tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed inserts paths in DB. Tiquet: #2325

This commit is contained in:
m-lopez-f 2015-06-22 10:14:03 +02:00
parent 9f561dd9d9
commit c45206f269
4 changed files with 26 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pandora_console/godmode/setup/setup.php
View File

@ -51,6 +51,7 @@ if (! check_acl ($config['id_user'], 0, "PM") && ! is_user_admin ($config['id_us
}
// Load enterprise extensions
enterprise_include_once ('include/functions_setup.php');
enterprise_include_once ('include/functions_io.php');
enterprise_include_once ('godmode/setup/setup.php');
/*

4
pandora_console/godmode/setup/setup_general.php
View File

@ -53,7 +53,7 @@ $table->data[0][1] = html_print_select_from_sql (
$table->data[1][0] = __('Remote config directory') .
ui_print_help_tip (__("Directory where agent remote configuration is stored."), true);
$table->data[1][1] = html_print_input_text ('remote_config', $config["remote_config"], '', 30, 100, true);
$table->data[1][1] = html_print_input_text ('remote_config', io_safe_output($config["remote_config"]), '', 30, 100, true);
$table->data[6][0] = __('Auto login (hash) password');
$table->data[6][1] = html_print_input_text ('loginhash_pwd', $config["loginhash_pwd"], '', 15, 15, true);
@ -72,7 +72,7 @@ $table->data[11][1] = __('Yes').'   '.html_print_radio_button_ext
$table->data[11][1] .= __('No').'   '.html_print_radio_button ('https', 0, '', $config["https"], true);
$table->data[14][0] = __('Attachment store') . ui_print_help_tip (__("Directory where temporary data is stored."), true);
$table->data[14][1] = html_print_input_text ('attachment_store', $config["attachment_store"], '', 50, 255, true);
$table->data[14][1] = html_print_input_text ('attachment_store', io_safe_output($config["attachment_store"]), '', 50, 255, true);
$table->data[15][0] = __('IP list with API access') . ui_print_help_icon ("ip_api_list", true);
if (isset($_POST["list_ACL_IPs_for_API"])) {

2
pandora_console/godmode/setup/setup_visuals.php
View File

@ -179,7 +179,7 @@ $row++;
$table->data[$row][0] = __('Font path');
$fonts = load_fonts();
$table->data[$row][1] = html_print_select($fonts, 'fontpath', $config["fontpath"], '', '', 0, true);
$table->data[$row][1] = html_print_select($fonts, 'fontpath', io_safe_output($config["fontpath"]), '', '', 0, true);
$row++;

