2014-04-25 Alejandro Gallardo <alejandro.gallardo@artica.es>

* extensions/system_info.php,
	  godmode/servers/plugin.php,
	  godmode/setup/file_manager.php,
	  include/config_process.php,
	  include/functions_filemanager.php,
	  include/functions_html.php,
	  operation/gis_maps/ajax.php,
	  operation/snmpconsole/snmp_mib_uploader.php: Replaced
	the possible backslashes with slashes in the directories
	path.

	* include/functions_graph.php: Modified the function
	"grafico_modulo_log4x" to adapt the 'set_include_path' to
	Windows.

	* include/get_file.php: Now the file name comes from the
	function "basename".


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9814 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
alexhigh 2014-04-25 11:07:30 +00:00
parent 14af549e40
commit a875856228
11 changed files with 79 additions and 13 deletions

View File

@ -1,3 +1,23 @@
2014-04-25 Alejandro Gallardo <alejandro.gallardo@artica.es>
* extensions/system_info.php,
godmode/servers/plugin.php,
godmode/setup/file_manager.php,
include/config_process.php,
include/functions_filemanager.php,
include/functions_html.php,
operation/gis_maps/ajax.php,
operation/snmpconsole/snmp_mib_uploader.php: Replaced
the possible backslashes with slashes in the directories
path.
* include/functions_graph.php: Modified the function
"grafico_modulo_log4x" to adapt the 'set_include_path' to
Windows.
* include/get_file.php: Now the file name comes from the
function "basename".
2014-04-24 Alejandro Gallardo <alejandro.gallardo@artica.es>
* install.php: Now the user path backslashes will be

View File

@ -617,6 +617,7 @@ if (!isset($argv)) {
}
else {
$dir = dirname($_SERVER['PHP_SELF']);
$dir = str_replace("\\", "/", $dir); // Windows compatibility
if (file_exists($dir . "/../include/config.php"))
include $dir . "/../include/config.php";

View File

@ -88,6 +88,7 @@ if ($filemanager) {
$fallback_directory = "attachment/plugin";
$directory = (string) get_parameter ('directory', $fallback_directory);
$directory = str_replace("\\", "/", $directory);
// A miminal security check to avoid directory traversal
if (preg_match ("/\.\./", $directory))

View File

@ -35,6 +35,7 @@ if (isset($config['filemanager']['message'])) {
}
$directory = (string) get_parameter ('directory', "/");
$directory = str_replace("\\", "/", $directory);
// A miminal security check to avoid directory traversal
if (preg_match ("/\.\./", $directory))

View File

@ -69,6 +69,7 @@ else {
$config['start_time'] = microtime (true);
$ownDir = dirname(__FILE__) . '/';
$ownDir = str_replace("\\", "/", $ownDir);
//Set by default the MySQL connection for DB, because in older Pandora have not
//this token in the config.php

