diff options
Diffstat (limited to 'net-mgmt')
-rw-r--r-- | net-mgmt/zabbix-agent/Makefile | 3 | ||||
-rw-r--r-- | net-mgmt/zabbix/Makefile | 4 | ||||
-rw-r--r-- | net-mgmt/zabbix/files/patch-USH-162.1 | 135 | ||||
-rw-r--r-- | net-mgmt/zabbix/files/patch-USH-162.2 | 2622 | ||||
-rw-r--r-- | net-mgmt/zabbix/pkg-plist | 4 | ||||
-rw-r--r-- | net-mgmt/zabbix2-agent/Makefile | 3 | ||||
-rw-r--r-- | net-mgmt/zabbix2/Makefile | 4 | ||||
-rw-r--r-- | net-mgmt/zabbix2/files/patch-USH-162.1 | 135 | ||||
-rw-r--r-- | net-mgmt/zabbix2/files/patch-USH-162.2 | 2622 | ||||
-rw-r--r-- | net-mgmt/zabbix2/pkg-plist | 4 |
10 files changed, 5524 insertions, 12 deletions
diff --git a/net-mgmt/zabbix-agent/Makefile b/net-mgmt/zabbix-agent/Makefile index 78531b59ffc..2d6e625c42f 100644 --- a/net-mgmt/zabbix-agent/Makefile +++ b/net-mgmt/zabbix-agent/Makefile @@ -7,6 +7,7 @@ PORTNAME= zabbix PORTVERSION= 1.6.2 +PORTREVISION= 1 PORTEPOCH= 2 CATEGORIES= net-mgmt MASTER_SITES= SF @@ -24,8 +25,6 @@ MAKE_ARGS= ARCH=freebsd CONFIGURE_ARGS+=--enable-ipv6 .endif -FORBIDDEN= multiple vulnerabilities http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html - ZABBIX_BIN= agent agentd get sender ZABBIX_CFG= agent agentd ZABBIX_BINFILES=${ZABBIX_BIN:S|^|zabbix_|:C|.+|&/&|:S|agentd/|agent/|} diff --git a/net-mgmt/zabbix/Makefile b/net-mgmt/zabbix/Makefile index 8eaf623c07d..d003ff56212 100644 --- a/net-mgmt/zabbix/Makefile +++ b/net-mgmt/zabbix/Makefile @@ -7,6 +7,7 @@ PORTNAME= zabbix PORTVERSION= 1.6.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= net-mgmt MASTER_SITES= SF @@ -38,8 +39,6 @@ SUB_FILES= pkg-message .include <bsd.port.pre.mk> -FORBIDDEN= multiple vulnerabilities http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html - .ifndef WITHOUT_JABBER USE_JABBER= yes CONFIGURE_ARGS+=--with-jabber=${LOCALBASE} @@ -82,6 +81,7 @@ post-patch: @${REINPLACE_CMD} -e '/test.*rf/s|-rf|-f|;/LDFLAGS/s|-static||;\ /LIBS="-lnetsnmp/s|="|="-lcrypto |;s|-lsqlite3|-lsqlite3 ${PTHREAD_LIBS}|'\ ${WRKSRC}/configure + @cd ${WRKSRC} && ${FIND} . -name '*.orig' -exec ${RM} {} \; .ifdef WITHOUT_FPING @${ECHO} 'DisablePinger=yes' >> ${WRKSRC}/misc/conf/zabbix_server.conf diff --git a/net-mgmt/zabbix/files/patch-USH-162.1 b/net-mgmt/zabbix/files/patch-USH-162.1 new file mode 100644 index 00000000000..df11a28e251 --- /dev/null +++ b/net-mgmt/zabbix/files/patch-USH-162.1 @@ -0,0 +1,135 @@ +Index: include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6592) ++++ frontends/php/include/validate.inc.php (revision 6593) +@@ -198,19 +198,21 @@ + return $ret; + } + +- function calc_exp($fields,$field,$expression){ ++ function calc_exp($fields,$field,$expression){ + //SDI("$field - expression: ".$expression); + +- if(zbx_strstr($expression,"{}") && !isset($_REQUEST[$field])) ++ if(zbx_strstr($expression,'{}') && !isset($_REQUEST[$field])) + return FALSE; + +- if(zbx_strstr($expression,"{}") && !is_array($_REQUEST[$field])) +- $expression = str_replace("{}",'$_REQUEST["'.$field.'"]',$expression); ++ if(zbx_strstr($expression,'{}') && !is_array($_REQUEST[$field])) ++ $expression = str_replace('{}','$_REQUEST["'.$field.'"]',$expression); + +- if(zbx_strstr($expression,"{}") && is_array($_REQUEST[$field])){ ++ if(zbx_strstr($expression,'{}') && is_array($_REQUEST[$field])){ + foreach($_REQUEST[$field] as $key => $val){ +- $expression2 = str_replace("{}",'$_REQUEST["'.$field.'"]["'.$key.'"]',$expression); +- if(calc_exp2($fields,$field,$expression2)==FALSE) ++ if(!ereg('^[a-zA-Z0-9_]+$',$key)) return FALSE; ++ ++ $expression2 = str_replace('{}','$_REQUEST["'.$field.'"]["'.$key.'"]',$expression); ++ if(calc_exp2($fields,$field,$expression2)==FALSE) + return FALSE; + } + return TRUE; +@@ -219,7 +221,7 @@ + return calc_exp2($fields,$field,$expression); + } + +- function unset_not_in_list(&$fields){ ++ function unset_not_in_list(&$fields){ + foreach($_REQUEST as $key => $val){ + if(!isset($fields[$key])){ + unset_request($key,'unset_not_in_list'); +@@ -382,7 +384,7 @@ + } + } + +- function check_field(&$fields, &$field, $checks){ ++ function check_field(&$fields, &$field, $checks){ + list($type,$opt,$flags,$validation,$exception)=$checks; + + if($flags&P_UNSET_EMPTY && isset($_REQUEST[$field]) && $_REQUEST[$field]==''){ +@@ -473,9 +475,7 @@ + include_once "include/page_footer.php"; + } + +- function check_fields(&$fields, $show_messages=true){ +- +- global $_REQUEST; ++ function check_fields(&$fields, $show_messages=true){ + global $system_fields; + + $err = ZBX_VALID_OK; +Index: locales.php +=================================================================== +--- frontends/php/locales.php (revision 6592) ++++ frontends/php/locales.php (revision 6593) +@@ -19,11 +19,11 @@ + **/ + ?> + <?php +-include_once "include/config.inc.php"; ++include_once('include/config.inc.php'); + + if(isset($_REQUEST['download'])){ +- $page["type"] = PAGE_TYPE_XML; +- $page["file"] = "new_locale.inc.php"; ++ $page['type'] = PAGE_TYPE_XML; ++ $page['file'] = 'new_locale.inc.php'; + } + else{ + $page['title'] = "S_LOCALES"; +@@ -181,26 +181,25 @@ + $frmLcls->AddOption('id','locales'); + $frmLcls->SetHelp($help); + +- $fileFrom = 'include/locales/'.$_REQUEST['srclang'].".inc.php"; +- if(file_exists($fileFrom)){ +- include($fileFrom); + ++ $fileFrom = 'include/locales/'.$_REQUEST['srclang'].'.inc.php'; ++ if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['srclang']) && file_exists($fileFrom)){ ++ include($fileFrom); + if(!isset($TRANSLATION) || !is_array($TRANSLATION)){ +- error("Passed SOURCE is NOT valid PHP file."); ++ error('Passed SOURCE is NOT valid PHP file.'); + } + $transFrom = $TRANSLATION; + } + unset($TRANSLATION); + +- $frmLcls->AddVar('extlang',$_REQUEST['extlang']); +- +- if($_REQUEST['extlang'] != 'new'){ +- $fileTo = 'include/locales/'.$_REQUEST['extlang'].".inc.php"; ++ $frmLcls->addVar('extlang',$_REQUEST['extlang']); ++ if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['srclang']) && ($_REQUEST['extlang'] != 'new')){ ++ $fileTo = 'include/locales/'.$_REQUEST['extlang'].'.inc.php'; + if(file_exists($fileTo)){ + include($fileTo); + + if(!isset($TRANSLATION) || !is_array($TRANSLATION)){ +- error("Passed DEST is NOT valid PHP file."); ++ error('Passed DEST is NOT valid PHP file.'); + } + $transTo = $TRANSLATION; + // header('Content-Type: text/html; charset='.$TRANSLATION['S_HTML_CHARSET']); + +----- + +This hunk fixes typo in the bugfix for local file inclusion inside +locales.php + +Index: branches/1.6/frontends/php/locales.php +=================================================================== +--- frontends/php/locales.php (revision 6885) ++++ frontends/php/locales.php (revision 6886) +@@ -193,7 +193,7 @@ + unset($TRANSLATION); + + $frmLcls->addVar('extlang',$_REQUEST['extlang']); +- if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['srclang']) && ($_REQUEST['extlang'] != 'new')){ ++ if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['extlang']) && ($_REQUEST['extlang'] != 'new')){ + $fileTo = 'include/locales/'.$_REQUEST['extlang'].'.inc.php'; + if(file_exists($fileTo)){ + include($fileTo); diff --git a/net-mgmt/zabbix/files/patch-USH-162.2 b/net-mgmt/zabbix/files/patch-USH-162.2 new file mode 100644 index 00000000000..22d5d1112dc --- /dev/null +++ b/net-mgmt/zabbix/files/patch-USH-162.2 @@ -0,0 +1,2622 @@ +Index: frontends/php/include/perm.inc.php +=================================================================== +--- frontends/php/include/perm.inc.php (revision 6620) ++++ frontends/php/include/perm.inc.php (revision 6621) +@@ -44,7 +44,7 @@ + $USER_DETAILS = NULL; + $login = FALSE; + +- $sessionid = get_cookie('zbx_sessionid'); ++ $sessionid = get_request('sessionid',get_cookie('zbx_sessionid')); + + if(!is_null($sessionid)){ + $sql = 'SELECT u.*,s.* '. +Index: frontends/php/include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6620) ++++ frontends/php/include/validate.inc.php (revision 6621) +@@ -428,8 +429,12 @@ + } + } + else if($opt == O_OPT){ +- if(!isset($_REQUEST[$field])) ++ if(!isset($_REQUEST[$field])){ + return ZBX_VALID_OK; ++ } ++ else if(($flags&P_ACT) && !isset($_REQUEST['zbx_form'])){ ++ return ZBX_VALID_ERROR; ++ } + } + + check_trim($_REQUEST[$field]); +@@ -458,17 +463,21 @@ + return ZBX_VALID_OK; + } + +-// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION ++// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION + $system_fields=array( +- "sessionid"=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(),NULL), +- "switch_node"=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), +- "triggers_hash"=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), +- 'print'=> array(T_ZBX_INT, O_OPT, P_SYS, IN("1"),NULL), ++ 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), 'isset({zbx_form})'), ++ 'zbx_form'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY, NULL), ++// ++ 'switch_node'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), ++ 'triggers_hash'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), ++ 'print'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('1'),NULL), ++ ++// table sorting + 'sort'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL,NULL), + 'sortorder'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL,NULL) + ); + +- function invalid_url(){ ++ function invalid_url(){ + include_once "include/page_header.php"; + unset_all(); + show_error_message(S_INVALID_URL); +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6620) ++++ frontends/php/include/classes/cform.inc.php (revision 6621) +@@ -22,46 +22,44 @@ + class CForm extends CTag{ + /* public */ + function CForm($action=NULL, $method='post', $enctype=NULL){ +- parent::CTag("form","yes"); +- $this->SetMethod($method); +- $this->SetAction($action); +- $this->SetEnctype($enctype); ++ parent::CTag('form','yes'); ++ $this->setMethod($method); ++ $this->setAction($action); ++ $this->setEnctype($enctype); ++ ++ $this->addVar('zbx_form', 'action'); ++ $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); + } + +- function SetMethod($value='post'){ ++ function setMethod($value='post'){ + return $this->options['method'] = $value; + } + +- function SetAction($value){ ++ function setAction($value){ + global $page; + + if(is_null($value)){ +- if(isset($page['file'])){ +- $value = $page['file']; +- } +- else{ +- $value = "#"; +- } ++ $value = isset($page['file'])?$page['file']:'#'; + } + + return $this->options['action'] = $value; + } + +- function SetEnctype($value=NULL){ ++ function setEnctype($value=NULL){ + if(is_null($value)){ +- return $this->DelOption("enctype"); ++ return $this->DelOption('enctype'); + } + else if(!is_string($value)){ + return $this->error("Incorrect value for SetEnctype [$value]"); + } + +- return $this->AddOption("enctype",$value); ++ return $this->addOption('enctype',$value); + } + +- function AddVar($name, $value){ ++ function addVar($name, $value){ + if(empty($value) && $value != 0) return $value; + +- return $this->AddItem(new CVar($name, $value)); ++ return $this->addItem(new CVar($name, $value)); + } + } + ?> +Index: frontends/php/include/classes/cformtable.inc.php +=================================================================== +--- frontends/php/include/classes/cformtable.inc.php (revision 6620) ++++ frontends/php/include/classes/cformtable.inc.php (revision 6621) +@@ -46,48 +46,48 @@ + } + + parent::CForm($action,$method,$enctype); +- $this->SetTitle($title); +- $this->SetAlign('center'); +- $this->SetHelp(); ++ $this->setTitle($title); ++ $this->setAlign('center'); ++ $this->setHelp(); + + // $frm_link = new CLink(); +-// $frm_link->SetName("formtable"); +-// $this->AddItemToTopRow($frm_link); ++// $frm_link->setName("formtable"); ++// $this->addItemToTopRow($frm_link); + +- $this->AddVar($form_variable, get_request($form_variable, 1)); +- $this->AddVar('form_refresh',get_request('form_refresh',0)+1); ++ $this->addVar($form_variable, get_request($form_variable, 1)); ++ $this->addVar('form_refresh',get_request('form_refresh',0)+1); + + $this->bottom_items = new CCol(SPACE,'form_row_last'); +- $this->bottom_items->SetColSpan(2); ++ $this->bottom_items->setColSpan(2); + } + +- function SetAction($value){ ++ function setAction($value){ + + if(is_string($value)) +- return parent::SetAction($value); ++ return parent::setAction($value); + elseif(is_null($value)) +- return parent::SetAction($value); ++ return parent::setAction($value); + else + return $this->error("Incorrect value for SetAction [$value]"); + } + +- function SetName($value){ ++ function setName($value){ + if(!is_string($value)){ + return $this->error("Incorrect value for SetAlign [$value]"); + } +- $this->AddOption('name',$value); +- $this->AddOption('id',$value); ++ $this->addOption('name',$value); ++ $this->addOption('id',$value); + return true; + } + +- function SetAlign($value){ ++ function setAlign($value){ + if(!is_string($value)){ + return $this->error("Incorrect value for SetAlign [$value]"); + } + return $this->align = $value; + } + +- function SetTitle($value=NULL){ ++ function setTitle($value=NULL){ + if(is_null($value)){ + unset($this->title); + return 0; +@@ -101,7 +101,7 @@ + $this->title = unpack_object($value); + } + +- function SetHelp($value=NULL){ ++ function setHelp($value=NULL){ + if(is_null($value)) { + $this->help = new CHelp(); + } +@@ -110,8 +110,8 @@ + } + else if(is_string($value)) { + $this->help = new CHelp($value); +- if($this->GetName()==NULL) +- $this->SetName($value); ++ if($this->getName()==NULL) ++ $this->setName($value); + } + else { + return $this->error("Incorrect value for SetHelp [$value]"); +@@ -119,21 +119,21 @@ + return 0; + } + +- function AddVar($name, $value){ +- $this->AddItemToTopRow(new CVar($name, $value)); ++ function addVar($name, $value){ ++ $this->addItemToTopRow(new CVar($name, $value)); + } + +- function AddItemToTopRow($value){ ++ function addItemToTopRow($value){ + array_push($this->top_items, $value); + } + +- function AddRow($item1, $item2=NULL, $class=NULL){ ++ function addRow($item1, $item2=NULL, $class=NULL){ + if(strtolower(get_class($item1)) == 'crow'){ + + } + else if(strtolower(get_class($item1)) == 'ctable'){ + $td = new CCol($item1,'form_row_c'); +- $td->SetColSpan(2); ++ $td->setColSpan(2); + + $item1 = new CRow($td); + } +@@ -157,7 +157,7 @@ + array_push($this->center_items, $item1); + } + +- function AddSpanRow($value, $class=NULL){ ++ function addSpanRow($value, $class=NULL){ + if(is_string($value)) + $item1=nbsp($value); + +@@ -165,16 +165,16 @@ + if(is_null($class)) $class = 'form_row_c'; + + $col = new CCol($value,$class); +- $col->SetColSpan(2); ++ $col->setColSpan(2); + array_push($this->center_items,new CRow($col)); + } + + +- function AddItemToBottomRow($value){ +- $this->bottom_items->AddItem($value); ++ function addItemToBottomRow($value){ ++ $this->bottom_items->addItem($value); + } + +- function SetTableClass($class){ ++ function setTableClass($class){ + if(is_string($class)){ + $this->tableclass = $class; + } +@@ -186,25 +186,25 @@ + + $tbl = new CTable(NULL,$this->tableclass); + +- $tbl->SetOddRowClass('form_odd_row'); +- $tbl->SetEvenRowClass('form_even_row'); +- $tbl->SetCellSpacing(0); +- $tbl->SetCellPadding(1); +- $tbl->SetAlign($this->align); ++ $tbl->setOddRowClass('form_odd_row'); ++ $tbl->setEvenRowClass('form_even_row'); ++ $tbl->setCellSpacing(0); ++ $tbl->setCellPadding(1); ++ $tbl->setAlign($this->align); + # add first row + $col = new CCol(NULL,'form_row_first'); +- $col->SetColSpan(2); ++ $col->setColSpan(2); + +- if(isset($this->help)) $col->AddItem($this->help); +- if(isset($this->title)) $col->AddItem($this->title); +- foreach($this->top_items as $item) $col->AddItem($item); ++ if(isset($this->help)) $col->addItem($this->help); ++ if(isset($this->title)) $col->addItem($this->title); ++ foreach($this->top_items as $item) $col->addItem($item); + +- $tbl->SetHeader($col); ++ $tbl->setHeader($col); + # add last row +- $tbl->SetFooter($this->bottom_items); ++ $tbl->setFooter($this->bottom_items); + # add center rows + foreach($this->center_items as $item){ +- $tbl->AddRow($item); ++ $tbl->addRow($item); + } + return $tbl->ToString(); + } + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/ + +This hunk adds session identifier transmission during Ajax requests. +It also reshuffles some JavaScript functions and adds many whitespace +changes. + +Index: frontends/php/js/cookies.js +=================================================================== +--- frontends/php/js/cookies.js (revision 6622) ++++ frontends/php/js/cookies.js (revision 6623) +@@ -1,78 +0,0 @@ +-//Javascript document +-/* +-** ZABBIX +-** Copyright (C) 2000-2005 SIA Zabbix +-** +-** This program is free software; you can redistribute it and/or modify +-** it under the terms of the GNU General Public License as published by +-** the Free Software Foundation; either version 2 of the License, or +-** (at your option) any later version. +-** +-** This program is distributed in the hope that it will be useful, +-** but WITHOUT ANY WARRANTY; without even the implied warranty of +-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-** GNU General Public License for more details. +-** +-** You should have received a copy of the GNU General Public License +-** along with this program; if not, write to the Free Software +-** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +-**/ +-// Title: cookies class +-// Description: to manipulate cookies on client side +-// Author: Aly +- +-var cookie ={ +-cookies: new Array(), +- +-init: function () { +- var allCookies = document.cookie.split('; '); +- for (var i=0;i<allCookies.length;i++) { +- var cookiePair = allCookies[i].split('='); +- this.cookies[cookiePair[0]] = cookiePair[1]; +- } +-}, +- +-create: function (name,value,days) { +- if(days) { +- var date = new Date(); +- date.setTime(date.getTime()+(days*24*60*60*1000)); +- var expires = "; expires="+date.toGMTString(); +- }else{ +- var expires = ""; +- } +- +- document.cookie = name+"="+value+expires+"; path=/"; +- this.cookies[name] = value; +-}, +- +-read : function(name){ +- if(typeof(this.cookies[name]) != 'undefined'){ +- return this.cookies[name]; +- } else { +- var nameEQ = name + "="; +- var ca = document.cookie.split(';'); +- for(var i=0;i < ca.length;i++) { +- var c = ca[i]; +- while (c.charAt(0)==' ') c = c.substring(1,c.length); +- if(c.indexOf(nameEQ) == 0) return this.cookies[name] = c.substring(nameEQ.length,c.length); +- } +- } +- return null; +-}, +- +-printall: function() { +- var allCookies = document.cookie.split('; '); +- for (var i=0;i<allCookies.length;i++) { +- var cookiePair = allCookies[i].split('='); +- +- alert("[" + cookiePair[0] + "] is " + cookiePair[1]); // assumes print is already defined +- } +-}, +- +-erase: function (name) { +- this.create(name,'',-1); +- this.cookies[name] = undefined; +-} +-} +- +-cookie.init(); +\ No newline at end of file +Index: frontends/php/js/url.js +=================================================================== +--- frontends/php/js/url.js (revision 6622) ++++ frontends/php/js/url.js (revision 6623) +@@ -1,256 +0,0 @@ +-// JavaScript Document +-/* +-** ZABBIX +-** Copyright (C) 2000-2007 SIA Zabbix +-** +-** This program is free software; you can redistribute it and/or modify +-** it under the terms of the GNU General Public License as published by +-** the Free Software Foundation; either version 2 of the License, or +-** (at your option) any later version. +-** +-** This program is distributed in the hope that it will be useful, +-** but WITHOUT ANY WARRANTY; without even the implied warranty of +-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-** GNU General Public License for more details. +-** +-** You should have received a copy of the GNU General Public License +-** along with this program; if not, write to the Free Software +-** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +-** +-*/ +- +-// Title: url manipulation class +-// Author: Aly +- +- +-var url = Class.create(); +- +-url.prototype = { +-url: '', // actually, it's depricated/private variable +-port: -1, +-host: '', +-protocol: '', +-username: '', +-password: '', +-filr: '', +-reference: '', +-path: '', +-query: '', +-arguments: new Array(), +- +-initialize: function(url){ +- this.url=unescape(url); +- +- this.query=(this.url.indexOf('?')>=0)?this.url.substring(this.url.indexOf('?')