function PrintPcapDownload($db, $id)
{
if (is_array($db->DB->MetaColumnNames('data')) && (!in_array("pcap_header", $db->DB->MetaColumnNames('data')) || !in_array("data_header", $db->DB->MetaColumnNames('data')))) {
$type = 3;
} else {
$type = 2;
}
$query = CleanVariable($_SERVER["QUERY_STRING"], VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER);
if (isset($_GET['asciiclean']) && $_GET['asciiclean'] == 1 || isset($_COOKIE['asciiclean']) && $_COOKIE["asciiclean"] == "clean" && !isset($_GET['asciiclean'])) {
$url = '<a href="base_payload.php?' . Util::htmlentities($query);
$url .= '&download=' . urlencode($type) . '&id=' . urlencode($id) . '&asciiclean=1&minimal_view=' . urlencode($_GET['minimal_view']) . '"> [' . _("Download in pcap format") . ']</a>';
} else {
$url = '<a href="base_payload.php?' . Util::htmlentities($query);
$url .= '&download=' . urlencode($type) . '&id=' . urlencode($id) . '&asciiclean=0&minimal_view=' . urlencode($_GET['minimal_view']) . '"> [' . _("Download in pcap format") . ']</a>';
}
return $url;
}
function GetQueryResultID($submit, &$seq, &$sid, &$cid)
{
/* extract the sid and cid from the $submit variable of the form
#XX-(XX-XX)
| | |
| | |--- cid
| |------ sid
|---------- sequence number of DB lookup
*/
$submit = strstr($submit, "#");
$submit = str_replace("#", "", $submit);
$submit = str_replace("(", "", $submit);
$submit = str_replace(")", "", $submit);
$tmp = explode("-", $submit);
/* Since the submit variable is not cleaned do so here: */
$seq = CleanVariable($tmp[0], VAR_DIGIT);
$sid = CleanVariable($tmp[1], VAR_DIGIT);
$cid = CleanVariable($tmp[2], VAR_DIGIT);
}
function DateTimeRows2sql($field, $cnt, &$s_sql)
{
global $db;
$tmp2 = "";
$allempty = FALSE;
$time_field = array("mysqli" => ":", "mysql" => ":", "mssql" => ":");
$minsec = array(">=" => "00", "<=" => "59");
//print_r($field)."<br><br>";
if ($cnt >= 1 && count($field) == 0) {
return 0;
}
for ($i = 0; $i < $cnt; $i++) {
$tmp = "";
if (isset($field[$i]) && $field[$i][1] != " " && $field[$i][1] != "") {
//echo "entrando $i\n";
$op = $field[$i][1];
$t = "";
/* Build the SQL string when >, >=, <, <= operator is used */
if ($op != "=") {
/* date */
if ($field[$i][4] != " ") {
/* create the date string */
$t = $field[$i][4];
/* year */
if ($field[$i][2] != " ") {
$t = $t . "-" . $field[$i][2];
/* month */
//echo "<!-- \n\n\n\n\n\n\n dia: -" . $field[$i][3] . "- -->\n\n\n\n\n\n";
if ($field[$i][3] != "") {
$t = $t . "-" . FormatTimeDigit($field[$i][3]);
} else {
$t = $i == 0 ? $t . "-01" : ($t = $t . "-31");
}
} else {
$t = $t . "-01-01";
}
}
/* time */
// For MSSQL, you must have colons in the time fields.