View File

@ -149,9 +149,9 @@ if ($upload_file) {
if (isset ($_FILES['file']) && $_FILES['file']['name'] != "") {
$filename = $_FILES['file']['name'];
$filesize = $_FILES['file']['size'];
$real_directory = (string) get_parameter('real_directory');
$directory = (string) get_parameter ('directory');
$umask = (string)get_parameter('umask', '');
$real_directory = io_safe_output((string) get_parameter('real_directory'));
$directory = io_safe_output((string) get_parameter ('directory'));
$umask = io_safe_output((string) get_parameter('umask', ''));
$hash = get_parameter('hash', '');
$testHash = md5($real_directory . $directory . $config['dbpass']);
@ -277,7 +277,9 @@ if ($upload_zip) {
$filename = $_FILES['file']['name'];
$filesize = $_FILES['file']['size'];
$real_directory = (string) get_parameter('real_directory');
$real_directory = io_safe_output($real_directory);
$directory = (string) get_parameter ('directory');
$directory = io_safe_output($directory);
$hash = get_parameter('hash', '');
$testHash = md5($real_directory . $directory . $config['dbpass']);
@ -386,6 +388,9 @@ if ($delete_file) {
* @param string $dir The dir to deletete
*/
function filemanager_delete_directory($dir) {
// Windows compatibility
$dir = str_replace("\\", "/", $dir);
if ($handle = opendir($dir)) {
while (false !== ($file = readdir($handle))) {
if (($file != ".") && ($file != "..")) {
@ -416,6 +421,10 @@ function filemanager_delete_directory($dir) {
*/
function filemanager_read_recursive_dir($dir, $relative_path = '') {
$return = array();
// Windows compatibility
$dir = str_replace("\\", "/", $dir);
$relative_path = str_replace("\\", "/", $relative_path);
if ($handle = opendir($dir))
{
@ -449,6 +458,11 @@ function filemanager_read_recursive_dir($dir, $relative_path = '') {
*/
function filemanager_file_explorer($real_directory, $relative_directory, $url, $father = '', $editor = false, $readOnly = false, $url_file = '', $download_button = false, $umask = '') {
global $config;
// Windows compatibility
$real_directory = str_replace("\\", "/", $real_directory);
$relative_directory = str_replace("\\", "/", $relative_directory);
$father = str_replace("\\", "/", $father);
$hack_metaconsole = '';
if (defined('METACONSOLE'))
@ -589,6 +603,8 @@ function filemanager_file_explorer($real_directory, $relative_directory, $url, $
}
foreach ($files as $fileinfo) {
$fileinfo['realpath'] = str_replace("\\", "/", $fileinfo['realpath']);
$relative_path = str_replace($_SERVER['DOCUMENT_ROOT'], '', $fileinfo['realpath']);
$data = array ();
@ -645,7 +661,7 @@ function filemanager_file_explorer($real_directory, $relative_directory, $url, $
$data[4] .= html_print_input_hidden('hash', md5($fileinfo['realpath'] . $config['dbpass']), true);
$data[4] .= html_print_input_hidden ('delete_file', 1, true);
$relative_dir = str_replace($config['homedir'], '', dirname($fileinfo['realpath']));
$relative_dir = str_replace($config['homedir'], '', str_replace("\\", "/", dirname($fileinfo['realpath'])));
if ($relative_dir[0] == '/') {
$relative_dir = substr($relative_dir, 1);
}
@ -703,6 +719,10 @@ function filemanager_file_explorer($real_directory, $relative_directory, $url, $
*/
function filemanager_box_upload_file_complex($real_directory, $relative_directory, $url = '') {
global $config;
// Windows compatibility
$real_directory = str_replace("\\", "/", $real_directory);
$relative_directory = str_replace("\\", "/", $relative_directory);
$table->width = '100%';
@ -741,6 +761,10 @@ function filemanager_box_upload_file_complex($real_directory, $relative_director
*/
function filemanager_box_upload_file_explorer($real_directory, $relative_directory, $url = '') {
global $config;
// Windows compatibility
$real_directory = str_replace("\\", "/", $real_directory);
$relative_directory = str_replace("\\", "/", $relative_directory);
$table->width = '50%';
@ -777,6 +801,10 @@ function filemanager_box_upload_file_explorer($real_directory, $relative_directo
*/
function filemanager_box_upload_zip_explorer($real_directory, $relative_directory, $url = '') {
global $config;
// Windows compatibility
$real_directory = str_replace("\\", "/", $real_directory);
$relative_directory = str_replace("\\", "/", $relative_directory);
$table->width = '60%';
@ -813,6 +841,10 @@ function filemanager_box_upload_zip_explorer($real_directory, $relative_director
*/
function filemanager_box_create_text_explorer($real_directory, $relative_directory, $url = '') {
global $config;
// Windows compatibility
$real_directory = str_replace("\\", "/", $real_directory);
$relative_directory = str_replace("\\", "/", $relative_directory);
$table->width = '60%';
@ -880,6 +912,8 @@ function filemanager_get_available_directories () {
* operate.
*/
function filemanager_is_available_directory ($dirname) {
$dirname = str_replace("\\", "/", $dirname); // Windows compatibility
$dirs = filemanager_get_available_directories ();
return isset ($dirs[$dirname]);
@ -894,6 +928,9 @@ function filemanager_is_available_directory ($dirname) {
* @param bool Wheter the directory is writeable or not.
*/
function filemanager_is_writable_dir ($dirpath, $force = false) {
$dirname = str_replace("\\", "/", $dirname); // Windows compatibility
if (filemanager_is_available_directory (basename ($dirpath)))
return is_writable ($dirpath);
if (filemanager_is_writable_dir (realpath ($dirpath.'/..')))
@ -916,6 +953,7 @@ function filemanager_get_file_info ($filepath) {
global $config;
$realpath = realpath ($filepath);
$filepath = str_replace("\\", "/", $filepath); // Windows compatibility
$info = array ('mime' => MIME_UNKNOWN,
'mime_extend' => mime_content_type ($filepath),
@ -959,6 +997,9 @@ function filemanager_get_file_info ($filepath) {
* @param bool Wheter the directory is writeable or not.
*/
function filemanager_list_dir ($dirpath) {
$dirpath = str_replace("\\", "/", $dirpath); // Windows compatibility
$files = array ();
$dirs = array ();
$dir = opendir ($dirpath);