+1):''; +- if(this.query.indexOf('#')>=0) this.query=this.query.substring(0,this.query.indexOf('#')); +- +- var protocolSepIndex=this.url.indexOf('://'); +- if(protocolSepIndex>=0){ +- this.protocol=this.url.substring(0,protocolSepIndex).toLowerCase(); +- this.host=this.url.substring(protocolSepIndex+3); +- if(this.host.indexOf('/')>=0) this.host=this.host.substring(0,this.host.indexOf('/')); +- var atIndex=this.host.indexOf('@'); +- if(atIndex>=0){ +- var credentials=this.host.substring(0,atIndex); +- var colonIndex=credentials.indexOf(':'); +- if(colonIndex>=0){ +- this.username=credentials.substring(0,colonIndex); +- this.password=credentials.substring(colonIndex); +- }else{ +- this.username=credentials; +- } +- this.host=this.host.substring(atIndex+1); +- } +- +- var host_ipv6 = this.host.indexOf(']'); +- if(host_ipv6>=0){ +- if(host_ipv6 < (this.host.length-1)){ +- host_ipv6++; +- var host_less = this.host.substring(host_ipv6); +- +- var portColonIndex=host_less.indexOf(':'); +- if(portColonIndex>=0){ +- this.port=host_less.substring(portColonIndex+1); +- this.host=this.host.substring(0,host_ipv6); +- } +- } +- } +- else{ +- var portColonIndex=this.host.indexOf(':'); +- if(portColonIndex>=0){ +- this.port=this.host.substring(portColonIndex+1); +- this.host=this.host.substring(0,portColonIndex); +- } +- } +- this.file=this.url.substring(protocolSepIndex+3); +- this.file=this.file.substring(this.file.indexOf('/')); +- }else{ +- this.file=this.url; +- } +- if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?')); +- +- var refSepIndex=url.indexOf('#'); +- if(refSepIndex>=0){ +- this.file=this.file.substring(0,refSepIndex); +- this.reference=this.url.substring(this.url.indexOf('#')); +- } +- this.path=this.file; +- if(this.query.length>0) this.file+='?'+this.query; +- if(this.reference.length>0) this.file+='#'+this.reference; +- if(this.query.length > 0) this.getArguments(); +-}, +- +-getArguments: function(){ +- var args=this.query.split('&'); +- var keyval=''; +- +- if(args.length<1) return; +- +- for(i=0;i<args.length;i++){ +- keyval=args[i].split('='); +- this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]); +- } +-}, +- +-getArgumentValue: function(key){ +- if(key.length<1) return ''; +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key) return this.arguments[i][1]; +- } +- +-return ''; +-}, +- +-getArgumentValues: function(){ +- var a=new Array(); +- var b=this.query.split('&'); +- var c=''; +- if(b.length<1) return a; +- for(i=0;i<b.length;i++){ +- c=b[i].split('='); +- a[i]=new Array(c[0],((c.length==1)?c[0]:c[1])); +- } +-return a; +-}, +- +-getUrl: function(){ +- var uri = (this.protocol.length > 0)?(this.protocol+'://'):''; +- uri += encodeURI((this.username.length > 0)?(this.username):''); +- uri += encodeURI((this.password.length > 0)?(':'+this.password):''); +- uri += (this.host.length > 0)?(this.host):''; +- uri += (this.port.length > 0)?(':'+this.port):''; +- uri += encodeURI((this.path.length > 0)?(this.path):''); +- uri += encodeURI((this.query.length > 0)?('?'+this.query):''); +- uri += encodeURI((this.reference.length > 0)?('#'+this.reference):''); +-// alert(uri.getProtocol()+' : '+uri.getHost()+' : '+uri.getPort()+' : '+uri.getPath()+' : '+uri.getQuery()); +-return uri; +-}, +- +-setArgument: function(key,value){ +- +- var valueisset = false; +- if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument'; +- +- value =('undefined' != typeof(value))?value:''; +- +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key){ +- valueisset = true; +- this.arguments[i][1] = value; +- } +- } +- if(!valueisset) this.arguments[this.arguments.length] = new Array(key,value); +- this.formatQuery(); +-}, +- +-formatQuery: function(){ +- if(this.arguments.lenght < 1) return; +- +- var query = ''; +- for(i=0; i < this.arguments.length; i++){ +- query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&'; +- } +- this.query = query.substring(0,query.length-1); +-}, +- +-getPort: function(){ +- return this.port; +-}, +- +-setPort: function(port){ +- this.port = port; +-}, +- +-getQuery: function(){ +- return this.query; +-}, +- +-setQuery: function(query){ +- this.query = query; +- this.getArgumentValues(); +- this.formatQuery(); +-}, +- +-/* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */ +-getProtocol: function(){ +- return this.protocol; +-}, +- +-setProtocol: function(protocol){ +- this.protocol = protocol; +-}, +-/* Returns the host name of this URL, i.e. 'server.com' in the url 'http://server.com/' */ +-getHost: function(){ +- return this.host; +-}, +- +-setHost: function(set){ +- this.host = host; +-}, +- +-/* Returns the user name part of this URL, i.e. 'joe' in the url 'http://joe@server.com/' */ +-getUserName: function(){ +- return this.username; +-}, +- +-setUserName: function(username){ +- this.username = username; +-}, +- +-/* Returns the password part of this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */ +-getPassword: function(){ +- return this.password; +-}, +- +-setPassword: function(password){ +- this.password = password; +-}, +- +-/* Returns the file part of this url, i.e. everything after the host name. */ +-getFile: function(){ +- return this.file = file; +-}, +- +-setFile: function(file){ +- this.file = file; +-}, +- +-/* Returns the reference of this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */ +-getReference: function(){ +- return this.reference; +-}, +- +-setReference: function(reference){ +- this.reference = reference; +-}, +- +-/* Returns the file path of this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */ +-getPath: function(){ +- return this.path; +-}, +- +-setPath: function(path){ +- this.path = path; +-} +- +-} +\ No newline at end of file +Index: frontends/php/js/updater.js +=================================================================== +--- frontends/php/js/updater.js (revision 6622) ++++ frontends/php/js/updater.js (revision 6623) +@@ -27,7 +27,7 @@ + + setObj4Update: function(id,frequency,url,params){ + var obj = document.getElementById(id); +- if((typeof(obj) == 'undefined')) return false; ++ if(typeof(obj) == 'undefined') return false; + + var obj4update = { + 'id': id, +@@ -65,7 +65,9 @@ + obj4update.ready = false; + + var uri = new url(obj4update.url); +- new Ajax.Updater(obj4update.id, obj4update.url, ++ uri.setArgument('sessionid', cookie.read('zbx_sessionid')); ++ ++ new Ajax.Updater(obj4update.id, uri.getUrl(),//obj4update.url, + { + method: 'post', + 'parameters': obj4update.params, +Index: frontends/php/js/gpc.js +=================================================================== +--- frontends/php/js/gpc.js (revision 0) ++++ frontends/php/js/gpc.js (revision 6623) +@@ -0,0 +1,315 @@ ++//Javascript document ++/* ++** ZABBIX ++** Copyright (C) 2000-2009 SIA Zabbix ++** ++** This program is free software; you can redistribute it and/or modify ++** it under the terms of the GNU General Public License as published by ++** the Free Software Foundation; either version 2 of the License, or ++** (at your option) any later version. ++** ++** This program is distributed in the hope that it will be useful, ++** but WITHOUT ANY WARRANTY; without even the implied warranty of ++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++** GNU General Public License for more details. ++** ++** You should have received a copy of the GNU General Public License ++** along with this program; if not, write to the Free Software ++** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++**/ ++ ++// Title: cookies class ++// Description: to manipulate cookies on client side ++// Author: Aly ++var cookie ={ ++cookies: new Array(), ++ ++init: function () { ++ var allCookies = document.cookie.split('; '); ++ for (var i=0;i<allCookies.length;i++) { ++ var cookiePair = allCookies[i].split('='); ++ this.cookies[cookiePair[0]] = cookiePair[1]; ++ } ++}, ++ ++create: function (name,value,days) { ++ if(days) { ++ var date = new Date(); ++ date.setTime(date.getTime()+(days*24*60*60*1000)); ++ var expires = "; expires="+date.toGMTString(); ++ } ++ else{ ++ var expires = ""; ++ } ++ ++ document.cookie = name+"="+value+expires+"; path=/"; ++ this.cookies[name] = value; ++}, ++ ++read : function(name){ ++ if(typeof(this.cookies[name]) != 'undefined'){ ++ return this.cookies[name]; ++ } ++ else { ++ var nameEQ = name + "="; ++ var ca = document.cookie.split(';'); ++ for(var i=0;i < ca.length;i++) { ++ var c = ca[i]; ++ while (c.charAt(0)==' ') c = c.substring(1,c.length); ++ if(c.indexOf(nameEQ) == 0) return this.cookies[name] = c.substring(nameEQ.length,c.length); ++ } ++ } ++ return null; ++}, ++ ++printall: function() { ++ var allCookies = document.cookie.split('; '); ++ for(var i=0;i<allCookies.length;i++){ ++ var cookiePair = allCookies[i].split('='); ++ ++ alert("[" + cookiePair[0] + "] is " + cookiePair[1]); // assumes print is already defined ++ } ++}, ++ ++erase: function (name) { ++ this.create(name,'',-1); ++ this.cookies[name] = undefined; ++} ++} ++ ++cookie.init(); ++ ++ ++ ++// Title: url manipulation class ++// Author: Aly ++var url = Class.create(); ++ ++url.prototype = { ++url: '', // actually, it's depricated/private variable ++port: -1, ++host: '', ++protocol: '', ++username: '', ++password: '', ++filr: '', ++reference: '', ++path: '', ++query: '', ++arguments: new Array(), ++ ++initialize: function(url){ ++ this.url=unescape(url); ++ ++ this.query=(this.url.indexOf('?')>=0)?this.url.substring(this.url.indexOf('?')+1):''; ++ if(this.query.indexOf('#')>=0) this.query=this.query.substring(0,this.query.indexOf('#')); ++ ++ var protocolSepIndex=this.url.indexOf('://'); ++ if(protocolSepIndex>=0){ ++ this.protocol=this.url.substring(0,protocolSepIndex).toLowerCase(); ++ this.host=this.url.substring(protocolSepIndex+3); ++ if(this.host.indexOf('/')>=0) this.host=this.host.substring(0,this.host.indexOf('/')); ++ var atIndex=this.host.indexOf('@'); ++ if(atIndex>=0){ ++ var credentials=this.host.substring(0,atIndex); ++ var colonIndex=credentials.indexOf(':'); ++ if(colonIndex>=0){ ++ this.username=credentials.substring(0,colonIndex); ++ this.password=credentials.substring(colonIndex); ++ }else{ ++ this.username=credentials; ++ } ++ this.host=this.host.substring(atIndex+1); ++ } ++ ++ var host_ipv6 = this.host.indexOf(']'); ++ if(host_ipv6>=0){ ++ if(host_ipv6 < (this.host.length-1)){ ++ host_ipv6++; ++ var host_less = this.host.substring(host_ipv6); ++ ++ var portColonIndex=host_less.indexOf(':'); ++ if(portColonIndex>=0){ ++ this.port=host_less.substring(portColonIndex+1); ++ this.host=this.host.substring(0,host_ipv6); ++ } ++ } ++ } ++ else{ ++ var portColonIndex=this.host.indexOf(':'); ++ if(portColonIndex>=0){ ++ this.port=this.host.substring(portColonIndex+1); ++ this.host=this.host.substring(0,portColonIndex); ++ } ++ } ++ this.file=this.url.substring(protocolSepIndex+3); ++ this.file=this.file.substring(this.file.indexOf('/')); ++ }else{ ++ this.file=this.url; ++ } ++ if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?')); ++ ++ var refSepIndex=url.indexOf('#'); ++ if(refSepIndex>=0){ ++ this.file=this.file.substring(0,refSepIndex); ++ this.reference=this.url.substring(this.url.indexOf('#')); ++ } ++ this.path=this.file; ++ if(this.query.length>0) this.file+='?'+this.query; ++ if(this.reference.length>0) this.file+='#'+this.reference; ++ if(this.query.length > 0) this.getArguments(); ++}, ++ ++getArguments: function(){ ++ var args=this.query.split('&'); ++ var keyval=''; ++ ++ if(args.length<1) return; ++ ++ for(i=0;i<args.length;i++){ ++ keyval=args[i].split('='); ++ this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]); ++ } ++}, ++ ++getArgumentValue: function(key){ ++ if(key.length<1) return ''; ++ for(i=0; i < this.arguments.length; i++){ ++ if(this.arguments[i][0] == key) return this.arguments[i][1]; ++ } ++ ++return ''; ++}, ++ ++getArgumentValues: function(){ ++ var a=new Array(); ++ var b=this.query.split('&'); ++ var c=''; ++ if(b.length<1) return a; ++ for(i=0;i<b.length;i++){ ++ c=b[i].split('='); ++ a[i]=new Array(c[0],((c.length==1)?c[0]:c[1])); ++ } ++return a; ++}, ++ ++getUrl: function(){ ++ var uri = (this.protocol.length > 0)?(this.protocol+'://'):''; ++ uri += encodeURI((this.username.length > 0)?(this.username):''); ++ uri += encodeURI((this.password.length > 0)?(':'+this.password):''); ++ uri += (this.host.length > 0)?(this.host):''; ++ uri += (this.port.length > 0)?(':'+this.port):''; ++ uri += encodeURI((this.path.length > 0)?(this.path):''); ++ uri += encodeURI((this.query.length > 0)?('?'+this.query):''); ++ uri += encodeURI((this.reference.length > 0)?('#'+this.reference):''); ++// alert(uri.getProtocol()+' : '+uri.getHost()+' : '+uri.getPort()+' : '+uri.getPath()+' : '+uri.getQuery()); ++return uri; ++}, ++ ++setArgument: function(key,value){ ++ ++ var valueisset = false; ++ if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument'; ++ ++ value =('undefined' != typeof(value))?value:''; ++ ++ for(i=0; i < this.arguments.length; i++){ ++ if(this.arguments[i][0] == key){ ++ valueisset = true; ++ this.arguments[i][1] = value; ++ } ++ } ++ if(!valueisset) this.arguments[this.arguments.length] = new Array(key,value); ++ this.formatQuery(); ++}, ++ ++formatQuery: function(){ ++ if(this.arguments.lenght < 1) return; ++ ++ var query = ''; ++ for(i=0; i < this.arguments.length; i++){ ++ query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&'; ++ } ++ this.query = query.substring(0,query.length-1); ++}, ++ ++getPort: function(){ ++ return this.port; ++}, ++ ++setPort: function(port){ ++ this.port = port; ++}, ++ ++getQuery: function(){ ++ return this.query; ++}, ++ ++setQuery: function(query){ ++ this.query = query; ++ this.getArgumentValues(); ++ this.formatQuery(); ++}, ++ ++/* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */ ++getProtocol: function(){ ++ return this.protocol; ++}, ++ ++setProtocol: function(protocol){ ++ this.protocol = protocol; ++}, ++/* Returns the host name of this URL, i.e. 'server.com' in the url 'http://server.com/' */ ++getHost: function(){ ++ return this.host; ++}, ++ ++setHost: function(set){ ++ this.host = host; ++}, ++ ++/* Returns the user name part of this URL, i.e. 'joe' in the url 'http://joe@server.com/' */ ++getUserName: function(){ ++ return this.username; ++}, ++ ++setUserName: function(username){ ++ this.username = username; ++}, ++ ++/* Returns the password part of this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */ ++getPassword: function(){ ++ return this.password; ++}, ++ ++setPassword: function(password){ ++ this.password = password; ++}, ++ ++/* Returns the file part of this url, i.e. everything after the host name. */ ++getFile: function(){ ++ return this.file = file; ++}, ++ ++setFile: function(file){ ++ this.file = file; ++}, ++ ++/* Returns the reference of this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */ ++getReference: function(){ ++ return this.reference; ++}, ++ ++setReference: function(reference){ ++ this.reference = reference; ++}, ++ ++/* Returns the file path of this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */ ++getPath: function(){ ++ return this.path; ++}, ++ ++setPath: function(path){ ++ this.path = path; ++} ++} +\ No newline at end of file +Index: frontends/php/js/ajax_req.js +=================================================================== +--- frontends/php/js/ajax_req.js (revision 6622) ++++ frontends/php/js/ajax_req.js (revision 6623) +@@ -19,6 +19,8 @@ + **/ + + function send_params(params){ ++ if(typeof(params) == 'undefined') var params = new Array(); ++ params['sessionid'] = cookie.read('zbx_sessionid'); + + var uri = new url(location.href); + new Ajax.Request(uri.getPath()+"?output=ajax", +Index: frontends/php/dashboard.php +=================================================================== +--- frontends/php/dashboard.php (revision 6622) ++++ frontends/php/dashboard.php (revision 6623) +@@ -42,8 +42,8 @@ + 'view_style'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('0,1'), NULL), + 'type'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('0,1'), NULL), + +- 'output'=> array(T_ZBX_STR, O_OPT, P_ACT, NULL, NULL), +- 'jsscriptid'=> array(T_ZBX_STR, O_OPT, P_ACT, NULL, NULL), ++ 'output'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), ++ 'jsscriptid'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), + 'fullscreen'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('0,1'), NULL), + + //ajax +@@ -56,7 +56,7 @@ + ); + + check_fields($fields); +- ++ + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_RES_IDS_ARRAY); + // ACTION ///////////////////////////////////////////////////////////////////////////// + if(isset($_REQUEST['favobj'])){ +Index: frontends/php/include/page_header.php +=================================================================== +--- frontends/php/include/page_header.php (revision 6622) ++++ frontends/php/include/page_header.php (revision 6623) +@@ -428,8 +428,8 @@ + + <script type="text/javascript" src="js/prototype.js"></script> + <script type="text/javascript" src="js/common.js"></script> ++<script type="text/javascript" src="js/gpc.js"></script> + <script type="text/javascript" src="js/ajax_req.js"></script> +-<script type="text/javascript" src="js/url.js"></script> + <script type="text/javascript" src="js/chkbxrange.js"></script> + <?php + if(isset($page['scripts']) && is_array($page['scripts'])){ +Index: frontends/php/include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6622) ++++ frontends/php/include/validate.inc.php (revision 6623) +@@ -432,7 +432,7 @@ + if(!isset($_REQUEST[$field])){ + return ZBX_VALID_OK; + } +- else if(($flags&P_ACT) && !isset($_REQUEST['zbx_form'])){ ++ else if(($flags&P_ACT) && !isset($_REQUEST['sessionid'])){ + return ZBX_VALID_ERROR; + } + } +@@ -465,8 +465,7 @@ + + // VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION + $system_fields=array( +- 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), 'isset({zbx_form})'), +- 'zbx_form'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY, NULL), ++ 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), NULL), + // + 'switch_node'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), + 'triggers_hash'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), +Index: frontends/php/include/classes/ctree.inc.php +=================================================================== +--- frontends/php/include/classes/ctree.inc.php (revision 6622) ++++ frontends/php/include/classes/ctree.inc.php (revision 6623) +@@ -214,7 +214,6 @@ + global $page; + $js = ' + <script src="js/tree.js" type="text/javascript"></script> +- <script src="js/cookies.js" type="text/javascript"></script> + <script type="text/javascript"> + var treenode = new Array(0); + var tree_name = "tree_'.$this->getUserAlias().'_'.$page["file"].'"; +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6622) ++++ frontends/php/include/classes/cform.inc.php (revision 6623) +@@ -27,7 +27,6 @@ + $this->setAction($action); + $this->setEnctype($enctype); + +- $this->addVar('zbx_form', 'action'); + $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); + } + +Index: frontends/php/index.php +=================================================================== +--- frontends/php/index.php (revision 6622) ++++ frontends/php/index.php (revision 6623) +@@ -33,8 +33,8 @@ + "password"=> array(T_ZBX_STR, O_OPT, NULL, NULL, 'isset({enter})'), + "sessionid"=> array(T_ZBX_STR, O_OPT, NULL, NULL, NULL), + "message"=> array(T_ZBX_STR, O_OPT, NULL, NULL, NULL), +- "reconnect"=> array(T_ZBX_INT, O_OPT, P_ACT, BETWEEN(0,65535),NULL), +- "enter"=> array(T_ZBX_STR, O_OPT, P_SYS|P_ACT, NULL, NULL), ++ "reconnect"=> array(T_ZBX_INT, O_OPT, NULL, BETWEEN(0,65535),NULL), ++ "enter"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), + "form"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), + "form_refresh"=> array(T_ZBX_INT, O_OPT, NULL, NULL, NULL) + ); + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/ + +Checks if 'zbx_sessionid' cookie is really here before setting +'sessionid' variable. + +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6624) ++++ frontends/php/include/classes/cform.inc.php (revision 6625) +@@ -27,7 +27,8 @@ + $this->setAction($action); + $this->setEnctype($enctype); + +- $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); ++ if(isset($_COOKIE['zbx_sessionid'])) ++ $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); + } + + function setMethod($value='post'){ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/ + +This hunk basically trades the name 'sessionid' for 'sid'. It also +reshuffles many functions, adds many whitespace changes and implants +URL manipulation tools for JavaScript. + +Index: frontends/php/users.php +=================================================================== +--- frontends/php/users.php (revision 6643) ++++ frontends/php/users.php (revision 6644) +@@ -1,7 +1,7 @@ + <?php + /* + ** ZABBIX +-** Copyright (C) 2000-2005 SIA Zabbix ++** Copyright (C) 2000-2009 SIA Zabbix + ** + ** This program is free software; you can redistribute it and/or modify + ** it under the terms of the GNU General Public License as published by +@@ -24,6 +24,7 @@ + require_once('include/media.inc.php'); + require_once('include/users.inc.php'); + require_once('include/forms.inc.php'); ++ require_once('include/classes/curl.inc.php'); + require_once('include/js.inc.php'); + + $page['title'] = 'S_USERS'; +@@ -32,7 +33,6 @@ + $page['scripts'] = array('menu_scripts.js'); + + include_once('include/page_header.php'); +- + ?