// Otherwise, the DATEDIFF function will return Arithmetic Overflow
if ($field[$i][5] != "") {
$t = $t . " " . FormatTimeDigit($field[$i][5]);
/* hour */
if ($field[$i][6] != "") {
$t = $t . $time_field[$db->DB_type] . FormatTimeDigit($field[$i][6]);
/* minute */
if ($field[$i][7] != "") {
$t = $t . $time_field[$db->DB_type] . FormatTimeDigit($field[$i][7]);
} else {
$t = $t . $time_field[$db->DB_type] . $minsec[$op];
}
} else {
$t = $t . $time_field[$db->DB_type] . $minsec[$op] . $time_field[$db->DB_type] . $minsec[$op];
}
} else {
if ($op == ">" && $field[$i][4] != " ") {
$t = $t . " 23:59:59";
} else {
if ($op == "<=" && $field[$i][4] != " ") {
$t = $t . " 23:59:59";
}
}
}
/* neither date or time */
if ($field[$i][4] == " " && $field[$i][5] == "") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An operator of") . " '" . $field[$i][1] . "' " . gettext("was selected indicating that some date/time criteria should be matched, but no value was specified."));
} else {
if ($field[$i][4] != " " && $field[$i][5] != "" || $field[$i][4] != " ") {
if ($db->DB_type == "oci8") {
$tmp = $field[$i][0] . " timestamp " . $op . "to_date( '{$t}', 'YYYY-MM-DD HH24MISS' )" . $field[$i][8] . ' ' . $field[$i][9];
} else {
if (count($field) > 1) {
// Better fix for bug #1199128
// Number of values in each criteria line
//print_r($field[$i]);
$count = array_count_values_multidim($field[$i]);
// Number of empty values
$empty = $count[""];
// Total number of values in the criteria line (empty or filled)
$array_count = count($count);
// Check to see if any fields were left empty
//if(isset($count[""]))
// If the number of empty fields is greater than (impossible) or equal to (possible) the number of values in the array, then they must all be empty
//if ($empty >= $array_count)
//$allempty = TRUE;
// Trim off white space
$field[$i][9] = trim($field[$i][9]);
// And if the certain line was empty, then we dont care to process it
if ($allempty) {
// So move on
continue;
} else {
// Otherwise process it
if ($i < $cnt - 1) {
$tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8] . ' ' . CleanVariable($field[$i][9], VAR_ALPHA);
} else {
$tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8];
}
}
} else {
// If we just have one criteria line, then do with it what we must
if ($i < $cnt - 1) {
$tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8] . ' ' . CleanVariable($field[$i][9], VAR_ALPHA);
} else {
$tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8];
}
}
}
} else {
if ($field[$i][5] != " " && $field[$i][5] != "") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("(Invalid Hour) No date criteria were entered with the specified time."));
}
}
}
} else {
$query_str = "";
$query_str = $field[$i][4] . "-";
$query_str .= $field[$i][2] . "-";
$query_str .= $field[$i][3] . " ";
$query_str .= $field[$i][5] . ":";
$query_str .= $field[$i][6] . ":";
$query_str .= $field[$i][7] . "";
$query_str = preg_replace("/\\s*\\:+\\s*\$/", "", $query_str);
addSQLItem($tmp, "timestamp like \"{$query_str}%\"");
/* neither date or time */
if ($tmp == "") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An operator of") . " '" . $field[$i][1] . "' " . gettext("was selected indicating that some date/time criteria should be matched, but no value was specified."));
} else {
if ($i < $cnt - 1) {
$tmp = $field[$i][0] . $tmp . ') ' . $field[$i][8] . CleanVariable($field[$i][9], VAR_ALPHA);
} else {
$tmp = $field[$i][0] . $tmp . ') ' . $field[$i][8];
}
}
}
} else {
if (isset($field[$i])) {
if (($field[$i][2] != "" || $field[$i][3] != "" || $field[$i][4] != "") && $field[$i][1] == "") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A date/time value of") . " '" . $field[$i][2] . "-" . $field[$i][3] . "-" . $field[$i][4] . " " . $field[$i][5] . ":" . $field[6] . ":" . $field[7] . "' " . gettext("was entered but no operator was selected."));
