2006-07-11 Sancho Lerena <slerena@gmail.com>

* config.php: Replaced default font for use in graphs to use FreeSans.ttf

	* FreeSans.ttf: added to SVN repository.

	* fpgraph.php: Fixed problem with Call-time pass-by-reference in PHP.

	* functions.php: Updated parametro_limpio() security function to parse better. 
	Includes a regular expression to purge %00 expresions.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@125 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/CHANGELOG

@@ -1,3 +1,15 @@
+2006-07-11  Sancho Lerena  <slerena@gmail.com>
+
+	* config.php: Replaced default font for use in graphs to use FreeSans.ttf
+
+	* FreeSans.ttf: added to SVN repository.
+
+	* fpgraph.php: Fixed problem with Call-time pass-by-reference in PHP.
+
+	* functions.php: Updated parametro_limpio() security function to parse better. 
+	Includes a regular expression to purge %00 expresions.
+
+
 2006-07-11  Raul Mateos  <raulofpandora@gmail.com>
 
 	* user_edit.php: Add new text about authors. Add a line between table and button. Add different colors between rows (cosmetic changes).

pandora_console/include/config.php

@@ -21,8 +21,8 @@
 
 //Pandora Version
 
-$build_version="PC060630"; //PCddmmyy
-$pandora_version="v1.2 Beta 2"; 
+$build_version="PC060710"; //PCddmmyy
+$pandora_version="v1.2 Beta 3"; 
 
 // Database configuration
 $dbname="pandora";	// MySQL DataBase
@@ -31,7 +31,7 @@ $dbpassword="pandora";	// Password
 $dbhost="localhost";	// MySQL Host
 $dbtype="mysql"; 	// Type of Database, now only "mysql" its supported
 $attachment_store="/var/www/pandora_console";	//This is directory where placed "attachment" directory, to upload files stores. This MUST be writtable by wwwserver user, and should be in pandora root. Please append "/" to the end :-)
-$config_fontpath = "/usr/share/fonts/truetype/msttcorefonts/arial.ttf";
+$config_fontpath = "/var/www/pandora_console/include/FreeSans.ttf";
 
 
 // Read rest of config from DB

pandora_console/include/functions.php

@@ -221,7 +221,6 @@ function entrada_limpia ($texto){
 // ---------------------------------------------------------------
 
 function parametro_limpio($texto){
-
 	// Metemos comprobaciones de seguridad para los includes de paginas pasados por parametro
 	// Gracias Raul (http://seclists.org/lists/incidents/2004/Jul/0034.html)
 	// Consiste en purgar los http:// de las cadenas
@@ -230,7 +229,8 @@ function parametro_limpio($texto){
 	$texto = substr_replace($texto,"",$pos,+3);   
 	// limitamos la entrada de datos por parametros a 125 caracteres
 	$texto = substr_replace($texto,"",125);
-    return $texto;
+	$safe = preg_replace('/[^a-z0-9_\/]/i','',$texto);
+	return $safe;
 }
 
 // ---------------------------------------------------------------

pandora_console/reporting/fgraph.php

@@ -247,11 +247,19 @@ function grafico_modulo_sparse($id_agente_modulo, $periodo, $intervalo, $etiquet
 		);
 	
 	modulo_grafico_draw ( 	$Graph_param, 
-				&$etiq_base, 
+				$etiq_base, 
 				array('Maximum','Average','Minimum'),
 				array (	&$valores_max, &$grafica, &$valores_min ), 
-				&$datax
-				);
+				$datax
+				); // Replaced pass by reference   (slerena, 11 Jul06)
+	/*  PHP Warning:  Call-time pass-by-reference has
+	been deprecated - argument pass
+	ed by value;  If you would like to pass it by reference, modify the
+	declaration of [runtime function
+ 	name]().  If you would like to enable call-time pass-by-reference,
+	you can set allow_call_time_pass
+	_reference to true in your INI file.  However, future versions may not
+	support this any longer.  */
 }
 	
 	
@@ -387,7 +395,6 @@ function modulo_grafico_draw( $MGD_param, $MGD_labels, $MGD_data_name, $MGD_data
 		}
 	}
 	
-	
 	$Graph->done(); 
 	// 30.06.06 dervitx end
 }