> + <?php + $_REQUEST['config']=get_request('config',get_profile('web.users.config',0)); +Index: frontends/php/js/menu.js +=================================================================== +--- frontends/php/js/menu.js (revision 6643) ++++ frontends/php/js/menu.js (revision 6644) +@@ -386,8 +386,13 @@ + this.n_y -= this.getprop('height') * (o_parent.a_config.length - item_offset); + } + ++ if(!is_null(this.a_config[1]) && (this.a_config[1].indexOf('javascript') == -1)){ ++ var uri = new url(this.a_config[1]); ++ this.a_config[1] = uri.getUrl(); ++ } ++ + // generate item's HMTL +- var el = document.createElement("a"); ++ var el = document.createElement('a'); + el.setAttribute('id', 'e' + o_root.n_id + '_' + this.n_id + 'o'); + el.setAttribute('href', this.a_config[1]); + +Index: frontends/php/js/updater.js +=================================================================== +--- frontends/php/js/updater.js (revision 6643) ++++ frontends/php/js/updater.js (revision 6644) +@@ -65,8 +65,6 @@ + obj4update.ready = false; + + var uri = new url(obj4update.url); +- uri.setArgument('sessionid', cookie.read('zbx_sessionid')); +- + new Ajax.Updater(obj4update.id, uri.getUrl(),//obj4update.url, + { + method: 'post', +Index: frontends/php/js/gpc.js +=================================================================== +--- frontends/php/js/gpc.js (revision 6643) ++++ frontends/php/js/gpc.js (revision 6644) +@@ -96,7 +96,7 @@ + reference: '', + path: '', + query: '', +-arguments: new Array(), ++arguments: {}, + + initialize: function(url){ + this.url=unescape(url); +@@ -116,7 +116,8 @@ + if(colonIndex>=0){ + this.username=credentials.substring(0,colonIndex); + this.password=credentials.substring(colonIndex); +- }else{ ++ } ++ else{ + this.username=credentials; + } + this.host=this.host.substring(atIndex+1); +@@ -144,9 +145,11 @@ + } + this.file=this.url.substring(protocolSepIndex+3); + this.file=this.file.substring(this.file.indexOf('/')); +- }else{ ++ } ++ else{ + this.file=this.url; + } ++ + if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?')); + + var refSepIndex=url.indexOf('#'); +@@ -157,42 +160,51 @@ + this.path=this.file; + if(this.query.length>0) this.file+='?'+this.query; + if(this.reference.length>0) this.file+='#'+this.reference; +- if(this.query.length > 0) this.getArguments(); ++ if(this.query.length > 0) this.formatArguments(); ++ ++ var sid = cookie.read('zbx_sessionid'); ++ this.setArgument('sid', sid.substring(16)); + }, + +-getArguments: function(){ ++ ++formatQuery: function(){ ++ if(this.arguments.lenght < 1) return; ++ ++ var query = ''; ++ for(var key in this.arguments){ ++ if(typeof(this.arguments[key]) != 'undefined'){ ++ query+=key+'='+this.arguments[key]+'&'; ++ } ++ } ++ this.query = query.substring(0,query.length-1); ++}, ++ ++formatArguments: function(){ + var args=this.query.split('&'); + var keyval=''; +- ++ + if(args.length<1) return; + +- for(i=0;i<args.length;i++){ +- keyval=args[i].split('='); +- this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]); ++ for(i=0; i<args.length; i++){ ++ keyval = args[i].split('='); ++ this.arguments[keyval[0]] = (keyval.length>1)?keyval[1]:''; + } + }, + +-getArgumentValue: function(key){ +- if(key.length<1) return ''; +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key) return this.arguments[i][1]; +- } +- +-return ''; ++setArgument: function(key,value){ ++ this.arguments[key] = value; ++ this.formatQuery(); + }, + +-getArgumentValues: function(){ +- var a=new Array(); +- var b=this.query.split('&'); +- var c=''; +- if(b.length<1) return a; +- for(i=0;i<b.length;i++){ +- c=b[i].split('='); +- a[i]=new Array(c[0],((c.length==1)?c[0]:c[1])); +- } +-return a; ++getArgument: function(key){ ++ if(typeof(this.arguments[key]) != 'undefined') return this.arguments[key]; ++ else return null; + }, + ++getArguments: function(){ ++ return this.arguments; ++}, ++ + getUrl: function(){ + var uri = (this.protocol.length > 0)?(this.protocol+'://'):''; + uri += encodeURI((this.username.length > 0)?(this.username):''); +@@ -206,51 +218,30 @@ + return uri; + }, + +-setArgument: function(key,value){ +- +- var valueisset = false; +- if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument'; +- +- value =('undefined' != typeof(value))?value:''; +- +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key){ +- valueisset = true; +- this.arguments[i][1] = value; +- } +- } +- if(!valueisset) this.arguments[this.arguments.length] = new Array(key,value); +- this.formatQuery(); ++setPort: function(port){ ++ this.port = port; + }, + +-formatQuery: function(){ +- if(this.arguments.lenght < 1) return; +- +- var query = ''; +- for(i=0; i < this.arguments.length; i++){ +- query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&'; +- } +- this.query = query.substring(0,query.length-1); +-}, +- + getPort: function(){ + return this.port; + }, + +-setPort: function(port){ +- this.port = port; ++setQuery: function(query){ ++ this.query = query; ++ if(this.query.indexOf('?')>=0){ ++ this.query= this.query.substring(this.query.indexOf('?')+1); ++ } ++ ++ this.formatArguments(); ++ ++ var sid = cookie.read('zbx_sessionid'); ++ this.setArgument('sid', sid.substring(16)); + }, + + getQuery: function(){ + return this.query; + }, + +-setQuery: function(query){ +- this.query = query; +- this.getArgumentValues(); +- this.formatQuery(); +-}, +- + /* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */ + getProtocol: function(){ + return this.protocol; +@@ -264,7 +255,7 @@ + return this.host; + }, + +-setHost: function(set){ ++setHost: function(host){ + this.host = host; + }, + +@@ -288,7 +279,7 @@ + + /* Returns the file part of this url, i.e. everything after the host name. */ + getFile: function(){ +- return this.file = file; ++ return this.file; + }, + + setFile: function(file){ +Index: frontends/php/js/menu_scripts.js +=================================================================== +--- frontends/php/js/menu_scripts.js (revision 6643) ++++ frontends/php/js/menu_scripts.js (revision 6644) +@@ -64,7 +64,7 @@ + for(var i=0; i < menu_usrgrp_gui.length; i++){ + if((typeof(menu_usrgrp_gui[i]) != 'undefined') && !empty(menu_usrgrp_gui[i])){ + var row = menu_usrgrp_gui[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=1&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=1&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_gui_add_to.push(menu_row); + } + } +@@ -73,7 +73,7 @@ + for(var i=0; i < usr_grp_gui_in.length; i++){ + if((typeof(usr_grp_all_in[i]) != 'undefined') && !empty(usr_grp_gui_in[i])){ + var row = usr_grp_gui_in[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=0&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=0&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_gui_rmv_frm.push(menu_row); + } + } +@@ -89,7 +89,7 @@ + for(var i=0; i < menu_usrgrp_status.length; i++){ + if((typeof(menu_usrgrp_status[i]) != 'undefined') && !empty(menu_usrgrp_status[i])){ + var row = menu_usrgrp_status[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=1&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=1&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_status_add_to.push(menu_row); + } + } +@@ -98,7 +98,7 @@ + for(var i=0; i < usr_grp_status_in.length; i++){ + if((typeof(usr_grp_status_in[i]) != 'undefined') && !empty(usr_grp_status_in[i])){ + var row = usr_grp_status_in[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=0&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=0&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_status_rmv_frm.push(menu_row); + } + } +Index: frontends/php/js/common.js +=================================================================== +--- frontends/php/js/common.js (revision 6643) ++++ frontends/php/js/common.js (revision 6644) +@@ -82,6 +82,16 @@ + div_help.appendChild(document.createElement("br")); + } + ++function SDJ(obj){ ++ var debug = ''; ++ for(var key in obj) { ++ var value = obj[key]; ++ debug+=key+': '+value+'\n'; ++ } ++ SDI('\n'+debug); ++} ++ ++ + /// Alpha-Betic sorting + + function addListener(element, eventname, expression, bubbling){ +Index: frontends/php/js/ajax_req.js +=================================================================== +--- frontends/php/js/ajax_req.js (revision 6643) ++++ frontends/php/js/ajax_req.js (revision 6644) +@@ -20,14 +20,16 @@ + + function send_params(params){ + if(typeof(params) == 'undefined') var params = new Array(); +- params['sessionid'] = cookie.read('zbx_sessionid'); + + var uri = new url(location.href); +- new Ajax.Request(uri.getPath()+"?output=ajax", ++ uri.setQuery('?output=ajax'); ++ ++ new Ajax.Request(uri.getUrl(), + { + 'method': 'post', + 'parameters':params, +- 'onSuccess': function(resp){ },//alert(resp.responseText); ++ 'onSuccess': function(resp){ }, ++// 'onSuccess': function(resp){ alert(resp.responseText); }, + 'onFailure': function(){ document.location = uri.getPath()+'?'+Object.toQueryString(params); } + } + ); +Index: frontends/php/dashboard.php +=================================================================== +--- frontends/php/dashboard.php (revision 6643) ++++ frontends/php/dashboard.php (revision 6644) +@@ -54,7 +54,7 @@ + 'action'=> array(T_ZBX_STR, O_OPT, P_ACT, IN("'add','remove'"),NULL), + 'state'=> array(T_ZBX_INT, O_OPT, P_ACT, NOT_EMPTY, 'isset({favobj}) && ("hat"=={favobj})'), + ); +- ++ + check_fields($fields); + + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_RES_IDS_ARRAY); +@@ -179,11 +179,11 @@ + $p_elements = array(); + // Header + +- $url = '?fullscreen='.($_REQUEST['fullscreen']?'0':'1'); ++ $url = new Curl('?fullscreen='.($_REQUEST['fullscreen']?'0':'1')); + + $fs_icon = new CDiv(SPACE,'fullscreen'); + $fs_icon->AddOption('title',$_REQUEST['fullscreen']?S_NORMAL.' '.S_VIEW:S_FULLSCREEN); +- $fs_icon->AddAction('onclick',new CScript("javascript: document.location = '".$url."';")); ++ $fs_icon->AddAction('onclick',new CScript("javascript: document.location = '".$url->getUrl()."';")); + //------------- + + $left_tab = new CTable(); +Index: frontends/php/include/func.inc.php +=================================================================== +--- frontends/php/include/func.inc.php (revision 6643) ++++ frontends/php/include/func.inc.php (revision 6644) +@@ -344,6 +344,18 @@ + return $pos; + } + ++function zbx_substring($haystack, $start, $end=null){ ++ if($end < $start) return ''; ++ ++ $len = zbx_strlen($haystack); ++ if(is_null($end)) ++ $result = substr($haystack, $start); ++ else ++ $result = substr($haystack, $start, ($end - $start)); ++ ++return $result; ++} ++ + function uint_in_array($needle,$haystack){ + foreach($haystack as $id => $value) + if(bccomp($needle,$value) == 0) return true; +Index: frontends/php/include/screens.inc.php +=================================================================== +--- frontends/php/include/screens.inc.php (revision 6643) ++++ frontends/php/include/screens.inc.php (revision 6644) +@@ -886,7 +886,7 @@ + $action = 'screenedit.php?form=update'.url_param('screenid').'&x='.$c.'&y='.$r.'#form'; + else + $action = NULL; +- ++ + if($editmode == 1 && isset($_REQUEST["form"]) && + isset($_REQUEST["x"]) && $_REQUEST["x"]==$c && + isset($_REQUEST["y"]) && $_REQUEST["y"]==$r) +Index: frontends/php/include/perm.inc.php +=================================================================== +--- frontends/php/include/perm.inc.php (revision 6643) ++++ frontends/php/include/perm.inc.php (revision 6644) +@@ -44,7 +44,7 @@ + $USER_DETAILS = NULL; + $login = FALSE; + +- $sessionid = get_request('sessionid',get_cookie('zbx_sessionid')); ++ $sessionid = get_cookie('zbx_sessionid'); + + if(!is_null($sessionid)){ + $sql = 'SELECT u.*,s.* '. +Index: frontends/php/include/config.inc.php +=================================================================== +--- frontends/php/include/config.inc.php (revision 6643) ++++ frontends/php/include/config.inc.php (revision 6644) +@@ -65,6 +65,7 @@ + require_once('include/classes/cpumenu.inc.php'); + require_once('include/classes/graph.inc.php'); + require_once('include/classes/cscript.inc.php'); ++ require_once('include/classes/curl.inc.php'); + + // Include Tactical Overview modules + +Index: frontends/php/include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6643) ++++ frontends/php/include/validate.inc.php (revision 6644) +@@ -432,8 +432,13 @@ + if(!isset($_REQUEST[$field])){ + return ZBX_VALID_OK; + } +- else if(($flags&P_ACT) && !isset($_REQUEST['sessionid'])){ +- return ZBX_VALID_ERROR; ++ else if($flags&P_ACT){ ++ if(!isset($_REQUEST['sid'])){ ++ return ZBX_VALID_ERROR; ++ } ++ else if(isset($_COOKIE['zbx_sessionid']) && ($_REQUEST['sid'] != substr($_COOKIE['zbx_sessionid'],16,16))){ ++ return ZBX_VALID_ERROR; ++ } + } + } + +@@ -465,7 +470,7 @@ + + // VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION + $system_fields=array( +- 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), NULL), ++ 'sid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), NULL), + // + 'switch_node'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), + 'triggers_hash'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), +Index: frontends/php/include/classes/clink.inc.php +=================================================================== +--- frontends/php/include/classes/clink.inc.php (revision 6643) ++++ frontends/php/include/classes/clink.inc.php (revision 6644) +@@ -19,12 +19,14 @@ + **/ + ?> + <?php +- class CLink extends CTag +- { ++ class CLink extends CTag{ + /* public */ + function CLink($item=NULL,$url=NULL,$class=NULL,$action=NULL){ + parent::CTag('a','yes'); +- ++ ++ $uri = new Curl($url); ++ $url = $uri->getUrl(); ++ + $this->tag_start= ''; + $this->tag_end = ''; + $this->tag_body_start = ''; +@@ -36,14 +38,14 @@ + if(!is_null($action)) $this->SetAction($action); + } + +- function SetAction($value=NULL){ ++ function setAction($value=NULL){ + if(is_null($value)) + return $this->options['action'] = $page['file']; + + return parent::AddAction('onclick', $value); + } + +- function SetUrl($value){ ++ function setUrl($value){ + $this->AddOption('href', $value); + } + +@@ -54,7 +56,7 @@ + return null; + } + +- function SetTarget($value=NULL){ ++ function setTarget($value=NULL){ + if(is_null($value)){ + unset($this->options['target']); + } +Index: frontends/php/include/classes/curl.inc.php +=================================================================== +--- frontends/php/include/classes/curl.inc.php (revision 0) ++++ frontends/php/include/classes/curl.inc.php (revision 6644) +@@ -0,0 +1,273 @@ ++<?php ++/* ++** ZABBIX ++** Copyright (C) 2000-2005 SIA Zabbix ++** ++** $this program is free software; you can redistribute it and/or modify ++** it under the terms of the GNU General Public License as published by ++** the Free Software Foundation; either version 2 of the License, or ++** (at your option) any later version. ++** ++** $this program is distributed in the hope that it will be useful, ++** but WITHOUT ANY WARRANTY; without even the implied warranty of ++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++** GNU General Public License for more details. ++** ++** You should have received a copy of the GNU General Public License ++** along with $this program; if not, write to the Free Software ++** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++**/ ++?> ++<?php ++// Title: url manipulation class ++// Author: Aly ++ ++class Curl{ ++/* ++private $url = ''; // actually, it's depricated/private variable ++private $port = false; ++private $host = ''; ++private $protocol = ''; ++private $username = ''; ++private $password = ''; ++private $filr = ''; ++private $reference = ''; ++private $path = ''; ++private $query = ''; ++private $arguments = array(); ++//*/ ++ ++function curl($url=null){ ++ global $USER_DETAILS; ++ ++ $this->url = ''; // actually, it's depricated/private variable ++ $this->port = false; ++ $this->host = ''; ++ $this->protocol = ''; ++ $this->username = ''; ++ $this->password = ''; ++ $this->filr = ''; ++ $this->reference = ''; ++ $this->path = ''; ++ $this->query = ''; ++ $this->arguments = array(); ++ ++ if(empty($url)){ ++ $this->formatArguments(); ++ $this->url = $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'].'?'.$this->getQuery(); ++ } ++ else{ ++ $this->url=urldecode($url); ++ ++ $tmp_pos = strpos($this->url,'?'); ++ $this->query=($tmp_pos!==false)?(substr($this->url,$tmp_pos+1)):''; ++ ++ $tmp_pos = strpos($this->query,'#'); ++ if($tmp_pos!==false) $this->query=zbx_substring($this->query,0,$tmp_pos); ++ ++ $this->formatArguments($this->query); ++ } ++ ++ $protocolSepIndex=strpos($this->url,'://'); ++ if($protocolSepIndex!==false){ ++ $this->protocol= strtolower(zbx_substring($this->url,0,$protocolSepIndex)); ++ ++ $this->host=substr($this->url, $protocolSepIndex+3); ++ ++ $tmp_pos = strpos($this->host,'/'); ++ if($tmp_pos!==false) $this->host=zbx_substring($this->host,0,$tmp_pos); ++ ++ $atIndex=strpos($this->host,'@'); ++ if($atIndex!==false){ ++ $credentials=zbx_substring($this->host,0,$atIndex); ++ ++ $colonIndex=strpos(credentials,':'); ++ if($colonIndex!==false){ ++ $this->username=zbx_substring($credentials,0,$colonIndex); ++ $this->password=substr($credentials,$colonIndex); ++ } ++ else{ ++ $this->username=$credentials; ++ } ++ $this->host=substr($this->host,$atIndex+1); ++ } ++ ++ $host_ipv6 = strpos($this->host,']'); ++ if($host_ipv6!==false){ ++ if($host_ipv6 < (zbx_strlen($this->host)-1)){ ++ $host_ipv6++; ++ $host_less = substr($this->host,$host_ipv6); ++ ++ $portColonIndex=strpos($host_less,':'); ++ if($portColonIndex!==false){ ++ $this->host=zbx_substring($this->host,0,$host_ipv6); ++ $this->port=substr($host_less,$portColonIndex+1); ++ } ++ } ++ } ++ else{ ++ $portColonIndex=strpos($this->host,':'); ++ if($portColonIndex!==false){ ++ $this->host=zbx_substring($this->host,0,$portColonIndex); ++ $this->port=substr($this->host,$portColonIndex+1); ++ } ++ } ++ ++ $this->file = substr($this->url,$protocolSepIndex+3); ++ $this->file = substr($this->file, strpos($this->file,'/')); ++ } ++ else{ ++ $this->file = $this->url; ++ } ++ ++ $tmp_pos = strpos($this->file,'?'); ++ if($tmp_pos!==false) $this->file=zbx_substring($this->file, 0, $tmp_pos); ++ ++ $refSepIndex=strpos($url,'#'); ++ if($refSepIndex!==false){ ++ $this->file = zbx_substring($this->file,0,$refSepIndex); ++ $this->reference = substr($url,strpos($url,'#')+1); ++ } ++ ++ $this->path=$this->file; ++ if(zbx_strlen($this->query)>0) $this->file.='?'.$this->query; ++ if(zbx_strlen($this->reference)>0) $this->file.='#'.$this->reference; ++ ++ if(isset($_COOKIE['zbx_sessionid'])) ++ $this->setArgument('sid', substr($_COOKIE['zbx_sessionid'],16,16)); ++} ++ ++function formatQuery(){ ++ $query = ''; ++ foreach($this->arguments as $key => $value){ ++ $query.= $key.'='.$value.'&'; ++ } ++ $this->query = rtrim($query,'&'); ++} ++ ++function formatArguments($query=null){ ++ if(is_null($query)){ ++ $this->arguments = $_REQUEST; ++ } ++ else{ ++ $query=ltrim($query,'?'); ++ $args = explode('&',$query); ++ foreach($args as $id => $arg){ ++ if(empty($arg)) continue; ++ ++ $tmp = explode('=',$arg); ++ $this->arguments[$tmp[0]] = isset($tmp[1])?$tmp[1]:''; ++ } ++ } ++ $this->formatQuery(); ++} ++ ++function getUrl(){ ++ $url = (zbx_strlen($this->protocol) > 0)?($this->protocol.'://'):''; ++ $url .= (zbx_strlen($this->username) > 0)?$this->username:''; ++ $url .= (zbx_strlen($this->password) > 0)?':'.$this->password:''; ++ $url .= (zbx_strlen($this->host) > 0)?$this->host:''; ++ $url .= $this->port?(':'.$this->port):''; ++ $url .= (zbx_strlen($this->path) > 0)?$this->path:''; ++ $url .= (zbx_strlen($this->query) > 0)?('?'.$this->query):''; ++ $url .= (zbx_strlen($this->reference) > 0)?('#'.urlencode($this->reference)):''; ++ ++//SDI($this->getProtocol().' : '.$this->getHost().' : '.$this->getPort().' : '.$this->getPath().' : '.$this->getQuery()); ++return $url; ++} ++ ++function setPort($port){ ++ $this->port = $port; ++} ++ ++function getPort(){ ++ return $this->port; ++} ++ ++function setArgument($key,$value=''){ ++ $this->arguments[$key] = $value; ++ $this->formatQuery(); ++} ++ ++function getArgument($key){ ++ if(isset($this->arguments[$key])) return $this->arguments[$key]; ++ else return NULL; ++} ++ ++function setQuery($query){ ++ $this->query = $query; ++ $this->formatArguments(); ++ $this->formatQuery(); ++} ++ ++function getQuery(){ ++ return $this->query; ++} ++ ++function setProtocol($protocol){ ++ $this->protocol = $protocol; ++} ++ ++/* Returns the protocol of $this URL, i.e. 