2012-10-01 Miguel de Dios <miguel.dedios@artica.es>

* godmode/servers/recon_script.php, godmode/setup/setup.php, godmode/users/configure_user.php, include/functions.php, include/functions_config.php, extensions/dbmanager.php: now the "check_referer" can be disabled in the setup. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@7015 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2012-10-01 13:28:34 +00:00 · 2012-10-01 13:28:34 +00:00 · ededdd89cb
parent f5008e68ca
commit ededdd89cb
7 changed files with 53 additions and 24 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,10 @@
+2012-10-01 Miguel de Dios <miguel.dedios@artica.es>
+
+	* godmode/servers/recon_script.php, godmode/setup/setup.php,
+	godmode/users/configure_user.php, include/functions.php,
+	include/functions_config.php, extensions/dbmanager.php: now the
+	"check_referer" can be disabled in the setup.
+
 2012-10-01  Sergio Martin <sergio.martin@artica.es>

 	* include/functions_events.php
@ -19,6 +26,7 @@
 	major/minor icons and colors

 2012-09-28 Miguel de Dios <miguel.dedios@artica.es>
+
 	* install.php, operation/agentes/stat_win.php, general/footer.php,
 	include/config_process.php, include/functions_ui.php,
 	include/functions_graph.php, include/graphs/functions_flot.php,
@ -26,6 +34,7 @@
 	now it is generated dinamicly.

 2012-09-27 Miguel de Dios <miguel.dedios@artica.es>
+
 	* include/functions_ui.php, operation/agentes/tactical.php: cleaned
 	source code style.
 	
--- a/pandora_console/extensions/dbmanager.php
+++ b/pandora_console/extensions/dbmanager.php
@ -20,12 +20,12 @@ function dbmanager_query ($sql, &$error) {
 	switch ($config["dbtype"]) {
 		case "mysql":
 			$retval = array();
-		
+			
 			if ($sql == '')
 				return false;
-				
+			
 			$sql = html_entity_decode($sql, ENT_QUOTES);
-		
+			
 			$result = mysql_query ($sql);
 			if ($result === false) {
 				$backtrace = debug_backtrace ();
@ -89,7 +89,7 @@ function dbmgr_extension_main () {
 		return;
 	}
 	
-	if (!check_refererer()) {
+	if (!check_referer()) {
 		require ("general/noaccess.php");
 		
 		return;
--- a/pandora_console/godmode/servers/recon_script.php
+++ b/pandora_console/godmode/servers/recon_script.php
@ -37,7 +37,7 @@ if (! check_acl ($config['id_user'], 0, "LM")) {
 	return;
 }

-if (!check_refererer()) {
+if (!check_referer()) {
 	require ("general/noaccess.php");
 	
 	return;
--- a/pandora_console/godmode/setup/setup.php
+++ b/pandora_console/godmode/setup/setup.php
@ -325,6 +325,14 @@ $table->data[28][0] = __('Public URL');
 $table->data[28][0] .= ui_print_help_tip(__('Set this value when your PandoraFMS across inverse proxy or for example with mod_proxy of Apache.'), true);
 $table->data[28][1] = html_print_input_text ('public_url', $config['public_url'], '', 40, 255, true);

+$table->data[29][0] = __('Referer security');
+$table->data[29][0] .= ui_print_help_tip(__('When it is set as "yes" in some important sections check if the user have gone from url Pandora.'), true);
+$table->data[29][1] = __('Yes') . '&nbsp;&nbsp;&nbsp;' .
+	html_print_radio_button ('referer_security', 1, '', $config["referer_security"], true) .
+	'&nbsp;&nbsp;';
+$table->data[29][1] .= __('No') . '&nbsp;&nbsp;&nbsp;' .
+	html_print_radio_button ('referer_security', 0, '', $config["referer_security"], true);
+

 ?>
 <script type="text/javascript">
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@ -45,7 +45,7 @@ if (! check_acl ($config['id_user'], 0, "UM")) {
 	return;
 }

-if (!check_refererer()) {
+if (!check_referer()) {
 	require ("general/noaccess.php");
 	
 	return;
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@ -30,9 +30,13 @@ require_once('functions_io.php');
 *
 * @return bool true if all is ok, false if referer is not equal to current web page
 */
-function check_refererer() {
+function check_referer() {
 	global $config;
 	
+	//If it is disabled the check referer security
+	if (!$config["referer_security"])
+		return true;
+	
 	$referer = '';
 	if (isset($_SERVER['HTTP_REFERER'])) {
 		$referer = $_SERVER['HTTP_REFERER'];
@ -603,7 +607,7 @@ function get_parameterBetweenListValues ($name, $values, $default) {
 			return $value;
 		}
 	}
-
+	
 	return $default;
 }

