1<?php
2/*
3** Zabbix
4** Copyright (C) 2001-2021 Zabbix SIA
5**
6** This program is free software; you can redistribute it and/or modify
7** it under the terms of the GNU General Public License as published by
8** the Free Software Foundation; either version 2 of the License, or
9** (at your option) any later version.
10**
11** This program is distributed in the hope that it will be useful,
12** but WITHOUT ANY WARRANTY; without even the implied warranty of
13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14** GNU General Public License for more details.
15**
16** You should have received a copy of the GNU General Public License
17** along with this program; if not, write to the Free Software
18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19**/
20
21
22CSession::start();
23
24if (!isset($page['type'])) {
25	$page['type'] = PAGE_TYPE_HTML;
26}
27if (!isset($page['file'])) {
28	$page['file'] = basename($_SERVER['PHP_SELF']);
29}
30
31if (!array_key_exists('web_layout_mode', $page)) {
32	$page['web_layout_mode'] = ZBX_LAYOUT_NORMAL;
33}
34
35if (!defined('ZBX_PAGE_NO_MENU') && $page['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE) {
36	define('ZBX_PAGE_NO_MENU', true);
37}
38
39if (!defined('ZBX_PAGE_NO_THEME')) {
40	define('ZBX_PAGE_NO_THEME', false);
41}
42
43switch ($page['type']) {
44	case PAGE_TYPE_IMAGE:
45		set_image_header();
46		if (!defined('ZBX_PAGE_NO_MENU')) {
47			define('ZBX_PAGE_NO_MENU', true);
48		}
49		break;
50	case PAGE_TYPE_JS:
51		header('Content-Type: application/javascript; charset=UTF-8');
52		if (!defined('ZBX_PAGE_NO_MENU')) {
53			define('ZBX_PAGE_NO_MENU', true);
54		}
55		break;
56	case PAGE_TYPE_JSON:
57		header('Content-Type: application/json');
58		if (!defined('ZBX_PAGE_NO_MENU')) {
59			define('ZBX_PAGE_NO_MENU', true);
60		}
61		break;
62	case PAGE_TYPE_JSON_RPC:
63		header('Content-Type: application/json-rpc');
64		if(!defined('ZBX_PAGE_NO_MENU')) {
65			define('ZBX_PAGE_NO_MENU', true);
66		}
67		break;
68	case PAGE_TYPE_CSS:
69		header('Content-Type: text/css; charset=UTF-8');
70		if (!defined('ZBX_PAGE_NO_MENU')) {
71			define('ZBX_PAGE_NO_MENU', true);
72		}
73		break;
74	case PAGE_TYPE_TEXT:
75	case PAGE_TYPE_TEXT_RETURN_JSON:
76	case PAGE_TYPE_HTML_BLOCK:
77		header('Content-Type: text/plain; charset=UTF-8');
78		if (!defined('ZBX_PAGE_NO_MENU')) {
79			define('ZBX_PAGE_NO_MENU', true);
80		}
81		break;
82	case PAGE_TYPE_HTML:
83	default:
84		header('Content-Type: text/html; charset=UTF-8');
85		header('X-Content-Type-Options: nosniff');
86		header('X-XSS-Protection: 1; mode=block');
87
88		if (X_FRAME_OPTIONS !== null) {
89			if (strcasecmp(X_FRAME_OPTIONS, 'SAMEORIGIN') == 0 || strcasecmp(X_FRAME_OPTIONS, 'DENY') == 0) {
90				$x_frame_options = X_FRAME_OPTIONS;
91			}
92			else {
93				$x_frame_options = 'SAMEORIGIN';
94				$allowed_urls = explode(',', X_FRAME_OPTIONS);
95				$url_to_check = array_key_exists('HTTP_REFERER', $_SERVER)
96					? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)
97					: null;
98
99				if ($url_to_check) {
100					foreach ($allowed_urls as $allowed_url) {
101						if (strcasecmp(trim($allowed_url), $url_to_check) == 0) {
102							$x_frame_options = 'ALLOW-FROM '.$allowed_url;
