1<?php 2/* 3** Zabbix 4** Copyright (C) 2001-2021 Zabbix SIA 5** 6** This program is free software; you can redistribute it and/or modify 7** it under the terms of the GNU General Public License as published by 8** the Free Software Foundation; either version 2 of the License, or 9** (at your option) any later version. 10** 11** This program is distributed in the hope that it will be useful, 12** but WITHOUT ANY WARRANTY; without even the implied warranty of 13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14** GNU General Public License for more details. 15** 16** You should have received a copy of the GNU General Public License 17** along with this program; if not, write to the Free Software 18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19**/ 20 21 22CSession::start(); 23 24if (!isset($page['type'])) { 25 $page['type'] = PAGE_TYPE_HTML; 26} 27if (!isset($page['file'])) { 28 $page['file'] = basename($_SERVER['PHP_SELF']); 29} 30 31if (!array_key_exists('web_layout_mode', $page)) { 32 $page['web_layout_mode'] = ZBX_LAYOUT_NORMAL; 33} 34 35if (!defined('ZBX_PAGE_NO_MENU') && $page['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE) { 36 define('ZBX_PAGE_NO_MENU', true); 37} 38 39if (!defined('ZBX_PAGE_NO_THEME')) { 40 define('ZBX_PAGE_NO_THEME', false); 41} 42 43switch ($page['type']) { 44 case PAGE_TYPE_IMAGE: 45 set_image_header(); 46 if (!defined('ZBX_PAGE_NO_MENU')) { 47 define('ZBX_PAGE_NO_MENU', true); 48 } 49 break; 50 case PAGE_TYPE_JS: 51 header('Content-Type: application/javascript; charset=UTF-8'); 52 if (!defined('ZBX_PAGE_NO_MENU')) { 53 define('ZBX_PAGE_NO_MENU', true); 54 } 55 break; 56 case PAGE_TYPE_JSON: 57 header('Content-Type: application/json'); 58 if (!defined('ZBX_PAGE_NO_MENU')) { 59 define('ZBX_PAGE_NO_MENU', true); 60 } 61 break; 62 case PAGE_TYPE_JSON_RPC: 63 header('Content-Type: application/json-rpc'); 64 if(!defined('ZBX_PAGE_NO_MENU')) { 65 define('ZBX_PAGE_NO_MENU', true); 66 } 67 break; 68 case PAGE_TYPE_CSS: 69 header('Content-Type: text/css; charset=UTF-8'); 70 if (!defined('ZBX_PAGE_NO_MENU')) { 71 define('ZBX_PAGE_NO_MENU', true); 72 } 73 break; 74 case PAGE_TYPE_TEXT: 75 case PAGE_TYPE_TEXT_RETURN_JSON: 76 case PAGE_TYPE_HTML_BLOCK: 77 header('Content-Type: text/plain; charset=UTF-8'); 78 if (!defined('ZBX_PAGE_NO_MENU')) { 79 define('ZBX_PAGE_NO_MENU', true); 80 } 81 break; 82 case PAGE_TYPE_HTML: 83 default: 84 header('Content-Type: text/html; charset=UTF-8'); 85 header('X-Content-Type-Options: nosniff'); 86 header('X-XSS-Protection: 1; mode=block'); 87 88 if (X_FRAME_OPTIONS !== null) { 89 if (strcasecmp(X_FRAME_OPTIONS, 'SAMEORIGIN') == 0 || strcasecmp(X_FRAME_OPTIONS, 'DENY') == 0) { 90 $x_frame_options = X_FRAME_OPTIONS; 91 } 92 else { 93 $x_frame_options = 'SAMEORIGIN'; 94 $allowed_urls = explode(',', X_FRAME_OPTIONS); 95 $url_to_check = array_key_exists('HTTP_REFERER', $_SERVER) 96 ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) 97 : null; 98 99 if ($url_to_check) { 100 foreach ($allowed_urls as $allowed_url) { 101 if (strcasecmp(trim($allowed_url), $url_to_check) == 0) { 102 $x_frame_options = 'ALLOW-FROM '.