From e1aff40d78fbae6feafb0923fc72f98984877eee Mon Sep 17 00:00:00 2001
From: Martin Wilke <miwi@FreeBSD.org>
Date: Mon, 23 Mar 2009 15:06:19 +0000
Subject: - Fix zabbix -- php frontend multiple vulnerabilities

Note:

	Input appended to and passed via the "extlang" parameter to the "calc_exp2()"
	function in include/validate.inc.php is not properly sanitised before being
	used. This can be exploited to inject and execute arbitrary PHP code.

	The application allows users to perform certain actions via HTTP requests
	without performing any validity checks to verify the requests. This can be
	exploited to e.g. create users by enticing a logged in administrator to
	visit a malicious web page.

	Input passed to the "srclang" parameter in locales.php (when "next" is set
	to a non-NULL value) is not properly verified before being used to include
	files. This can be exploited to include arbitrary files from local resources
	via directory traversal attacks and URL-encoded NULL bytes.

- Bump PORTREVISION

PR:		132944
Submitted by:	Eygene Ryabinkin <rea-fbsd@codelabs.ru> (many thanks!)
Approved by:	maintainer timeout (security 1 day)
Security:	http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html
---
 net-mgmt/zabbix/files/patch-USH-162.2 | 2622 +++++++++++++++++++++++++++++++++
 1 file changed, 2622 insertions(+)
 create mode 100644 net-mgmt/zabbix/files/patch-USH-162.2

(limited to 'net-mgmt/zabbix/files/patch-USH-162.2')

diff --git a/net-mgmt/zabbix/files/patch-USH-162.2 b/net-mgmt/zabbix/files/patch-USH-162.2
new file mode 100644
index 000000000000..22d5d1112dca
--- /dev/null
+++ b/net-mgmt/zabbix/files/patch-USH-162.2
@@ -0,0 +1,2622 @@
+Index: frontends/php/include/perm.inc.php
+===================================================================
+--- frontends/php/include/perm.inc.php	(revision 6620)
++++ frontends/php/include/perm.inc.php	(revision 6621)
+@@ -44,7 +44,7 @@
+ 	$USER_DETAILS = NULL;
+ 	$login = FALSE;
+ 	
+-	$sessionid = get_cookie('zbx_sessionid');
++	$sessionid = get_request('sessionid',get_cookie('zbx_sessionid'));
+ 
+ 	if(!is_null($sessionid)){
+ 		$sql = 'SELECT u.*,s.* '.
+Index: frontends/php/include/validate.inc.php
+===================================================================
+--- frontends/php/include/validate.inc.php	(revision 6620)
++++ frontends/php/include/validate.inc.php	(revision 6621)
+@@ -428,8 +429,12 @@
+ 			}
+ 		}
+ 		else if($opt == O_OPT){
+-			if(!isset($_REQUEST[$field]))
++			if(!isset($_REQUEST[$field])){
+ 				return ZBX_VALID_OK;
++			}
++			else if(($flags&P_ACT) && !isset($_REQUEST['zbx_form'])){
++				return ZBX_VALID_ERROR;
++			}
+ 		}
+ 
+ 		check_trim($_REQUEST[$field]);
+@@ -458,17 +463,21 @@
+ 		return ZBX_VALID_OK;
+ 	}
+ 
+-//		VAR			TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
++//		VAR							TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
+ 	$system_fields=array(
+-		"sessionid"=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	HEX(),NULL),
+-		"switch_node"=>		array(T_ZBX_INT, O_OPT,	 P_SYS,	DB_ID,NULL),
+-		"triggers_hash"=>	array(T_ZBX_STR, O_OPT,	 P_SYS,	NOT_EMPTY,NULL),
+-		'print'=>			array(T_ZBX_INT, O_OPT,	 P_SYS,	IN("1"),NULL),
++		'sessionid'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	HEX(), 'isset({zbx_form})'),
++		'zbx_form'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	NOT_EMPTY, NULL),
++// 
++		'switch_node'=>		array(T_ZBX_INT, O_OPT,	 P_SYS,	DB_ID,NULL),
++		'triggers_hash'=>	array(T_ZBX_STR, O_OPT,	 P_SYS,	NOT_EMPTY,NULL),
++		'print'=>			array(T_ZBX_INT, O_OPT,	 P_SYS,	IN('1'),NULL),
++		
++// table sorting
+ 		'sort'=>			array(T_ZBX_STR, O_OPT,	 P_SYS,	NULL,NULL),
+ 		'sortorder'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	NULL,NULL)
+ 	);
+ 
+-	function	invalid_url(){
++	function invalid_url(){
+ 		include_once "include/page_header.php";