103							break;
104						}
105					}
106				}
107			}
108
109			header('X-Frame-Options: '.$x_frame_options);
110		}
111		break;
112}
113
114if ($page['type'] == PAGE_TYPE_HTML) {
115	global $ZBX_SERVER_NAME;
116
117	// page title
118	$pageTitle = '';
119	if (isset($ZBX_SERVER_NAME) && $ZBX_SERVER_NAME !== '') {
120		$pageTitle = $ZBX_SERVER_NAME.NAME_DELIMITER;
121	}
122	$pageTitle .= isset($page['title']) ? $page['title'] : _('Zabbix');
123
124	if ((defined('ZBX_PAGE_DO_REFRESH') || defined('ZBX_PAGE_DO_JS_REFRESH')) && CWebUser::getRefresh() != 0) {
125		$pageTitle .= ' ['._s('refreshed every %1$s sec.', CWebUser::getRefresh()).']';
126	}
127
128	$pageHeader = new CPageHeader($pageTitle);
129	$is_standard_page = (!defined('ZBX_PAGE_NO_MENU') || $page['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE);
130
131	$theme = ZBX_DEFAULT_THEME;
132	if (!ZBX_PAGE_NO_THEME) {
133		global $DB;
134
135		if (!empty($DB['DB'])) {
136			$config = select_config();
137			$theme = getUserTheme(CWebUser::$data);
138
139			$pageHeader->addStyle(getTriggerSeverityCss($config));
140			$pageHeader->addStyle(getTriggerStatusCss($config));
141
142			// perform Zabbix server check only for standard pages
143			if ($is_standard_page && $config['server_check_interval'] && !empty($ZBX_SERVER) && !empty($ZBX_SERVER_PORT)) {
144				$page['scripts'][] = 'servercheck.js';
145			}
146		}
147	}
148	$pageHeader->addCssFile('assets/styles/'.CHtml::encode($theme).'.css');
149
150	if ($page['file'] == 'sysmap.php') {
151		$pageHeader->addCssFile('imgstore.php?css=1&output=css');
152	}
153
154	$pageHeader
155		->addJsFile((new CUrl('js/browsers.js'))->getUrl())
156		->addJsBeforeScripts(
157			'var PHP_TZ_OFFSET = '.date('Z').','.
158				'PHP_ZBX_FULL_DATE_TIME = "'.ZBX_FULL_DATE_TIME.'";'
159		);
160
161	// Show GUI messages in pages with menus and in fullscreen mode.
162	if (!defined('ZBX_PAGE_NO_JSLOADER')) {
163		$pageHeader->addJsFile((new CUrl('jsLoader.php'))
164			->setArgument('ver', ZABBIX_VERSION)
165			->setArgument('lang', CWebUser::$data['lang'])
166			->setArgument('showGuiMessaging', ($is_standard_page && !CWebUser::isGuest()) ? 1 : null)
167			->getUrl()
168		);
169
170		if ($page['scripts']) {
171			$pageHeader->addJsFile((new CUrl('jsLoader.php'))
172				->setArgument('ver', ZABBIX_VERSION)
173				->setArgument('lang', CWebUser::$data['lang'])
174				->setArgument('files', $page['scripts'])
175				->getUrl()
176			);
177		}
178	}
179
180	$pageHeader->display();
181
182	echo '<body lang="'.CWebUser::getLang().'">';
183}
184
185define('PAGE_HEADER_LOADED', 1);
186
187if ($page['type'] != PAGE_TYPE_HTML || defined('ZBX_PAGE_NO_HEADER')) {
188	return null;
189}
190
191if (!defined('ZBX_PAGE_NO_MENU') && $page['web_layout_mode'] == ZBX_LAYOUT_NORMAL) {
192	echo (new CPartial('layout.htmlpage.aside', [
193		'server_name' => isset($ZBX_SERVER_NAME) ? $ZBX_SERVER_NAME : ''
194	]))->getOutput();
195}
196
197echo '<div class="'.ZBX_STYLE_LAYOUT_WRAPPER.
198	($page['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE ? ' '.ZBX_STYLE_LAYOUT_KIOSKMODE : '').'">'."\n";
199
200// Display unexpected messages (if any) generated by the layout.
201echo get_prepared_messages(['with_current_messages' => true]);
202