@ -1187,8 +1191,8 @@ function index_array ($array, $index = 'id', $value = 'name') {
 * @return string Graph type, as used in stat_win.php (Graphs launcher)
 */

-function return_graphtype ($id_module_type){
-	switch($id_module_type){
+function return_graphtype ($id_module_type) {
+	switch ($id_module_type) {
 		case 3:
 		case 10:
 		case 17:
@ -1206,8 +1210,8 @@ function return_graphtype ($id_module_type){
 			return "log4x";
 			break;
 	}
-
-
+	
+	
 	return "sparse";
 }

@ -1569,7 +1573,10 @@ function get_os_name ($id_os) {
 * @return array Dashboard name of the given user.
 */
 function get_user_dashboards ($id_user) {
-	$sql = "SELECT name FROM tdashboard WHERE id_user="."'".$id_user."'";
+	$sql = "SELECT name
+		FROM tdashboard
+		WHERE id_user="."'".$id_user."'";
+	
 	return db_get_all_rows_sql ($sql);
 }

@ -1582,20 +1589,20 @@ function get_periods () {
 	$periods = array ();
 	
 	$periods[-1] = __('custom');
-	$periods[SECONDS_5MINUTES] = '5 '.__('minutes');
-	$periods[SECONDS_30MINUTES] = '30 '.__('minutes');
+	$periods[SECONDS_5MINUTES] = sprintf(__('%s minutes'), '5');
+	$periods[SECONDS_30MINUTES] = sprintf(__('%s minutes'), '30 ');
 	$periods[SECONDS_1HOUR] = __('1 hour');
-	$periods[SECONDS_6HOURS] = '6 '.__('hours');
-	$periods[SECONDS_12HOURS] = '12 '.__('hours');
+	$periods[SECONDS_6HOURS] = sprintf(__('%s hours'), '6 ');
+	$periods[SECONDS_12HOURS] = sprintf(__('%s hours'), '12 ');
 	$periods[SECONDS_1DAY] = __('1 day');
 	$periods[SECONDS_1WEEK] = __('1 week');
 	$periods[SECONDS_15DAYS] = __('15 days');
-	$periods[SECONDS_1MONTH] = '1 '.__('month');
-	$periods[SECONDS_3MONTHS] = '3 '.__('months');
-	$periods[SECONDS_6MONTHS] = '6 '.__('months');
-	$periods[SECONDS_1YEAR] = '1 '.__('year');
-	$periods[SECONDS_2YEARS] = '2 '.__('years');
-	$periods[SECONDS_3YEARS] = '3 '.__('years');
+	$periods[SECONDS_1MONTH] = __('1 month');
+	$periods[SECONDS_3MONTHS] = sprintf(__('%s months'), '3 ');
+	$periods[SECONDS_6MONTHS] = sprintf(__('%s months'), '6 ');
+	$periods[SECONDS_1YEAR] = __('1 year');
+	$periods[SECONDS_2YEARS] = sprintf(__('%s years'), '2 ');
+	$periods[SECONDS_3YEARS] = sprintf(__('%s years'), '3 ');
 	
 	return $periods;
 }
@ -1611,7 +1618,7 @@ function copy_dir($src, $dst) {
 		return false;
 	
 	@mkdir($dst); 
-	while(false !== ( $file = readdir($dir)) ) {
+	while (false !== ( $file = readdir($dir)) ) {
 		if (( $file != '.' ) && ( $file != '..' )) {
 			if ( is_dir($src . '/' . $file) ) {
 				copy_dir($src . '/' . $file,$dst . '/' . $file); 
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@ -129,6 +129,7 @@ function config_update_config () {
 			config_update_value ('activate_netflow', (bool) get_parameter ('activate_netflow'));
 			
 			config_update_value ('public_url', get_parameter('public_url'));
+			config_update_value ('referer_security', get_parameter('referer_security'));
 			
 			$enterprise = enterprise_include_once ('godmode/setup/setup.php');
 			if ($enterprise !== ENTERPRISE_NOT_HOOK) {
@ -728,6 +729,10 @@ function config_process_config () {
 		config_update_value ('public_url', "");
 	}
 	
+	if (!isset($config['referer_security'])) {
+		config_update_value ('referer_security', 0);
+	}
+	
 	/* Finally, check if any value was overwritten in a form */
 	config_update_config();
 }