View File

@ -3731,7 +3731,8 @@ function grafico_modulo_log4x ($id_agente_modulo, $periodo, $show_event,
//set_error_handler("myErrorHandler");
grafico_modulo_log4x_trace(__LINE__);
set_include_path(get_include_path() . PATH_SEPARATOR . getcwd() . "/../../include");
$ds = DIRECTORY_SEPARATOR;
set_include_path(get_include_path() . PATH_SEPARATOR . getcwd() . $ds."..".$ds."..".$ds."include");
require_once 'Image/Graph.php';

View File

@ -1650,12 +1650,13 @@ function html_print_image ($src, $return = false, $options = false, $return_src
// If metaconsole is activated and image doesn't exists try to search on normal console
if (defined('METACONSOLE')) {
if (!$relative) {
if (strstr(getcwd(), 'enterprise/meta') === false) {
$working_dir = str_replace("\\", "/", getcwd()); // Windows compatibility
if (strstr($working_dir, 'enterprise/meta') === false) {
if ($src[0] !== '/') {
$src = '/' . $src;
}
if (!is_readable(getcwd() . '/enterprise/meta' . $src)) {
if (!is_readable($working_dir . '/enterprise/meta' . $src)) {
$src = ui_get_full_url('../..' . $src);
}
else {
@ -1667,7 +1668,7 @@ function html_print_image ($src, $return = false, $options = false, $return_src
$src = '/' . $src;
}
if (is_readable(getcwd() . $src)) {
if (is_readable($working_dir . $src)) {
$src = ui_get_full_url($src);
}
else if (!is_readable($src)) {

View File

@ -35,9 +35,6 @@ $file = get_parameter('file', null);
$file = base64_decode($file);
$chunks = explode('/', $file);
$nameFile = end($chunks);
$hash = get_parameter('hash', null);
$testHash = md5($file . $config['dbpass']);
@ -59,7 +56,7 @@ else if (!empty($file) && !empty($hash)) {
header('Content-type: aplication/octet-stream;');
header('Content-type: ' . mime_content_type($file) . ';');
header("Content-Length: " . filesize($file));
header('Content-Disposition: attachment; filename="' . $nameFile . '"');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
readfile($file);
}
}

View File

@ -14,7 +14,8 @@
// GNU General Public License for more details.
// Load global vars
if (file_exists(getcwd() . '/include/config.php')) {
$working_dir = str_replace("\\", "/", getcwd()); // Windows compatibility
if (file_exists($working_dir . '/include/config.php')) {
require_once ("include/config.php");
}
else {

View File

@ -35,6 +35,7 @@ if (isset($config['filemanager']['message'])) {
}
$directory = (string) get_parameter ('directory', SNMP_DIR_MIBS);
$directory = str_replace("\\", "/", $directory);
/* Add custom directories here */
$fallback_directory = "attachment/mibs";