tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#13344 VC remove visualConsoleId on public link

This commit is contained in:
Jonathan 2024-04-11 15:31:25 +02:00
parent 31f4124083
commit fe73ffcb44
2 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/operation/visual_console/public_view.php
View File

@ -64,7 +64,16 @@ $hash = (string) get_parameter('hash');
// Check input hash.
// DO NOT move it after of get parameter user id.
if (User::validatePublicHash($hash) !== true) {
$vcs = visual_map_get_user_layouts();
foreach ($vcs as $key => $data) {
$hash_compare = User::generatePublicHash($key);
if (hash_equals($hash_compare, $hash)) {
$visualConsoleId = (int) $key;
break;
}
}
if (empty($visualConsoleId) === true) {
db_pandora_audit(
AUDIT_LOG_VISUAL_CONSOLE_MANAGEMENT,
'Trying to access public visual console'
@ -73,7 +82,6 @@ if (User::validatePublicHash($hash) !== true) {
exit;
}
$visualConsoleId = (int) get_parameter('id_layout');
$userAccessMaintenance = null;
if (empty($config['id_user']) === true) {
$config['id_user'] = (string) get_parameter('id_user');

15
pandora_console/operation/visual_console/view.php
View File

@ -154,10 +154,10 @@ if ($aclWrite === true || $aclManage === true) {
$baseUrl = 'index.php?operation=edit_visualmap&sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&action2='.$action;
}
$hash = User::generatePublicHash();
$hash = User::generatePublicHash($visualConsoleId);
$options['public_link']['text'] = '<a href="'.ui_get_full_url(
'operation/visual_console/public_console.php?hash='.$hash.'&id_layout='.$visualConsoleId.'&refr='.$refr.'&id_user='.$config['id_user'],
'operation/visual_console/public_console.php?hash='.$hash.'&refr='.$refr.'&id_user='.$config['id_user'],
false,
false,
false
@ -774,17 +774,6 @@ ui_require_css_file('form');
var regex_hash = /(hash=)[^&]+(&?)/gi;
var replacement_hash = '$1' + newProps.hash + '$2';
// Tab links.
var menuLinks = document.querySelectorAll("div#menu_tab a");
if (menuLinks !== null) {
menuLinks.forEach(function (menuLink) {
menuLink.href = menuLink.href.replace(regex, replacement);
menuLink.href = menuLink.href.replace(
regex_hash,
replacement_hash
);
});
}
// Go back from fullscreen button.
var btnNoFull = document.querySelector("a.vc-btn-no-fullscreen");