1<?php
2/*
3** Zabbix
4** Copyright (C) 2001-2021 Zabbix SIA
5**
6** This program is free software; you can redistribute it and/or modify
7** it under the terms of the GNU General Public License as published by
8** the Free Software Foundation; either version 2 of the License, or
9** (at your option) any later version.
10**
11** This program is distributed in the hope that it will be useful,
12** but WITHOUT ANY WARRANTY; without even the implied warranty of
13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14** GNU General Public License for more details.
15**
16** You should have received a copy of the GNU General Public License
17** along with this program; if not, write to the Free Software
18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19**/
20
21
22/**
23 * @var CView $this
24 */
25
26function local_showHeader(array $data): void {
27	header('Content-Type: text/html; charset=UTF-8');
28	header('X-Content-Type-Options: nosniff');
29	header('X-XSS-Protection: 1; mode=block');
30
31	if ($data['config']['x_frame_options'] !== '') {
32		if (strcasecmp($data['config']['x_frame_options'], 'SAMEORIGIN') == 0
33				|| strcasecmp($data['config']['x_frame_options'], 'DENY') == 0) {
34			$x_frame_options = $data['config']['x_frame_options'];
35		}
36		else {
37			$x_frame_options = 'SAMEORIGIN';
38			$allowed_urls = explode(',', $data['config']['x_frame_options']);
39			$url_to_check = array_key_exists('HTTP_REFERER', $_SERVER)
40				? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)
41				: null;
42
43			if ($url_to_check) {
44				foreach ($allowed_urls as $allowed_url) {
45					if (strcasecmp(trim($allowed_url), $url_to_check) == 0) {
46						$x_frame_options = 'ALLOW-FROM '.$allowed_url;
47						break;
48					}
49				}
50			}
51		}
52
53		header('X-Frame-Options: '.$x_frame_options);
54	}
55
56	echo (new CPartial('layout.htmlpage.header', [
57		'javascript' => [
58			'files' => $data['javascript']['files']
59		],
60		'page' => [
61			'title' => $data['page']['title']
62		],
63		'user' => [
64			'lang' => CWebUser::$data['lang'],
65			'theme' => CWebUser::$data['theme']
66		],
67		'web_layout_mode' => $data['web_layout_mode'],
68		'config' => [
69			'server_check_interval' => $data['config']['server_check_interval']
70		]
71	]))->getOutput();
72}
73
74function local_showSidebar(array $data): void {
75	global $ZBX_SERVER_NAME;
76
77	if ($data['web_layout_mode'] == ZBX_LAYOUT_NORMAL) {
78		echo (new CPartial('layout.htmlpage.aside', [
79			'server_name' => isset($ZBX_SERVER_NAME) ? $ZBX_SERVER_NAME : ''
80		]))->getOutput();
81	}
82}
83
84function local_showFooter(array $data): void {
85	echo (new CPartial('layout.htmlpage.footer', [
86		'user' => [
87			'username' => CWebUser::$data['username'],
88			'debug_mode' => CWebUser::$data['debug_mode']
89		],
90		'web_layout_mode' => $data['web_layout_mode']
91	]))->getOutput();
92}
93
94local_showHeader($data);
95local_showSidebar($data);
96
97echo '<div class="'.ZBX_STYLE_LAYOUT_WRAPPER.
98	($data['web_layout_mode'] == ZBX_LAYOUT_KIOSKMODE ? ' '.ZBX_STYLE_LAYOUT_KIOSKMODE : '').'">';
99
100// Display unexpected messages (if any) generated by the layout.
101echo get_prepared_messages(['with_current_messages' => true]);
102
103echo $data['main_block'];
104
105makeServerStatusOutput()->show();
106
107local_showFooter($data);
108
109echo '</div></body></html>';
110