'http' in the url 'http://server/' */ ++function getProtocol(){ ++ return $this->protocol; ++} ++ ++function setHost($host){ ++ $this->host = $host; ++} ++ ++/* Returns the host name of $this URL, i.e. 'server.com' in the url 'http://server.com/' */ ++function getHost(){ ++ return $this->host; ++} ++ ++function setUserName($username){ ++ $this->username = $username; ++} ++ ++/* Returns the user name part of $this URL, i.e. 'joe' in the url 'http://joe@server.com/' */ ++function getUserName(){ ++ return $this->username; ++} ++ ++function setPassword($password){ ++ $this->password = $password; ++} ++ ++/* Returns the password part of $this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */ ++function getPassword(){ ++ return $this->password; ++} ++ ++function setFile($file){ ++ $this->file = $file; ++} ++ ++/* Returns the file part of $this url, i.e. everything after the host name. */ ++function getFile(){ ++ return $this->file; ++} ++ ++function setReference($reference){ ++ $this->reference = $reference; ++} ++ ++/* Returns the reference of $this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */ ++function getReference(){ ++ return $this->reference; ++} ++ ++function setPath($path){ ++ $this->path = $path; ++} ++ ++/* Returns the file path of $this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */ ++function getPath(){ ++ return $this->path; ++} ++ ++function toString(){ ++ return $this->getUrl(); ++} ++} +\ No newline at end of file +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6643) ++++ frontends/php/include/classes/cform.inc.php (revision 6644) +@@ -28,7 +28,7 @@ + $this->setEnctype($enctype); + + if(isset($_COOKIE['zbx_sessionid'])) +- $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); ++ $this->addVar('sid', substr($_COOKIE['zbx_sessionid'],16,16)); + } + + function setMethod($value='post'){ +Index: frontends/php/include/classes/ctag.inc.php +=================================================================== +--- frontends/php/include/classes/ctag.inc.php (revision 6643) ++++ frontends/php/include/classes/ctag.inc.php (revision 6644) +@@ -1,7 +1,7 @@ + <?php + /* + ** ZABBIX +-** Copyright (C) 2000-2005 SIA Zabbix ++** Copyright (C) 2000-2009 SIA Zabbix + ** + ** This program is free software; you can redistribute it and/or modify + ** it under the terms of the GNU General Public License as published by +@@ -19,272 +19,258 @@ + **/ + ?> + <?php +- function destroy_objects() +- { +- global $GLOBALS; +- +- if(isset($GLOBALS)) foreach($GLOBALS as $name => $value) +- { +- if(!is_object($GLOBALS[$name])) continue; +- unset($GLOBALS[$name]); +- } ++function destroy_objects(){ ++ if(isset($GLOBALS)) foreach($GLOBALS as $name => $value){ ++ if(!is_object($GLOBALS[$name])) continue; ++ unset($GLOBALS[$name]); + } +- +- function unpack_object(&$item) +- { +- $res = ""; ++} + +- if(is_object($item)) +- { +- $res = $item->ToString(false); +- } +- elseif(is_array($item)) +- { +- foreach($item as $id => $dat) +- $res .= unpack_object($item[$id]); // Attention, recursion !!! +- } +- elseif(!is_null($item)) +- { +- $res = strval($item); +- unset($item); +- } +- return $res; ++function unpack_object(&$item){ ++ $res = ''; ++ ++ if(is_object($item)){ ++ $res = $item->toString(false); + } ++ else if(is_array($item)){ ++ foreach($item as $id => $dat) ++ $res .= unpack_object($item[$id]); // Attention, recursion !!! ++ } ++ else if(!is_null($item)){ ++ $res = strval($item); ++ unset($item); ++ } ++return $res; ++} + +- function implode_objects($glue, &$pieces) +- { +- if( !is_array($pieces) ) return unpack_object($pieces); ++function implode_objects($glue, &$pieces){ ++ if( !is_array($pieces) ) return unpack_object($pieces); + +- foreach($pieces as $id => $piece) +- $pieces[$id] = unpack_object($piece); ++ foreach($pieces as $id => $piece) ++ $pieces[$id] = unpack_object($piece); + +- return implode($glue, $pieces); +- } ++return implode($glue, $pieces); ++} + +- class CObject +- { +- function CObject($items=null) +- { +- $this->items = array(); +- if(isset($items)) +- { +- $this->AddItem($items); +- } ++class CObject{ ++ function CObject($items=null){ ++ $this->items = array(); ++ if(isset($items)){ ++ $this->addItem($items); + } +- +- function ToString($destroy=true) +- { +- $res = implode('',$this->items); +- if($destroy) $this->Destroy(); +- return $res; +- } ++ } ++ ++ function toString($destroy=true){ ++ $res = implode('',$this->items); ++ if($destroy) $this->destroy(); ++ return $res; ++ } + +- function Show($destroy=true){ +- echo $this->ToString($destroy); +- } ++ function show($destroy=true){ ++ echo $this->toString($destroy); ++ } + +- function Destroy() +- { ++ function destroy(){ + // TODO Problem under PHP 5.0 "Fatal error: Cannot re-assign $this in ..." + // $this = null; +- $this->CleanItems(); +- } ++ $this->cleanItems(); ++ } + +- function CleanItems(){ +- $this->items = array(); ++ function cleanItems(){ ++ $this->items = array(); ++ } ++ ++ function itemsCount(){ ++ return count($this->items); ++ } ++ ++ function addItem($value){ ++ ++ if(is_object($value)){ ++ array_push($this->items,unpack_object($value)); + } +- +- function ItemsCount(){ +- return count($this->items); ++ else if(is_string($value)){ ++ array_push($this->items,str_replace(array('<','>','"'),array('<','>','"'),$value)); ++// array_push($this->items,htmlspecialchars($value)); + } +- +- function AddItem($value){ +- +- if(is_object($value)){ +- array_push($this->items,unpack_object($value)); ++ else if(is_array($value)){ ++ foreach($value as $item){ ++ $this->addItem($item); // Attention, recursion !!! + } +- else if(is_string($value)){ +- array_push($this->items,str_replace(array('<','>','"'),array('<','>','"'),$value)); +-// array_push($this->items,htmlspecialchars($value)); +- } +- else if(is_array($value)){ +- foreach($value as $item){ +- $this->AddItem($item); // Attention, recursion !!! +- } +- } +- else if(!is_null($value)){ +- array_push($this->items,unpack_object($value)); +- } + } ++ else if(!is_null($value)){ ++ array_push($this->items,unpack_object($value)); ++ } + } ++} + +- class CTag extends CObject{ ++class CTag extends CObject{ + /* private *//* +- var $tagname; +- var $options = array(); +- var $paired;*/ ++ var $tagname; ++ var $options = array(); ++ var $paired;*/ + /* protected *//* +- var $items = array(); ++ var $items = array(); + +- var $tag_body_start; +- var $tag_body_end; +- var $tag_start; +- var $tag_end;*/ ++ var $tag_body_start; ++ var $tag_body_end; ++ var $tag_start; ++ var $tag_end;*/ + + /* public */ +- function CTag($tagname=NULL, $paired='no', $body=NULL, $class=null){ +- parent::CObject(); ++ function CTag($tagname=NULL, $paired='no', $body=NULL, $class=null){ ++ parent::CObject(); + +- $this->options = array(); ++ $this->options = array(); + +- if(!is_string($tagname)){ +- return $this->error('Incorrect tagname for CTag ['.$tagname.']'); +- } +- +- $this->tagname = $tagname; +- $this->paired = $paired; +- +- $this->tag_start = $this->tag_end = $this->tag_body_start = $this->tag_body_end = ''; +- +- if(is_null($body)){ +- $this->tag_end = $this->tag_body_start = "\n"; +- } +- else{ +- CTag::AddItem($body); +- } +- +- $this->SetClass($class); ++ if(!is_string($tagname)){ ++ return $this->error('Incorrect tagname for CTag ['.$tagname.']'); + } + +- function ShowStart() { echo $this->StartToString(); } +- function ShowBody() { echo $this->BodyToString(); } +- function ShowEnd() { echo $this->EndToString(); } ++ $this->tagname = $tagname; ++ $this->paired = $paired; + +- function StartToString(){ +- $res = $this->tag_start.'<'.$this->tagname; +- foreach($this->options as $key => $value){ +- $res .= ' '.$key.'="'.$value.'"'; +- } +- $res .= ($this->paired=='yes')?'>':' />'; +- return $res; +- } ++ $this->tag_start = $this->tag_end = $this->tag_body_start = $this->tag_body_end = ''; + +- function BodyToString(){ +- $res = $this->tag_body_start; +- return $res.parent::ToString(false); +- +- /*foreach($this->items as $item) +- $res .= $item; +- return $res;*/ ++ if(is_null($body)){ ++ $this->tag_end = $this->tag_body_start = "\n"; + } +- +- function EndToString(){ +- $res = ($this->paired=='yes') ? $this->tag_body_end.'</'.$this->tagname.'>' : ''; +- $res .= $this->tag_end; +- return $res; ++ else{ ++ CTag::addItem($body); + } +- +- function ToString($destroy=true){ +- $res = $this->StartToString(); +- $res .= $this->BodyToString(); +- $res .= $this->EndToString(); + +- if($destroy) $this->Destroy(); ++ $this->setClass($class); ++ } ++ ++ function showStart() { echo $this->startToString(); } ++ function showBody() { echo $this->bodyToString(); } ++ function showEnd() { echo $this->endToString(); } + +- return $res; ++ function startToString(){ ++ $res = $this->tag_start.'<'.$this->tagname; ++ foreach($this->options as $key => $value){ ++ $res .= ' '.$key.'="'.$value.'"'; + } +- +- function SetName($value){ +- if(is_null($value)) return $value; ++ $res .= ($this->paired=='yes')?'>':' />'; ++ return $res; ++ } + +- if(!is_string($value)){ +- return $this->error("Incorrect value for SetName [$value]"); +- } +- return $this->AddOption("name",$value); +- } ++ function bodyToString(){ ++ $res = $this->tag_body_start; ++ return $res.parent::ToString(false); + +- function GetName(){ +- if(isset($this->options['name'])) +- return $this->options['name']; +- return NULL; +- } +- +- function SetClass($value){ +- if(isset($value)) +- $this->options['class'] = $value; +- else +- unset($this->options['class']); ++ /*foreach($this->items as $item) ++ $res .= $item; ++ return $res;*/ ++ } ++ ++ function endToString(){ ++ $res = ($this->paired=='yes') ? $this->tag_body_end.'</'.$this->tagname.'>' : ''; ++ $res .= $this->tag_end; ++ return $res; ++ } ++ ++ function toString($destroy=true){ ++ $res = $this->startToString(); ++ $res .= $this->bodyToString(); ++ $res .= $this->endToString(); + +- return $value; ++ if($destroy) $this->Destroy(); ++ ++ return $res; ++ } ++ ++ function setName($value){ ++ if(is_null($value)) return $value; ++ ++ if(!is_string($value)){ ++ return $this->error("Incorrect value for setName [$value]"); + } +- +- function DelOption($name){ +- unset($this->options[$name]); +- } +- +- function GetOption($name){ +- $ret = NULL; +- if(isset($this->options[$name])) +- $ret =& $this->options[$name]; +- return $ret; +- } ++ return $this->addOption("name",$value); ++ } ++ ++ function getName(){ ++ if(isset($this->options['name'])) ++ return $this->options['name']; ++ return NULL; ++ } ++ ++ function setClass($value){ ++ if(isset($value)) ++ $this->options['class'] = $value; ++ else ++ unset($this->options['class']); + +- function SetHint($text, $width='', $class=''){ +- if(empty($text)) return false; ++ return $value; ++ } ++ ++ function DelOption($name){ ++ unset($this->options[$name]); ++ } ++ ++ function getOption($name){ ++ $ret = NULL; ++ if(isset($this->options[$name])) ++ $ret =& $this->options[$name]; ++ return $ret; ++ } + +- insert_showhint_javascript(); ++ function setHint($text, $width='', $class=''){ ++ if(empty($text)) return false; + +- $text = unpack_object($text); +- if($width != '' || $class != ''){ +- $code = "show_hint_ext(this,event,'".$text."','".$width."','".$class."');"; +- } +- else{ +- $code = "show_hint(this,event,'".$text."');"; +- } ++ insert_showhint_javascript(); + +- $this->AddAction('onMouseOver', $code); +- $this->AddAction('onMouseMove', 'update_hint(this,event);'); ++ $text = unpack_object($text); ++ if($width != '' || $class != ''){ ++ $code = "show_hint_ext(this,event,'".$text."','".$width."','".$class."');"; + } +- +- function OnClick($handle_code){ +- $this->AddAction('onclick', $handle_code); ++ else{ ++ $code = "show_hint(this,event,'".$text."');"; + } + +- function AddAction($name, $value){ +- if(is_object($value)){ +- $this->options[$name] = unpack_object($value); +- } +- else if(!empty($value)){ +- $this->options[$name] = htmlentities(str_replace(array("\r", "\n"), '', strval($value)),ENT_COMPAT,S_HTML_CHARSET); +- } ++ $this->addAction('onMouseOver', $code); ++ $this->addAction('onMouseMove', 'update_hint(this,event);'); ++ } ++ ++ function onClick($handle_code){ ++ $this->addAction('onclick', $handle_code); ++ } ++ ++ function addAction($name, $value){ ++ if(is_object($value)){ ++ $this->options[$name] = unpack_object($value); + } ++ else if(!empty($value)){ ++ $this->options[$name] = htmlentities(str_replace(array("\r", "\n"), '', strval($value)),ENT_COMPAT,S_HTML_CHARSET); ++ } ++ } + +- function AddOption($name, $value){ +- if(is_object($value)){ +- $this->options[$name] = unpack_object($value); +- } +- else if(isset($value)) +- $this->options[$name] = htmlspecialchars(strval($value)); +- else +- unset($this->options[$name]); ++ function addOption($name, $value){ ++ if(is_object($value)){ ++ $this->options[$name] = unpack_object($value); + } ++ else if(isset($value)) ++ $this->options[$name] = htmlspecialchars(strval($value)); ++ else ++ unset($this->options[$name]); ++ } + +- function SetEnabled($value='yes'){ +- if((is_string($value) && ($value == 'yes' || $value == 'enabled' || $value=='on') || $value=='1') +- || (is_int($value) && $value<>0)) +- { +- unset($this->options['disabled']); +- } +- else if((is_string($value) && ($value == 'no' || $value == 'disabled' || $value=='off') || $value=='0') +- || (is_int($value) && $value==0)) +- { +- $this->options['disabled'] = 'disabled'; +- } ++ function setEnabled($value='yes'){ ++ if((is_string($value) && ($value == 'yes' || $value == 'enabled' || $value=='on') || $value=='1') ++ || (is_int($value) && $value<>0)) ++ { ++ unset($this->options['disabled']); + } +- +- function error($value){ +- error('class('.get_class($this).') - '.$value); +- return 1; ++ else if((is_string($value) && ($value == 'no' || $value == 'disabled' || $value=='off') || $value=='0') ++ || (is_int($value) && $value==0)) ++ { ++ $this->options['disabled'] = 'disabled'; + } + } +-?> ++ ++ function error($value){ ++ error('class('.get_class($this).') - '.$value); ++ return 1; ++ } ++} ++?> +\ No newline at end of file +Index: frontends/php/include/classes/cmap.inc.php +=================================================================== +--- frontends/php/include/classes/cmap.inc.php (revision 6643) ++++ frontends/php/include/classes/cmap.inc.php (revision 6644) +@@ -19,78 +19,75 @@ + **/ + ?> + <?php +- class CMap extends CTag +- { ++class CMap extends CTag{ + /* public */ +- function CMap($name="") +- { +- parent::CTag("map","yes"); +- $this->SetName($name); +- } +- function AddRectArea($x1,$y1,$x2,$y2,$href,$alt) +- { +- return $this->AddArea(array($x1,$y1,$x2,$y2),$href,$alt,'rect'); +- } +- function AddArea($coords,$href,$alt,$shape) +- { +- return $this->AddItem(new CArea($coords,$href,$alt,$shape)); +- } +- function AddItem($value) +- { +- if(strtolower(get_class($value)) != 'carea') +- return $this->error("Incorrect value for AddItem [$value]"); ++ function CMap($name=''){ ++ parent::CTag('map','yes'); ++ $this->setName($name); ++ } ++ ++ function addRectArea($x1,$y1,$x2,$y2,$href,$alt){ ++ return $this->addArea(array($x1,$y1,$x2,$y2),$href,$alt,'rect'); ++ } ++ ++ function addArea($coords,$href,$alt,$shape){ ++ return $this->addItem(new CArea($coords,$href,$alt,$shape)); ++ } ++ ++ function addItem($value){ ++ if(strtolower(get_class($value)) != 'carea') ++ return $this->error('Incorrect value for addItem ['.$value.']'); + +- return parent::AddItem($value); +- } ++ return parent::addItem($value); + } ++} + +- class CArea extends CTag +- { +- function CArea($coords,$href,$alt,$shape) +- { +- parent::CTag("area","no"); +- $this->SetCoords($coords); +- $this->SetShape($shape); +- $this->SetHref($href); +- $this->SetAlt($alt); +- } +- function SetCoords($value) +- { +- if(!is_array($value)) +- return $this->error("Incorrect value for SetCoords [$value]"); +- if(count($value)<3) +- return $this->error("Incorrect values count for SetCoords [".count($value)."]"); ++class CArea extends CTag{ ++ function CArea($coords,$href,$alt,$shape){ ++ parent::CTag('area','no'); ++ $this->setCoords($coords); ++ $this->setShape($shape); ++ $this->setHref($href); ++ $this->setAlt($alt); ++ } ++ ++ function setCoords($value){ ++ if(!is_array($value)) ++ return $this->error('Incorrect value for setCoords ['.$value.']'); ++ if(count($value)<3) ++ return $this->error('Incorrect values count for setCoords ['.count($value).']'); + +- $str_val = ""; +- foreach($value as $val) +- { +- if(!is_numeric($val)) +- return $this->error("Incorrect value for SetCoords [$val]"); ++ $str_val = ''; ++ foreach($value as $val){ ++ if(!is_numeric($val)) ++ return $this->error('Incorrect value for setCoords ['.$val.']'); + +- $str_val .= $val.","; +- } +- $this->AddOption("coords",trim($str_val,',')); ++ $str_val .= $val.','; + } +- function SetShape($value) +- { +- if(!is_string($value)) +- return $this->error("Incorrect value for SetShape [$value]"); ++ $this->addOption('coords',trim($str_val,',')); ++ } + +- $this->AddOption("shape",$value); +- } +- function SetHref($value) +- { +- if(!is_string($value)) +- return $this->error("Incorrect value for SetHref [$value]"); ++ function setShape($value){ ++ if(!is_string($value)) ++ return $this->error('Incorrect value for setShape ['.$value.']'); + +- $this->AddOption("href",$value); +- } +- function SetAlt($value) +- { +- if(!is_string($value)) +- return $this->error("Incorrect value for SetAlt [$value]"); ++ $this->addOption('shape',$value); ++ } + +- $this->AddOption("alt",$value); +- } ++ function setHref($value){ ++ if(!is_string($value)) ++ return $this->error('Incorrect value for setHref ['.$value.']'); ++ $url = new Curl($value); ++ $value = $url->getUrl(); ++ ++ $this->addOption('href',$value); + } +-?> ++ ++ function setAlt($value){ ++ if(!is_string($value)) ++ return $this->error('Incorrect value for setAlt ['.$value.']'); ++ ++ $this->addOption('alt',$value); ++ } ++} ++?> +\ No newline at end of file +Index: frontends/php/include/html.inc.php +=================================================================== +--- frontends/php/include/html.inc.php (revision 6643) ++++ frontends/php/include/html.inc.php (revision 6644) +@@ -58,7 +58,7 @@ + } + + function prepare_url(&$var, $varname=null){ +- $result = ""; ++ $result = ''; + + if(is_array($var)){ + foreach($var as $id => $par) +Index: frontends/php/items.php +=================================================================== +--- frontends/php/items.php (revision 6643) ++++ frontends/php/items.php (revision 6644) +@@ -944,16 +944,17 @@ + // url_param('groupid'), + 'action')); + +- $status=new CCol(new CLink(item_status2str($db_item["status"]), +- "?group_itemid%5B%5D=".$db_item["itemid"]. +- "&group_task=".($db_item["status"] ? "Activate+selected" : "Disable+selected"), +- item_status2style($db_item["status"]))); ++ $status=new CCol(new CLink(item_status2str($db_item['status']), ++// '?sessionid='.$USER_DETAILS['sessionid']. ++ '?group_itemid%5B%5D='.$db_item['itemid']. ++ '&group_task='.($db_item['status']?'Activate+selected':'Disable+selected'), ++ item_status2style($db_item['status']))); + +- if($db_item["error"] == ''){ +- $error=new CCol('-',"off"); ++ if($db_item['error'] == ''){ ++ $error=new CCol('-','off'); + } + else{ +- $error=new CCol($db_item["error"],"on"); ++ $error=new CCol($db_item['error'],'on'); + } + + $applications = $show_applications ? implode(', ', get_applications_by_itemid($db_item["itemid"], 'name')) : null; diff --git a/net-mgmt/zabbix/pkg-plist b/net-mgmt/zabbix/pkg-plist index cf3012c388b..94f901a725f 100644 --- a/net-mgmt/zabbix/pkg-plist +++ b/net-mgmt/zabbix/pkg-plist @@ -28,16 +28,15 @@ bin/zabbix_server %%DATADIR%%/php/js/sbox.js %%DATADIR%%/php/js/services.js %%DATADIR%%/php/js/gmenu.js +%%DATADIR%%/php/js/gpc.js %%DATADIR%%/php/js/chkbxrange.js %%DATADIR%%/php/js/scrollbar.js %%DATADIR%%/php/js/graphs.js %%DATADIR%%/php/js/sbinit.js %%DATADIR%%/php/js/common.js %%DATADIR%%/php/js/ajax_req.js -%%DATADIR%%/php/js/cookies.js %%DATADIR%%/php/js/blink.js %%DATADIR%%/php/js/tree.js -%%DATADIR%%/php/js/url.js %%DATADIR%%/php/js/showhint.js %%DATADIR%%/php/include/locales/cn_zh.inc.php %%DATADIR%%/php/include/locales/lv_lv.inc.php @@ -80,6 +79,7 @@ bin/zabbix_server %%DATADIR%%/php/include/classes/ciframe.inc.php %%DATADIR%%/php/include/classes/cscript.inc.php %%DATADIR%%/php/include/classes/cpumenu.inc.php +%%DATADIR%%/php/include/classes/curl.inc.php %%DATADIR%%/php/include/classes/pie.inc.php %%DATADIR%%/php/include/classes/ctag.inc.php %%DATADIR%%/php/include/classes/cbutton.inc.php diff --git a/net-mgmt/zabbix2-agent/Makefile b/net-mgmt/zabbix2-agent/Makefile index 78531b59ffc..2d6e625c42f 100644 --- a/net-mgmt/zabbix2-agent/Makefile +++ b/net-mgmt/zabbix2-agent/Makefile @@ -7,6 +7,7 @@ PORTNAME= zabbix PORTVERSION= 1.6.2 +PORTREVISION= 1 PORTEPOCH= 2 CATEGORIES= net-mgmt MASTER_SITES= SF @@ -24,8 +25,6 @@ MAKE_ARGS= ARCH=freebsd CONFIGURE_ARGS+=--enable-ipv6 .endif -FORBIDDEN= multiple vulnerabilities http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html - ZABBIX_BIN= agent agentd get sender ZABBIX_CFG= agent agentd ZABBIX_BINFILES=${ZABBIX_BIN:S|^|zabbix_|:C|.