diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index f948887717..711eaba368 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,22 @@ +2009-02-17 Evi Vanoost + + * general/login_page.php: Fixed HTML and use print_image function + + * include/functions.php: Added version compare for alternative to + double encoding HTML for PHP < 5.2.3 + + * include/functions_ui.php: Check for empty string on print_string_substr + so we don't print empty spans + + * include/functions_html.php: Better validation and correct output on + print_input_text_extended. Now accepts an array for attributes + + * operations/user/user.php, operations/user/user_edit.php, + godmode/user/user_list.php: Small cosmetic fixes + + * index.php: flush and print closing html tag on exits. This prevents + automatic flushing to print tags after . + 2009-02-17 Esteban Sanchez * godmode/agentes/module_manager_editor.php: Added diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index 80ff29b3a2..fc357f5cc7 100644 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -25,7 +25,7 @@ if (!empty ($page) && !empty ($sec)) { } echo '
-

'.__('Pandora FMS Web Console').'


+

'.__('Pandora FMS Web Console').'


'; @@ -49,8 +49,8 @@ if (!empty ($page) && !empty ($sec)) { // Replace the following with your own URL and logo. // A mashup of the Pandora FMS logo and your companies highly preferred -echo ''; -echo 'logo'; +echo ''; +print_image ("images/pandora_logo.png", false, array ("alt" => "logo", "border" => 0)); echo '
'; // This prints the current pandora console version. diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index ae6f69ba53..a20b82ee06 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -65,7 +65,7 @@ $info = array (); $info = get_users (); foreach ($info as $user_id => $user_info) { - $data[0] = ''.$user_id.''; + $data[0] = ''.$user_id.''; $data[1] = $user_info["fullname"].''; $data[1] .= __('First name').': '.$user_info["firstname"].'
'; $data[1] .= __('Last name').': '.$user_info["lastname"].'
'; @@ -75,9 +75,9 @@ foreach ($info as $user_id => $user_info) { $data[2] = print_timestamp ($user_info["last_connect"], true); if ($user_info["is_admin"]) { - $data[3] = ' '; + $data[3] = print_image ("images/user_suit.png", true, array ("alt" => __('Admin'), "title" => __('Administrator'))).' '; } else { - $data[3] = ' '; + $data[3] = print_image ("images/user_green.png", true, array ("alt" => __('User'), "title" => __('Standard User'))).' '; } $data[3] .= ''; @@ -103,7 +103,7 @@ foreach ($info as $user_id => $user_info) { array_push ($table->data, $data); } -echo ''; +echo ''; print_table ($table); echo ''; unset ($table); @@ -111,7 +111,7 @@ unset ($table); echo '
'; if ($config["admin_can_add_user"] !== false) { - echo '
'; + echo ''; print_submit_button (__('Create user'), "crt", false, 'class="sub next"'); echo ''; } else { @@ -170,7 +170,7 @@ foreach ($profiles as $profile) { array_push ($table->data, $data); } -echo '
'; +echo ''; print_table ($table); echo ''; unset ($table); diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index fd4d453ff5..6722b9d049 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -34,11 +34,19 @@ define ('ENTERPRISE_NOT_HOOK', -1); function safe_input ($value) { if (is_numeric ($value)) return $value; + if (is_array ($value)) { array_walk ($value, 'safe_input'); return $value; } - return htmlentities (utf8_encode ($value), ENT_QUOTES, "UTF-8", false); + + if (version_compare(PHP_VERSION, '5.2.3') === 1) { + return htmlentities (utf8_encode ($value), ENT_QUOTES, "UTF-8", false); + } else { + $translation_table = get_html_translation_table (HTML_ENTITIES,ENT_QUOTES); + $translation_table[chr(38)] = '&'; + return preg_replace ("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&", strtr ($value, $translation_table)); + } } /** diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index 21c445a7f9..814d391589 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -130,12 +130,12 @@ function print_select_from_sql ($sql, $name, $selected = '', $script = '', $noth * @param string $name Input name. * @param string $value Input value. * @param string $id Input HTML id. - * @param string $alt Alternative HTML string. + * @param string $alt Do not use, invalid for text and password. Use print_input_image * @param int $size Size of the input. * @param int $maxlength Maximum length allowed. * @param bool $disabled Disable the button (optional, button enabled by default). * @param string $script JavaScript to attach to this - * @param string $attributes Attributes to add to this tag + * @param mixed $attributes Attributes to add to this tag. Should be an array for correction. * @param bool $return Whether to return an output string or echo now (optional, echo by default). * @param bool $password Whether it is a password input or not. Not password by default. * @@ -146,38 +146,50 @@ function print_input_text_extended ($name, $value, $id, $alt, $size, $maxlength, ++$idcounter; - $type = $password ? 