Commit Graph

57 Commits

Author SHA1 Message Date
darode 2b5ec9c4f2 2010-10-11 Dario Rodriguez <dario.rodriguez@artica.es>
* include/functions_io.php: Added \s character in decode HTML entities
	function.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3378 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-10-11 07:44:49 +00:00
slerena d9490249ca 2010-10-08 Sancho Lerena <slerena@artica.es>
* include/functions_io.php: Added \s character to list of HTML decoded/encoded
    items to be converted from user entries (Safety for XSS and SQL Injection).

    * pandoradb_data.sql: Added more default templates, actions and commands. 
    This is for remote agent management (refresh).
    


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3376 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-10-08 17:00:28 +00:00
darode c550c2a1a3 2010-10-08 Dario Rodriguez <dario.rodriguez@artica.es>
* include/functions_io.php: Added functions ascii_to_html and html_to_ascii. 
	Also use this functions to convert no printing chars in function safe_input 
	and to revert the conversion in function safe_output.
	* include/functions_db.php: Added function escape_string_sql, is a
	wrapper db indepenten function to do the same that function mysql_real_escape_string
	* index.php: Use function escape_string_sql with login parameters.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3372 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-10-08 11:35:18 +00:00
slerena 555f05848a 2010-08-18 Sancho Lerena <slerena@artica.es>
* include/functions_io.php: safe_input() modified to detect SQL injection
    attacks using /**/ strings.

    * index.php: Prevent HTTP response splitting attacks.

    * pandora_console.spec: Updated some spec variables and description.

    * pandoradb.sql,
    extras/pandoradb_migrate_v3.1_to_v3.2.sql: Added a new field in trecon_task
    to store the snmp_community on detected hosts in a recon task.

    * extras/pandora_diag.php: Fixed security problem in relative path.

    * general/pandora_help.php, 
    general/footer.php: Fixed security problem in relative path/include.

    * general/login_page.php: Fixed security problem in URL parsing.

    * godmode/servers/manage_recontask_form.php, 
    manage_recontask.php: Implemented new feature to use a snmp comunity on all
    network modules added to a new detected host.

    * config_process.php: Updated build.

    * functions.php: New version of safe_url_extraclean() function (security fix)
    and modified also enterprise_include* functions to have a secure include.

    * functions_ui.php: Secured function get_include_contents().

    * operation/agentes/gis_view.php: Secured url extraction/parsing.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3150 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-08-18 11:35:42 +00:00
mdtrooper 9f3fdd6312 2010-04-30 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_io.php: added in the function "safe_output" the flag
	$utf8 for set the encoding of output, by default true.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2643 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-04-30 10:35:20 +00:00
slerena b8d839b5c7 2009-11-27 Sancho lerena <slerena@artica.es>
* operation/menu.php: User section has no ACL check, always can be seen.

	* index.php: Added suppor for user-defined custom language (this code was
	on my disk for 3 months, pending to be commited!).

	* include/functions_db.php,
	* include/functions_agents.php,
	* godmode/alerts/alert_list.php,
	* godmode/agentes/modificar_agente.php, 
	* godmode/agentes/configurar_agente.php: Added audit calls to several 
	management operations who don't have or have insufficient audit info.

	* godmode/users/configure_user.php: Fixed several annoyings bugs. Added
	custom language support, and added more audit info on management operations.

	* godmode/users/user_list.php: More audit info.

	* include/config_process.php: Add new debug option to render error log to
	/pandora_console.log. Also set timezone if not defined (this makes warnings
	on several PHP 5.x setups). Added user custom language support.

	* include/functions_events.php: More audit info. Fixed problems with HTML
	encoding render.

	* functions_io.php: Some cleaning.

	* include/functions_messages.php: Fixed problems with HTML
	encoding render.

	* functions_ui.php: Fixed problems with HTML encoding render in 
	print_string_substr() function.

	* auth/mysql.php: is_user_admin() functions seems to be broken ¿?¿!. Fixed.

	* styles/pandora.css: removed green colored left border in default style.

	* message.php, incident*:  Fixed problems with HTML encoding render.

	* user.php: Better ACL check before let user to view/edit another user.

	* user_edit: Removed some un-used form fields, some arrangements in layout,
	and FIXED forever problems with password change (new code written).  

	* users/user_statistics.php: Now user can see its own audit records.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2139 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2009-11-27 20:02:12 +00:00
mdtrooper 006a81ff3f 2009-11-25 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_io.php, include/functions.php: change and add functions
	for manage the input output with correct encoding and decoding.

	*include/functions_html.php, include/functions_ui.php,
	operation/agentes/status_monitor.php,
	operation/agentes/estado_ultimopaquete.php,
	operation/agentes/estado_monitores.php: change the function "salida_limpia"
	for "safe_output" and other changes.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2128 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2009-11-25 09:12:42 +00:00