From 67ade2fccd3981ed4f14a106638173a0df847bb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Mon, 6 Jun 2022 16:35:02 +0200
Subject: [PATCH 1/5] Improved error message

---
 .../godmode/setup/file_manager.php            | 23 ++++++-
 .../include/functions_filemanager.php         | 16 +++++
 pandora_console/include/get_file.php          | 60 ++++++++++++++-----
 3 files changed, 80 insertions(+), 19 deletions(-)

diff --git a/pandora_console/godmode/setup/file_manager.php b/pandora_console/godmode/setup/file_manager.php
index 201eb2507c..6f54f2f0a8 100644
--- a/pandora_console/godmode/setup/file_manager.php
+++ b/pandora_console/godmode/setup/file_manager.php
@@ -31,7 +31,7 @@ global $config;
 
 check_login();
 
-if (! check_acl($config['id_user'], 0, 'PM')) {
+if ((bool) check_acl($config['id_user'], 0, 'PM') === false) {
     db_pandora_audit(
         AUDIT_LOG_ACL_VIOLATION,
         'Trying to access File manager'
@@ -43,7 +43,24 @@ if (! check_acl($config['id_user'], 0, 'PM')) {
 require_once 'include/functions_filemanager.php';
 
 // Header.
-ui_print_page_header(__('File manager'), '', false, '', true);
+ui_print_standard_header(
+    __('File manager'),
+    '',
+    false,
+    '',
+    true,
+    [],
+    [
+        [
+            'link'  => '',
+            'label' => __('Admin tools'),
+        ],
+        [
+            'link'  => '',
+            'label' => __('File manager'),
+        ],
+    ]
+);
 
 if (isset($config['filemanager']['message']) === true) {
     echo $config['filemanager']['message'];
@@ -66,7 +83,7 @@ $real_directory = realpath($config['homedir'].'/'.$directory);
 echo '<h4>'.__('Index of %s', io_safe_input($directory)).'</h4>';
 
 $upload_file = (bool) get_parameter('upload_file');
-$create_text_file   = (bool) get_parameter('create_text_file');
+$create_text_file = (bool) get_parameter('create_text_file');
 
 $default_real_directory = realpath($config['homedir'].'/');
 
diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index b4b648b210..6e0289d896 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -476,6 +476,12 @@ function filemanager_file_explorer(
     $options=[]
 ) {
     global $config;
+    // Requirements for message dialog.
+    ui_require_css_file('dialog');
+    ui_require_jquery_file('jquery-ui.min');
+    ui_require_jquery_file('jquery-ui_custom');
+    // Check for errors.
+    $errorOutput = (string) get_parameter('errorOutput');
 
     // Windows compatibility.
     $real_directory = str_replace('\\', '/', $real_directory);
@@ -492,7 +498,17 @@ function filemanager_file_explorer(
     $hack_metaconsole = (is_metaconsole() === true) ? '../../' : '';
 
     ?>
+    <div id="modalAlert"></div>
     <script type="text/javascript">
+        <?php if (empty($errorOutput) === false) : ?>
+            $("#modalAlert").html('<?php echo io_safe_output($errorOutput); ?>');
+            $("#modalAlert").dialog ({
+                title: '<?php echo __('Error'); ?>',
+                resizable: false,
+                draggable: false,
+                width: 450
+            });
+        <?php endif; ?>
         function show_form_create_folder() {
             actions_dialog('create_folder');
             $("#create_folder").css("display", "block");
diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php
index e8551a27f5..99217e5ba1 100644
--- a/pandora_console/include/get_file.php
+++ b/pandora_console/include/get_file.php
@@ -1,17 +1,32 @@
 <?php
-// Pandora FMS - http://pandorafms.com
-// ==================================================
-// Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
-// Please see http://pandorafms.org for full contribution list
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the  GNU Lesser General Public License
-// as published by the Free Software Foundation; version 2
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-// Don't start a session before this import.
-// The session is configured and started inside the config process.
+/**
+ * Get File script
+ *
+ * @category   File manager
+ * @package    Pandora FMS
+ * @subpackage Community
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2022 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */
+
+// Get global data.
 require_once 'config.php';
 require_once 'functions.php';
 require_once 'functions_filemanager.php';
@@ -22,7 +37,7 @@ check_login();
 
 $auth_method = db_get_value('value', 'tconfig', 'token', 'auth');
 