'password' : 'text'; + $valid_attrs = array ("accept", "disabled", "maxlength", "name", "readonly", "size", "value", + "accesskey", "class", "dir", "id", "lang", "style", "tabindex", "title", "xml:lang", + "onfocus", "onblur", "onselect", "onchange", "onclick", "ondblclick", "onmousedown", + "onmouseup", "onmouseover", "onmousemove", "onmouseout", "onkeypress", "onkeydown", "onkeyup"); - if (empty ($name)) { - $name = 'unnamed'; - } - - if (empty ($alt)) { - $alt = 'textfield'; - } - - if (! empty ($maxlength)) { - $maxlength = ' maxlength="'.$maxlength.'" '; - } - - $output = ' $value) { + if (!in_array ($valid_attrs)) { + continue; + } + $output .= $attribute.'="'.$value.'" '; + } } else { - $htmlid = 'text-'.sprintf ('%04d', $idcounter); - $output .= ' id="'.$htmlid.'"'; + $output .= trim ($attributes)." "; + $attributes = array (); } - if ($disabled) //We want readonly, not disabled - disabled disables copying from the field as well - $output .= ' readonly="readonly"'; - if ($attributes != '') - $output .= ' '.$attributes; - $output .= ' />'; + //Attributes specified by function call + $attrs = array ("name" => "unnamed", "value" => "", "id" => "text-".sprintf ('%04d', $idcounter), "size" => "", "maxlength" => ""); + + foreach ($attrs as $attribute => $default) { + if (array_key_exists ($attribute, $attributes)) { + continue; + } //If the attribute was already processed, skip + + if ($$attribute) { + $output .= $attribute.'="'.$$attribute.'" '; + } elseif ($default != '') { + $output .= $attribute.'="'.$default.'" '; + } + } + + $output .= '/>'; - if ($return) - return $output; - echo $output; + if (!$return) + echo $output; + + return $output; } /** @@ -238,7 +250,10 @@ function print_input_text ($name, $value, $alt = '', $size = 50, $maxlength = 0, * @return string HTML code if return parameter is true. */ function print_input_image ($name, $src, $value, $style = '', $return = false) { - $output = ''; + static $idcounter = 0; + + ++$idcounter; + $output = ''; if ($return) return $output; @@ -278,16 +293,18 @@ function print_input_hidden ($name, $value, $return = false) { * @return string HTML code if return parameter is true. */ function print_submit_button ($label = 'OK', $name = '', $disabled = false, $attributes = '', $return = false) { - $output = ''; - - $output .= ''.mb_substr ($string, 0, $cutoff, "UTF-8").(mb_strlen ($string. "UTF-8") > $cutoff ? '...' : '').''; if ($return === false) { echo $string; diff --git a/pandora_console/index.php b/pandora_console/index.php index aa796c3da4..2aee7ce05a 100644 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -137,7 +137,8 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) { } else { require_once ('general/login_page.php'); audit_db ("system", $REMOTE_ADDR, "Logon Failed (loginhash", ""); - exit; + while (@ob_end_flush ()); + exit (""); } } elseif (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) { // Login process @@ -165,13 +166,14 @@ if (! isset ($_SESSION['id_usuario']) && isset ($_GET["loginhash"])) { $login_failed = true; require_once ('general/login_page.php'); audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid login: ".$nick); - exit; + while (@ob_end_flush ()); + exit (""); } } elseif (! isset ($_SESSION['id_usuario'])) { // There is no user connected require_once ('general/login_page.php'); - echo ''; - exit; + while (@ob_end_flush ()); + exit (""); } else { // There is session for id_usuario $config["id_user"] = $_SESSION["id_usuario"]; @@ -183,7 +185,8 @@ if (isset ($_GET["bye"])) { $iduser = $_SESSION["id_usuario"]; logoff_db ($iduser, $REMOTE_ADDR); session_unregister ("id_usuario"); - exit; + while (@ob_end_flush ()); + exit (""); } // http://es2.php.net/manual/en/ref.session.php#64525 @@ -244,4 +247,4 @@ if ($config["pure"] == 0) { echo '
'; //container div while (@ob_end_flush ()); echo ''; -?> +?> \ No newline at end of file diff --git a/pandora_console/operation/users/user.php b/pandora_console/operation/users/user.php index 15d0d4bb3e..c95fdc0fb9 100644 --- a/pandora_console/operation/users/user.php +++ b/pandora_console/operation/users/user.php @@ -22,7 +22,7 @@ require_once ("include/config.php"); check_login (); -echo '