+ 		unset_all();
+ 		show_error_message(S_INVALID_URL);
+Index: frontends/php/include/classes/cform.inc.php
+===================================================================
+--- frontends/php/include/classes/cform.inc.php	(revision 6620)
++++ frontends/php/include/classes/cform.inc.php	(revision 6621)
+@@ -22,46 +22,44 @@
+ 	class CForm extends CTag{
+ /* public */
+ 		function CForm($action=NULL, $method='post', $enctype=NULL){
+-			parent::CTag("form","yes");
+-			$this->SetMethod($method);
+-			$this->SetAction($action);
+-			$this->SetEnctype($enctype);
++			parent::CTag('form','yes');
++			$this->setMethod($method);
++			$this->setAction($action);
++			$this->setEnctype($enctype);
++			
++			$this->addVar('zbx_form', 'action');
++			$this->addVar('sessionid', $_COOKIE['zbx_sessionid']);
+ 		}
+ 		
+-		function SetMethod($value='post'){
++		function setMethod($value='post'){
+ 			return $this->options['method'] = $value;
+ 		}
+ 		
+-		function SetAction($value){
++		function setAction($value){
+ 			global $page;
+ 
+ 			if(is_null($value)){
+-				if(isset($page['file'])){
+-					$value = $page['file'];
+-				}
+-				else{
+-					$value = "#";
+-				}
++				$value = isset($page['file'])?$page['file']:'#';
+ 			}
+ 			
+ 		return $this->options['action'] = $value;
+ 		}
+ 		
+-		function SetEnctype($value=NULL){
++		function setEnctype($value=NULL){
+ 			if(is_null($value)){
+-				return $this->DelOption("enctype");
++				return $this->DelOption('enctype');
+ 			}
+ 			else if(!is_string($value)){
+ 				return $this->error("Incorrect value for SetEnctype [$value]");
+ 			}
+ 			
+-		return $this->AddOption("enctype",$value);
++		return $this->addOption('enctype',$value);
+ 		}
+ 
+-		function AddVar($name, $value){
++		function addVar($name, $value){
+ 			if(empty($value) && $value != 0)	return $value;
+ 
+-		return $this->AddItem(new CVar($name, $value));
++		return $this->addItem(new CVar($name, $value));
+ 		}
+ 	}
+ ?>
+Index: frontends/php/include/classes/cformtable.inc.php
+===================================================================
+--- frontends/php/include/classes/cformtable.inc.php	(revision 6620)
++++ frontends/php/include/classes/cformtable.inc.php	(revision 6621)
+@@ -46,48 +46,48 @@
+ 			}
+ 
+ 			parent::CForm($action,$method,$enctype);
+-			$this->SetTitle($title);
+-			$this->SetAlign('center');
+-			$this->SetHelp();
++			$this->setTitle($title);
++			$this->setAlign('center');
++			$this->setHelp();
+ 
+ //			$frm_link = new CLink();
+-//			$frm_link->SetName("formtable");
+-//			$this->AddItemToTopRow($frm_link);
++//			$frm_link->setName("formtable");
++//			$this->addItemToTopRow($frm_link);
+ 			
+-			$this->AddVar($form_variable, get_request($form_variable, 1));
+-			$this->AddVar('form_refresh',get_request('form_refresh',0)+1);
++			$this->addVar($form_variable, get_request($form_variable, 1));
++			$this->addVar('form_refresh',get_request('form_refresh',0)+1);
+ 
+ 			$this->bottom_items = new CCol(SPACE,'form_row_last');
+-		        $this->bottom_items->SetColSpan(2);
++		        $this->bottom_items->setColSpan(2);
+ 		}
+ 		
+-		function SetAction($value){
++		function setAction($value){
+ 			
+ 			if(is_string($value))
+-				return parent::SetAction($value);
++				return parent::setAction($value);
+ 			elseif(is_null($value))
+-				return parent::SetAction($value);
++				return parent::setAction($value);
+ 			else
+ 				return $this->error("Incorrect value for SetAction [$value]");
+ 		}
+ 		
+-		function SetName($value){
++		function setName($value){
+ 			if(!is_string($value)){
+ 				return $this->error("Incorrect value for SetAlign [$value]");
+ 			}
+-			$this->AddOption('name',$value);
+-			$this->AddOption('id',$value);
++			$this->addOption('name',$value);
++			$this->addOption('id',$value);