-if ($auth_method != 'ad' && $auth_method != 'ldap') {
+if ($auth_method !== 'ad' && $auth_method !== 'ldap') {
     include_once 'auth/'.$auth_method.'.php';
 }
 
@@ -70,8 +85,21 @@ if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_uniq
         }
     }
 
-    if ($downloadable_file === '' || !file_exists($downloadable_file)) {
-        echo "<h3 style='".$styleError."'>".__('File is missing in disk storage. Please contact the administrator.').'</h3>';
+    if (empty($downloadable_file) === true || file_exists($downloadable_file) === false) {
+        ?>
+            <div id="mainDiv"></div>
+            <script type="text/javascript">
+                var refererPath = '<?php echo $_SERVER['HTTP_REFERER']; ?>';
+                var errorOutput = '<?php echo __('File is missing in disk storage. Please contact the administrator.'); ?>';
+                document.addEventListener('DOMContentLoaded', function () {
+                    document.getElementById('mainDiv').innerHTML = `<form action="` + refererPath + `" name="failedReturn" method="post" style="display:none;">
+                        <input type="hidden" name="errorOutput" value="` + errorOutput + `" />
+                        </form>`;
+
+                    document.forms['failedReturn'].submit();
+                }, false);
+            </script>
+        <?php
     } else {
         header('Content-type: aplication/octet-stream;');
         header('Content-type: '.mime_content_type($downloadable_file).';');

From 06d9e0d137ff8cd8f5fbf3dcad209c1584d2a9bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Tue, 7 Jun 2022 10:51:37 +0200
Subject: [PATCH 2/5] Improve security message

---
 pandora_console/include/get_file.php | 48 ++++++++++++++--------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php
index 99217e5ba1..7c48c02d94 100644
--- a/pandora_console/include/get_file.php
+++ b/pandora_console/include/get_file.php
@@ -26,9 +26,10 @@
  * ============================================================================
  */
 
-// Get global data.
+// Begin.
 require_once 'config.php';
 require_once 'functions.php';
+require_once 'functions_ui.php';
 require_once 'functions_filemanager.php';
 
 global $config;
@@ -41,17 +42,13 @@ if ($auth_method !== 'ad' && $auth_method !== 'ldap') {
     include_once 'auth/'.$auth_method.'.php';
 }
 
-
-$styleError = 'background:url("../images/err.png") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;';
-
-$file_raw = get_parameter('file', null);
+$hash = get_parameter('hash');
+$file_raw = get_parameter('file');
 
 $file = base64_decode(urldecode($file_raw));
 
-$hash = get_parameter('hash', null);
-
-if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_unique_identifier']) || !isset($_SERVER['HTTP_REFERER'])) {
-    echo "<h3 style='".$styleError."'>".__('Security error. Please contact the administrator.').'</h3>';
+if (empty($file) === true || empty($hash) === true || $hash !== md5($file_raw.$config['server_unique_identifier']) || isset($_SERVER['HTTP_REFERER']) === false) {
+    $errorMessage = __('Security error. Please contact the administrator.');
 } else {
     $downloadable_file = '';
     $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
@@ -79,28 +76,16 @@ if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_uniq
             break;
 
             default:
+                // Wrong action.
                 $downloadable_file = '';
-                // Do nothing
             break;
         }
     }
 
     if (empty($downloadable_file) === true || file_exists($downloadable_file) === false) {
-        ?>
-            <div id="mainDiv"></div>
-            <script type="text/javascript">
-                var refererPath = '<?php echo $_SERVER['HTTP_REFERER']; ?>';
-                var errorOutput = '<?php echo __('File is missing in disk storage. Please contact the administrator.'); ?>';
-                document.addEventListener('DOMContentLoaded', function () {
-                    document.getElementById('mainDiv').innerHTML = `<form action="` + refererPath + `" name="failedReturn" method="post" style="display:none;">
-                        <input type="hidden" name="errorOutput" value="` + errorOutput + `" />
-                        </form>`;
-
-                    document.forms['failedReturn'].submit();
-                }, false);
-            </script>
-        <?php
+        $errorMessage = __('File is missing in disk storage. Please contact the administrator.');
     } else {
+        // Everything went well.
         header('Content-type: aplication/octet-stream;');
         header('Content-type: '.mime_content_type($downloadable_file).';');
         header('Content-Length: '.filesize($downloadable_file));
@@ -108,3 +93,18 @@ if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_uniq
         readfile($downloadable_file);
     }
 }
+
+?>
+
+<script type="text/javascript">
+    document.addEventListener('DOMContentLoaded', function () {
+        var refererPath = '<?php echo (($_SERVER['HTTP_REFERER']) ?? ui_get_full_url()); ?>';
+        var errorOutput = '<?php echo $errorMessage; ?>';
+
+        document.body.innerHTML = `<form action="` + refererPath + `" name="failedReturn" method="post" style="display:none;">
+                    <input type="hidden" name="errorOutput" value="` + errorOutput + `" />
+                    </form>`;
+
+        document.forms['failedReturn'].submit();
+    }, false);
+</script>