$allowed_url; 103 break; 104 } 105 } 106 } 107 } 108 109 header('X-Frame-Options: '.$x_frame_options); 110 } 111 break; 112} 113 114if ($page['type'] == PAGE_TYPE_HTML) { 115 global $ZBX_SERVER_NAME; 116 117 // page title 118 $pageTitle = ''; 119 if (isset($ZBX_SERVER_NAME) && $ZBX_SERVER_NAME !== '') { 120 $pageTitle = $ZBX_SERVER_NAME.NAME_DELIMITER; 121 } 122 $pageTitle .= isset($page['title']) ? $page['title'] : _('Zabbix'); 123 124 if ((defined('ZBX_PAGE_DO_REFRESH') || defined('ZBX_PAGE_DO_JS_REFRESH')) && CWebUser::getRefresh() != 0) { 125 $pageTitle .= ' ['._s('refreshed every %1$s sec.', CWebUser::getRefresh()).']'; 126 } 127 128 $pageHeader = new CPageHeader($pageTitle); 129 $is_standard_page = (!defined('ZBX_PAGE_NO_MENU') || $page['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE); 130 131 $theme = ZBX_DEFAULT_THEME; 132 if (!ZBX_PAGE_NO_THEME) { 133 global $DB; 134 135 if (!empty($DB['DB'])) { 136 $config = select_config(); 137 $theme = getUserTheme(CWebUser::$data); 138 139 $pageHeader->addStyle(getTriggerSeverityCss($config)); 140 $pageHeader->addStyle(getTriggerStatusCss($config)); 141 142 // perform Zabbix server check only for standard pages 143 if ($is_standard_page && $config['server_check_interval'] && !empty($ZBX_SERVER) && !empty($ZBX_SERVER_PORT)) { 144 $page['scripts'][] = 'servercheck.js'; 145 } 146 } 147 } 148 $pageHeader->addCssFile('assets/styles/'.CHtml::encode($theme).'.css'); 149 150 if ($page['file'] == 'sysmap.php') { 151 $pageHeader->addCssFile('imgstore.php?css=1&output=css'); 152 } 153 154 $pageHeader 155 ->addJsFile((new CUrl('js/browsers.js'))->getUrl()) 156 ->addJsBeforeScripts( 157 'var PHP_TZ_OFFSET = '.date('Z').','. 158 'PHP_ZBX_FULL_DATE_TIME = "'.ZBX_FULL_DATE_TIME.'";' 159 ); 160 161 // Show GUI messages in pages with menus and in fullscreen mode. 162 if (!defined('ZBX_PAGE_NO_JSLOADER')) { 163 $pageHeader->addJsFile((new CUrl('jsLoader.php')) 164 ->setArgument('ver', ZABBIX_VERSION) 165 ->setArgument('lang', CWebUser::$data['lang']) 166 ->setArgument('showGuiMessaging', ($is_standard_page && !CWebUser::isGuest()) ? 1 : null) 167 ->getUrl() 168 ); 169 170 if ($page['scripts']) { 171 $pageHeader->addJsFile((new CUrl('jsLoader.php')) 172 ->setArgument('ver', ZABBIX_VERSION) 173 ->setArgument('lang', CWebUser::$data['lang']) 174 ->setArgument('files', $page['scripts']) 175 ->getUrl() 176 ); 177 } 178 } 179 180 $pageHeader->display(); 181 182 echo '<body lang="'.CWebUser::getLang().'">'; 183} 184 185define('PAGE_HEADER_LOADED', 1); 186 187if ($page['type'] != PAGE_TYPE_HTML || defined('ZBX_PAGE_NO_HEADER')) { 188 return null; 189} 190 191if (!defined('ZBX_PAGE_NO_MENU') && $page['web_layout_mode'] == ZBX_LAYOUT_NORMAL) { 192 echo (new CPartial('layout.htmlpage.aside', [ 193 'server_name' => isset($ZBX_SERVER_NAME) ? $ZBX_SERVER_NAME : '' 194 ]))->getOutput(); 195} 196 197echo '<div class="'.ZBX_STYLE_LAYOUT_WRAPPER. 198 ($page['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE ? ' '.ZBX_STYLE_LAYOUT_KIOSKMODE : '').'">'."\n"; 199 200// Display unexpected messages (if any) generated by the layout. 201echo get_prepared_messages(['with_current_messages' => true]); 202