+ 		return true;
+ 		}
+ 		
+-		function SetAlign($value){
++		function setAlign($value){
+ 			if(!is_string($value)){
+ 				return $this->error("Incorrect value for SetAlign [$value]");
+ 			}
+ 			return $this->align = $value;
+ 		}
+ 
+-		function SetTitle($value=NULL){
++		function setTitle($value=NULL){
+ 			if(is_null($value)){
+ 				unset($this->title);
+ 				return 0;
+@@ -101,7 +101,7 @@
+ 			$this->title = unpack_object($value);
+ 		}
+ 		
+-		function SetHelp($value=NULL){
++		function setHelp($value=NULL){
+ 			if(is_null($value)) {
+ 				$this->help = new CHelp();
+ 			} 
+@@ -110,8 +110,8 @@
+ 			} 
+ 			else if(is_string($value)) {
+ 				$this->help = new CHelp($value);
+-				if($this->GetName()==NULL)
+-					$this->SetName($value);
++				if($this->getName()==NULL)
++					$this->setName($value);
+ 			} 
+ 			else {
+ 				return $this->error("Incorrect value for SetHelp [$value]");
+@@ -119,21 +119,21 @@
+ 			return 0;
+ 		}
+ 		
+-		function AddVar($name, $value){
+-			$this->AddItemToTopRow(new CVar($name, $value));
++		function addVar($name, $value){
++			$this->addItemToTopRow(new CVar($name, $value));
+ 		}
+ 		
+-		function AddItemToTopRow($value){
++		function addItemToTopRow($value){
+ 			array_push($this->top_items, $value);
+ 		}
+ 		
+-		function AddRow($item1, $item2=NULL, $class=NULL){
++		function addRow($item1, $item2=NULL, $class=NULL){
+ 			if(strtolower(get_class($item1)) == 'crow'){
+ 			
+ 			} 
+ 			else if(strtolower(get_class($item1)) == 'ctable'){
+ 				$td = new CCol($item1,'form_row_c');
+-				$td->SetColSpan(2);
++				$td->setColSpan(2);
+ 				
+ 				$item1 = new CRow($td);
+ 			} 
+@@ -157,7 +157,7 @@
+ 			array_push($this->center_items, $item1);
+ 		}
+ 		
+-		function AddSpanRow($value, $class=NULL){
++		function addSpanRow($value, $class=NULL){
+ 			if(is_string($value))
+ 				$item1=nbsp($value);
+ 
+@@ -165,16 +165,16 @@
+ 			if(is_null($class)) $class = 'form_row_c';
+ 
+ 			$col = new CCol($value,$class);
+-		        $col->SetColSpan(2);
++		        $col->setColSpan(2);
+ 			array_push($this->center_items,new CRow($col));
+ 		}
+ 		
+ 		
+-		function AddItemToBottomRow($value){
+-			$this->bottom_items->AddItem($value);
++		function addItemToBottomRow($value){
++			$this->bottom_items->addItem($value);
+ 		}
+ 
+-		function SetTableClass($class){
++		function setTableClass($class){
+ 			if(is_string($class)){
+ 				$this->tableclass = $class;
+ 			}
+@@ -186,25 +186,25 @@
+ 
+ 			$tbl = new CTable(NULL,$this->tableclass);
+ 
+-			$tbl->SetOddRowClass('form_odd_row');
+-			$tbl->SetEvenRowClass('form_even_row');
+-			$tbl->SetCellSpacing(0);
+-			$tbl->SetCellPadding(1);
+-			$tbl->SetAlign($this->align);
++			$tbl->setOddRowClass('form_odd_row');
++			$tbl->setEvenRowClass('form_even_row');
++			$tbl->setCellSpacing(0);
++			$tbl->setCellPadding(1);
++			$tbl->setAlign($this->align);
+ # add first row
+ 			$col = new CCol(NULL,'form_row_first');
+-			$col->SetColSpan(2);
++			$col->setColSpan(2);
+ 			
+-			if(isset($this->help))			$col->AddItem($this->help);
+-			if(isset($this->title))		 	$col->AddItem($this->title);
+-			foreach($this->top_items as $item)	$col->AddItem($item);
++			if(isset($this->help))			$col->addItem($this->help);
++			if(isset($this->title))		 	$col->addItem($this->title);
++			foreach($this->top_items as $item)	$col->addItem($item);
+ 			
+-			$tbl->SetHeader($col);
++			$tbl->setHeader($col);
+ # add last row
+-			$tbl->SetFooter($this->bottom_items);
++			$tbl->setFooter($this->bottom_items);
+ # add center rows
+ 			foreach($this->center_items as $item){
+-				$tbl->AddRow($item);
++				$tbl->addRow($item);
+ 			}
+ 		return $tbl->ToString();
+ 		}
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/
+
+This hunk adds session identifier transmission during Ajax requests.
