* include/functions_io.php: fixed the function "io_safe_output" for
arrays, now into the function call other function with the name
"io_safe_output_array".
* include/functions_visual_map.php,
include/ajax/visual_console_builder.ajax.php,
godmode/reporting/visual_console_builder.wizard.php,
godmode/reporting/visual_console_builder.php,
godmode/reporting/visual_console_builder.editor.js,
godmode/reporting/visual_console_builder.elements.php,
godmode/reporting/visual_console_builder.editor.php,
godmode/reporting/visual_console_builder.constans.php: fixed a lot
of things about simple value and derivates.
MERGED FROM 4.0.2
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6497 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_modules.php
include/functions_io.php: Added new safe string function
to scape strings to use it in regular expressions and
change the parameters of enterprise functions to be
compatible con last changes
Merged from 4.0.x
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6409 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* extensions/snmp_explorer.php: Call io_safe_input() for
module name and description when creating module.
* include/functions_io.php: spaces to tabs.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5242 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php
include/config_process.php
include/functions_extensions.php
index.php
extensions/insert_data.php
extensions/system_info.php
extensions/extension_uploader.php
extensions/pandora_logs.php
extensions/agents_modules.php
extensions/update_manager.php
extensions/ssh_console.php
extensions/dbmanager.php
extensions/vnc_view.php
extensions/resource_registration.php
extensions/resource_exportation.php
extensions/users_connected.php
extensions/module_groups.php
extensions/plugin_registration.php
godmode/extensions.php: functions in
functions_extensions.php have "extensions_" prefix.
* install.php: Drop database action is not allowed when installation
it's performed over a new database.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4336 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* pandoradb_data.sql: added custom sql for reports, "Group view".
* include/functions_io.php: fixed the "safe_output" function when decode
the html entity < or > for < or > char.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3706 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php
include/functions_ui.php: Fixed the html setting in the header
for the dashboard bug 3094692
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3475 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_html.php
include/functions_io.php
include/functions_ui.php
godmode/agentes/module_manager.php: Created a new safe input
function more soft than safe_input() for html code. Applied this
function (safe_input_html()) in few functions like print_image
or print_page_header.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3399 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: Added \s character to list of HTML decoded/encoded
items to be converted from user entries (Safety for XSS and SQL Injection).
* pandoradb_data.sql: Added more default templates, actions and commands.
This is for remote agent management (refresh).
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3376 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: Added functions ascii_to_html and html_to_ascii.
Also use this functions to convert no printing chars in function safe_input
and to revert the conversion in function safe_output.
* include/functions_db.php: Added function escape_string_sql, is a
wrapper db indepenten function to do the same that function mysql_real_escape_string
* index.php: Use function escape_string_sql with login parameters.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3372 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: safe_input() modified to detect SQL injection
attacks using /**/ strings.
* index.php: Prevent HTTP response splitting attacks.
* pandora_console.spec: Updated some spec variables and description.
* pandoradb.sql,
extras/pandoradb_migrate_v3.1_to_v3.2.sql: Added a new field in trecon_task
to store the snmp_community on detected hosts in a recon task.
* extras/pandora_diag.php: Fixed security problem in relative path.
* general/pandora_help.php,
general/footer.php: Fixed security problem in relative path/include.
* general/login_page.php: Fixed security problem in URL parsing.
* godmode/servers/manage_recontask_form.php,
manage_recontask.php: Implemented new feature to use a snmp comunity on all
network modules added to a new detected host.
* config_process.php: Updated build.
* functions.php: New version of safe_url_extraclean() function (security fix)
and modified also enterprise_include* functions to have a secure include.
* functions_ui.php: Secured function get_include_contents().
* operation/agentes/gis_view.php: Secured url extraction/parsing.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3150 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: added in the function "safe_output" the flag
$utf8 for set the encoding of output, by default true.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2643 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* operation/menu.php: User section has no ACL check, always can be seen.
* index.php: Added suppor for user-defined custom language (this code was
on my disk for 3 months, pending to be commited!).
* include/functions_db.php,
* include/functions_agents.php,
* godmode/alerts/alert_list.php,
* godmode/agentes/modificar_agente.php,
* godmode/agentes/configurar_agente.php: Added audit calls to several
management operations who don't have or have insufficient audit info.
* godmode/users/configure_user.php: Fixed several annoyings bugs. Added
custom language support, and added more audit info on management operations.
* godmode/users/user_list.php: More audit info.
* include/config_process.php: Add new debug option to render error log to
/pandora_console.log. Also set timezone if not defined (this makes warnings
on several PHP 5.x setups). Added user custom language support.
* include/functions_events.php: More audit info. Fixed problems with HTML
encoding render.
* functions_io.php: Some cleaning.
* include/functions_messages.php: Fixed problems with HTML
encoding render.
* functions_ui.php: Fixed problems with HTML encoding render in
print_string_substr() function.
* auth/mysql.php: is_user_admin() functions seems to be broken ¿?¿!. Fixed.
* styles/pandora.css: removed green colored left border in default style.
* message.php, incident*: Fixed problems with HTML encoding render.
* user.php: Better ACL check before let user to view/edit another user.
* user_edit: Removed some un-used form fields, some arrangements in layout,
and FIXED forever problems with password change (new code written).
* users/user_statistics.php: Now user can see its own audit records.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2139 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php, include/functions.php: change and add functions
for manage the input output with correct encoding and decoding.
*include/functions_html.php, include/functions_ui.php,
operation/agentes/status_monitor.php,
operation/agentes/estado_ultimopaquete.php,
operation/agentes/estado_monitores.php: change the function "salida_limpia"
for "safe_output" and other changes.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2128 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
mdtrooper
zarzuelo
koichirok
juanmanuelr
darode
slerena