* pandoradb_data.sql: added custom sql for reports, "Group view".
* include/functions_io.php: fixed the "safe_output" function when decode
the html entity < or > for < or > char.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3706 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php
include/functions_ui.php: Fixed the html setting in the header
for the dashboard bug 3094692
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3475 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_html.php
include/functions_io.php
include/functions_ui.php
godmode/agentes/module_manager.php: Created a new safe input
function more soft than safe_input() for html code. Applied this
function (safe_input_html()) in few functions like print_image
or print_page_header.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3399 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: Added \s character to list of HTML decoded/encoded
items to be converted from user entries (Safety for XSS and SQL Injection).
* pandoradb_data.sql: Added more default templates, actions and commands.
This is for remote agent management (refresh).
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3376 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: Added functions ascii_to_html and html_to_ascii.
Also use this functions to convert no printing chars in function safe_input
and to revert the conversion in function safe_output.
* include/functions_db.php: Added function escape_string_sql, is a
wrapper db indepenten function to do the same that function mysql_real_escape_string
* index.php: Use function escape_string_sql with login parameters.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3372 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: safe_input() modified to detect SQL injection
attacks using /**/ strings.
* index.php: Prevent HTTP response splitting attacks.
* pandora_console.spec: Updated some spec variables and description.
* pandoradb.sql,
extras/pandoradb_migrate_v3.1_to_v3.2.sql: Added a new field in trecon_task
to store the snmp_community on detected hosts in a recon task.
* extras/pandora_diag.php: Fixed security problem in relative path.
* general/pandora_help.php,
general/footer.php: Fixed security problem in relative path/include.
* general/login_page.php: Fixed security problem in URL parsing.
* godmode/servers/manage_recontask_form.php,
manage_recontask.php: Implemented new feature to use a snmp comunity on all
network modules added to a new detected host.
* config_process.php: Updated build.
* functions.php: New version of safe_url_extraclean() function (security fix)
and modified also enterprise_include* functions to have a secure include.
* functions_ui.php: Secured function get_include_contents().
* operation/agentes/gis_view.php: Secured url extraction/parsing.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3150 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php: added in the function "safe_output" the flag
$utf8 for set the encoding of output, by default true.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2643 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* operation/menu.php: User section has no ACL check, always can be seen.
* index.php: Added suppor for user-defined custom language (this code was
on my disk for 3 months, pending to be commited!).
* include/functions_db.php,
* include/functions_agents.php,
* godmode/alerts/alert_list.php,
* godmode/agentes/modificar_agente.php,
* godmode/agentes/configurar_agente.php: Added audit calls to several
management operations who don't have or have insufficient audit info.
* godmode/users/configure_user.php: Fixed several annoyings bugs. Added
custom language support, and added more audit info on management operations.
* godmode/users/user_list.php: More audit info.
* include/config_process.php: Add new debug option to render error log to
/pandora_console.log. Also set timezone if not defined (this makes warnings
on several PHP 5.x setups). Added user custom language support.
* include/functions_events.php: More audit info. Fixed problems with HTML
encoding render.
* functions_io.php: Some cleaning.
* include/functions_messages.php: Fixed problems with HTML
encoding render.
* functions_ui.php: Fixed problems with HTML encoding render in
print_string_substr() function.
* auth/mysql.php: is_user_admin() functions seems to be broken ¿?¿!. Fixed.
* styles/pandora.css: removed green colored left border in default style.
* message.php, incident*: Fixed problems with HTML encoding render.
* user.php: Better ACL check before let user to view/edit another user.
* user_edit: Removed some un-used form fields, some arrangements in layout,
and FIXED forever problems with password change (new code written).
* users/user_statistics.php: Now user can see its own audit records.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2139 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
* include/functions_io.php, include/functions.php: change and add functions
for manage the input output with correct encoding and decoding.
*include/functions_html.php, include/functions_ui.php,
operation/agentes/status_monitor.php,
operation/agentes/estado_ultimopaquete.php,
operation/agentes/estado_monitores.php: change the function "salida_limpia"
for "safe_output" and other changes.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2128 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
mdtrooper
zarzuelo
darode
slerena