+It also reshuffles some JavaScript functions and adds many whitespace
+changes.
+
+Index: frontends/php/js/cookies.js
+===================================================================
+--- frontends/php/js/cookies.js	(revision 6622)
++++ frontends/php/js/cookies.js	(revision 6623)
+@@ -1,78 +0,0 @@
+-//Javascript document
+-/*
+-** ZABBIX
+-** Copyright (C) 2000-2005 SIA Zabbix
+-**
+-** This program is free software; you can redistribute it and/or modify
+-** it under the terms of the GNU General Public License as published by
+-** the Free Software Foundation; either version 2 of the License, or
+-** (at your option) any later version.
+-**
+-** This program is distributed in the hope that it will be useful,
+-** but WITHOUT ANY WARRANTY; without even the implied warranty of
+-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-** GNU General Public License for more details.
+-**
+-** You should have received a copy of the GNU General Public License
+-** along with this program; if not, write to the Free Software
+-** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+-**/ 
+-// Title: cookies class
+-// Description: to manipulate cookies on client side
+-// Author: Aly
+-
+-var cookie ={
+-cookies: new Array(),
+-
+-init: function () {
+-	var allCookies = document.cookie.split('; ');
+-	for (var i=0;i<allCookies.length;i++) {
+-		var cookiePair = allCookies[i].split('=');
+-		this.cookies[cookiePair[0]] = cookiePair[1];
+-	}
+-},
+-
+-create: function (name,value,days) {
+-	if(days) {
+-		var date = new Date();
+-		date.setTime(date.getTime()+(days*24*60*60*1000));
+-		var expires = "; expires="+date.toGMTString();
+-	}else{ 
+-		var expires = "";
+-	}
+-	
+-	document.cookie = name+"="+value+expires+"; path=/";
+-	this.cookies[name] = value;
+-},
+-
+-read : function(name){
+-	if(typeof(this.cookies[name]) != 'undefined'){
+-		return this.cookies[name];
+-	} else {
+-		var nameEQ = name + "=";
+-		var ca = document.cookie.split(';');
+-		for(var i=0;i < ca.length;i++) {
+-			var c = ca[i];
+-			while (c.charAt(0)==' ') c = c.substring(1,c.length);
+-			if(c.indexOf(nameEQ) == 0)	return this.cookies[name] = c.substring(nameEQ.length,c.length);
+-		}
+-	}
+-	return null;
+-},
+-
+-printall: function() {
+-	var allCookies = document.cookie.split('; ');
+-	for (var i=0;i<allCookies.length;i++) {
+-		var cookiePair = allCookies[i].split('=');
+-		
+-		alert("[" + cookiePair[0] + "] is " + cookiePair[1]); // assumes print is already defined
+-	}
+-},
+-
+-erase: function (name) {
+-	this.create(name,'',-1);
+-	this.cookies[name] = undefined;
+-}
+-}
+-
+-cookie.init();
+\ No newline at end of file
+Index: frontends/php/js/url.js
+===================================================================
+--- frontends/php/js/url.js	(revision 6622)
++++ frontends/php/js/url.js	(revision 6623)
+@@ -1,256 +0,0 @@
+-// JavaScript Document
+-/*
+-** ZABBIX
+-** Copyright (C) 2000-2007 SIA Zabbix
+-**
+-** This program is free software; you can redistribute it and/or modify
+-** it under the terms of the GNU General Public License as published by
+-** the Free Software Foundation; either version 2 of the License, or
+-** (at your option) any later version.
