1<?php 2/* 3** Zabbix 4** Copyright (C) 2001-2021 Zabbix SIA 5** 6** This program is free software; you can redistribute it and/or modify 7** it under the terms of the GNU General Public License as published by 8** the Free Software Foundation; either version 2 of the License, or 9** (at your option) any later version. 10** 11** This program is distributed in the hope that it will be useful, 12** but WITHOUT ANY WARRANTY; without even the implied warranty of 13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14** GNU General Public License for more details. 15** 16** You should have received a copy of the GNU General Public License 17** along with this program; if not, write to the Free Software 18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19**/ 20 21 22/** 23 * @var CView $this 24 */ 25 26function local_showHeader(array $data): void { 27 header('Content-Type: text/html; charset=UTF-8'); 28 header('X-Content-Type-Options: nosniff'); 29 header('X-XSS-Protection: 1; mode=block'); 30 31 if ($data['config']['x_frame_options'] !== '') { 32 if (strcasecmp($data['config']['x_frame_options'], 'SAMEORIGIN') == 0 33 || strcasecmp($data['config']['x_frame_options'], 'DENY') == 0) { 34 $x_frame_options = $data['config']['x_frame_options']; 35 } 36 else { 37 $x_frame_options = 'SAMEORIGIN'; 38 $allowed_urls = explode(',', $data['config']['x_frame_options']); 39 $url_to_check = array_key_exists('HTTP_REFERER', $_SERVER) 40 ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) 41 : null; 42 43 if ($url_to_check) { 44 foreach ($allowed_urls as $allowed_url) { 45 if (strcasecmp(trim($allowed_url), $url_to_check) == 0) { 46 $x_frame_options = 'ALLOW-FROM '.$allowed_url; 47 break; 48 } 49 } 50 } 51 } 52 53 header('X-Frame-Options: '.$x_frame_options); 54 } 55 56 echo (new CPartial('layout.htmlpage.header', [ 57 'javascript' => [ 58 'files' => $data['javascript']['files'] 59 ], 60 'page' => [ 61 'title' => $data['page']['title'] 62 ], 63 'user' => [ 64 'lang' => CWebUser::$data['lang'], 65 'theme' => CWebUser::$data['theme'] 66 ], 67 'web_layout_mode' => $data['web_layout_mode'], 68 'config' => [ 69 'server_check_interval' => $data['config']['server_check_interval'] 70 ] 71 ]))->getOutput(); 72} 73 74function local_showSidebar(array $data): void { 75 global $ZBX_SERVER_NAME; 76 77 if ($data['web_layout_mode'] == ZBX_LAYOUT_NORMAL) { 78 echo (new CPartial('layout.htmlpage.aside', [ 79 'server_name' => isset($ZBX_SERVER_NAME) ? $ZBX_SERVER_NAME : '' 80 ]))->getOutput(); 81 } 82} 83 84function local_showFooter(array $data): void { 85 echo (new CPartial('layout.htmlpage.footer', [ 86 'user' => [ 87 'username' => CWebUser::$data['username'], 88 'debug_mode' => CWebUser::$data['debug_mode'] 89 ], 90 'web_layout_mode' => $data['web_layout_mode'] 91 ]))->getOutput(); 92} 93 94local_showHeader($data); 95local_showSidebar($data); 96 97echo '<div class="'.ZBX_STYLE_LAYOUT_WRAPPER. 98 ($data['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE ? ' '.ZBX_STYLE_LAYOUT_KIOSKMODE : '').'">'; 99 100// Display unexpected messages (if any) generated by the layout. 101echo get_prepared_messages(['with_current_messages' => true]); 102 103echo $data['main_block']; 104 105makeServerStatusOutput()->show(); 106 107local_showFooter($data); 108 109echo '</div></body></html>'; 110