tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#13344 VC remove visualConsoleId on public link

This commit is contained in:
Jonathan 2024-04-11 15:31:25 +02:00
parent 31f4124083
commit fe73ffcb44
2 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/operation/visual_console/public_view.php
View File

@ -64,7 +64,16 @@ $hash = (string) get_parameter('hash');
// Check input hash. // Check input hash.
// DO NOT move it after of get parameter user id. // DO NOT move it after of get parameter user id.
if (User::validatePublicHash($hash) !== true) { $vcs = visual_map_get_user_layouts();
foreach ($vcs as $key => $data) {
$hash_compare = User::generatePublicHash($key);
if (hash_equals($hash_compare, $hash)) {
$visualConsoleId = (int) $key;
break;
}
}
if (empty($visualConsoleId) === true) {
db_pandora_audit( db_pandora_audit(
AUDIT_LOG_VISUAL_CONSOLE_MANAGEMENT, AUDIT_LOG_VISUAL_CONSOLE_MANAGEMENT,
'Trying to access public visual console' 'Trying to access public visual console'
@ -73,7 +82,6 @@ if (User::validatePublicHash($hash) !== true) {
exit; exit;
} }
$visualConsoleId = (int) get_parameter('id_layout');
$userAccessMaintenance = null; $userAccessMaintenance = null;
if (empty($config['id_user']) === true) { if (empty($config['id_user']) === true) {
$config['id_user'] = (string) get_parameter('id_user'); $config['id_user'] = (string) get_parameter('id_user');

15
pandora_console/operation/visual_console/view.php
View File

@ -154,10 +154,10 @@ if ($aclWrite === true || $aclManage === true) {
$baseUrl = 'index.php?operation=edit_visualmap&sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&action2='.$action; $baseUrl = 'index.php?operation=edit_visualmap&sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&action2='.$action;
} }
$hash = User::generatePublicHash(); $hash = User::generatePublicHash($visualConsoleId);
$options['public_link']['text'] = '<a href="'.ui_get_full_url( $options['public_link']['text'] = '<a href="'.ui_get_full_url(
'operation/visual_console/public_console.php?hash='.$hash.'&id_layout='.$visualConsoleId.'&refr='.$refr.'&id_user='.$config['id_user'], 'operation/visual_console/public_console.php?hash='.$hash.'&refr='.$refr.'&id_user='.$config['id_user'],
false, false,
false, false,
false false
@ -774,17 +774,6 @@ ui_require_css_file('form');
var regex_hash = /(hash=)[^&]+(&?)/gi; var regex_hash = /(hash=)[^&]+(&?)/gi;
var replacement_hash = '$1' + newProps.hash + '$2'; var replacement_hash = '$1' + newProps.hash + '$2';
// Tab links.
var menuLinks = document.querySelectorAll("div#menu_tab a");
if (menuLinks !== null) {
menuLinks.forEach(function (menuLink) {
menuLink.href = menuLink.href.replace(regex, replacement);
menuLink.href = menuLink.href.replace(
regex_hash,
replacement_hash
);
});
}
// Go back from fullscreen button. // Go back from fullscreen button.
var btnNoFull = document.querySelector("a.vc-btn-no-fullscreen"); var btnNoFull = document.querySelector("a.vc-btn-no-fullscreen");