+-**
+-** This program is distributed in the hope that it will be useful,
+-** but WITHOUT ANY WARRANTY; without even the implied warranty of
+-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-** GNU General Public License for more details.
+-**
+-** You should have received a copy of the GNU General Public License
+-** along with this program; if not, write to the Free Software
+-** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+-**
+-*/
+-
+-// Title: url manipulation class
+-// Author: Aly
+-
+-
+-var url = Class.create();
+-
+-url.prototype = {
+-url: 		'',		//	actually, it's depricated/private variable 
+-port:		 -1,
+-host: 		'',
+-protocol: 	'',
+-username:	'',
+-password:	'',
+-filr:		'',
+-reference:	'',
+-path:		'',
+-query:		'',
+-arguments: new Array(),
+-
+-initialize: function(url){
+-	this.url=unescape(url);
+-	
+-	this.query=(this.url.indexOf('?')>=0)?this.url.substring(this.url.indexOf('?')+1):'';
+-	if(this.query.indexOf('#')>=0) this.query=this.query.substring(0,this.query.indexOf('#'));
+-	
+-	var protocolSepIndex=this.url.indexOf('://');
+-	if(protocolSepIndex>=0){
+-		this.protocol=this.url.substring(0,protocolSepIndex).toLowerCase();
+-		this.host=this.url.substring(protocolSepIndex+3);
+-		if(this.host.indexOf('/')>=0) this.host=this.host.substring(0,this.host.indexOf('/'));
+-		var atIndex=this.host.indexOf('@');
+-		if(atIndex>=0){
+-			var credentials=this.host.substring(0,atIndex);
+-			var colonIndex=credentials.indexOf(':');
+-			if(colonIndex>=0){
+-				this.username=credentials.substring(0,colonIndex);
+-				this.password=credentials.substring(colonIndex);
+-			}else{
+-				this.username=credentials;
+-			}
+-			this.host=this.host.substring(atIndex+1);
+-		}
+-		
+-		var host_ipv6 = this.host.indexOf(']');
+-		if(host_ipv6>=0){
+-			if(host_ipv6 < (this.host.length-1)){
+-				host_ipv6++;
+-				var host_less = this.host.substring(host_ipv6);
+-
+-				var portColonIndex=host_less.indexOf(':');
+-				if(portColonIndex>=0){
+-					this.port=host_less.substring(portColonIndex+1);
+-					this.host=this.host.substring(0,host_ipv6);
+-				}
+-			}
+-		}
+-		else{
+-			var portColonIndex=this.host.indexOf(':');
+-			if(portColonIndex>=0){
+-				this.port=this.host.substring(portColonIndex+1);
+-				this.host=this.host.substring(0,portColonIndex);
+-			}
+-		}
+-		this.file=this.url.substring(protocolSepIndex+3);
+-		this.file=this.file.substring(this.file.indexOf('/'));
+-	}else{
+-		this.file=this.url;
+-	}
+-	if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?'));
+-
+-	var refSepIndex=url.indexOf('#');
+-	if(refSepIndex>=0){
+-		this.file=this.file.substring(0,refSepIndex);
+-		this.reference=this.url.substring(this.url.indexOf('#'));
+-	}
+-	this.path=this.file;
+-	if(this.query.length>0) this.file+='?'+this.query;
+-	if(this.reference.length>0) this.file+='#'+this.reference;
+-	if(this.query.length > 0)	this.getArguments();
+-},
+-
+-getArguments: function(){
+-	var args=this.query.split('&');
+-	var keyval='';
+-	
+-	if(args.length<1) return;
+-	
+-	for(i=0;i<args.length;i++){
+-		keyval=args[i].split('=');
+-		this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]);
+-	}
+-},
+-
+-getArgumentValue: function(key){
+-	if(key.length<1) return '';
+-	for(i=0; i < this.arguments.length; i++){
+-		if(this.arguments[i][0] == key) return this.arguments[i][1];
+-	}
+-	
+-return '';
+-},
+-
+-getArgumentValues: function(){
+-	var a=new Array();
+-	var b=this.query.split('&');
+-	var c='';
+-	if(b.length<1) return a;
+-	for(i=0;i<b.length;i++){
+-		c=b[i].split('=');
+-		a[i]=new Array(c[0],((c.length==1)?c[0]:c[1]));
