_msg) && (!empty($dst_user)) && (!$reply)) {
- $return = messages_create_message(
- $config['id_user'],
- [$dst_user],
- [],
- $subject,
- $message
- );
+if ($send_mes === true) {
+ if (empty($dst_user) === true && empty($dst_group) === true) {
+ // The user or group must be selected for send the message.
+ ui_print_error_message(__('User or group must be selected.'));
+ } else {
+ // Create message (destination user).
+ $return = messages_create_message(
+ $config['id_user'],
+ [$dst_user],
+ [],
+ $subject,
+ $message
+ );
- $user_name = get_user_fullname($dst_user);
- if (!$user_name) {
- $user_name = $dst_user;
+ $user_name = get_user_fullname($dst_user);
+ if (empty($user_name) === true) {
+ $user_name = $dst_user;
+ }
+
+ ui_print_result_message(
+ $return,
+ __('Message successfully sent to user %s', $user_name),
+ __('Error sending message to user %s', $user_name)
+ );
+
+ // If is a reply, is not necessary do more.
+ if ($replied === true) {
+ return;
+ }
}
-
- ui_print_result_message(
- $return,
- __('Message successfully sent to user %s', $user_name),
- __('Error sending message to user %s', $user_name)
- );
}
// Message creation form.
@@ -230,11 +242,7 @@ $table->data = [];
$table->data[0][0] = __('Sender');
-if (!empty($own_info['fullname'])) {
- $table->data[0][1] = $own_info['fullname'];
-} else {
- $table->data[0][1] = $config['id_user'];
-}
+$table->data[0][1] = (empty($own_info['fullname']) === false) ? $own_info['fullname'] : $config['id_user'];
$table->data[1][0] = __('Destination');
@@ -245,7 +253,7 @@ $is_admin = (bool) db_get_value(
$config['id_user']
);
-if ($is_admin) {
+if ($is_admin === true) {
$users_full = db_get_all_rows_filter(
'tusuario',
[],
@@ -264,51 +272,58 @@ if ($is_admin) {
$users = [];
foreach ($users_full as $user_id => $user_info) {
- $users[$user_info['id_user']] = $user_info['fullname'];
+ $users[$user_info['id_user']] = (empty($user_info['fullname']) === true) ? $user_info['id_user'] : $user_info['fullname'];
}
// Check if the user to reply is in the list, if not add reply user.
-if ($reply) {
- if (!array_key_exists($dst_user, $users)) {
- // Add the user to reply.
- $user_reply = db_get_row('tusuario', 'id_user', $dst_user);
- $users[$user_reply['id_user']] = $user_reply['fullname'];
- }
-}
-
-
-if ($own_info['is_admin'] || check_acl($config['id_user'], 0, 'PM')) {
- $return_all_groups = true;
+if ($reply === true) {
+ $table->data[1][1] = (array_key_exists($dst_user, $users) === true) ? $users[$dst_user] : $dst_user;
+ $table->data[1][1] .= html_print_input_hidden(
+ 'dst_user',
+ $dst_user,
+ true
+ );
+ $table->data[1][1] .= html_print_input_hidden(
+ 'replied',
+ '1',
+ true
+ );
} else {
- $return_all_groups = false;
-}
+ $return_all_groups = ((bool) $own_info['is_admin'] === true
+ || check_acl($config['id_user'], 0, 'PM') === true);
-$groups = users_get_groups($config['id_user'], 'AR');
-// Get a list of all groups.
-$table->data[1][1] = html_print_select(
- $users,
- 'dst_user',
- $dst_user,
- '',
- __('Select user'),
- false,
- true,
- false,
- '',
- false
-);
-$table->data[1][1] .= ' '.__('OR').' ';
-$table->data[1][1] .= ''.html_print_select_groups(
- $config['id_user'],
- 'AR',
- $return_all_groups,
- 'dst_group',
- $dst_group,
- '',
- __('Select group'),
- '',
- true
-).'
';
+ $groups = users_get_groups($config['id_user'], 'AR');
+ // Get a list of all groups.
+ $table->data[1][1] = html_print_select(
+ $users,
+ 'dst_user',
+ $dst_user,
+ 'changeStatusOtherSelect(\'dst_user\', \'dst_group\')',
+ __('Select user'),
+ false,
+ true,
+ false,
+ ''
+ );
+ $table->data[1][1] .= ' '.__('OR').' ';
+ $table->data[1][1] .= html_print_div(
+ [
+ 'class' => 'w250px inline',
+ 'content' => html_print_select_groups(
+ $config['id_user'],
+ 'AR',
+ $return_all_groups,
+ 'dst_group',
+ $dst_group,
+ 'changeStatusOtherSelect(\'dst_group\', \'dst_user\')',
+ __('Select group'),
+ '',
+ true
+ ),
+ ],
+ true
+ );
+}
$table->data[2][0] = __('Subject');
$table->data[2][1] = html_print_input_text(
@@ -330,15 +345,40 @@ $table->data[3][1] = html_print_textarea(
true
);
-echo '';
- echo '';
+echo '';
+echo $jsOutput;
\ No newline at end of file