From fe73ffcb4489961800c3b2ad3c559b09cd66849f Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan.leon@pandorafms.com>
Date: Thu, 11 Apr 2024 15:31:25 +0200
Subject: [PATCH] #13344 VC remove visualConsoleId on public link

---
 .../operation/visual_console/public_view.php      | 12 ++++++++++--
 pandora_console/operation/visual_console/view.php | 15 ++-------------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/pandora_console/operation/visual_console/public_view.php b/pandora_console/operation/visual_console/public_view.php
index 64529133b4..d7e85f88bc 100644
--- a/pandora_console/operation/visual_console/public_view.php
+++ b/pandora_console/operation/visual_console/public_view.php
@@ -64,7 +64,16 @@ $hash = (string) get_parameter('hash');
 
 // Check input hash.
 // DO NOT move it after of get parameter user id.
-if (User::validatePublicHash($hash) !== true) {
+$vcs = visual_map_get_user_layouts();
+foreach ($vcs as $key => $data) {
+    $hash_compare = User::generatePublicHash($key);
+    if (hash_equals($hash_compare, $hash)) {
+        $visualConsoleId = (int) $key;
+        break;
+    }
+}
+
+if (empty($visualConsoleId) === true) {
     db_pandora_audit(
         AUDIT_LOG_VISUAL_CONSOLE_MANAGEMENT,
         'Trying to access public visual console'
@@ -73,7 +82,6 @@ if (User::validatePublicHash($hash) !== true) {
     exit;
 }
 
-$visualConsoleId = (int) get_parameter('id_layout');
 $userAccessMaintenance = null;
 if (empty($config['id_user']) === true) {
     $config['id_user'] = (string) get_parameter('id_user');
diff --git a/pandora_console/operation/visual_console/view.php b/pandora_console/operation/visual_console/view.php
index ef63456f6a..6b32bc21ef 100644
--- a/pandora_console/operation/visual_console/view.php
+++ b/pandora_console/operation/visual_console/view.php
@@ -154,10 +154,10 @@ if ($aclWrite === true || $aclManage === true) {
         $baseUrl = 'index.php?operation=edit_visualmap&sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&action2='.$action;
     }
 
-    $hash = User::generatePublicHash();
+    $hash = User::generatePublicHash($visualConsoleId);
 
     $options['public_link']['text'] = '<a href="'.ui_get_full_url(
-        'operation/visual_console/public_console.php?hash='.$hash.'&id_layout='.$visualConsoleId.'&refr='.$refr.'&id_user='.$config['id_user'],
+        'operation/visual_console/public_console.php?hash='.$hash.'&refr='.$refr.'&id_user='.$config['id_user'],
         false,
         false,
         false
@@ -774,17 +774,6 @@ ui_require_css_file('form');
 
             var regex_hash = /(hash=)[^&]+(&?)/gi;
             var replacement_hash = '$1' + newProps.hash + '$2';
-            // Tab links.
-            var menuLinks = document.querySelectorAll("div#menu_tab a");
-            if (menuLinks !== null) {
-                menuLinks.forEach(function (menuLink) {
-                    menuLink.href = menuLink.href.replace(regex, replacement);
-                    menuLink.href = menuLink.href.replace(
-                        regex_hash,
-                        replacement_hash
-                    );
-                });
-            }
 
             // Go back from fullscreen button.
             var btnNoFull = document.querySelector("a.vc-btn-no-fullscreen");