+-	}
+-return a;
+-},
+-
+-getUrl: function(){
+-	var uri = (this.protocol.length > 0)?(this.protocol+'://'):'';
+-	uri +=  encodeURI((this.username.length > 0)?(this.username):'');
+-	uri +=  encodeURI((this.password.length > 0)?(':'+this.password):'');
+-	uri +=  (this.host.length > 0)?(this.host):'';
+-	uri +=  (this.port.length > 0)?(':'+this.port):'';
+-	uri +=  encodeURI((this.path.length > 0)?(this.path):'');
+-	uri +=  encodeURI((this.query.length > 0)?('?'+this.query):'');
+-	uri +=  encodeURI((this.reference.length > 0)?('#'+this.reference):'');
+-//	alert(uri.getProtocol()+' : '+uri.getHost()+' : '+uri.getPort()+' : '+uri.getPath()+' : '+uri.getQuery());
+-return uri;
+-},
+-
+-setArgument: function(key,value){
+-
+-	var valueisset = false;
+-	if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument';
+-	
+-	value =('undefined' != typeof(value))?value:'';
+-
+-	for(i=0; i < this.arguments.length; i++){
+-		if(this.arguments[i][0] == key){
+-			valueisset = true;
+-			this.arguments[i][1] = value;
+-		}
+-	}	
+-	if(!valueisset)	this.arguments[this.arguments.length] = new Array(key,value);
+-	this.formatQuery();
+-},
+-
+-formatQuery: function(){
+-	if(this.arguments.lenght < 1) return;
+-	
+-	var query = '';
+-	for(i=0; i < this.arguments.length; i++){		
+-		query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&';
+-	}
+-	this.query = query.substring(0,query.length-1);
+-},
+-
+-getPort: function(){ 
+-	return this.port;
+-},
+-
+-setPort: function(port){
+-	this.port = port;
+-},
+-
+-getQuery: function(){ 
+-	return this.query;
+-},
+-
+-setQuery: function(query){ 
+-	this.query = query;
+-	this.getArgumentValues();
+-	this.formatQuery();
+-},
+-
+-/* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */
+-getProtocol: function(){
+-	return this.protocol;
+-},
+-
+-setProtocol: function(protocol){
+-	this.protocol = protocol;
+-},
+-/* Returns the host name of this URL, i.e. 'server.com' in the url 'http://server.com/' */
+-getHost: function(){
+-	return this.host;
+-},
+-
+-setHost: function(set){
+-	this.host = host;
+-},
+-
+-/* Returns the user name part of this URL, i.e. 'joe' in the url 'http://joe@server.com/' */
+-getUserName: function(){
+-	return this.username;
+-},
+-
+-setUserName: function(username){
+-	this.username = username;
+-},
+-
+-/* Returns the password part of this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */
+-getPassword: function(){
+-	return this.password;
+-},
+-
+-setPassword: function(password){
+-	this.password = password;
+-},
+-
+-/* Returns the file part of this url, i.e. everything after the host name. */
+-getFile: function(){
+-	return this.file = file;
+-},
+-
+-setFile: function(file){
+-	this.file = file;
+-},
+-
+-/* Returns the reference of this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */
+-getReference: function(){
+-	return this.reference;
+-},
+-
+-setReference: function(reference){
+-	this.reference = reference;
+-},
+-
+-/* Returns the file path of this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */
+-getPath: function(){
+-	return this.path;
+-},
+-
+-setPath: function(path){
+-	this.path = path;
+-}
+-
+-}
+\ No newline at end of file
+Index: frontends/php/js/updater.js
+===================================================================
+--- frontends/php/js/updater.js	(revision 6622)
++++ frontends/php/js/updater.js	(revision 6623)
+@@ -27,7 +27,7 @@
+ 
+ 	setObj4Update: function(id,frequency,url,params){
+ 		var obj = document.getElementById(id);
+-		if((typeof(obj) == 'undefined')) return false; 