}
}
}
if ($i > 0 && $field[$i - 1][9] == ' ' && $field[$i - 1][4] != " ") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple Date/Time criteria entered without a boolean operator (e.g. AND, OR) between them."));
}
$tmp2 = preg_match("/\\s+(AND|OR)\\s*\$/", $tmp2) || $i == 0 ? $tmp2 . $tmp : $tmp2 . " AND " . $tmp;
}
$tmp2 = trim(preg_replace("/(\\s*(AND|OR)\\s*)+\$/", "", $tmp2));
if ($tmp2 != "" && $tmp2 != "AND" && $tmp2 != "OR") {
BalanceBrackets($tmp2);
$s_sql = $s_sql . " AND ( " . $tmp2 . " ) ";
return 1;
}
BalanceBrackets($s_sql);
return 0;
}
function GetNewResultID($submit, &$seq, &$id)
{
/* extract the sid and cid from the $submit variable of the form
#XX-XX
| |
| |------ hex id
|---------- sequence number of DB lookup
*/
preg_match("/.*#(\\d+)-(.*)/", $submit, $tmp);
/* Since the submit variable is not cleaned do so here: */
$seq = CleanVariable($tmp[1], VAR_DIGIT);
$id = CleanVariable($tmp[2], VAR_DIGIT | VAR_LETTER);
}
function SanitizeElement()
{
$this->criteria = CleanVariable($this->criteria, VAR_DIGIT);
}
function PushHistory()
{
if ($GLOBALS['debug_mode'] > 1) {
ErrorMessage("Saving state (into " . $_SESSION['back_list_cnt'] . ")");
}
/* save the current session without the $back_list into the history
* - make a temporary copy of the $back_list
* - NULL-out the $back_list in $_SESSION (so that
* the current session is serialized without these variables)
* - serialize the current session
* - fix-up the QUERY_STRING
* - make a new QUERY_STRING that includes the temporary QueryState variables
* - remove &back=1 from any QUERY_STRING
* - add the current session into the $back_list (history)
*/
if (isset($_SESSION['back_list'])) {
$tmp_back_list = $_SESSION['back_list'];
} else {
$tmp_back_list = '';
}
if (isset($_SESSION['back_list_cnt'])) {
$tmp_back_list_cnt = $_SESSION['back_list_cnt'];
} else {
$tmp_back_list_cnt = '';
}
$_SESSION['back_list'] = NULL;
$_SESSION['back_list_cnt'] = -1;
$full_session = session_encode();
$_SESSION['back_list'] = $tmp_back_list;
$_SESSION['back_list_cnt'] = $tmp_back_list_cnt;
$query_string = CleanVariable($_SERVER["QUERY_STRING"], VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER);
if (isset($_POST['caller'])) {
$query_string .= "&caller=" . $_POST['caller'];
}
if (isset($_POST['num_result_rows'])) {
$query_string .= "&num_result_rows=" . $_POST['num_result_rows'];
}
if (isset($_POST['sort_order'])) {
$query_string .= "&sort_order=" . $_POST['sort_order'];
}
if (isset($_POST['current_view'])) {
$query_string .= "&current_view=" . $_POST['current_view'];
}
if (isset($_POST['submit'])) {
$query_string .= "&submit=" . $_POST['submit'];
}
//$query_string .= "&time_range=".$_GET['time_range'];
$query_string = ereg_replace("back=1&", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
++$_SESSION['back_list_cnt'];
$_SESSION['back_list'][$_SESSION['back_list_cnt']] = array("SCRIPT_NAME" => $_SERVER["SCRIPT_NAME"], "QUERY_STRING" => $query_string, "session" => $full_session);
if ($GLOBALS['debug_mode'] > 1) {
ErrorMessage("Insert session into slot #" . $_SESSION['back_list_cnt']);
echo "Back List (Cnt = " . $_SESSION['back_list_cnt'] . ") <PRE style='font-size:9px'>";
print_r($_SESSION);
echo "</PRE>";
}
}
function ImportHTTPVar($var_name, $valid_data = "", $exception = "")
{
$tmp = "";
if (isset($_POST[$var_name])) {
//if ( $debug_mode > 0 ) echo "importing POST var '$var_name'<BR>";
$tmp = $_POST[$var_name];
} else {
if (isset($_GET[$var_name])) {
//if ( $debug_mode > 0 ) echo "importing GET var '$var_name'<BR>";
$tmp = $_GET[$var_name];
} else {
$tmp = "";
}
}
return CleanVariable($tmp, $valid_data, $exception);
}