From 9d071982f5ed85c4237676c38b1ccf9fe79a18f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Tue, 7 Jun 2022 13:39:58 +0200
Subject: [PATCH 3/5] Improve code

---
 .../include/functions_filemanager.php         | 23 ++++---------------
 pandora_console/include/get_file.php          | 12 +++++++---
 2 files changed, 13 insertions(+), 22 deletions(-)

diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index 6e0289d896..94e16e822b 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -476,12 +476,6 @@ function filemanager_file_explorer(
     $options=[]
 ) {
     global $config;
-    // Requirements for message dialog.
-    ui_require_css_file('dialog');
-    ui_require_jquery_file('jquery-ui.min');
-    ui_require_jquery_file('jquery-ui_custom');
-    // Check for errors.
-    $errorOutput = (string) get_parameter('errorOutput');
 
     // Windows compatibility.
     $real_directory = str_replace('\\', '/', $real_directory);
@@ -498,17 +492,7 @@ function filemanager_file_explorer(
     $hack_metaconsole = (is_metaconsole() === true) ? '../../' : '';
 
     ?>
-    <div id="modalAlert"></div>
     <script type="text/javascript">
-        <?php if (empty($errorOutput) === false) : ?>
-            $("#modalAlert").html('<?php echo io_safe_output($errorOutput); ?>');
-            $("#modalAlert").dialog ({
-                title: '<?php echo __('Error'); ?>',
-                resizable: false,
-                draggable: false,
-                width: 450
-            });
-        <?php endif; ?>
         function show_form_create_folder() {
             actions_dialog('create_folder');
             $("#create_folder").css("display", "block");
@@ -966,10 +950,11 @@ function filemanager_get_file_info(string $filepath)
 
     $realpath = realpath($filepath);
     $filepath = str_replace('\\', '/', $filepath);
+    $mimeExtend = mime_content_type($filepath);
     // Windows compatibility.
     $info = [
         'mime'          => MIME_UNKNOWN,
-        'mime_extend'   => mime_content_type($filepath),
+        'mime_extend'   => ($mimeExtend === false) ? '' : $mimeExtend,
         'link'          => 0,
         'is_dir'        => false,
         'name'          => basename($realpath),
@@ -985,13 +970,13 @@ function filemanager_get_file_info(string $filepath)
         'application/x-gzip',
         'application/x-bzip2',
     ];
-    if (is_dir($filepath)) {
+    if (is_dir($filepath) === true) {
         $info['mime'] = MIME_DIR;
         $info['is_dir'] = true;
         $info['size'] = 0;
     } else if (strpos($info['mime_extend'], 'image') !== false) {
         $info['mime'] = MIME_IMAGE;
-    } else if (in_array($info['mime_extend'], $zip_mimes)) {
+    } else if (in_array($info['mime_extend'], $zip_mimes) === true) {
         $info['mime'] = MIME_ZIP;
     } else if (strpos($info['mime_extend'], 'text') !== false) {
         $info['mime'] = MIME_TEXT;
diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php
index 7c48c02d94..474a48f03c 100644
--- a/pandora_console/include/get_file.php
+++ b/pandora_console/include/get_file.php
@@ -84,6 +84,12 @@ if (empty($file) === true || empty($hash) === true || $hash !== md5($file_raw.$c
 
     if (empty($downloadable_file) === true || file_exists($downloadable_file) === false) {
         $errorMessage = __('File is missing in disk storage. Please contact the administrator.');
+        // Avoid possible inifite loop with referer.
+        if (isset($_SERVER['HTTP_ORIGIN']) === true && $_SERVER['HTTP_REFERER'] === $_SERVER['HTTP_ORIGIN'].$_SERVER['REQUEST_URI']) {
+            $refererPath = ui_get_full_url('index.php');
+        } else {
+            $refererPath = $_SERVER['HTTP_REFERER'];
+        }
     } else {
         // Everything went well.
         header('Content-type: aplication/octet-stream;');
@@ -98,11 +104,11 @@ if (empty($file) === true || empty($hash) === true || $hash !== md5($file_raw.$c
 