+|&/&|:S|agentd/|agent/|} diff --git a/net-mgmt/zabbix2/Makefile b/net-mgmt/zabbix2/Makefile index 8eaf623c07d..d003ff56212 100644 --- a/net-mgmt/zabbix2/Makefile +++ b/net-mgmt/zabbix2/Makefile @@ -7,6 +7,7 @@ PORTNAME= zabbix PORTVERSION= 1.6.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= net-mgmt MASTER_SITES= SF @@ -38,8 +39,6 @@ SUB_FILES= pkg-message .include <bsd.port.pre.mk> -FORBIDDEN= multiple vulnerabilities http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html - .ifndef WITHOUT_JABBER USE_JABBER= yes CONFIGURE_ARGS+=--with-jabber=${LOCALBASE} @@ -82,6 +81,7 @@ post-patch: @${REINPLACE_CMD} -e '/test.*rf/s|-rf|-f|;/LDFLAGS/s|-static||;\ /LIBS="-lnetsnmp/s|="|="-lcrypto |;s|-lsqlite3|-lsqlite3 ${PTHREAD_LIBS}|'\ ${WRKSRC}/configure + @cd ${WRKSRC} && ${FIND} . -name '*.orig' -exec ${RM} {} \; .ifdef WITHOUT_FPING @${ECHO} 'DisablePinger=yes' >> ${WRKSRC}/misc/conf/zabbix_server.conf diff --git a/net-mgmt/zabbix2/files/patch-USH-162.1 b/net-mgmt/zabbix2/files/patch-USH-162.1 new file mode 100644 index 00000000000..df11a28e251 --- /dev/null +++ b/net-mgmt/zabbix2/files/patch-USH-162.1 @@ -0,0 +1,135 @@ +Index: include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6592) ++++ frontends/php/include/validate.inc.php (revision 6593) +@@ -198,19 +198,21 @@ + return $ret; + } + +- function calc_exp($fields,$field,$expression){ ++ function calc_exp($fields,$field,$expression){ + //SDI("$field - expression: ".$expression); + +- if(zbx_strstr($expression,"{}") && !isset($_REQUEST[$field])) ++ if(zbx_strstr($expression,'{}') && !isset($_REQUEST[$field])) + return FALSE; + +- if(zbx_strstr($expression,"{}") && !is_array($_REQUEST[$field])) +- $expression = str_replace("{}",'$_REQUEST["'.$field.'"]',$expression); ++ if(zbx_strstr($expression,'{}') && !is_array($_REQUEST[$field])) ++ $expression = str_replace('{}','$_REQUEST["'.$field.'"]',$expression); + +- if(zbx_strstr($expression,"{}") && is_array($_REQUEST[$field])){ ++ if(zbx_strstr($expression,'{}') && is_array($_REQUEST[$field])){ + foreach($_REQUEST[$field] as $key => $val){ +- $expression2 = str_replace("{}",'$_REQUEST["'.$field.'"]["'.$key.'"]',$expression); +- if(calc_exp2($fields,$field,$expression2)==FALSE) ++ if(!ereg('^[a-zA-Z0-9_]+$',$key)) return FALSE; ++ ++ $expression2 = str_replace('{}','$_REQUEST["'.$field.'"]["'.$key.'"]',$expression); ++ if(calc_exp2($fields,$field,$expression2)==FALSE) + return FALSE; + } + return TRUE; +@@ -219,7 +221,7 @@ + return calc_exp2($fields,$field,$expression); + } + +- function unset_not_in_list(&$fields){ ++ function unset_not_in_list(&$fields){ + foreach($_REQUEST as $key => $val){ + if(!isset($fields[$key])){ + unset_request($key,'unset_not_in_list'); +@@ -382,7 +384,7 @@ + } + } + +- function check_field(&$fields, &$field, $checks){ ++ function check_field(&$fields, &$field, $checks){ + list($type,$opt,$flags,$validation,$exception)=$checks; + + if($flags&P_UNSET_EMPTY && isset($_REQUEST[$field]) && $_REQUEST[$field]==''){ +@@ -473,9 +475,7 @@ + include_once "include/page_footer.php"; + } + +- function check_fields(&$fields, $show_messages=true){ +- +- global $_REQUEST; ++ function check_fields(&$fields, $show_messages=true){ + global $system_fields; + + $err = ZBX_VALID_OK; +Index: locales.php +=================================================================== +--- frontends/php/locales.php (revision 6592) ++++ frontends/php/locales.php (revision 6593) +@@ -19,11 +19,11 @@ + **/ + ?> + <?php +-include_once "include/config.inc.php"; ++include_once('include/config.inc.php'); + + if(isset($_REQUEST['download'])){ +- $page["type"] = PAGE_TYPE_XML; +- $page["file"] = "new_locale.inc.php"; ++ $page['type'] = PAGE_TYPE_XML; ++ $page['file'] = 'new_locale.inc.php'; + } + else{ + $page['title'] = "S_LOCALES"; +@@ -181,26 +181,25 @@ + $frmLcls->AddOption('id','locales'); + $frmLcls->SetHelp($help); + +- $fileFrom = 'include/locales/'.$_REQUEST['srclang'].".inc.php"; +- if(file_exists($fileFrom)){ +- include($fileFrom); + ++ $fileFrom = 'include/locales/'.$_REQUEST['srclang'].'.inc.php'; ++ if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['srclang']) && file_exists($fileFrom)){ ++ include($fileFrom); + if(!isset($TRANSLATION) || !is_array($TRANSLATION)){ +- error("Passed SOURCE is NOT valid PHP file."); ++ error('Passed SOURCE is NOT valid PHP file.'); + } + $transFrom = $TRANSLATION; + } + unset($TRANSLATION); + +- $frmLcls->AddVar('extlang',$_REQUEST['extlang']); +- +- if($_REQUEST['extlang'] != 'new'){ +- $fileTo = 'include/locales/'.$_REQUEST['extlang'].".inc.php"; ++ $frmLcls->addVar('extlang',$_REQUEST['extlang']); ++ if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['srclang']) && ($_REQUEST['extlang'] != 'new')){ ++ $fileTo = 'include/locales/'.$_REQUEST['extlang'].'.inc.php'; + if(file_exists($fileTo)){ + include($fileTo); + + if(!isset($TRANSLATION) || !is_array($TRANSLATION)){ +- error("Passed DEST is NOT valid PHP file."); ++ error('Passed DEST is NOT valid PHP file.'); + } + $transTo = $TRANSLATION; + // header('Content-Type: text/html; charset='.$TRANSLATION['S_HTML_CHARSET']); + +----- + +This hunk fixes typo in the bugfix for local file inclusion inside +locales.php + +Index: branches/1.6/frontends/php/locales.php +=================================================================== +--- frontends/php/locales.php (revision 6885) ++++ frontends/php/locales.php (revision 6886) +@@ -193,7 +193,7 @@ + unset($TRANSLATION); + + $frmLcls->addVar('extlang',$_REQUEST['extlang']); +- if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['srclang']) && ($_REQUEST['extlang'] != 'new')){ ++ if(ereg('^[A-Za-z0-9_]+$', $_REQUEST['extlang']) && ($_REQUEST['extlang'] != 'new')){ + $fileTo = 'include/locales/'.$_REQUEST['extlang'].'.inc.php'; + if(file_exists($fileTo)){ + include($fileTo); diff --git a/net-mgmt/zabbix2/files/patch-USH-162.2 b/net-mgmt/zabbix2/files/patch-USH-162.2 new file mode 100644 index 00000000000..22d5d1112dc --- /dev/null +++ b/net-mgmt/zabbix2/files/patch-USH-162.2 @@ -0,0 +1,2622 @@ +Index: frontends/php/include/perm.inc.php +=================================================================== +--- frontends/php/include/perm.inc.php (revision 6620) ++++ frontends/php/include/perm.inc.php (revision 6621) +@@ -44,7 +44,7 @@ + $USER_DETAILS = NULL; + $login = FALSE; + +- $sessionid = get_cookie('zbx_sessionid'); ++ $sessionid = get_request('sessionid',get_cookie('zbx_sessionid')); + + if(!is_null($sessionid)){ + $sql = 'SELECT u.*,s.* '. +Index: frontends/php/include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6620) ++++ frontends/php/include/validate.inc.php (revision 6621) +@@ -428,8 +429,12 @@ + } + } + else if($opt == O_OPT){ +- if(!isset($_REQUEST[$field])) ++ if(!isset($_REQUEST[$field])){ + return ZBX_VALID_OK; ++ } ++ else if(($flags&P_ACT) && !isset($_REQUEST['zbx_form'])){ ++ return ZBX_VALID_ERROR; ++ } + } + + check_trim($_REQUEST[$field]); +@@ -458,17 +463,21 @@ + return ZBX_VALID_OK; + } + +-// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION ++// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION + $system_fields=array( +- "sessionid"=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(),NULL), +- "switch_node"=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), +- "triggers_hash"=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), +- 'print'=> array(T_ZBX_INT, O_OPT, P_SYS, IN("1"),NULL), ++ 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), 'isset({zbx_form})'), ++ 'zbx_form'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY, NULL), ++// ++ 'switch_node'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), ++ 'triggers_hash'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), ++ 'print'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('1'),NULL), ++ ++// table sorting + 'sort'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL,NULL), + 'sortorder'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL,NULL) + ); + +- function invalid_url(){ ++ function invalid_url(){ + include_once "include/page_header.php"; + unset_all(); + show_error_message(S_INVALID_URL); +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6620) ++++ frontends/php/include/classes/cform.inc.php (revision 6621) +@@ -22,46 +22,44 @@ + class CForm extends CTag{ + /* public */ + function CForm($action=NULL, $method='post', $enctype=NULL){ +- parent::CTag("form","yes"); +- $this->SetMethod($method); +- $this->SetAction($action); +- $this->SetEnctype($enctype); ++ parent::CTag('form','yes'); ++ $this->setMethod($method); ++ $this->setAction($action); ++ $this->setEnctype($enctype); ++ ++ $this->addVar('zbx_form', 'action'); ++ $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); + } + +- function SetMethod($value='post'){ ++ function setMethod($value='post'){ + return $this->options['method'] = $value; + } + +- function SetAction($value){ ++ function setAction($value){ + global $page; + + if(is_null($value)){ +- if(isset($page['file'])){ +- $value = $page['file']; +- } +- else{ +- $value = "#"; +- } ++ $value = isset($page['file'])?$page['file']:'#'; + } + + return $this->options['action'] = $value; + } + +- function SetEnctype($value=NULL){ ++ function setEnctype($value=NULL){ + if(is_null($value)){ +- return $this->DelOption("enctype"); ++ return $this->DelOption('enctype'); + } + else if(!is_string($value)){ + return $this->error("Incorrect value for SetEnctype [$value]"); + } + +- return $this->AddOption("enctype",$value); ++ return $this->addOption('enctype',$value); + } + +- function AddVar($name, $value){ ++ function addVar($name, $value){ + if(empty($value) && $value != 0) return $value; + +- return $this->AddItem(new CVar($name, $value)); ++ return $this->addItem(new CVar($name, $value)); + } + } + ?> +Index: frontends/php/include/classes/cformtable.inc.php +=================================================================== +--- frontends/php/include/classes/cformtable.inc.php (revision 6620) ++++ frontends/php/include/classes/cformtable.inc.php (revision 6621) +@@ -46,48 +46,48 @@ + } + + parent::CForm($action,$method,$enctype); +- $this->SetTitle($title); +- $this->SetAlign('center'); +- $this->SetHelp(); ++ $this->setTitle($title); ++ $this->setAlign('center'); ++ $this->setHelp(); + + // $frm_link = new CLink(); +-// $frm_link->SetName("formtable"); +-// $this->AddItemToTopRow($frm_link); ++// $frm_link->setName("formtable"); ++// $this->addItemToTopRow($frm_link); + +- $this->AddVar($form_variable, get_request($form_variable, 1)); +- $this->AddVar('form_refresh',get_request('form_refresh',0)+1); ++ $this->addVar($form_variable, get_request($form_variable, 1)); ++ $this->addVar('form_refresh',get_request('form_refresh',0)+1); + + $this->bottom_items = new CCol(SPACE,'form_row_last'); +- $this->bottom_items->SetColSpan(2); ++ $this->bottom_items->setColSpan(2); + } + +- function SetAction($value){ ++ function setAction($value){ + + if(is_string($value)) +- return parent::SetAction($value); ++ return parent::setAction($value); + elseif(is_null($value)) +- return parent::SetAction($value); ++ return parent::setAction($value); + else + return $this->error("Incorrect value for SetAction [$value]"); + } + +- function SetName($value){ ++ function setName($value){ + if(!is_string($value)){ + return $this->error("Incorrect value for SetAlign [$value]"); + } +- $this->AddOption('name',$value); +- $this->AddOption('id',$value); ++ $this->addOption('name',$value); ++ $this->addOption('id',$value); + return true; + } + +- function SetAlign($value){ ++ function setAlign($value){ + if(!is_string($value)){ + return $this->error("Incorrect value for SetAlign [$value]"); + } + return $this->align = $value; + } + +- function SetTitle($value=NULL){ ++ function setTitle($value=NULL){ + if(is_null($value)){ + unset($this->title); + return 0; +@@ -101,7 +101,7 @@ + $this->title = unpack_object($value); + } + +- function SetHelp($value=NULL){ ++ function setHelp($value=NULL){ + if(is_null($value)) { + $this->help = new CHelp(); + } +@@ -110,8 +110,8 @@ + } + else if(is_string($value)) { + $this->help = new CHelp($value); +- if($this->GetName()==NULL) +- $this->SetName($value); ++ if($this->getName()==NULL) ++ $this->setName($value); + } + else { + return $this->error("Incorrect value for SetHelp [$value]"); +@@ -119,21 +119,21 @@ + return 0; + } + +- function AddVar($name, $value){ +- $this->AddItemToTopRow(new CVar($name, $value)); ++ function addVar($name, $value){ ++ $this->addItemToTopRow(new CVar($name, $value)); + } + +- function AddItemToTopRow($value){ ++ function addItemToTopRow($value){ + array_push($this->top_items, $value); + } + +- function AddRow($item1, $item2=NULL, $class=NULL){ ++ function addRow($item1, $item2=NULL, $class=NULL){ + if(strtolower(get_class($item1)) == 'crow'){ + + } + else if(strtolower(get_class($item1)) == 'ctable'){ + $td = new CCol($item1,'form_row_c'); +- $td->SetColSpan(2); ++ $td->setColSpan(2); + + $item1 = new CRow($td); + } +@@ -157,7 +157,7 @@ + array_push($this->center_items, $item1); + } + +- function AddSpanRow($value, $class=NULL){ ++ function addSpanRow($value, $class=NULL){ + if(is_string($value)) + $item1=nbsp($value); + +@@ -165,16 +165,16 @@ + if(is_null($class)) $class = 'form_row_c'; + + $col = new CCol($value,$class); +- $col->SetColSpan(2); ++ $col->setColSpan(2); + array_push($this->center_items,new CRow($col)); + } + + +- function AddItemToBottomRow($value){ +- $this->bottom_items->AddItem($value); ++ function addItemToBottomRow($value){ ++ $this->bottom_items->addItem($value); + } + +- function SetTableClass($class){ ++ function setTableClass($class){ + if(is_string($class)){ + $this->tableclass = $class; + } +@@ -186,25 +186,25 @@ + + $tbl = new CTable(NULL,$this->tableclass); + +- $tbl->SetOddRowClass('form_odd_row'); +- $tbl->SetEvenRowClass('form_even_row'); +- $tbl->SetCellSpacing(0); +- $tbl->SetCellPadding(1); +- $tbl->SetAlign($this->align); ++ $tbl->setOddRowClass('form_odd_row'); ++ $tbl->setEvenRowClass('form_even_row'); ++ $tbl->setCellSpacing(0); ++ $tbl->setCellPadding(1); ++ $tbl->setAlign($this->align); + # add first row + $col = new CCol(NULL,'form_row_first'); +- $col->SetColSpan(2); ++ $col->setColSpan(2); + +- if(isset($this->help)) $col->AddItem($this->help); +- if(isset($this->title)) $col->AddItem($this->title); +- foreach($this->top_items as $item) $col->AddItem($item); ++ if(isset($this->help)) $col->addItem($this->help); ++ if(isset($this->title)) $col->addItem($this->title); ++ foreach($this->top_items as $item) $col->addItem($item); + +- $tbl->SetHeader($col); ++ $tbl->setHeader($col); + # add last row +- $tbl->SetFooter($this->bottom_items); ++ $tbl->setFooter($this->bottom_items); + # add center rows + foreach($this->center_items as $item){ +- $tbl->AddRow($item); ++ $tbl->addRow($item); + } + return $tbl->ToString(); + } + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/ + +This hunk adds session identifier transmission during Ajax requests. +It also reshuffles some JavaScript functions and adds many whitespace +changes. + +Index: frontends/php/js/cookies.js +=================================================================== +--- frontends/php/js/cookies.js (revision 6622) ++++ frontends/php/js/cookies.js (revision 6623) +@@ -1,78 +0,0 @@ +-//Javascript document +-/* +-** ZABBIX +-** Copyright (C) 2000-2005 SIA Zabbix +-** +-** This program is free software; you can redistribute it and/or modify +-** it under the terms of the GNU General Public License as published by +-** the Free Software Foundation; either version 2 of the License, or +-** (at your option) any later version. +-** +-** This program is distributed in the hope that it will be useful, +-** but WITHOUT ANY WARRANTY; without even the implied warranty of +-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-** GNU General Public License for more details. +-** +-** You should have received a copy of the GNU General Public License +-** along with this program; if not, write to the Free Software +-** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +-**/ +-// Title: cookies class +-// Description: to manipulate cookies on client side +-// Author: Aly +- +-var cookie ={ +-cookies: new Array(), +- +-init: function () { +- var allCookies = document.cookie.split('; '); +- for (var i=0;i<allCookies.length;i++) { +- var cookiePair = allCookies[i].split('='); +- this.cookies[cookiePair[0]] = cookiePair[1]; +- } +-}, +- +-create: function (name,value,days) { +- if(days) { +- var date = new Date(); +- date.setTime(date.getTime()+(days*24*60*60*1000)); +- var expires = "; expires="+date.toGMTString(); +- }else{ +- var expires = ""; +- } +- +- document.cookie = name+"="+value+expires+"; path=/"; +- this.cookies[name] = value; +-}, +- +-read : function(name){ +- if(typeof(this.cookies[name]) != 'undefined'){ +- return this.cookies[name]; +- } else { +- var nameEQ = name + "="; +- var ca = document.cookie.split(';'); +- for(var i=0;i < ca.length;i++) { +- var c = ca[i]; +- while (c.charAt(0)==' ') c = c.substring(1,c.length); +- if(c.indexOf(nameEQ) == 0) return this.cookies[name] = c.substring(nameEQ.length,c.length); +- } +- } +- return null; +-}, +- +-printall: function() { +- var allCookies = document.cookie.split('; '); +- for (var i=0;i<allCookies.length;i++) { +- var cookiePair = allCookies[i].split('='); +- +- alert("[" + cookiePair[0] + "] is " + cookiePair[1]); // assumes print is already defined +- } +-}, +- +-erase: function (name) { +- this.create(name,'',-1); +- this.cookies[name] = undefined; +-} +-} +- +-cookie.init(); +\ No newline at end of file +Index: frontends/php/js/url.js +=================================================================== +--- frontends/php/js/url.js (revision 6622) ++++ frontends/php/js/url.js (revision 6623) +@@ -1,256 +0,0 @@ +-// JavaScript Document +-/* +-** ZABBIX +-** Copyright (C) 2000-2007 SIA Zabbix +-** +-** This program is free software; you can redistribute it and/or modify +-** it under the terms of the GNU General Public License as published by +-** the Free Software Foundation; either version 2 of the License, or +-** (at your option) any later version. +-** +-** This program is distributed in the hope that it will be useful, +-** but WITHOUT ANY WARRANTY; without even the implied warranty of +-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-** GNU General Public License for more details. +-** +-** You should have received a copy of the GNU General Public License +-** along with this program; if not, write to the Free Software +-** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +-** +-*/ +- +-// Title: url manipulation class +-// Author: Aly +- +- +-var url = Class.create(); +- +-url.prototype = { +-url: '', // actually, it's depricated/private variable +-port: -1, +-host: '', +-protocol: '', +-username: '', +-password: '', +-filr: '', +-reference: '', +-path: '', +-query: '', +-arguments: new Array(), +- +-initialize: function(url){ +- this.url=unescape(url); +- +- this.query=(this.url.indexOf('?')>=0)?this.url.substring(this.url.indexOf('?')