Merge branch 'ent-7097-varios-bugs-mensajes' into 'develop'

Ent 7097 varios bugs mensajes Closes pandora_enterprise#7097 See merge request artica/pandorafms!3996
2025-07-28 08:14:38 +02:00 · 2021-05-06 12:25:03 +00:00 · 2021-05-06 12:25:03 +00:00 · 8b3ad8602a
commit 8b3ad8602a
parent 6db71ec0fb cf4b62d4d7
2 changed files with 156 additions and 87 deletions
--- a/pandora_console/include/functions_io.php
+++ b/pandora_console/include/functions_io.php
@ -590,3 +590,32 @@ function io_output_password($password)
    return io_safe_output($plaintext);
 }
 /**
 * Clean html tags symbols for prevent use JS
 *
 * @param string $string String for safe.
 *
 * @return string
 */
 function io_safe_html_tags(string $string)
 {
    // Must have safe output for work properly.
    $string = io_safe_output($string);
    if (strpos($string, '<') !== false && strpos($string, '>') !== false) {
        $output = strstr($string, '<', true);
        $tmpOutput = strstr($string, '<');
        $output .= strstr(substr($tmpOutput, 1), '>', true);
        $tmpOutput = strstr($string, '>');
        $output .= substr($tmpOutput, 1);
        // If the string still contains tags symbols.
        if (strpos($string, '<') !== false && strpos($string, '>') !== false) {
            $output = io_safe_html_tags($output);
        }
    } else {
        $output = $string;
    }
    return $output;
 }
--- a/pandora_console/operation/messages/message_edit.php
+++ b/pandora_console/operation/messages/message_edit.php
@ -1,9 +1,8 @@
 <?php
 /**
- * Extension to manage a list of gateways and the node address where they should
+ * Message Edition.
 * point to.
 *
- * @category   Extensions
+ * @category   Workspace
 * @package    Pandora FMS
 * @subpackage Community
 * @version    1.0.0
@ -27,6 +26,7 @@
 * ============================================================================
 */
 // Begin.
 global $config;
 require_once 'include/functions_users.php';
@ -34,14 +34,16 @@ require_once 'include/functions_groups.php';
 require_once 'include/functions_io.php';
 // Parse parameters.
-$new_msg = get_parameter('new_msg', 0);
+$send_mes     = (bool) get_parameter('send_mes', false);
-$dst_user = get_parameter('dst_user');
+$new_msg      = (string) get_parameter('new_msg');
-$dst_group = get_parameter('dst_group');
+$dst_user     = get_parameter('dst_user');
-$subject = get_parameter('subject', '');
+$dst_group    = get_parameter('dst_group');
-$message = get_parameter('message');
+$subject      = io_safe_html_tags(get_parameter('subject'));
-$read_message = get_parameter('read_message', 0);
+$message      = (string) get_parameter('message');
-$reply = get_parameter('reply', 0);
+$read_message = (bool) get_parameter('read_message', false);
-$show_sent = get_parameter('show_sent', 0);
+$reply        = (bool) get_parameter('reply', false);
 $replied      = (bool) get_parameter('replied', false);
 $show_sent    = get_parameter('show_sent', 0);
 $buttons['message_list'] = [
    'active' => false,
@ -92,7 +94,7 @@ ui_print_page_header(
 // Read a message.
 if ($read_message) {
    $message_id = (int) get_parameter('id_message');
-    if ($show_sent) {
+    if ((bool) $show_sent === true) {
        $message = messages_get_message_sent($message_id);
    } else {
        $message = messages_get_message($message_id);
@ -196,26 +198,36 @@ if ($read_message) {
    return;
 }
-// Create message (destination user).
+if ($send_mes === true) {
-if (($new_msg) && (!empty($dst_user)) && (!$reply)) {
+    if (empty($dst_user) === true && empty($dst_group) === true) {
-    $return = messages_create_message(
+        // The user or group must be selected for send the message.
-        $config['id_user'],
+        ui_print_error_message(__('User or group must be selected.'));
-        [$dst_user],
+    } else {
-        [],
+        // Create message (destination user).
-        $subject,
+        $return = messages_create_message(
-        $message
+            $config['id_user'],
-    );
+            [$dst_user],
            [],
            $subject,
            $message
        );
-    $user_name = get_user_fullname($dst_user);
+        $user_name = get_user_fullname($dst_user);
-    if (!$user_name) {
+        if (empty($user_name) === true) {
-        $user_name = $dst_user;
+            $user_name = $dst_user;
        }
        ui_print_result_message(
            $return,
            __('Message successfully sent to user %s', $user_name),
            __('Error sending message to user %s', $user_name)
        );
        // If is a reply, is not necessary do more.
        if ($replied === true) {
            return;
        }
    }
    ui_print_result_message(
        $return,
        __('Message successfully sent to user %s', $user_name),
        __('Error sending message to user %s', $user_name)
    );
 }
 // Message creation form.
