2006-07-11 Sancho Lerena <slerena@gmail.com>

* config.php: Replaced default font for use in graphs to use FreeSans.ttf * FreeSans.ttf: added to SVN repository. * fpgraph.php: Fixed problem with Call-time pass-by-reference in PHP. * functions.php: Updated parametro_limpio() security function to parse better. Includes a regular expression to purge %00 expresions. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@125 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2006-07-11 15:33:55 +00:00 · 2006-07-11 15:33:55 +00:00 · 99e15a255f
parent f6bd27dae7
commit 99e15a255f
5 changed files with 38 additions and 19 deletions
--- a/pandora_console/CHANGELOG
+++ b/pandora_console/CHANGELOG
@ -1,3 +1,15 @@
+2006-07-11  Sancho Lerena  <slerena@gmail.com>
+
+	* config.php: Replaced default font for use in graphs to use FreeSans.ttf
+
+	* FreeSans.ttf: added to SVN repository.
+
+	* fpgraph.php: Fixed problem with Call-time pass-by-reference in PHP.
+
+	* functions.php: Updated parametro_limpio() security function to parse better. 
+	Includes a regular expression to purge %00 expresions.
+
+
 2006-07-11  Raul Mateos  <raulofpandora@gmail.com>

 	* user_edit.php: Add new text about authors. Add a line between table and button. Add different colors between rows (cosmetic changes).
--- a/pandora_console/include/FreeSans.ttf
+++ b/pandora_console/include/FreeSans.ttf
--- a/pandora_console/include/config.php
+++ b/pandora_console/include/config.php
@ -21,8 +21,8 @@

 //Pandora Version

-$build_version="PC060630"; //PCddmmyy
-$pandora_version="v1.2 Beta 2"; 
+$build_version="PC060710"; //PCddmmyy
+$pandora_version="v1.2 Beta 3"; 

 // Database configuration
 $dbname="pandora";	// MySQL DataBase
@ -31,7 +31,7 @@ $dbpassword="pandora";	// Password
 $dbhost="localhost";	// MySQL Host
 $dbtype="mysql"; 	// Type of Database, now only "mysql" its supported
 $attachment_store="/var/www/pandora_console";	//This is directory where placed "attachment" directory, to upload files stores. This MUST be writtable by wwwserver user, and should be in pandora root. Please append "/" to the end :-)
-$config_fontpath = "/usr/share/fonts/truetype/msttcorefonts/arial.ttf";
+$config_fontpath = "/var/www/pandora_console/include/FreeSans.ttf";


 // Read rest of config from DB
@ -68,4 +68,4 @@ if ($language_code == 'ast_es') {
 	}
 else $help_code = substr($language_code,0,2);

-?>
+?>
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@ -221,16 +221,16 @@ function entrada_limpia ($texto){
 // ---------------------------------------------------------------

 function parametro_limpio($texto){
-
 	// Metemos comprobaciones de seguridad para los includes de paginas pasados por parametro
-    // Gracias Raul (http://seclists.org/lists/incidents/2004/Jul/0034.html)
-    // Consiste en purgar los http:// de las cadenas
-    $pos = strpos($texto,"://");	// quitamos la parte "fea" de http:// o ftp:// o telnet:// :-)))
-    if ($pos <> 0)
-    	$texto = substr_replace($texto,"",$pos,+3);   
-    // limitamos la entrada de datos por parametros a 125 caracteres
-    $texto = substr_replace($texto,"",125);
-    return $texto;
+	// Gracias Raul (http://seclists.org/lists/incidents/2004/Jul/0034.html)
+	// Consiste en purgar los http:// de las cadenas
+	$pos = strpos($texto,"://");	// quitamos la parte "fea" de http:// o ftp:// o telnet:// :-)))
+	if ($pos <> 0)
+	$texto = substr_replace($texto,"",$pos,+3);   
+	// limitamos la entrada de datos por parametros a 125 caracteres
+	$texto = substr_replace($texto,"",125);
+	$safe = preg_replace('/[^a-z0-9_\/]/i','',$texto);
+	return $safe;
 }

 // ---------------------------------------------------------------
--- a/pandora_console/reporting/fgraph.php
+++ b/pandora_console/reporting/fgraph.php
@ -247,11 +247,19 @@ function grafico_modulo_sparse($id_agente_modulo, $periodo, $intervalo, $etiquet
 		);
 	
 	modulo_grafico_draw ( 	$Graph_param, 
-				&$etiq_base, 
+				$etiq_base, 
 				array('Maximum','Average','Minimum'),
 				array (	&$valores_max, &$grafica, &$valores_min ), 
-				&$datax
-				);
+				$datax
+				); // Replaced pass by reference   (slerena, 11 Jul06)
+	/*  PHP Warning:  Call-time pass-by-reference has
+	been deprecated - argument pass
+	ed by value;  If you would like to pass it by reference, modify the
+	declaration of [runtime function
+ 	name]().  If you would like to enable call-time pass-by-reference,
+	you can set allow_call_time_pass
+	_reference to true in your INI file.  However, future versions may not
+	support this any longer.  */
 }
 	
 	
@ -376,17 +384,16 @@ function modulo_grafico_draw( $MGD_param, $MGD_labels, $MGD_data_name, $MGD_data
 					$Dataset_events->addPoint(
 						$MGD_event_data[$cc][$nn], 
 						ceil($MGD_param['valor_maximo'] / 7) + $MGD_param['valor_maximo']);
-					}
+				}
 				$Plot =& $Plotarea->addNew('Plot_Impulse', array(&$Dataset_events));
 				$Plot->setLineColor($cc?'green@0.5':'red@0.5'); 
 				$Marker_event =& Image_Graph::factory('Image_Graph_Marker_Diamond');
 				$Plot->setMarker($Marker_event);
 				$Marker_event->setFillColor($cc?'green@0.5':'red@0.5');
 				$Marker_event->setLineColor('black');
-				}
 			}
 		}
-	
+	}
 	
 	$Graph->done(); 
 	// 30.06.06 dervitx end