+1):''; +- if(this.query.indexOf('#')>=0) this.query=this.query.substring(0,this.query.indexOf('#')); +- +- var protocolSepIndex=this.url.indexOf('://'); +- if(protocolSepIndex>=0){ +- this.protocol=this.url.substring(0,protocolSepIndex).toLowerCase(); +- this.host=this.url.substring(protocolSepIndex+3); +- if(this.host.indexOf('/')>=0) this.host=this.host.substring(0,this.host.indexOf('/')); +- var atIndex=this.host.indexOf('@'); +- if(atIndex>=0){ +- var credentials=this.host.substring(0,atIndex); +- var colonIndex=credentials.indexOf(':'); +- if(colonIndex>=0){ +- this.username=credentials.substring(0,colonIndex); +- this.password=credentials.substring(colonIndex); +- }else{ +- this.username=credentials; +- } +- this.host=this.host.substring(atIndex+1); +- } +- +- var host_ipv6 = this.host.indexOf(']'); +- if(host_ipv6>=0){ +- if(host_ipv6 < (this.host.length-1)){ +- host_ipv6++; +- var host_less = this.host.substring(host_ipv6); +- +- var portColonIndex=host_less.indexOf(':'); +- if(portColonIndex>=0){ +- this.port=host_less.substring(portColonIndex+1); +- this.host=this.host.substring(0,host_ipv6); +- } +- } +- } +- else{ +- var portColonIndex=this.host.indexOf(':'); +- if(portColonIndex>=0){ +- this.port=this.host.substring(portColonIndex+1); +- this.host=this.host.substring(0,portColonIndex); +- } +- } +- this.file=this.url.substring(protocolSepIndex+3); +- this.file=this.file.substring(this.file.indexOf('/')); +- }else{ +- this.file=this.url; +- } +- if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?')); +- +- var refSepIndex=url.indexOf('#'); +- if(refSepIndex>=0){ +- this.file=this.file.substring(0,refSepIndex); +- this.reference=this.url.substring(this.url.indexOf('#')); +- } +- this.path=this.file; +- if(this.query.length>0) this.file+='?'+this.query; +- if(this.reference.length>0) this.file+='#'+this.reference; +- if(this.query.length > 0) this.getArguments(); +-}, +- +-getArguments: function(){ +- var args=this.query.split('&'); +- var keyval=''; +- +- if(args.length<1) return; +- +- for(i=0;i<args.length;i++){ +- keyval=args[i].split('='); +- this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]); +- } +-}, +- +-getArgumentValue: function(key){ +- if(key.length<1) return ''; +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key) return this.arguments[i][1]; +- } +- +-return ''; +-}, +- +-getArgumentValues: function(){ +- var a=new Array(); +- var b=this.query.split('&'); +- var c=''; +- if(b.length<1) return a; +- for(i=0;i<b.length;i++){ +- c=b[i].split('='); +- a[i]=new Array(c[0],((c.length==1)?c[0]:c[1])); +- } +-return a; +-}, +- +-getUrl: function(){ +- var uri = (this.protocol.length > 0)?(this.protocol+'://'):''; +- uri += encodeURI((this.username.length > 0)?(this.username):''); +- uri += encodeURI((this.password.length > 0)?(':'+this.password):''); +- uri += (this.host.length > 0)?(this.host):''; +- uri += (this.port.length > 0)?(':'+this.port):''; +- uri += encodeURI((this.path.length > 0)?(this.path):''); +- uri += encodeURI((this.query.length > 0)?('?'+this.query):''); +- uri += encodeURI((this.reference.length > 0)?('#'+this.reference):''); +-// alert(uri.getProtocol()+' : '+uri.getHost()+' : '+uri.getPort()+' : '+uri.getPath()+' : '+uri.getQuery()); +-return uri; +-}, +- +-setArgument: function(key,value){ +- +- var valueisset = false; +- if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument'; +- +- value =('undefined' != typeof(value))?value:''; +- +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key){ +- valueisset = true; +- this.arguments[i][1] = value; +- } +- } +- if(!valueisset) this.arguments[this.arguments.length] = new Array(key,value); +- this.formatQuery(); +-}, +- +-formatQuery: function(){ +- if(this.arguments.lenght < 1) return; +- +- var query = ''; +- for(i=0; i < this.arguments.length; i++){ +- query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&'; +- } +- this.query = query.substring(0,query.length-1); +-}, +- +-getPort: function(){ +- return this.port; +-}, +- +-setPort: function(port){ +- this.port = port; +-}, +- +-getQuery: function(){ +- return this.query; +-}, +- +-setQuery: function(query){ +- this.query = query; +- this.getArgumentValues(); +- this.formatQuery(); +-}, +- +-/* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */ +-getProtocol: function(){ +- return this.protocol; +-}, +- +-setProtocol: function(protocol){ +- this.protocol = protocol; +-}, +-/* Returns the host name of this URL, i.e. 'server.com' in the url 'http://server.com/' */ +-getHost: function(){ +- return this.host; +-}, +- +-setHost: function(set){ +- this.host = host; +-}, +- +-/* Returns the user name part of this URL, i.e. 'joe' in the url 'http://joe@server.com/' */ +-getUserName: function(){ +- return this.username; +-}, +- +-setUserName: function(username){ +- this.username = username; +-}, +- +-/* Returns the password part of this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */ +-getPassword: function(){ +- return this.password; +-}, +- +-setPassword: function(password){ +- this.password = password; +-}, +- +-/* Returns the file part of this url, i.e. everything after the host name. */ +-getFile: function(){ +- return this.file = file; +-}, +- +-setFile: function(file){ +- this.file = file; +-}, +- +-/* Returns the reference of this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */ +-getReference: function(){ +- return this.reference; +-}, +- +-setReference: function(reference){ +- this.reference = reference; +-}, +- +-/* Returns the file path of this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */ +-getPath: function(){ +- return this.path; +-}, +- +-setPath: function(path){ +- this.path = path; +-} +- +-} +\ No newline at end of file +Index: frontends/php/js/updater.js +=================================================================== +--- frontends/php/js/updater.js (revision 6622) ++++ frontends/php/js/updater.js (revision 6623) +@@ -27,7 +27,7 @@ + + setObj4Update: function(id,frequency,url,params){ + var obj = document.getElementById(id); +- if((typeof(obj) == 'undefined')) return false; ++ if(typeof(obj) == 'undefined') return false; + + var obj4update = { + 'id': id, +@@ -65,7 +65,9 @@ + obj4update.ready = false; + + var uri = new url(obj4update.url); +- new Ajax.Updater(obj4update.id, obj4update.url, ++ uri.setArgument('sessionid', cookie.read('zbx_sessionid')); ++ ++ new Ajax.Updater(obj4update.id, uri.getUrl(),//obj4update.url, + { + method: 'post', + 'parameters': obj4update.params, +Index: frontends/php/js/gpc.js +=================================================================== +--- frontends/php/js/gpc.js (revision 0) ++++ frontends/php/js/gpc.js (revision 6623) +@@ -0,0 +1,315 @@ ++//Javascript document ++/* ++** ZABBIX ++** Copyright (C) 2000-2009 SIA Zabbix ++** ++** This program is free software; you can redistribute it and/or modify ++** it under the terms of the GNU General Public License as published by ++** the Free Software Foundation; either version 2 of the License, or ++** (at your option) any later version. ++** ++** This program is distributed in the hope that it will be useful, ++** but WITHOUT ANY WARRANTY; without even the implied warranty of ++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++** GNU General Public License for more details. ++** ++** You should have received a copy of the GNU General Public License ++** along with this program; if not, write to the Free Software ++** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++**/ ++ ++// Title: cookies class ++// Description: to manipulate cookies on client side ++// Author: Aly ++var cookie ={ ++cookies: new Array(), ++ ++init: function () { ++ var allCookies = document.cookie.split('; '); ++ for (var i=0;i<allCookies.length;i++) { ++ var cookiePair = allCookies[i].split('='); ++ this.cookies[cookiePair[0]] = cookiePair[1]; ++ } ++}, ++ ++create: function (name,value,days) { ++ if(days) { ++ var date = new Date(); ++ date.setTime(date.getTime()+(days*24*60*60*1000)); ++ var expires = "; expires="+date.toGMTString(); ++ } ++ else{ ++ var expires = ""; ++ } ++ ++ document.cookie = name+"="+value+expires+"; path=/"; ++ this.cookies[name] = value; ++}, ++ ++read : function(name){ ++ if(typeof(this.cookies[name]) != 'undefined'){ ++ return this.cookies[name]; ++ } ++ else { ++ var nameEQ = name + "="; ++ var ca = document.cookie.split(';'); ++ for(var i=0;i < ca.length;i++) { ++ var c = ca[i]; ++ while (c.charAt(0)==' ') c = c.substring(1,c.length); ++ if(c.indexOf(nameEQ) == 0) return this.cookies[name] = c.substring(nameEQ.length,c.length); ++ } ++ } ++ return null; ++}, ++ ++printall: function() { ++ var allCookies = document.cookie.split('; '); ++ for(var i=0;i<allCookies.length;i++){ ++ var cookiePair = allCookies[i].split('='); ++ ++ alert("[" + cookiePair[0] + "] is " + cookiePair[1]); // assumes print is already defined ++ } ++}, ++ ++erase: function (name) { ++ this.create(name,'',-1); ++ this.cookies[name] = undefined; ++} ++} ++ ++cookie.init(); ++ ++ ++ ++// Title: url manipulation class ++// Author: Aly ++var url = Class.create(); ++ ++url.prototype = { ++url: '', // actually, it's depricated/private variable ++port: -1, ++host: '', ++protocol: '', ++username: '', ++password: '', ++filr: '', ++reference: '', ++path: '', ++query: '', ++arguments: new Array(), ++ ++initialize: function(url){ ++ this.url=unescape(url); ++ ++ this.query=(this.url.indexOf('?')>=0)?this.url.substring(this.url.indexOf('?')+1):''; ++ if(this.query.indexOf('#')>=0) this.query=this.query.substring(0,this.query.indexOf('#')); ++ ++ var protocolSepIndex=this.url.indexOf('://'); ++ if(protocolSepIndex>=0){ ++ this.protocol=this.url.substring(0,protocolSepIndex).toLowerCase(); ++ this.host=this.url.substring(protocolSepIndex+3); ++ if(this.host.indexOf('/')>=0) this.host=this.host.substring(0,this.host.indexOf('/')); ++ var atIndex=this.host.indexOf('@'); ++ if(atIndex>=0){ ++ var credentials=this.host.substring(0,atIndex); ++ var colonIndex=credentials.indexOf(':'); ++ if(colonIndex>=0){ ++ this.username=credentials.substring(0,colonIndex); ++ this.password=credentials.substring(colonIndex); ++ }else{ ++ this.username=credentials; ++ } ++ this.host=this.host.substring(atIndex+1); ++ } ++ ++ var host_ipv6 = this.host.indexOf(']'); ++ if(host_ipv6>=0){ ++ if(host_ipv6 < (this.host.length-1)){ ++ host_ipv6++; ++ var host_less = this.host.substring(host_ipv6); ++ ++ var portColonIndex=host_less.indexOf(':'); ++ if(portColonIndex>=0){ ++ this.port=host_less.substring(portColonIndex+1); ++ this.host=this.host.substring(0,host_ipv6); ++ } ++ } ++ } ++ else{ ++ var portColonIndex=this.host.indexOf(':'); ++ if(portColonIndex>=0){ ++ this.port=this.host.substring(portColonIndex+1); ++ this.host=this.host.substring(0,portColonIndex); ++ } ++ } ++ this.file=this.url.substring(protocolSepIndex+3); ++ this.file=this.file.substring(this.file.indexOf('/')); ++ }else{ ++ this.file=this.url; ++ } ++ if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?')); ++ ++ var refSepIndex=url.indexOf('#'); ++ if(refSepIndex>=0){ ++ this.file=this.file.substring(0,refSepIndex); ++ this.reference=this.url.substring(this.url.indexOf('#')); ++ } ++ this.path=this.file; ++ if(this.query.length>0) this.file+='?'+this.query; ++ if(this.reference.length>0) this.file+='#'+this.reference; ++ if(this.query.length > 0) this.getArguments(); ++}, ++ ++getArguments: function(){ ++ var args=this.query.split('&'); ++ var keyval=''; ++ ++ if(args.length<1) return; ++ ++ for(i=0;i<args.length;i++){ ++ keyval=args[i].split('='); ++ this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]); ++ } ++}, ++ ++getArgumentValue: function(key){ ++ if(key.length<1) return ''; ++ for(i=0; i < this.arguments.length; i++){ ++ if(this.arguments[i][0] == key) return this.arguments[i][1]; ++ } ++ ++return ''; ++}, ++ ++getArgumentValues: function(){ ++ var a=new Array(); ++ var b=this.query.split('&'); ++ var c=''; ++ if(b.length<1) return a; ++ for(i=0;i<b.length;i++){ ++ c=b[i].split('='); ++ a[i]=new Array(c[0],((c.length==1)?c[0]:c[1])); ++ } ++return a; ++}, ++ ++getUrl: function(){ ++ var uri = (this.protocol.length > 0)?(this.protocol+'://'):''; ++ uri += encodeURI((this.username.length > 0)?(this.username):''); ++ uri += encodeURI((this.password.length > 0)?(':'+this.password):''); ++ uri += (this.host.length > 0)?(this.host):''; ++ uri += (this.port.length > 0)?(':'+this.port):''; ++ uri += encodeURI((this.path.length > 0)?(this.path):''); ++ uri += encodeURI((this.query.length > 0)?('?'+this.query):''); ++ uri += encodeURI((this.reference.length > 0)?('#'+this.reference):''); ++// alert(uri.getProtocol()+' : '+uri.getHost()+' : '+uri.getPort()+' : '+uri.getPath()+' : '+uri.getQuery()); ++return uri; ++}, ++ ++setArgument: function(key,value){ ++ ++ var valueisset = false; ++ if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument'; ++ ++ value =('undefined' != typeof(value))?value:''; ++ ++ for(i=0; i < this.arguments.length; i++){ ++ if(this.arguments[i][0] == key){ ++ valueisset = true; ++ this.arguments[i][1] = value; ++ } ++ } ++ if(!valueisset) this.arguments[this.arguments.length] = new Array(key,value); ++ this.formatQuery(); ++}, ++ ++formatQuery: function(){ ++ if(this.arguments.lenght < 1) return; ++ ++ var query = ''; ++ for(i=0; i < this.arguments.length; i++){ ++ query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&'; ++ } ++ this.query = query.substring(0,query.length-1); ++}, ++ ++getPort: function(){ ++ return this.port; ++}, ++ ++setPort: function(port){ ++ this.port = port; ++}, ++ ++getQuery: function(){ ++ return this.query; ++}, ++ ++setQuery: function(query){ ++ this.query = query; ++ this.getArgumentValues(); ++ this.formatQuery(); ++}, ++ ++/* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */ ++getProtocol: function(){ ++ return this.protocol; ++}, ++ ++setProtocol: function(protocol){ ++ this.protocol = protocol; ++}, ++/* Returns the host name of this URL, i.e. 'server.com' in the url 'http://server.com/' */ ++getHost: function(){ ++ return this.host; ++}, ++ ++setHost: function(set){ ++ this.host = host; ++}, ++ ++/* Returns the user name part of this URL, i.e. 'joe' in the url 'http://joe@server.com/' */ ++getUserName: function(){ ++ return this.username; ++}, ++ ++setUserName: function(username){ ++ this.username = username; ++}, ++ ++/* Returns the password part of this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */ ++getPassword: function(){ ++ return this.password; ++}, ++ ++setPassword: function(password){ ++ this.password = password; ++}, ++ ++/* Returns the file part of this url, i.e. everything after the host name. */ ++getFile: function(){ ++ return this.file = file; ++}, ++ ++setFile: function(file){ ++ this.file = file; ++}, ++ ++/* Returns the reference of this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */ ++getReference: function(){ ++ return this.reference; ++}, ++ ++setReference: function(reference){ ++ this.reference = reference; ++}, ++ ++/* Returns the file path of this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */ ++getPath: function(){ ++ return this.path; ++}, ++ ++setPath: function(path){ ++ this.path = path; ++} ++} +\ No newline at end of file +Index: frontends/php/js/ajax_req.js +=================================================================== +--- frontends/php/js/ajax_req.js (revision 6622) ++++ frontends/php/js/ajax_req.js (revision 6623) +@@ -19,6 +19,8 @@ + **/ + + function send_params(params){ ++ if(typeof(params) == 'undefined') var params = new Array(); ++ params['sessionid'] = cookie.read('zbx_sessionid'); + + var uri = new url(location.href); + new Ajax.Request(uri.getPath()+"?output=ajax", +Index: frontends/php/dashboard.php +=================================================================== +--- frontends/php/dashboard.php (revision 6622) ++++ frontends/php/dashboard.php (revision 6623) +@@ -42,8 +42,8 @@ + 'view_style'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('0,1'), NULL), + 'type'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('0,1'), NULL), + +- 'output'=> array(T_ZBX_STR, O_OPT, P_ACT, NULL, NULL), +- 'jsscriptid'=> array(T_ZBX_STR, O_OPT, P_ACT, NULL, NULL), ++ 'output'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), ++ 'jsscriptid'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), + 'fullscreen'=> array(T_ZBX_INT, O_OPT, P_SYS, IN('0,1'), NULL), + + //ajax +@@ -56,7 +56,7 @@ + ); + + check_fields($fields); +- ++ + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_RES_IDS_ARRAY); + // ACTION ///////////////////////////////////////////////////////////////////////////// + if(isset($_REQUEST['favobj'])){ +Index: frontends/php/include/page_header.php +=================================================================== +--- frontends/php/include/page_header.php (revision 6622) ++++ frontends/php/include/page_header.php (revision 6623) +@@ -428,8 +428,8 @@ + + <script type="text/javascript" src="js/prototype.js"></script> + <script type="text/javascript" src="js/common.js"></script> ++<script type="text/javascript" src="js/gpc.js"></script> + <script type="text/javascript" src="js/ajax_req.js"></script> +-<script type="text/javascript" src="js/url.js"></script> + <script type="text/javascript" src="js/chkbxrange.js"></script> + <?php + if(isset($page['scripts']) && is_array($page['scripts'])){ +Index: frontends/php/include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6622) ++++ frontends/php/include/validate.inc.php (revision 6623) +@@ -432,7 +432,7 @@ + if(!isset($_REQUEST[$field])){ + return ZBX_VALID_OK; + } +- else if(($flags&P_ACT) && !isset($_REQUEST['zbx_form'])){ ++ else if(($flags&P_ACT) && !isset($_REQUEST['sessionid'])){ + return ZBX_VALID_ERROR; + } + } +@@ -465,8 +465,7 @@ + + // VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION + $system_fields=array( +- 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), 'isset({zbx_form})'), +- 'zbx_form'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY, NULL), ++ 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), NULL), + // + 'switch_node'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), + 'triggers_hash'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), +Index: frontends/php/include/classes/ctree.inc.php +=================================================================== +--- frontends/php/include/classes/ctree.inc.php (revision 6622) ++++ frontends/php/include/classes/ctree.inc.php (revision 6623) +@@ -214,7 +214,6 @@ + global $page; + $js = ' + <script src="js/tree.js" type="text/javascript"></script> +- <script src="js/cookies.js" type="text/javascript"></script> + <script type="text/javascript"> + var treenode = new Array(0); + var tree_name = "tree_'.$this->getUserAlias().'_'.$page["file"].'"; +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6622) ++++ frontends/php/include/classes/cform.inc.php (revision 6623) +@@ -27,7 +27,6 @@ + $this->setAction($action); + $this->setEnctype($enctype); + +- $this->addVar('zbx_form', 'action'); + $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); + } + +Index: frontends/php/index.php +=================================================================== +--- frontends/php/index.php (revision 6622) ++++ frontends/php/index.php (revision 6623) +@@ -33,8 +33,8 @@ + "password"=> array(T_ZBX_STR, O_OPT, NULL, NULL, 'isset({enter})'), + "sessionid"=> array(T_ZBX_STR, O_OPT, NULL, NULL, NULL), + "message"=> array(T_ZBX_STR, O_OPT, NULL, NULL, NULL), +- "reconnect"=> array(T_ZBX_INT, O_OPT, P_ACT, BETWEEN(0,65535),NULL), +- "enter"=> array(T_ZBX_STR, O_OPT, P_SYS|P_ACT, NULL, NULL), ++ "reconnect"=> array(T_ZBX_INT, O_OPT, NULL, BETWEEN(0,65535),NULL), ++ "enter"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), + "form"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), + "form_refresh"=> array(T_ZBX_INT, O_OPT, NULL, NULL, NULL) + ); + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/ + +Checks if 'zbx_sessionid' cookie is really here before setting +'sessionid' variable. + +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6624) ++++ frontends/php/include/classes/cform.inc.php (revision 6625) +@@ -27,7 +27,8 @@ + $this->setAction($action); + $this->setEnctype($enctype); + +- $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); ++ if(isset($_COOKIE['zbx_sessionid'])) ++ $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); + } + + function setMethod($value='post'){ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/ + +This hunk basically trades the name 'sessionid' for 'sid'. It also +reshuffles many functions, adds many whitespace changes and implants +URL manipulation tools for JavaScript. + +Index: frontends/php/users.php +=================================================================== +--- frontends/php/users.php (revision 6643) ++++ frontends/php/users.php (revision 6644) +@@ -1,7 +1,7 @@ + <?php + /* + ** ZABBIX +-** Copyright (C) 2000-2005 SIA Zabbix ++** Copyright (C) 2000-2009 SIA Zabbix + ** + ** This program is free software; you can redistribute it and/or modify + ** it under the terms of the GNU General Public License as published by +@@ -24,6 +24,7 @@ + require_once('include/media.inc.php'); + require_once('include/users.inc.php'); + require_once('include/forms.inc.php'); ++ require_once('include/classes/curl.inc.php'); + require_once('include/js.inc.php'); + + $page['title'] = 'S_USERS'; +@@ -32,7 +33,6 @@ + $page['scripts'] = array('menu_scripts.js'); + + include_once('include/page_header.php'); +- + ?