dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update the dashboard 

Sanitize the data from the dashboard
Use tabs instead of space indentation
This commit is contained in:
FusionPBX 2024-08-28 11:30:04 -06:00 committed by GitHub
parent 88bfb18e5a
commit 16658e5114
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 80 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
core/dashboard/index.php
View File

@ -502,8 +502,9 @@ function toggle_grid_row_end_all() {
echo "<div class='widgets' id='widgets' style='padding: 0 5px;'>\n";
$x = 0;
foreach ($dashboard as $row) {
$dashboard_uuid = $row['dashboard_uuid'];
$dashboard_name = $row['dashboard_name'];
//set the variables
$dashboard_uuid = $row['dashboard_uuid'] ?? '';
$dashboard_name = $row['dashboard_name'] ?? '';
$dashboard_icon = $row['dashboard_icon'] ?? '';
$dashboard_url = $row['dashboard_url'] ?? '';
$dashboard_target = $row['dashboard_target'] ?? '';
@ -521,18 +522,38 @@ function toggle_grid_row_end_all() {
$dashboard_row_span += 3;
}
echo "<div class='widget' style='grid-row-end: span ".$dashboard_row_span.";' data-state='".$dashboard_details_state."' id='".trim(preg_replace("/[^a-z]/", '_', strtolower($dashboard_name)),'_')."' draggable='false'>\n";
$dashboard_path_array = explode('/', $row['dashboard_path']);
$path_array = glob(dirname(__DIR__, 2).'/*/'.$dashboard_path_array[0].'/resources/dashboard/'.$dashboard_path_array[1].'.php');
include $path_array[0];
//$file_name = dirname(__DIR__, 2).'/app/'.$dashboard_path_array[0].'/resources/dashboard/'.$dashboard_path_array[1].'.php';
//if (file_exists(dirname(__DIR__, 2).'/core/'.$dashboard_path_array[0].'/resources/dashboard/'.$dashboard_path_array[1].'.php')) {
// include dirname(__DIR__, 2).'/core/'.$dashboard_path_array[0].'/resources/dashboard/'.$dashboard_path_array[1].'.php';
//}
//elseif (file_exists(dirname(__DIR__, 2).'/app/'.$dashboard_path_array[0].'/resources/dashboard/'.$dashboard_path_array[1].'.php')) {
// include dirname(__DIR__, 2).'/app/'.$dashboard_path_array[0].'/resources/dashboard/'.$dashboard_path_array[1].'.php';
//}
//define the regex patterns
$uuid_pattern = '/[^-A-Fa-f0-9]/';
$number_pattern = '/[^-A-Za-z0-9()*#]/';
$text_pattern = '/[^a-zA-Z0-9 _\-\/.#]/';
//sanitize the data
$dashboard_uuid = preg_replace($uuid_pattern, '', $dashboard_uuid);
$dashboard_name = trim(preg_replace($text_pattern, '', $dashboard_name));
$dashboard_name_id = trim(preg_replace("/[^a-z_]/", '_', strtolower($dashboard_name)),'_');
$dashboard_icon = preg_replace($text_pattern, '', $dashboard_icon);
$dashboard_url = trim(preg_replace($text_pattern, '', $dashboard_url));
$dashboard_target = trim(preg_replace($text_pattern, '', $dashboard_target));
$dashboard_width = trim(preg_replace($text_pattern, '', $dashboard_width));
$dashboard_height = trim(preg_replace($text_pattern, '', $dashboard_height));
$dashboard_content = trim(preg_replace($text_pattern, '', $dashboard_content));
$dashboard_content_text_align = trim(preg_replace($text_pattern, '', $dashboard_content_text_align));
$dashboard_content_details = trim(preg_replace($text_pattern, '', $dashboard_content_details));
$dashboard_chart_type = preg_replace($text_pattern, '', $dashboard_chart_type);
$dashboard_label_text_color = preg_replace($text_pattern, '', $dashboard_label_text_color);
$dashboard_number_text_color = preg_replace($text_pattern, '', $dashboard_number_text_color);
$dashboard_details_state = preg_replace($text_pattern, '', $dashboard_details_state);
$dashboard_row_span = preg_replace($number_pattern, '', $dashboard_row_span);
$dashboard_path = preg_replace($text_pattern, '', strtolower($row['dashboard_path']));
//find the application and widget
$dashboard_path_array = explode('/', $dashboard_path);
$application_name = $dashboard_path_array[0];
$widget_name = $dashboard_path_array[1];
$path_array = glob(dirname(__DIR__, 2).'/*/'.$application_name.'/resources/dashboard/'.$widget_name.'.php');
echo "<div class='widget' style='grid-row-end: span ".$dashboard_row_span.";' data-state='".$dashboard_details_state."' id='".$dashboard_name_id."' draggable='false'>\n";
include $path_array[0];
echo "</div>\n";
$x++;
@ -639,4 +660,3 @@ function toggle_grid_row_end_all() {
require_once "resources/footer.php";
?>