From e70f434eb7c9560c3c73c2c4602ca05b9d6e3863 Mon Sep 17 00:00:00 2001 From: zarzuelo Date: Thu, 14 Oct 2010 12:27:09 +0000 Subject: [PATCH] 2010-10-14 Sergio Martin * include/functions_html.php include/functions_io.php include/functions_ui.php godmode/agentes/module_manager.php: Created a new safe input function more soft than safe_input() for html code. Applied this function (safe_input_html()) in few functions like print_image or print_page_header. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3399 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 10 +++++ .../godmode/agentes/module_manager.php | 2 +- pandora_console/include/functions_html.php | 8 ++-- pandora_console/include/functions_io.php | 37 +++++++++++++++++++ pandora_console/include/functions_ui.php | 3 +- 5 files changed, 54 insertions(+), 6 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 3568f92b69..aef1c1203d 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,13 @@ +2010-10-14 Sergio Martin + + * include/functions_html.php + include/functions_io.php + include/functions_ui.php + godmode/agentes/module_manager.php: Created a new safe input + function more soft than safe_input() for html code. Applied this + function (safe_input_html()) in few functions like print_image + or print_page_header. + 2010-10-14 Miguel de Dios * extensions/system_info.php: add TODO. diff --git a/pandora_console/godmode/agentes/module_manager.php b/pandora_console/godmode/agentes/module_manager.php index 617f8f1f13..298eaf6704 100644 --- a/pandora_console/godmode/agentes/module_manager.php +++ b/pandora_console/godmode/agentes/module_manager.php @@ -335,7 +335,7 @@ foreach ($modules as $module) { $data[4] = $agent_interval; } - $data[5] = mb_strimwidth ($module['descripcion'], 0, 30, "..."); + $data[5] = printTruncateText($module['descripcion'], 25, false); // MAX / MIN values $data[6] = $module["max"] ? $module["max"] : __('N/A'); diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index d2c374e477..8fe919374f 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -547,7 +547,7 @@ function print_input_image ($name, $src, $value, $style = '', $return = false, $ foreach ($attrs as $attribute) { if (isset ($options[$attribute])) { - $output .= ' '.$attribute.'="'.safe_input ($options[$attribute]).'"'; + $output .= ' '.$attribute.'="'.safe_input_html ($options[$attribute]).'"'; } } @@ -1110,7 +1110,7 @@ function print_image ($src, $return = false, $options = false) { foreach ($attrs as $attribute) { if (isset ($options[$attribute])) { - $output .= $attribute.'="'.safe_input ($options[$attribute]).'" '; + $output .= $attribute.'="'.safe_input_html ($options[$attribute]).'" '; } } } else { @@ -1118,7 +1118,7 @@ function print_image ($src, $return = false, $options = false) { } if (!isset ($options["alt"]) && isset ($options["title"])) { - $options["alt"] = $options["title"]; //Set alt to title if it's not set + $options["alt"] = safe_input_html($options["title"]); //Set alt to title if it's not set } elseif (!isset ($options["alt"])) { $options["alt"] = ""; } @@ -1127,7 +1127,7 @@ function print_image ($src, $return = false, $options = false) { $output .= 'style="'.$style.'" '; } - $output .= 'alt="'.safe_input ($options['alt']).'" />'; + $output .= 'alt="'.safe_input_html ($options['alt']).'" />'; if (!$return) { echo $output; diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index 7ed9f769cd..39be47598b 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -52,6 +52,43 @@ function safe_input($value) { return $valueHtmlEncode; } +/** + * Cleans a string by encoding to UTF-8 and replacing the HTML + * entities for HTML only. UTF-8 is necessary for foreign chars + * like asian and our databases are (or should be) UTF-8 + * + * @param mixed String or array of strings to be cleaned. + * + * @return mixed The cleaned string or array. + */ +function safe_input_html($value) { + //Stop!! Are you sure to modify this critical code? Because the older + //versions are serius headache in many places of Pandora. + + if (is_numeric($value)) + return $value; + + if (is_array($value)) { + array_walk($value, "safe_input"); + return $value; + } + + //Clean the trash mix into string because of magic quotes. + if (get_magic_quotes_gpc() == 1) { + $value = stripslashes($value); + } + + if (! mb_check_encoding ($value, 'UTF-8')) + $value = utf8_encode ($value); + + //Replace some characteres for html entities + for ($i=0;$i<33;$i++) { + $value = str_ireplace(chr($i),ascii_to_html($i), $value); + } + + return $value; +} + /** * Convert ascii char to html entitines * diff --git a/pandora_console/include/functions_ui.php b/pandora_console/include/functions_ui.php index 94add822d7..3f41711675 100644 --- a/pandora_console/include/functions_ui.php +++ b/pandora_console/include/functions_ui.php @@ -31,6 +31,7 @@ * @param string $suffix String at the end of a strimmed string. */ function printTruncateText($text, $numChars = 25, $showTextInAToopTip = true, $return = true, $showTextInTitle = true, $suffix = '…') { + $text = safe_output($text); if (strlen($text) > ($numChars - 1)) { $truncateText = mb_strimwidth($text, 0, ($numChars - 1)) . $suffix; @@ -1546,7 +1547,7 @@ function get_full_url ($url = false) { */ function print_page_header ($title, $icon = "", $return = false, $help = "", $godmode = false, $options = ""){ - + $title = safe_input_html($title); if (($icon == "") && ($godmode == true)){ $icon = "images/setup.png"; }