 <script type="text/javascript">
     document.addEventListener('DOMContentLoaded', function () {
-        var refererPath = '<?php echo (($_SERVER['HTTP_REFERER']) ?? ui_get_full_url()); ?>';
-        var errorOutput = '<?php echo $errorMessage; ?>';
+        var refererPath = '<?php echo $refererPath; ?>';
+        var errorFileOutput = '<?php echo $errorMessage; ?>';
 
         document.body.innerHTML = `<form action="` + refererPath + `" name="failedReturn" method="post" style="display:none;">
-                    <input type="hidden" name="errorOutput" value="` + errorOutput + `" />
+                    <input type="hidden" name="errorFileOutput" value="` + errorFileOutput + `" />
                     </form>`;
 
         document.forms['failedReturn'].submit();

From e86d8b761d693b56c9737d23cd30735d8b9a7c8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Tue, 7 Jun 2022 13:40:35 +0200
Subject: [PATCH 4/5] Refactor and improve code and added dialog for show error

---
 pandora_console/index.php | 92 +++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 38 deletions(-)

diff --git a/pandora_console/index.php b/pandora_console/index.php
index 15d1b1c4fc..c933aadeb4 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -14,7 +14,7 @@
  * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
  *
  * ============================================================================
- * Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
+ * Copyright (c) 2005-2022 Artica Soluciones Tecnologicas
  * Please see http://pandorafms.org for full contribution list
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -27,14 +27,14 @@
  */
 
 // Begin.
-if (!defined('__PAN_XHPROF__')) {
+if (defined('__PAN_XHPROF__') === false) {
     define('__PAN_XHPROF__', 0);
 }
 
 require 'vendor/autoload.php';
 
 if (__PAN_XHPROF__ === 1) {
-    if (function_exists('tideways_xhprof_enable')) {
+    if (function_exists('tideways_xhprof_enable') === true) {
         tideways_xhprof_enable();
     } else {
         error_log('Cannot find tideways_xhprof_enable function');
@@ -43,7 +43,7 @@ if (__PAN_XHPROF__ === 1) {
 
 // Set character encoding to UTF-8
 // fixes a lot of multibyte character issues.
-if (function_exists('mb_internal_encoding')) {
+if (function_exists('mb_internal_encoding') === true) {
     mb_internal_encoding('UTF-8');
 }
 
@@ -51,10 +51,10 @@ if (function_exists('mb_internal_encoding')) {
 // Activate gives more error information, not useful for production sites.
 $develop_bypass = 0;
 
-if ($develop_bypass != 1) {
+if ($develop_bypass !== 1) {
     // If no config file, automatically try to install.
-    if (! file_exists('include/config.php')) {
-        if (! file_exists('install.php')) {
+    if (file_exists('include/config.php') === false) {
+        if (file_exists('install.php') === false) {
             $url = explode('/', $_SERVER['REQUEST_URI']);
             $flag_url = 0;
             foreach ($url as $key => $value) {
@@ -85,25 +85,25 @@ if ($develop_bypass != 1) {
         exit;
     }
 
-    if (isset($_POST['rename_file'])) {
+    if (isset($_POST['rename_file']) === true) {
         $rename_file_install = (bool) $_POST['rename_file'];
-        if ($rename_file_install) {
+        if ($rename_file_install === true) {
             $salida_rename = rename('install.php', 'install_old.php');
         }
     }
 
     // Check installer presence.
-    if (file_exists('install.php')) {
+    if (file_exists('install.php') === true) {
         $login_screen = 'error_install';
         include 'general/error_screen.php';
         exit;
     }
 
     // Check perms for config.php.
-    if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') {
-        if ((substr(sprintf('%o', fileperms('include/config.php')), -4) != '0600')
-            && (substr(sprintf('%o', fileperms('include/config.php')), -4) != '0660')
-            && (substr(sprintf('%o', fileperms('include/config.php')), -4) != '0640')
+    if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
+        if ((substr(sprintf('%o', fileperms('include/config.php')), -4) !== '0600')
+            && (substr(sprintf('%o', fileperms('include/config.php')), -4) !== '0660')
+            && (substr(sprintf('%o', fileperms('include/config.php')), -4) !== '0640')
         ) {
             $url = explode('/', $_SERVER['REQUEST_URI']);
             $flag_url = 0;
@@ -128,8 +128,8 @@ if ($develop_bypass != 1) {
     }
 }
 