> + <?php + $_REQUEST['config']=get_request('config',get_profile('web.users.config',0)); +Index: frontends/php/js/menu.js +=================================================================== +--- frontends/php/js/menu.js (revision 6643) ++++ frontends/php/js/menu.js (revision 6644) +@@ -386,8 +386,13 @@ + this.n_y -= this.getprop('height') * (o_parent.a_config.length - item_offset); + } + ++ if(!is_null(this.a_config[1]) && (this.a_config[1].indexOf('javascript') == -1)){ ++ var uri = new url(this.a_config[1]); ++ this.a_config[1] = uri.getUrl(); ++ } ++ + // generate item's HMTL +- var el = document.createElement("a"); ++ var el = document.createElement('a'); + el.setAttribute('id', 'e' + o_root.n_id + '_' + this.n_id + 'o'); + el.setAttribute('href', this.a_config[1]); + +Index: frontends/php/js/updater.js +=================================================================== +--- frontends/php/js/updater.js (revision 6643) ++++ frontends/php/js/updater.js (revision 6644) +@@ -65,8 +65,6 @@ + obj4update.ready = false; + + var uri = new url(obj4update.url); +- uri.setArgument('sessionid', cookie.read('zbx_sessionid')); +- + new Ajax.Updater(obj4update.id, uri.getUrl(),//obj4update.url, + { + method: 'post', +Index: frontends/php/js/gpc.js +=================================================================== +--- frontends/php/js/gpc.js (revision 6643) ++++ frontends/php/js/gpc.js (revision 6644) +@@ -96,7 +96,7 @@ + reference: '', + path: '', + query: '', +-arguments: new Array(), ++arguments: {}, + + initialize: function(url){ + this.url=unescape(url); +@@ -116,7 +116,8 @@ + if(colonIndex>=0){ + this.username=credentials.substring(0,colonIndex); + this.password=credentials.substring(colonIndex); +- }else{ ++ } ++ else{ + this.username=credentials; + } + this.host=this.host.substring(atIndex+1); +@@ -144,9 +145,11 @@ + } + this.file=this.url.substring(protocolSepIndex+3); + this.file=this.file.substring(this.file.indexOf('/')); +- }else{ ++ } ++ else{ + this.file=this.url; + } ++ + if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?')); + + var refSepIndex=url.indexOf('#'); +@@ -157,42 +160,51 @@ + this.path=this.file; + if(this.query.length>0) this.file+='?'+this.query; + if(this.reference.length>0) this.file+='#'+this.reference; +- if(this.query.length > 0) this.getArguments(); ++ if(this.query.length > 0) this.formatArguments(); ++ ++ var sid = cookie.read('zbx_sessionid'); ++ this.setArgument('sid', sid.substring(16)); + }, + +-getArguments: function(){ ++ ++formatQuery: function(){ ++ if(this.arguments.lenght < 1) return; ++ ++ var query = ''; ++ for(var key in this.arguments){ ++ if(typeof(this.arguments[key]) != 'undefined'){ ++ query+=key+'='+this.arguments[key]+'&'; ++ } ++ } ++ this.query = query.substring(0,query.length-1); ++}, ++ ++formatArguments: function(){ + var args=this.query.split('&'); + var keyval=''; +- ++ + if(args.length<1) return; + +- for(i=0;i<args.length;i++){ +- keyval=args[i].split('='); +- this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]); ++ for(i=0; i<args.length; i++){ ++ keyval = args[i].split('='); ++ this.arguments[keyval[0]] = (keyval.length>1)?keyval[1]:''; + } + }, + +-getArgumentValue: function(key){ +- if(key.length<1) return ''; +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key) return this.arguments[i][1]; +- } +- +-return ''; ++setArgument: function(key,value){ ++ this.arguments[key] = value; ++ this.formatQuery(); + }, + +-getArgumentValues: function(){ +- var a=new Array(); +- var b=this.query.split('&'); +- var c=''; +- if(b.length<1) return a; +- for(i=0;i<b.length;i++){ +- c=b[i].split('='); +- a[i]=new Array(c[0],((c.length==1)?c[0]:c[1])); +- } +-return a; ++getArgument: function(key){ ++ if(typeof(this.arguments[key]) != 'undefined') return this.arguments[key]; ++ else return null; + }, + ++getArguments: function(){ ++ return this.arguments; ++}, ++ + getUrl: function(){ + var uri = (this.protocol.length > 0)?(this.protocol+'://'):''; + uri += encodeURI((this.username.length > 0)?(this.username):''); +@@ -206,51 +218,30 @@ + return uri; + }, + +-setArgument: function(key,value){ +- +- var valueisset = false; +- if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument'; +- +- value =('undefined' != typeof(value))?value:''; +- +- for(i=0; i < this.arguments.length; i++){ +- if(this.arguments[i][0] == key){ +- valueisset = true; +- this.arguments[i][1] = value; +- } +- } +- if(!valueisset) this.arguments[this.arguments.length] = new Array(key,value); +- this.formatQuery(); ++setPort: function(port){ ++ this.port = port; + }, + +-formatQuery: function(){ +- if(this.arguments.lenght < 1) return; +- +- var query = ''; +- for(i=0; i < this.arguments.length; i++){ +- query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&'; +- } +- this.query = query.substring(0,query.length-1); +-}, +- + getPort: function(){ + return this.port; + }, + +-setPort: function(port){ +- this.port = port; ++setQuery: function(query){ ++ this.query = query; ++ if(this.query.indexOf('?')>=0){ ++ this.query= this.query.substring(this.query.indexOf('?')+1); ++ } ++ ++ this.formatArguments(); ++ ++ var sid = cookie.read('zbx_sessionid'); ++ this.setArgument('sid', sid.substring(16)); + }, + + getQuery: function(){ + return this.query; + }, + +-setQuery: function(query){ +- this.query = query; +- this.getArgumentValues(); +- this.formatQuery(); +-}, +- + /* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */ + getProtocol: function(){ + return this.protocol; +@@ -264,7 +255,7 @@ + return this.host; + }, + +-setHost: function(set){ ++setHost: function(host){ + this.host = host; + }, + +@@ -288,7 +279,7 @@ + + /* Returns the file part of this url, i.e. everything after the host name. */ + getFile: function(){ +- return this.file = file; ++ return this.file; + }, + + setFile: function(file){ +Index: frontends/php/js/menu_scripts.js +=================================================================== +--- frontends/php/js/menu_scripts.js (revision 6643) ++++ frontends/php/js/menu_scripts.js (revision 6644) +@@ -64,7 +64,7 @@ + for(var i=0; i < menu_usrgrp_gui.length; i++){ + if((typeof(menu_usrgrp_gui[i]) != 'undefined') && !empty(menu_usrgrp_gui[i])){ + var row = menu_usrgrp_gui[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=1&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=1&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_gui_add_to.push(menu_row); + } + } +@@ -73,7 +73,7 @@ + for(var i=0; i < usr_grp_gui_in.length; i++){ + if((typeof(usr_grp_all_in[i]) != 'undefined') && !empty(usr_grp_gui_in[i])){ + var row = usr_grp_gui_in[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=0&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=0&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_gui_rmv_frm.push(menu_row); + } + } +@@ -89,7 +89,7 @@ + for(var i=0; i < menu_usrgrp_status.length; i++){ + if((typeof(menu_usrgrp_status[i]) != 'undefined') && !empty(menu_usrgrp_status[i])){ + var row = menu_usrgrp_status[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=1&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=1&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_status_add_to.push(menu_row); + } + } +@@ -98,7 +98,7 @@ + for(var i=0; i < usr_grp_status_in.length; i++){ + if((typeof(usr_grp_status_in[i]) != 'undefined') && !empty(usr_grp_status_in[i])){ + var row = usr_grp_status_in[i]; +- var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=0&userid="+userid+"&usrgrpid="+row.usrgrpid); ++ var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=0&userid='+userid+'&usrgrpid='+row.usrgrpid); + grp_status_rmv_frm.push(menu_row); + } + } +Index: frontends/php/js/common.js +=================================================================== +--- frontends/php/js/common.js (revision 6643) ++++ frontends/php/js/common.js (revision 6644) +@@ -82,6 +82,16 @@ + div_help.appendChild(document.createElement("br")); + } + ++function SDJ(obj){ ++ var debug = ''; ++ for(var key in obj) { ++ var value = obj[key]; ++ debug+=key+': '+value+'\n'; ++ } ++ SDI('\n'+debug); ++} ++ ++ + /// Alpha-Betic sorting + + function addListener(element, eventname, expression, bubbling){ +Index: frontends/php/js/ajax_req.js +=================================================================== +--- frontends/php/js/ajax_req.js (revision 6643) ++++ frontends/php/js/ajax_req.js (revision 6644) +@@ -20,14 +20,16 @@ + + function send_params(params){ + if(typeof(params) == 'undefined') var params = new Array(); +- params['sessionid'] = cookie.read('zbx_sessionid'); + + var uri = new url(location.href); +- new Ajax.Request(uri.getPath()+"?output=ajax", ++ uri.setQuery('?output=ajax'); ++ ++ new Ajax.Request(uri.getUrl(), + { + 'method': 'post', + 'parameters':params, +- 'onSuccess': function(resp){ },//alert(resp.responseText); ++ 'onSuccess': function(resp){ }, ++// 'onSuccess': function(resp){ alert(resp.responseText); }, + 'onFailure': function(){ document.location = uri.getPath()+'?'+Object.toQueryString(params); } + } + ); +Index: frontends/php/dashboard.php +=================================================================== +--- frontends/php/dashboard.php (revision 6643) ++++ frontends/php/dashboard.php (revision 6644) +@@ -54,7 +54,7 @@ + 'action'=> array(T_ZBX_STR, O_OPT, P_ACT, IN("'add','remove'"),NULL), + 'state'=> array(T_ZBX_INT, O_OPT, P_ACT, NOT_EMPTY, 'isset({favobj}) && ("hat"=={favobj})'), + ); +- ++ + check_fields($fields); + + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_RES_IDS_ARRAY); +@@ -179,11 +179,11 @@ + $p_elements = array(); + // Header + +- $url = '?fullscreen='.($_REQUEST['fullscreen']?'0':'1'); ++ $url = new Curl('?fullscreen='.($_REQUEST['fullscreen']?'0':'1')); + + $fs_icon = new CDiv(SPACE,'fullscreen'); + $fs_icon->AddOption('title',$_REQUEST['fullscreen']?S_NORMAL.' '.S_VIEW:S_FULLSCREEN); +- $fs_icon->AddAction('onclick',new CScript("javascript: document.location = '".$url."';")); ++ $fs_icon->AddAction('onclick',new CScript("javascript: document.location = '".$url->getUrl()."';")); + //------------- + + $left_tab = new CTable(); +Index: frontends/php/include/func.inc.php +=================================================================== +--- frontends/php/include/func.inc.php (revision 6643) ++++ frontends/php/include/func.inc.php (revision 6644) +@@ -344,6 +344,18 @@ + return $pos; + } + ++function zbx_substring($haystack, $start, $end=null){ ++ if($end < $start) return ''; ++ ++ $len = zbx_strlen($haystack); ++ if(is_null($end)) ++ $result = substr($haystack, $start); ++ else ++ $result = substr($haystack, $start, ($end - $start)); ++ ++return $result; ++} ++ + function uint_in_array($needle,$haystack){ + foreach($haystack as $id => $value) + if(bccomp($needle,$value) == 0) return true; +Index: frontends/php/include/screens.inc.php +=================================================================== +--- frontends/php/include/screens.inc.php (revision 6643) ++++ frontends/php/include/screens.inc.php (revision 6644) +@@ -886,7 +886,7 @@ + $action = 'screenedit.php?form=update'.url_param('screenid').'&x='.$c.'&y='.$r.'#form'; + else + $action = NULL; +- ++ + if($editmode == 1 && isset($_REQUEST["form"]) && + isset($_REQUEST["x"]) && $_REQUEST["x"]==$c && + isset($_REQUEST["y"]) && $_REQUEST["y"]==$r) +Index: frontends/php/include/perm.inc.php +=================================================================== +--- frontends/php/include/perm.inc.php (revision 6643) ++++ frontends/php/include/perm.inc.php (revision 6644) +@@ -44,7 +44,7 @@ + $USER_DETAILS = NULL; + $login = FALSE; + +- $sessionid = get_request('sessionid',get_cookie('zbx_sessionid')); ++ $sessionid = get_cookie('zbx_sessionid'); + + if(!is_null($sessionid)){ + $sql = 'SELECT u.*,s.* '. +Index: frontends/php/include/config.inc.php +=================================================================== +--- frontends/php/include/config.inc.php (revision 6643) ++++ frontends/php/include/config.inc.php (revision 6644) +@@ -65,6 +65,7 @@ + require_once('include/classes/cpumenu.inc.php'); + require_once('include/classes/graph.inc.php'); + require_once('include/classes/cscript.inc.php'); ++ require_once('include/classes/curl.inc.php'); + + // Include Tactical Overview modules + +Index: frontends/php/include/validate.inc.php +=================================================================== +--- frontends/php/include/validate.inc.php (revision 6643) ++++ frontends/php/include/validate.inc.php (revision 6644) +@@ -432,8 +432,13 @@ + if(!isset($_REQUEST[$field])){ + return ZBX_VALID_OK; + } +- else if(($flags&P_ACT) && !isset($_REQUEST['sessionid'])){ +- return ZBX_VALID_ERROR; ++ else if($flags&P_ACT){ ++ if(!isset($_REQUEST['sid'])){ ++ return ZBX_VALID_ERROR; ++ } ++ else if(isset($_COOKIE['zbx_sessionid']) && ($_REQUEST['sid'] != substr($_COOKIE['zbx_sessionid'],16,16))){ ++ return ZBX_VALID_ERROR; ++ } + } + } + +@@ -465,7 +470,7 @@ + + // VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION + $system_fields=array( +- 'sessionid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), NULL), ++ 'sid'=> array(T_ZBX_STR, O_OPT, P_SYS, HEX(), NULL), + // + 'switch_node'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID,NULL), + 'triggers_hash'=> array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY,NULL), +Index: frontends/php/include/classes/clink.inc.php +=================================================================== +--- frontends/php/include/classes/clink.inc.php (revision 6643) ++++ frontends/php/include/classes/clink.inc.php (revision 6644) +@@ -19,12 +19,14 @@ + **/ + ?> + <?php +- class CLink extends CTag +- { ++ class CLink extends CTag{ + /* public */ + function CLink($item=NULL,$url=NULL,$class=NULL,$action=NULL){ + parent::CTag('a','yes'); +- ++ ++ $uri = new Curl($url); ++ $url = $uri->getUrl(); ++ + $this->tag_start= ''; + $this->tag_end = ''; + $this->tag_body_start = ''; +@@ -36,14 +38,14 @@ + if(!is_null($action)) $this->SetAction($action); + } + +- function SetAction($value=NULL){ ++ function setAction($value=NULL){ + if(is_null($value)) + return $this->options['action'] = $page['file']; + + return parent::AddAction('onclick', $value); + } + +- function SetUrl($value){ ++ function setUrl($value){ + $this->AddOption('href', $value); + } + +@@ -54,7 +56,7 @@ + return null; + } + +- function SetTarget($value=NULL){ ++ function setTarget($value=NULL){ + if(is_null($value)){ + unset($this->options['target']); + } +Index: frontends/php/include/classes/curl.inc.php +=================================================================== +--- frontends/php/include/classes/curl.inc.php (revision 0) ++++ frontends/php/include/classes/curl.inc.php (revision 6644) +@@ -0,0 +1,273 @@ ++<?php ++/* ++** ZABBIX ++** Copyright (C) 2000-2005 SIA Zabbix ++** ++** $this program is free software; you can redistribute it and/or modify ++** it under the terms of the GNU General Public License as published by ++** the Free Software Foundation; either version 2 of the License, or ++** (at your option) any later version. ++** ++** $this program is distributed in the hope that it will be useful, ++** but WITHOUT ANY WARRANTY; without even the implied warranty of ++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++** GNU General Public License for more details. ++** ++** You should have received a copy of the GNU General Public License ++** along with $this program; if not, write to the Free Software ++** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++**/ ++?> ++<?php ++// Title: url manipulation class ++// Author: Aly ++ ++class Curl{ ++/* ++private $url = ''; // actually, it's depricated/private variable ++private $port = false; ++private $host = ''; ++private $protocol = ''; ++private $username = ''; ++private $password = ''; ++private $filr = ''; ++private $reference = ''; ++private $path = ''; ++private $query = ''; ++private $arguments = array(); ++//*/ ++ ++function curl($url=null){ ++ global $USER_DETAILS; ++ ++ $this->url = ''; // actually, it's depricated/private variable ++ $this->port = false; ++ $this->host = ''; ++ $this->protocol = ''; ++ $this->username = ''; ++ $this->password = ''; ++ $this->filr = ''; ++ $this->reference = ''; ++ $this->path = ''; ++ $this->query = ''; ++ $this->arguments = array(); ++ ++ if(empty($url)){ ++ $this->formatArguments(); ++ $this->url = $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'].'?'.$this->getQuery(); ++ } ++ else{ ++ $this->url=urldecode($url); ++ ++ $tmp_pos = strpos($this->url,'?'); ++ $this->query=($tmp_pos!==false)?(substr($this->url,$tmp_pos+1)):''; ++ ++ $tmp_pos = strpos($this->query,'#'); ++ if($tmp_pos!==false) $this->query=zbx_substring($this->query,0,$tmp_pos); ++ ++ $this->formatArguments($this->query); ++ } ++ ++ $protocolSepIndex=strpos($this->url,'://'); ++ if($protocolSepIndex!==false){ ++ $this->protocol= strtolower(zbx_substring($this->url,0,$protocolSepIndex)); ++ ++ $this->host=substr($this->url, $protocolSepIndex+3); ++ ++ $tmp_pos = strpos($this->host,'/'); ++ if($tmp_pos!==false) $this->host=zbx_substring($this->host,0,$tmp_pos); ++ ++ $atIndex=strpos($this->host,'@'); ++ if($atIndex!==false){ ++ $credentials=zbx_substring($this->host,0,$atIndex); ++ ++ $colonIndex=strpos(credentials,':'); ++ if($colonIndex!==false){ ++ $this->username=zbx_substring($credentials,0,$colonIndex); ++ $this->password=substr($credentials,$colonIndex); ++ } ++ else{ ++ $this->username=$credentials; ++ } ++ $this->host=substr($this->host,$atIndex+1); ++ } ++ ++ $host_ipv6 = strpos($this->host,']'); ++ if($host_ipv6!==false){ ++ if($host_ipv6 < (zbx_strlen($this->host)-1)){ ++ $host_ipv6++; ++ $host_less = substr($this->host,$host_ipv6); ++ ++ $portColonIndex=strpos($host_less,':'); ++ if($portColonIndex!==false){ ++ $this->host=zbx_substring($this->host,0,$host_ipv6); ++ $this->port=substr($host_less,$portColonIndex+1); ++ } ++ } ++ } ++ else{ ++ $portColonIndex=strpos($this->host,':'); ++ if($portColonIndex!==false){ ++ $this->host=zbx_substring($this->host,0,$portColonIndex); ++ $this->port=substr($this->host,$portColonIndex+1); ++ } ++ } ++ ++ $this->file = substr($this->url,$protocolSepIndex+3); ++ $this->file = substr($this->file, strpos($this->file,'/')); ++ } ++ else{ ++ $this->file = $this->url; ++ } ++ ++ $tmp_pos = strpos($this->file,'?'); ++ if($tmp_pos!==false) $this->file=zbx_substring($this->file, 0, $tmp_pos); ++ ++ $refSepIndex=strpos($url,'#'); ++ if($refSepIndex!==false){ ++ $this->file = zbx_substring($this->file,0,$refSepIndex); ++ $this->reference = substr($url,strpos($url,'#')+1); ++ } ++ ++ $this->path=$this->file; ++ if(zbx_strlen($this->query)>0) $this->file.='?'.$this->query; ++ if(zbx_strlen($this->reference)>0) $this->file.='#'.$this->reference; ++ ++ if(isset($_COOKIE['zbx_sessionid'])) ++ $this->setArgument('sid', substr($_COOKIE['zbx_sessionid'],16,16)); ++} ++ ++function formatQuery(){ ++ $query = ''; ++ foreach($this->arguments as $key => $value){ ++ $query.= $key.'='.$value.'&'; ++ } ++ $this->query = rtrim($query,'&'); ++} ++ ++function formatArguments($query=null){ ++ if(is_null($query)){ ++ $this->arguments = $_REQUEST; ++ } ++ else{ ++ $query=ltrim($query,'?'); ++ $args = explode('&',$query); ++ foreach($args as $id => $arg){ ++ if(empty($arg)) continue; ++ ++ $tmp = explode('=',$arg); ++ $this->arguments[$tmp[0]] = isset($tmp[1])?$tmp[1]:''; ++ } ++ } ++ $this->formatQuery(); ++} ++ ++function getUrl(){ ++ $url = (zbx_strlen($this->protocol) > 0)?($this->protocol.'://'):''; ++ $url .= (zbx_strlen($this->username) > 0)?$this->username:''; ++ $url .= (zbx_strlen($this->password) > 0)?':'.$this->password:''; ++ $url .= (zbx_strlen($this->host) > 0)?$this->host:''; ++ $url .= $this->port?(':'.$this->port):''; ++ $url .= (zbx_strlen($this->path) > 0)?$this->path:''; ++ $url .= (zbx_strlen($this->query) > 0)?('?'.$this->query):''; ++ $url .= (zbx_strlen($this->reference) > 0)?('#'.urlencode($this->reference)):''; ++ ++//SDI($this->getProtocol().' : '.$this->getHost().' : '.$this->getPort().' : '.$this->getPath().' : '.$this->getQuery()); ++return $url; ++} ++ ++function setPort($port){ ++ $this->port = $port; ++} ++ ++function getPort(){ ++ return $this->port; ++} ++ ++function setArgument($key,$value=''){ ++ $this->arguments[$key] = $value; ++ $this->formatQuery(); ++} ++ ++function getArgument($key){ ++ if(isset($this->arguments[$key])) return $this->arguments[$key]; ++ else return NULL; ++} ++ ++function setQuery($query){ ++ $this->query = $query; ++ $this->formatArguments(); ++ $this->formatQuery(); ++} ++ ++function getQuery(){ ++ return $this->query; ++} ++ ++function setProtocol($protocol){ ++ $this->protocol = $protocol; ++} ++ ++/* Returns the protocol of $this URL, i.e. 