From ededdd89cbc2af0bb102cb4325386b07995ad201 Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Mon, 1 Oct 2012 13:28:34 +0000 Subject: [PATCH] 2012-10-01 Miguel de Dios * godmode/servers/recon_script.php, godmode/setup/setup.php, godmode/users/configure_user.php, include/functions.php, include/functions_config.php, extensions/dbmanager.php: now the "check_referer" can be disabled in the setup. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@7015 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 9 ++++ pandora_console/extensions/dbmanager.php | 8 ++-- .../godmode/servers/recon_script.php | 2 +- pandora_console/godmode/setup/setup.php | 8 ++++ .../godmode/users/configure_user.php | 2 +- pandora_console/include/functions.php | 43 +++++++++++-------- pandora_console/include/functions_config.php | 5 +++ 7 files changed, 53 insertions(+), 24 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index cea8db7fac..933384c4c7 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2012-10-01 Miguel de Dios + + * godmode/servers/recon_script.php, godmode/setup/setup.php, + godmode/users/configure_user.php, include/functions.php, + include/functions_config.php, extensions/dbmanager.php: now the + "check_referer" can be disabled in the setup. + 2012-10-01 Sergio Martin * include/functions_events.php @@ -19,6 +26,7 @@ major/minor icons and colors 2012-09-28 Miguel de Dios + * install.php, operation/agentes/stat_win.php, general/footer.php, include/config_process.php, include/functions_ui.php, include/functions_graph.php, include/graphs/functions_flot.php, @@ -26,6 +34,7 @@ now it is generated dinamicly. 2012-09-27 Miguel de Dios + * include/functions_ui.php, operation/agentes/tactical.php: cleaned source code style. diff --git a/pandora_console/extensions/dbmanager.php b/pandora_console/extensions/dbmanager.php index efb33c0002..2ce7c81dd9 100644 --- a/pandora_console/extensions/dbmanager.php +++ b/pandora_console/extensions/dbmanager.php @@ -20,12 +20,12 @@ function dbmanager_query ($sql, &$error) { switch ($config["dbtype"]) { case "mysql": $retval = array(); - + if ($sql == '') return false; - + $sql = html_entity_decode($sql, ENT_QUOTES); - + $result = mysql_query ($sql); if ($result === false) { $backtrace = debug_backtrace (); @@ -89,7 +89,7 @@ function dbmgr_extension_main () { return; } - if (!check_refererer()) { + if (!check_referer()) { require ("general/noaccess.php"); return; diff --git a/pandora_console/godmode/servers/recon_script.php b/pandora_console/godmode/servers/recon_script.php index 7bcd81abc1..b6e1c5d7aa 100644 --- a/pandora_console/godmode/servers/recon_script.php +++ b/pandora_console/godmode/servers/recon_script.php @@ -37,7 +37,7 @@ if (! check_acl ($config['id_user'], 0, "LM")) { return; } -if (!check_refererer()) { +if (!check_referer()) { require ("general/noaccess.php"); return; diff --git a/pandora_console/godmode/setup/setup.php b/pandora_console/godmode/setup/setup.php index 96773daf20..a7d326614a 100644 --- a/pandora_console/godmode/setup/setup.php +++ b/pandora_console/godmode/setup/setup.php @@ -325,6 +325,14 @@ $table->data[28][0] = __('Public URL'); $table->data[28][0] .= ui_print_help_tip(__('Set this value when your PandoraFMS across inverse proxy or for example with mod_proxy of Apache.'), true); $table->data[28][1] = html_print_input_text ('public_url', $config['public_url'], '', 40, 255, true); +$table->data[29][0] = __('Referer security'); +$table->data[29][0] .= ui_print_help_tip(__('When it is set as "yes" in some important sections check if the user have gone from url Pandora.'), true); +$table->data[29][1] = __('Yes') . '   ' . + html_print_radio_button ('referer_security', 1, '', $config["referer_security"], true) . + '  '; +$table->data[29][1] .= __('No') . '   ' . + html_print_radio_button ('referer_security', 0, '', $config["referer_security"], true); + ?>