34
pandora_console/include/functions_config.php
View File

@ -51,7 +51,7 @@ function config_update_value ($token, $value) {
if (!isset ($config[$token])) {
$config[$token] = $value;
return (bool) config_create_value ($token, $value);
return (bool) config_create_value ($token, io_safe_input($value));
}
/* If it has not changed */
@ -59,9 +59,10 @@ function config_update_value ($token, $value) {
return true;
$config[$token] = $value;
$value = io_safe_output($value);
$result = db_process_sql_update ('tconfig',
array ('value' => $value),
array ('value' => io_safe_input($value)),
array ('token' => $token));
if ($result === 0)
@ -119,7 +120,7 @@ function config_update_config () {
case 'general':
if (!config_update_value ('language', (string) get_parameter ('language')))
$error_update[] = __('Language code for Pandora');
if (!config_update_value ('remote_config', io_safe_input((string) get_parameter ('remote_config'))))
if (!config_update_value ('remote_config', (string) get_parameter ('remote_config')))
$error_update[] = __('Remote config directory');
if (!config_update_value ('loginhash_pwd', (string) get_parameter ('loginhash_pwd')))
$error_update[] = __('Auto login (hash) password');
@ -130,7 +131,7 @@ function config_update_config () {
$error_update[] = __('Automatic check for updates');
if (!config_update_value ('https', (bool) get_parameter ('https')))
$error_update[] = __('Enforce https');
if (!config_update_value ('attachment_store', io_safe_input((string) get_parameter ('attachment_store'))))
if (!config_update_value ('attachment_store', (string) get_parameter ('attachment_store')))
$error_update[] = __('Attachment store');
if (!config_update_value ('list_ACL_IPs_for_API', (string) get_parameter('list_ACL_IPs_for_API')))
$error_update[] = __('IP list with API access');
@ -405,7 +406,7 @@ function config_update_config () {
$error_update[] = __('Show QR code header');
if (!config_update_value ('status_images_set', (string) get_parameter ('status_images_set')))
$error_update[] = __('Status icon set');
if (!config_update_value ('fontpath', io_safe_input((string) get_parameter ('fontpath'))))
if (!config_update_value ('fontpath', (string) get_parameter ('fontpath')))
$error_update[] = __('Font path');
if (!config_update_value ('font_size', get_parameter('font_size')))
$error_update[] = __('Font size');
@ -443,7 +444,7 @@ function config_update_config () {
$error_update[] = __('Fixed menu');
if (!config_update_value ('paginate_module', get_parameter('paginate_module')))
$error_update[] = __('Paginate module');
if (!config_update_value ('graphviz_bin_dir', io_safe_input(get_parameter('graphviz_bin_dir'))))
if (!config_update_value ('graphviz_bin_dir', get_parameter('graphviz_bin_dir')))
$error_update[] = __('Custom graphviz directory');
if (!config_update_value ('networkmap_max_width', get_parameter('networkmap_max_width')))
$error_update[] = __('Networkmap max width');
@ -533,7 +534,7 @@ function config_update_config () {
$error_update[] = __('Name resolution for IP address');
break;
case 'log':
if (!config_update_value ('log_dir', io_safe_input(get_parameter('log_dir'))))
if (!config_update_value ('log_dir', get_parameter('log_dir')))
$error_update[] = __('Netflow max lifetime');
if (!config_update_value ('log_max_lifetime', (int)get_parameter('log_max_lifetime')))
$error_update[] = __('Log max lifetime');
@ -815,14 +816,14 @@ function config_process_config () {
//after the first uses.
if (!is_dir($config['attachment_store'])) {
config_update_value('attachment_store',
io_safe_input($config['homedir']) . '/attachment');
$config['homedir'] . '/attachment');
}
}
if (!isset ($config['fontpath'])) {
config_update_value('fontpath',
io_safe_input($config['homedir']) . '/include/fonts/smallfont.ttf');
$config['homedir'] . '/include/fonts/smallfont.ttf');
}
if (!isset ($config['style'])) {
@ -1368,7 +1369,7 @@ function config_check () {
'no_close' => true, 'force_style' => 'color: #000000 !important'), '', true);
}
$fontpath = io_safe_output(db_get_value_filter('value', 'tconfig', array('token' => 'fontpath')));
$fontpath = io_safe_output( db_get_value_filter('value', 'tconfig', array('token' => 'fontpath')) );
if (($fontpath == "") OR (!file_exists ($fontpath))) {
$config["alert_cnt"]++;
$_SESSION["alert_msg"] .= ui_print_error_message(
@ -1468,11 +1469,20 @@ function config_check () {
'no_close' => true, 'force_style' => 'color: #000000 !important'), '', true);
}
if (preg_match("/system/", $PHPdisable_functions) or preg_match("/exec/", $PHPdisable_functions)) {
if ( preg_match("/system\b/", $PHPdisable_functions) ) {
$config["alert_cnt"]++;
$_SESSION["alert_msg"] .= ui_print_info_message(
array('title' => __("Problems with disable functions in PHP.INI"),
'message' => __("Variable disable_functions containts functions system() or exec(), in PHP configuration file (php.ini)"). '<br /><br />' .
'message' => __("Variable disable_functions containts functions system(), in PHP configuration file (php.ini)"). '<br /><br />' .
__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
'no_close' => true, 'force_style' => 'color: #000000 !important'), '', true);
}
if ( preg_match("/exec\b/", $PHPdisable_functions) ) {
$config["alert_cnt"]++;
$_SESSION["alert_msg"] .= ui_print_info_message(
array('title' => __("Problems with disable functions in PHP.INI"),
'message' => __("Variable disable_functions containts functions exec(), in PHP configuration file (php.ini)"). '<br /><br />' .
__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
'no_close' => true, 'force_style' => 'color: #000000 !important'), '', true);
}