'http' in the url 'http://server/' */ ++function getProtocol(){ ++ return $this->protocol; ++} ++ ++function setHost($host){ ++ $this->host = $host; ++} ++ ++/* Returns the host name of $this URL, i.e. 'server.com' in the url 'http://server.com/' */ ++function getHost(){ ++ return $this->host; ++} ++ ++function setUserName($username){ ++ $this->username = $username; ++} ++ ++/* Returns the user name part of $this URL, i.e. 'joe' in the url 'http://joe@server.com/' */ ++function getUserName(){ ++ return $this->username; ++} ++ ++function setPassword($password){ ++ $this->password = $password; ++} ++ ++/* Returns the password part of $this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */ ++function getPassword(){ ++ return $this->password; ++} ++ ++function setFile($file){ ++ $this->file = $file; ++} ++ ++/* Returns the file part of $this url, i.e. everything after the host name. */ ++function getFile(){ ++ return $this->file; ++} ++ ++function setReference($reference){ ++ $this->reference = $reference; ++} ++ ++/* Returns the reference of $this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */ ++function getReference(){ ++ return $this->reference; ++} ++ ++function setPath($path){ ++ $this->path = $path; ++} ++ ++/* Returns the file path of $this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */ ++function getPath(){ ++ return $this->path; ++} ++ ++function toString(){ ++ return $this->getUrl(); ++} ++} +\ No newline at end of file +Index: frontends/php/include/classes/cform.inc.php +=================================================================== +--- frontends/php/include/classes/cform.inc.php (revision 6643) ++++ frontends/php/include/classes/cform.inc.php (revision 6644) +@@ -28,7 +28,7 @@ + $this->setEnctype($enctype); + + if(isset($_COOKIE['zbx_sessionid'])) +- $this->addVar('sessionid', $_COOKIE['zbx_sessionid']); ++ $this->addVar('sid', substr($_COOKIE['zbx_sessionid'],16,16)); + } + + function setMethod($value='post'){ +Index: frontends/php/include/classes/ctag.inc.php +=================================================================== +--- frontends/php/include/classes/ctag.inc.php (revision 6643) ++++ frontends/php/include/classes/ctag.inc.php (revision 6644) +@@ -1,7 +1,7 @@ + <?php + /* + ** ZABBIX +-** Copyright (C) 2000-2005 SIA Zabbix ++** Copyright (C) 2000-2009 SIA Zabbix + ** + ** This program is free software; you can redistribute it and/or modify + ** it under the terms of the GNU General Public License as published by +@@ -19,272 +19,258 @@ + **/ + ?> + <?php +- function destroy_objects() +- { +- global $GLOBALS; +- +- if(isset($GLOBALS)) foreach($GLOBALS as $name => $value) +- { +- if(!is_object($GLOBALS[$name])) continue; +- unset($GLOBALS[$name]); +- } ++function destroy_objects(){ ++ if(isset($GLOBALS)) foreach($GLOBALS as $name => $value){ ++ if(!is_object($GLOBALS[$name])) continue; ++ unset($GLOBALS[$name]); + } +- +- function unpack_object(&$item) +- { +- $res = ""; ++} + +- if(is_object($item)) +- { +- $res = $item->ToString(false); +- } +- elseif(is_array($item)) +- { +- foreach($item as $id => $dat) +- $res .= unpack_object($item[$id]); // Attention, recursion !!! +- } +- elseif(!is_null($item)) +- { +- $res = strval($item); +- unset($item); +- } +- return $res; ++function unpack_object(&$item){ ++ $res = ''; ++ ++ if(is_object($item)){ ++ $res = $item->toString(false); + } ++ else if(is_array($item)){ ++ foreach($item as $id => $dat) ++ $res .= unpack_object($item[$id]); // Attention, recursion !!! ++ } ++ else if(!is_null($item)){ ++ $res = strval($item); ++ unset($item); ++ } ++return $res; ++} + +- function implode_objects($glue, &$pieces) +- { +- if( !is_array($pieces) ) return unpack_object($pieces); ++function implode_objects($glue, &$pieces){ ++ if( !is_array($pieces) ) return unpack_object($pieces); + +- foreach($pieces as $id => $piece) +- $pieces[$id] = unpack_object($piece); ++ foreach($pieces as $id => $piece) ++ $pieces[$id] = unpack_object($piece); + +- return implode($glue, $pieces); +- } ++return implode($glue, $pieces); ++} + +- class CObject +- { +- function CObject($items=null) +- { +- $this->items = array(); +- if(isset($items)) +- { +- $this->AddItem($items); +- } ++class CObject{ ++ function CObject($items=null){ ++ $this->items = array(); ++ if(isset($items)){ ++ $this->addItem($items); + } +- +- function ToString($destroy=true) +- { +- $res = implode('',$this->items); +- if($destroy) $this->Destroy(); +- return $res; +- } ++ } ++ ++ function toString($destroy=true){ ++ $res = implode('',$this->items); ++ if($destroy) $this->destroy(); ++ return $res; ++ } + +- function Show($destroy=true){ +- echo $this->ToString($destroy); +- } ++ function show($destroy=true){ ++ echo $this->toString($destroy); ++ } + +- function Destroy() +- { ++ function destroy(){ + // TODO Problem under PHP 5.0 "Fatal error: Cannot re-assign $this in ..." + // $this = null; +- $this->CleanItems(); +- } ++ $this->cleanItems(); ++ } + +- function CleanItems(){ +- $this->items = array(); ++ function cleanItems(){ ++ $this->items = array(); ++ } ++ ++ function itemsCount(){ ++ return count($this->items); ++ } ++ ++ function addItem($value){ ++ ++ if(is_object($value)){ ++ array_push($this->items,unpack_object($value)); + } +- +- function ItemsCount(){ +- return count($this->items); ++ else if(is_string($value)){ ++ array_push($this->items,str_replace(array('<','>','"'),array('<','>','"'),$value)); ++// array_push($this->items,htmlspecialchars($value)); + } +- +- function AddItem($value){ +- +- if(is_object($value)){ +- array_push($this->items,unpack_object($value)); ++ else if(is_array($value)){ ++ foreach($value as $item){ ++ $this->addItem($item); // Attention, recursion !!! + } +- else if(is_string($value)){ +- array_push($this->items,str_replace(array('<','>','"'),array('<','>','"'),$value)); +-// array_push($this->items,htmlspecialchars($value)); +- } +- else if(is_array($value)){ +- foreach($value as $item){ +- $this->AddItem($item); // Attention, recursion !!! +- } +- } +- else if(!is_null($value)){ +- array_push($this->items,unpack_object($value)); +- } + } ++ else if(!is_null($value)){ ++ array_push($this->items,unpack_object($value)); ++ } + } ++} + +- class CTag extends CObject{ ++class CTag extends CObject{ + /* private *//* +- var $tagname; +- var $options = array(); +- var $paired;*/ ++ var $tagname; ++ var $options = array(); ++ var $paired;*/ + /* protected *//* +- var $items = array(); ++ var $items = array(); + +- var $tag_body_start; +- var $tag_body_end; +- var $tag_start; +- var $tag_end;*/ ++ var $tag_body_start; ++ var $tag_body_end; ++ var $tag_start; ++ var $tag_end;*/ + + /* public */ +- function CTag($tagname=NULL, $paired='no', $body=NULL, $class=null){ +- parent::CObject(); ++ function CTag($tagname=NULL, $paired='no', $body=NULL, $class=null){ ++ parent::CObject(); + +- $this->options = array(); ++ $this->options = array(); + +- if(!is_string($tagname)){ +- return $this->error('Incorrect tagname for CTag ['.$tagname.']'); +- } +- +- $this->tagname = $tagname; +- $this->paired = $paired; +- +- $this->tag_start = $this->tag_end = $this->tag_body_start = $this->tag_body_end = ''; +- +- if(is_null($body)){ +- $this->tag_end = $this->tag_body_start = "\n"; +- } +- else{ +- CTag::AddItem($body); +- } +- +- $this->SetClass($class); ++ if(!is_string($tagname)){ ++ return $this->error('Incorrect tagname for CTag ['.$tagname.']'); + } + +- function ShowStart() { echo $this->StartToString(); } +- function ShowBody() { echo $this->BodyToString(); } +- function ShowEnd() { echo $this->EndToString(); } ++ $this->tagname = $tagname; ++ $this->paired = $paired; + +- function StartToString(){ +- $res = $this->tag_start.'<'.$this->tagname; +- foreach($this->options as $key => $value){ +- $res .= ' '.$key.'="'.$value.'"'; +- } +- $res .= ($this->paired=='yes')?'>':' />'; +- return $res; +- } ++ $this->tag_start = $this->tag_end = $this->tag_body_start = $this->tag_body_end = ''; + +- function BodyToString(){ +- $res = $this->tag_body_start; +- return $res.parent::ToString(false); +- +- /*foreach($this->items as $item) +- $res .= $item; +- return $res;*/ ++ if(is_null($body)){ ++ $this->tag_end = $this->tag_body_start = "\n"; + } +- +- function EndToString(){ +- $res = ($this->paired=='yes') ? $this->tag_body_end.'</'.$this->tagname.'>' : ''; +- $res .= $this->tag_end; +- return $res; ++ else{ ++ CTag::addItem($body); + } +- +- function ToString($destroy=true){ +- $res = $this->StartToString(); +- $res .= $this->BodyToString(); +- $res .= $this->EndToString(); + +- if($destroy) $this->Destroy(); ++ $this->setClass($class); ++ } ++ ++ function showStart() { echo $this->startToString(); } ++ function showBody() { echo $this->bodyToString(); } ++ function showEnd() { echo $this->endToString(); } + +- return $res; ++ function startToString(){ ++ $res = $this->tag_start.'<'.$this->tagname; ++ foreach($this->options as $key => $value){ ++ $res .= ' '.$key.'="'.$value.'"'; + } +- +- function SetName($value){ +- if(is_null($value)) return $value; ++ $res .= ($this->paired=='yes')?'>':' />'; ++ return $res; ++ } + +- if(!is_string($value)){ +- return $this->error("Incorrect value for SetName [$value]"); +- } +- return $this->AddOption("name",$value); +- } ++ function bodyToString(){ ++ $res = $this->tag_body_start; ++ return $res.parent::ToString(false); + +- function GetName(){ +- if(isset($this->options['name'])) +- return $this->options['name']; +- return NULL; +- } +- +- function SetClass($value){ +- if(isset($value)) +- $this->options['class'] = $value; +- else +- unset($this->options['class']); ++ /*foreach($this->items as $item) ++ $res .= $item; ++ return $res;*/ ++ } ++ ++ function endToString(){ ++ $res = ($this->paired=='yes') ? $this->tag_body_end.'</'.$this->tagname.'>' : ''; ++ $res .= $this->tag_end; ++ return $res; ++ } ++ ++ function toString($destroy=true){ ++ $res = $this->startToString(); ++ $res .= $this->bodyToString(); ++ $res .= $this->endToString(); + +- return $value; ++ if($destroy) $this->Destroy(); ++ ++ return $res; ++ } ++ ++ function setName($value){ ++ if(is_null($value)) return $value; ++ ++ if(!is_string($value)){ ++ return $this->error("Incorrect value for setName [$value]"); + } +- +- function DelOption($name){ +- unset($this->options[$name]); +- } +- +- function GetOption($name){ +- $ret = NULL; +- if(isset($this->options[$name])) +- $ret =& $this->options[$name]; +- return $ret; +- } ++ return $this->addOption("name",$value); ++ } ++ ++ function getName(){ ++ if(isset($this->options['name'])) ++ return $this->options['name']; ++ return NULL; ++ } ++ ++ function setClass($value){ ++ if(isset($value)) ++ $this->options['class'] = $value; ++ else ++ unset($this->options['class']); + +- function SetHint($text, $width='', $class=''){ +- if(empty($text)) return false; ++ return $value; ++ } ++ ++ function DelOption($name){ ++ unset($this->options[$name]); ++ } ++ ++ function getOption($name){ ++ $ret = NULL; ++ if(isset($this->options[$name])) ++ $ret =& $this->options[$name]; ++ return $ret; ++ } + +- insert_showhint_javascript(); ++ function setHint($text, $width='', $class=''){ ++ if(empty($text)) return false; + +- $text = unpack_object($text); +- if($width != '' || $class != ''){ +- $code = "show_hint_ext(this,event,'".$text."','".$width."','".$class."');"; +- } +- else{ +- $code = "show_hint(this,event,'".$text."');"; +- } ++ insert_showhint_javascript(); + +- $this->AddAction('onMouseOver', $code); +- $this->AddAction('onMouseMove', 'update_hint(this,event);'); ++ $text = unpack_object($text); ++ if($width != '' || $class != ''){ ++ $code = "show_hint_ext(this,event,'".$text."','".$width."','".$class."');"; + } +- +- function OnClick($handle_code){ +- $this->AddAction('onclick', $handle_code); ++ else{ ++ $code = "show_hint(this,event,'".$text."');"; + } + +- function AddAction($name, $value){ +- if(is_object($value)){ +- $this->options[$name] = unpack_object($value); +- } +- else if(!empty($value)){ +- $this->options[$name] = htmlentities(str_replace(array("\r", "\n"), '', strval($value)),ENT_COMPAT,S_HTML_CHARSET); +- } ++ $this->addAction('onMouseOver', $code); ++ $this->addAction('onMouseMove', 'update_hint(this,event);'); ++ } ++ ++ function onClick($handle_code){ ++ $this->addAction('onclick', $handle_code); ++ } ++ ++ function addAction($name, $value){ ++ if(is_object($value)){ ++ $this->options[$name] = unpack_object($value); + } ++ else if(!empty($value)){ ++ $this->options[$name] = htmlentities(str_replace(array("\r", "\n"), '', strval($value)),ENT_COMPAT,S_HTML_CHARSET); ++ } ++ } + +- function AddOption($name, $value){ +- if(is_object($value)){ +- $this->options[$name] = unpack_object($value); +- } +- else if(isset($value)) +- $this->options[$name] = htmlspecialchars(strval($value)); +- else +- unset($this->options[$name]); ++ function addOption($name, $value){ ++ if(is_object($value)){ ++ $this->options[$name] = unpack_object($value); + } ++ else if(isset($value)) ++ $this->options[$name] = htmlspecialchars(strval($value)); ++ else ++ unset($this->options[$name]); ++ } + +- function SetEnabled($value='yes'){ +- if((is_string($value) && ($value == 'yes' || $value == 'enabled' || $value=='on') || $value=='1') +- || (is_int($value) && $value<>0)) +- { +- unset($this->options['disabled']); +- } +- else if((is_string($value) && ($value == 'no' || $value == 'disabled' || $value=='off') || $value=='0') +- || (is_int($value) && $value==0)) +- { +- $this->options['disabled'] = 'disabled'; +- } ++ function setEnabled($value='yes'){ ++ if((is_string($value) && ($value == 'yes' || $value == 'enabled' || $value=='on') || $value=='1') ++ || (is_int($value) && $value<>0)) ++ { ++ unset($this->options['disabled']); + } +- +- function error($value){ +- error('class('.get_class($this).') - '.$value); +- return 1; ++ else if((is_string($value) && ($value == 'no' || $value == 'disabled' || $value=='off') || $value=='0') ++ || (is_int($value) && $value==0)) ++ { ++ $this->options['disabled'] = 'disabled'; + } + } +-?> ++ ++ function error($value){ ++ error('class('.get_class($this).') - '.$value); ++ return 1; ++ } ++} ++?> +\ No newline at end of file +Index: frontends/php/include/classes/cmap.inc.php +=================================================================== +--- frontends/php/include/classes/cmap.inc.php (revision 6643) ++++ frontends/php/include/classes/cmap.inc.php (revision 6644) +@@ -19,78 +19,75 @@ + **/ + ?> + <?php +- class CMap extends CTag +- { ++class CMap extends CTag{ + /* public */ +- function CMap($name="") +- { +- parent::CTag("map","yes"); +- $this->SetName($name); +- } +- function AddRectArea($x1,$y1,$x2,$y2,$href,$alt) +- { +- return $this->AddArea(array($x1,$y1,$x2,$y2),$href,$alt,'rect'); +- } +- function AddArea($coords,$href,$alt,$shape) +- { +- return $this->AddItem(new CArea($coords,$href,$alt,$shape)); +- } +- function AddItem($value) +- { +- if(strtolower(get_class($value)) != 'carea') +- return $this->error("Incorrect value for AddItem [$value]"); ++ function CMap($name=''){ ++ parent::CTag('map','yes'); ++ $this->setName($name); ++ } ++ ++ function addRectArea($x1,$y1,$x2,$y2,$href,$alt){ ++ return $this->addArea(array($x1,$y1,$x2,$y2),$href,$alt,'rect'); ++ } ++ ++ function addArea($coords,$href,$alt,$shape){ ++ return $this->addItem(new CArea($coords,$href,$alt,$shape)); ++ } ++ ++ function addItem($value){ ++ if(strtolower(get_class($value)) != 'carea') ++ return $this->error('Incorrect value for addItem ['.$value.']'); + +- return parent::AddItem($value); +- } ++ return parent::addItem($value); + } ++} + +- class CArea extends CTag +- { +- function CArea($coords,$href,$alt,$shape) +- { +- parent::CTag("area","no"); +- $this->SetCoords($coords); +- $this->SetShape($shape); +- $this->SetHref($href); +- $this->SetAlt($alt); +- } +- function SetCoords($value) +- { +- if(!is_array($value)) +- return $this->error("Incorrect value for SetCoords [$value]"); +- if(count($value)<3) +- return $this->error("Incorrect values count for SetCoords [".count($value)."]"); ++class CArea extends CTag{ ++ function CArea($coords,$href,$alt,$shape){ ++ parent::CTag('area','no'); ++ $this->setCoords($coords); ++ $this->setShape($shape); ++ $this->setHref($href); ++ $this->setAlt($alt); ++ } ++ ++ function setCoords($value){ ++ if(!is_array($value)) ++ return $this->error('Incorrect value for setCoords ['.$value.']'); ++ if(count($value)<3) ++ return $this->error('Incorrect values count for setCoords ['.count($value).']'); + +- $str_val = ""; +- foreach($value as $val) +- { +- if(!is_numeric($val)) +- return $this->error("Incorrect value for SetCoords [$val]"); ++ $str_val = ''; ++ foreach($value as $val){ ++ if(!is_numeric($val)) ++ return $this->error('Incorrect value for setCoords ['.$val.']'); + +- $str_val .= $val.","; +- } +- $this->AddOption("coords",trim($str_val,',')); ++ $str_val .= $val.','; + } +- function SetShape($value) +- { +- if(!is_string($value)) +- return $this->error("Incorrect value for SetShape [$value]"); ++ $this->addOption('coords',trim($str_val,',')); ++ } + +- $this->AddOption("shape",$value); +- } +- function SetHref($value) +- { +- if(!is_string($value)) +- return $this->error("Incorrect value for SetHref [$value]"); ++ function setShape($value){ ++ if(!is_string($value)) ++ return $this->error('Incorrect value for setShape ['.$value.']'); + +- $this->AddOption("href",$value); +- } +- function SetAlt($value) +- { +- if(!is_string($value)) +- return $this->error("Incorrect value for SetAlt [$value]"); ++ $this->addOption('shape',$value); ++ } + +- $this->AddOption("alt",$value); +- } ++ function setHref($value){ ++ if(!is_string($value)) ++ return $this->error('Incorrect value for setHref ['.$value.']'); ++ $url = new Curl($value); ++ $value = $url->getUrl(); ++ ++ $this->addOption('href',$value); + } +-?> ++ ++ function setAlt($value){ ++ if(!is_string($value)) ++ return $this->error('Incorrect value for setAlt ['.$value.']'); ++ ++ $this->addOption('alt',$value); ++ } ++} ++?> +\ No newline at end of file +Index: frontends/php/include/html.inc.php +=================================================================== +--- frontends/php/include/html.inc.php (revision 6643) ++++ frontends/php/include/html.inc.php (revision 6644) +@@ -58,7 +58,7 @@ + } + + function prepare_url(&$var, $varname=null){ +- $result = ""; ++ $result = ''; + + if(is_array($var)){ + foreach($var as $id => $par) +Index: frontends/php/items.php +=================================================================== +--- frontends/php/items.php (revision 6643) ++++ frontends/php/items.php (revision 6644) +@@ -944,16 +944,17 @@ + // url_param('groupid'), + 'action')); + +- $status=new CCol(new CLink(item_status2str($db_item["status"]), +- "?group_itemid%5B%5D=".$db_item["itemid"]. +- "&group_task=".($db_item["status"] ? "Activate+selected" : "Disable+selected"), +- item_status2style($db_item["status"]))); ++ $status=new CCol(new CLink(item_status2str($db_item['status']), ++// '?sessionid='.$USER_DETAILS['sessionid']. ++ '?group_itemid%5B%5D='.$db_item['itemid']. ++ '&group_task='.($db_item['status']?'Activate+selected':'Disable+selected'), ++ item_status2style($db_item['status']))); + +- if($db_item["error"] == ''){ +- $error=new CCol('-',"off"); ++ if($db_item['error'] == ''){ ++ $error=new CCol('-','off'); + } + else{ +- $error=new CCol($db_item["error"],"on"); ++ $error=new CCol($db_item['error'],'on'); + } + + $applications = $show_applications ? implode(', ', get_applications_by_itemid($db_item["itemid"], 'name')) : null; diff --git a/net-mgmt/zabbix2/pkg-plist b/net-mgmt/zabbix2/pkg-plist index cf3012c388b..94f901a725f 100644 --- a/net-mgmt/zabbix2/pkg-plist +++ b/net-mgmt/zabbix2/pkg-plist @@ -28,16 +28,15 @@ bin/zabbix_server %%DATADIR%%/php/js/sbox.js %%DATADIR%%/php/js/services.js %%DATADIR%%/php/js/gmenu.js +%%DATADIR%%/php/js/gpc.js %%DATADIR%%/php/js/chkbxrange.js %%DATADIR%%/php/js/scrollbar.js %%DATADIR%%/php/js/graphs.js %%DATADIR%%/php/js/sbinit.js %%DATADIR%%/php/js/common.js %%DATADIR%%/php/js/ajax_req.js -%%DATADIR%%/php/js/cookies.js %%DATADIR%%/php/js/blink.js %%DATADIR%%/php/js/tree.js -%%DATADIR%%/php/js/url.js %%DATADIR%%/php/js/showhint.js %%DATADIR%%/php/include/locales/cn_zh.inc.php %%DATADIR%%/php/include/locales/lv_lv.inc.php @@ -80,6 +79,7 @@ bin/zabbix_server %%DATADIR%%/php/include/classes/ciframe.inc.php %%DATADIR%%/php/include/classes/cscript.inc.php %%DATADIR%%/php/include/classes/cpumenu.inc.php +%%DATADIR%%/php/include/classes/curl.inc.php %%DATADIR%%/php/include/classes/pie.inc.php %%DATADIR%%/php/include/classes/ctag.inc.php %%DATADIR%%/php/include/classes/cbutton.inc.php |