@ -230,11 +242,7 @@ $table->data = [];
 $table->data[0][0] = __('Sender');
-if (!empty($own_info['fullname'])) {
+$table->data[0][1] = (empty($own_info['fullname']) === false) ? $own_info['fullname'] : $config['id_user'];
    $table->data[0][1] = $own_info['fullname'];
 } else {
    $table->data[0][1] = $config['id_user'];
 }
 $table->data[1][0] = __('Destination');
@ -245,7 +253,7 @@ $is_admin = (bool) db_get_value(
    $config['id_user']
 );
-if ($is_admin) {
+if ($is_admin === true) {
    $users_full = db_get_all_rows_filter(
        'tusuario',
        [],
@ -264,51 +272,58 @@ if ($is_admin) {
 $users = [];
 foreach ($users_full as $user_id => $user_info) {
-    $users[$user_info['id_user']] = $user_info['fullname'];
+    $users[$user_info['id_user']] = (empty($user_info['fullname']) === true) ? $user_info['id_user'] : $user_info['fullname'];
 }
 // Check if the user to reply is in the list, if not add reply user.
-if ($reply) {
+if ($reply === true) {
-    if (!array_key_exists($dst_user, $users)) {
+    $table->data[1][1] = (array_key_exists($dst_user, $users) === true) ? $users[$dst_user] : $dst_user;
-        // Add the user to reply.
+    $table->data[1][1] .= html_print_input_hidden(
-        $user_reply = db_get_row('tusuario', 'id_user', $dst_user);
+        'dst_user',
-        $users[$user_reply['id_user']] = $user_reply['fullname'];
+        $dst_user,
-    }
+        true
-}
+    );
-
+    $table->data[1][1] .= html_print_input_hidden(
-
+        'replied',
-if ($own_info['is_admin'] || check_acl($config['id_user'], 0, 'PM')) {
+        '1',
-    $return_all_groups = true;
+        true
    );
 } else {
-    $return_all_groups = false;
+    $return_all_groups = ((bool) $own_info['is_admin'] === true
-}
+    || check_acl($config['id_user'], 0, 'PM') === true);
-$groups = users_get_groups($config['id_user'], 'AR');
+    $groups = users_get_groups($config['id_user'], 'AR');
-// Get a list of all groups.
+    // Get a list of all groups.
-$table->data[1][1] = html_print_select(
+    $table->data[1][1] = html_print_select(
-    $users,
+        $users,
-    'dst_user',
+        'dst_user',
-    $dst_user,
+        $dst_user,
-    '',
+        'changeStatusOtherSelect(\'dst_user\', \'dst_group\')',
-    __('Select user'),
+        __('Select user'),
-    false,
+        false,
-    true,
+        true,
-    false,
+        false,
-    '',
+        ''
-    false
+    );
-);
+    $table->data[1][1] .= '&nbsp;&nbsp;'.__('OR').'&nbsp;&nbsp;';
-$table->data[1][1] .= '&nbsp;&nbsp;'.__('OR').'&nbsp;&nbsp;';
+    $table->data[1][1] .= html_print_div(
-$table->data[1][1] .= '<div class="w250px inline">'.html_print_select_groups(
+        [
-    $config['id_user'],
+            'class'   => 'w250px inline',
-    'AR',
+            'content' => html_print_select_groups(
-    $return_all_groups,
+                $config['id_user'],
-    'dst_group',
+                'AR',
-    $dst_group,
+                $return_all_groups,
-    '',
+                'dst_group',
-    __('Select group'),
+                $dst_group,
-    '',
+                'changeStatusOtherSelect(\'dst_group\', \'dst_user\')',
-    true
+                __('Select group'),
-).'</div>';
+                '',
                true
            ),
        ],
        true
    );
 }
 $table->data[2][0] = __('Subject');
 $table->data[2][1] = html_print_input_text(
@ -330,15 +345,40 @@ $table->data[3][1] = html_print_textarea(
    true
 );
-echo '<form method="post" action="index.php?sec=message_list&amp;sec2=operation/messages/message_edit&amp;new_msg=1">';
+$jsOutput = '';
-html_print_table($table);
+ob_start();
 ?>
 <script type="text/javascript">
    function changeStatusOtherSelect(myId, otherId) {
        if (document.getElementById(myId).value !== "") {
            if (otherId === "dst_group") {
                $('#'+otherId).select2('val', '0');
            } else {
                document.getElementById(otherId).value = "";
            }
        }
    }
 </script>
 <?php
 $jsOutput = ob_get_clean();
-echo '<div class="action-buttons" style="width: '.$table->width.'">';
+echo '<form method="post" action="index.php?sec=message_list&amp;sec2=operation/messages/message_edit&amp;new_msg=1">';
-    html_print_submit_button(
+// Print the main table.
-        __('Send message'),
+html_print_table($table);
-        'send_mes',
+// Print the action buttons section.
-        false,
+html_print_div(
-        'class="sub wand"'
+    [
-    );
+        'class'   => 'action-buttons',
-    echo '</form>';
+        'style'   => 'width: '.$table->width,
-    echo '</div>';
+        'content' => html_print_submit_button(
            __('Send message'),
            'send_mes',
            false,
            'class="sub wand"',
            true
        ),
    ]
 );
 echo '</form>';
 echo $jsOutput;