-if ((! file_exists('include/config.php'))
-    || (! is_readable('include/config.php'))
+if ((file_exists('include/config.php') === false)
+    || (is_readable('include/config.php') === false)
 ) {
     $login_screen = 'error_noconfig';
     include 'general/error_screen.php';
@@ -143,7 +143,7 @@ if ((! file_exists('include/config.php'))
 require_once 'include/config.php';
 require_once 'include/functions_config.php';
 
-if (isset($config['console_log_enabled']) && $config['console_log_enabled'] == 1) {
+if (isset($config['console_log_enabled']) === true && (int) $config['console_log_enabled'] === 1) {
     ini_set('log_errors', 1);
     ini_set('error_log', $config['homedir'].'/log/console.log');
 } else {
@@ -151,26 +151,26 @@ if (isset($config['console_log_enabled']) && $config['console_log_enabled'] == 1
     ini_set('error_log', '');
 }
 
-if (isset($config['error'])) {
+if (isset($config['error']) === true) {
     $login_screen = $config['error'];
     include 'general/error_screen.php';
     exit;
 }
 
 // If metaconsole activated, redirect to it.
-if (is_metaconsole()) {
+if (is_metaconsole() === true) {
     header('Location: '.ui_get_full_url('index.php'));
     // Always exit after sending location headers.
     exit;
 }
 
-if (file_exists(ENTERPRISE_DIR.'/include/functions_login.php')) {
+if (file_exists(ENTERPRISE_DIR.'/include/functions_login.php') === true) {
     include_once ENTERPRISE_DIR.'/include/functions_login.php';
 }
 
-if (!empty($config['https']) && empty($_SERVER['HTTPS'])) {
+if (empty($config['https']) === false && empty($_SERVER['HTTPS']) === true) {
     $query = '';
-    if (count($_REQUEST)) {
+    if (count($_REQUEST) > 0) {
         // Some (old) browsers don't like the ?&key=var.
         $query .= '?1=1';
     }
@@ -207,8 +207,11 @@ if (get_parameter('refr') != null) {
     $config['refr'] = (int) get_parameter('refr');
 }
 
+// Get possible errors with files.
+$errorFileOutput = (string) get_parameter('errorFileOutput');
+
 $delete_file = get_parameter('del_file');
-if ($delete_file == 'yes_delete') {
+if ($delete_file === 'yes_delete') {
     $salida_delete = shell_exec('rm /var/www/html/pandora_console/install.php');
 }
 
@@ -250,9 +253,9 @@ $validatedCSRF = validate_csrf_code();
 $process_login = false;
 
 // Update user password.
-$change_pass = get_parameter_post('renew_password', 0);
+$change_pass = (int) get_parameter_post('renew_password');
 
-if ($change_pass == 1) {
+if ($change_pass === 1) {
     $password_old = (string) get_parameter_post('old_password', '');
     $password_new = (string) get_parameter_post('new_password', '');
     $password_confirm = (string) get_parameter_post('confirm_new_password', '');
@@ -268,19 +271,19 @@ if (strlen($search) > 0) {
     $config['search_keywords'] = io_safe_input(trim(io_safe_output(get_parameter('keywords'))));
     // If not search category providad, we'll use an agent search.
     $config['search_category'] = get_parameter('search_category', 'all');
-    if (($config['search_keywords'] != 'Enter keywords to search') && (strlen($config['search_keywords']) > 0)) {
+    if (($config['search_keywords'] !== 'Enter keywords to search') && (strlen($config['search_keywords']) > 0)) {
         $searchPage = true;
     }
 }
 
 // Login process.
 enterprise_include_once('include/auth/saml.php');
-if (! isset($config['id_user'])) {
+if (isset($config['id_user']) === false) {
     // Clear error messages.
     unset($_COOKIE['errormsg']);
     setcookie('errormsg', null, -1);
 
-    if (isset($_GET['login'])) {
+    if (isset($_GET['login']) === true) {
         include_once 'include/functions_db.php';
         // Include it to use escape_string_sql function.
         $config['auth_error'] = '';
@@ -297,15 +300,15 @@ if (! isset($config['id_user'])) {
 
         // If the auth_code exists, we assume the user has come from
         // double authorization page.
-        if (isset($_POST['auth_code'])) {
+        if (isset($_POST['auth_code']) === true) {
             $double_auth_success = false;
 