'.__('Pandora users').' > '.__('Users defined in Pandora').'

'; +echo '

'.__('Pandora users').' > '.__('Users defined in Pandora').'

'; $table->cellpadding = 4; $table->cellspacing = 4; @@ -49,7 +49,7 @@ if (give_acl ($config["id_user"], 0, "UM") == 1) { } foreach ($info as $user_id => $user_info) { - $data[0] = ''.$user_id.''; + $data[0] = ''.$user_id.''; $data[1] = $user_info["fullname"].''; $data[1] .= __('First name').': '.$user_info["firstname"].'
'; $data[1] .= __('Last name').': '.$user_info["lastname"].'
'; @@ -59,14 +59,14 @@ foreach ($info as $user_id => $user_info) { $data[2] = print_timestamp ($user_info["last_connect"], true); if ($user_info["is_admin"]) { - $data[3] = ' '; + $data[3] = print_image ("images/user_suit.png", true, array ("alt" => __('Admin'), "title" => __('Administrator'))).' '; } else { - $data[3] = ' '; + $data[3] = print_image ("images/user_green.png", true, array ("alt" => __('User'), "title" => __('Standard User'))).' '; } $data[3] .= ''; $result = get_db_all_rows_field_filter ("tusuario_perfil", "id_usuario", $user_id); - if ($result !== false) { + if (!empty ($result)) { foreach ($result as $row) { $data[3] .= get_profile_name ($row["id_perfil"]); $data[3] .= " / "; @@ -79,6 +79,7 @@ foreach ($info as $user_id => $user_info) { $data[3] .= ""; $data[4] = print_string_substr ($user_info["comments"], 24, true); + array_push ($table->data, $data); } diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php index 41c8fa942a..41ce38345c 100644 --- a/pandora_console/operation/users/user_edit.php +++ b/pandora_console/operation/users/user_edit.php @@ -58,9 +58,9 @@ if (isset ($_GET["modified"]) && !$view_mode) { echo "

".__('Pandora users')." > ".__('User detail editor')."

"; -echo ''; +echo ''; -echo '
'; +echo '
'; echo ''; echo '
'.__('User ID').''; @@ -95,7 +95,7 @@ echo '
'.__('Phone number').'
'.__('Comments').''; -print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly' : '')); +print_textarea ("comments", 4, 55, $user_info["comments"], ($view_mode ? 'readonly="readonly"' : '')); echo '
';