             // The double authentication is activated and the user has
             // surpassed the first step (the login).
             // Now the authentication code provided will be checked.
-            if (isset($_SESSION['prepared_login_da'])) {
-                if (isset($_SESSION['prepared_login_da']['id_user'])
-                    && isset($_SESSION['prepared_login_da']['timestamp'])
+            if (isset($_SESSION['prepared_login_da']) === true) {
+                if (isset($_SESSION['prepared_login_da']['id_user']) === true
+                    && isset($_SESSION['prepared_login_da']['timestamp']) === true
                 ) {
                     // The user has a maximum of 5 minutes to introduce
                     // the double auth code.
@@ -343,7 +346,7 @@ if (! isset($config['id_user'])) {
                             // Error message.
                             $config['auth_error'] = __("The code shouldn't be empty");
 
-                            if (!isset($_SESSION['prepared_login_da']['attempts'])) {
+                            if (isset($_SESSION['prepared_login_da']['attempts']) !== false) {
                                 $_SESSION['prepared_login_da']['attempts'] = 0;
                             }
 
@@ -396,7 +399,7 @@ if (! isset($config['id_user'])) {
             // the 2nd auth step.
             $nick_in_db = $_SESSION['prepared_login_da']['id_user'];
             $expired_pass = false;
-        } else if (($config['auth'] == 'saml') && ($login_button_saml)) {
+        } else if (($config['auth'] === 'saml') && ($login_button_saml)) {
             $saml_user_id = enterprise_hook('saml_process_user_login');
             if (!$saml_user_id) {
                 $login_failed = true;
@@ -430,7 +433,7 @@ if (! isset($config['id_user'])) {
             // process_user_login is a virtual function which should be defined in each auth file.
             // It accepts username and password. The rest should be internal to the auth file.
             // The auth file can set $config["auth_error"] to an informative error output or reference their internal error messages to it
-            // process_user_login should return false in case of errors or invalid login, the nickname if correct
+            // process_user_login should return false in case of errors or invalid login, the nickname if correct.
             $nick_in_db = process_user_login($nick, $pass);
 
             $expired_pass = false;
@@ -1466,15 +1469,15 @@ require 'include/php_to_js_values.php';
 
     // Initial load of page.
     $(document).ready(adjustFooter);
-    
+
     // Every resize of window.
     $(window).resize(adjustFooter);
-    
+
     // Every show/hide call may need footer re-layout.
     (function() {
         var oShow = jQuery.fn.show;
         var oHide = jQuery.fn.hide;
-        
+
         jQuery.fn.show = function () {
             var rv = oShow.apply(this, arguments);
             adjustFooter();
@@ -1503,6 +1506,19 @@ require 'include/php_to_js_values.php';
 
     }
 
+    <?php if (empty($errorFileOutput) === false) : ?>
+        // There are one issue with the file that you trying to catch. Show a dialog with message.
+        $(document).ready(function() {
+            $('body').append('<div id="modalAlert"><?php echo io_safe_output($errorFileOutput); ?></div>');
+            $("#modalAlert").dialog ({
+                title: '<?php echo __('Error'); ?>',
+                resizable: false,
+                draggable: false,
+                width: 450
+            });
+        });
+    <?php endif; ?>
+
     function show_modal(id) {
         var match = /notification-(.*)-id-([0-9]+)/.exec(id);
         if (!match) {

From ef3dd0e7410842e2538314f7c62806d169ca3d03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Wed, 29 Jun 2022 10:20:17 +0200
Subject: [PATCH 5/5] Improved error message

---
 pandora_console/index.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/pandora_console/index.php b/pandora_console/index.php
index c933aadeb4..3a5409aa16 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -1509,12 +1509,10 @@ require 'include/php_to_js_values.php';
     <?php if (empty($errorFileOutput) === false) : ?>
         // There are one issue with the file that you trying to catch. Show a dialog with message.
         $(document).ready(function() {
-            $('body').append('<div id="modalAlert"><?php echo io_safe_output($errorFileOutput); ?></div>');
-            $("#modalAlert").dialog ({
-                title: '<?php echo __('Error'); ?>',
-                resizable: false,
-                draggable: false,
-                width: 450
+            confirmDialog({
+                title: "<?php echo __('Error'); ?>",
+                message: "<?php echo io_safe_output($errorFileOutput); ?>",
+                hideCancelButton: true,
             });
         });
     <?php endif; ?>