++		if(typeof(obj) == 'undefined') return false; 
+ 	
+ 		var obj4update = {
+ 			'id': 		id,
+@@ -65,7 +65,9 @@
+ 		obj4update.ready = false;
+ 		
+ 		var uri = new url(obj4update.url);
+-		new Ajax.Updater(obj4update.id, obj4update.url,
++		uri.setArgument('sessionid', cookie.read('zbx_sessionid'));
++
++		new Ajax.Updater(obj4update.id, uri.getUrl(),//obj4update.url,
+ 			{
+ 				method: 'post',
+ 				'parameters':	obj4update.params,
+Index: frontends/php/js/gpc.js
+===================================================================
+--- frontends/php/js/gpc.js	(revision 0)
++++ frontends/php/js/gpc.js	(revision 6623)
+@@ -0,0 +1,315 @@
++//Javascript document
++/*
++** ZABBIX
++** Copyright (C) 2000-2009 SIA Zabbix
++**
++** This program is free software; you can redistribute it and/or modify
++** it under the terms of the GNU General Public License as published by
++** the Free Software Foundation; either version 2 of the License, or
++** (at your option) any later version.
++**
++** This program is distributed in the hope that it will be useful,
++** but WITHOUT ANY WARRANTY; without even the implied warranty of
++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++** GNU General Public License for more details.
++**
++** You should have received a copy of the GNU General Public License
++** along with this program; if not, write to the Free Software
++** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++**/
++
++// Title: cookies class
++// Description: to manipulate cookies on client side
++// Author: Aly
++var cookie ={
++cookies: new Array(),
++
++init: function () {
++	var allCookies = document.cookie.split('; ');
++	for (var i=0;i<allCookies.length;i++) {
++		var cookiePair = allCookies[i].split('=');
++		this.cookies[cookiePair[0]] = cookiePair[1];
++	}
++},
++
++create: function (name,value,days) {
++	if(days) {
++		var date = new Date();
++		date.setTime(date.getTime()+(days*24*60*60*1000));
++		var expires = "; expires="+date.toGMTString();
++	}
++	else{ 
++		var expires = "";
++	}
++	
++	document.cookie = name+"="+value+expires+"; path=/";
++	this.cookies[name] = value;
++},
++
++read : function(name){
++	if(typeof(this.cookies[name]) != 'undefined'){
++		return this.cookies[name];
++	} 
++	else {
++		var nameEQ = name + "=";
++		var ca = document.cookie.split(';');
++		for(var i=0;i < ca.length;i++) {
++			var c = ca[i];
++			while (c.charAt(0)==' ') c = c.substring(1,c.length);
++			if(c.indexOf(nameEQ) == 0)	return this.cookies[name] = c.substring(nameEQ.length,c.length);
++		}
++	}
++	return null;
++},
++
++printall: function() {
++	var allCookies = document.cookie.split('; ');
++	for(var i=0;i<allCookies.length;i++){
++		var cookiePair = allCookies[i].split('=');
++		
++		alert("[" + cookiePair[0] + "] is " + cookiePair[1]); // assumes print is already defined
++	}
++},
++
++erase: function (name) {
++	this.create(name,'',-1);
++	this.cookies[name] = undefined;
++}
++}
++
++cookie.init();
++
++
++
++// Title: url manipulation class
++// Author: Aly
++var url = Class.create();
++
++url.prototype = {
++url: 		'',		//	actually, it's depricated/private variable 
++port:		 -1,
++host: 		'',
++protocol: 	'',
++username:	'',
++password:	'',
++filr:		'',
++reference:	'',
++path:		'',
++query:		'',
++arguments: new Array(),
++
++initialize: function(url){
++	this.url=unescape(url);
++	
++	this.query=(this.url.indexOf('?')>=0)?this.url.substring(this.url.indexOf('?')+1):'';
++	if(this.query.indexOf('#')>=0) this.query=this.query.substring(0,this.query.indexOf('#'));
++	
++	var protocolSepIndex=this.url.indexOf('://');
++	if(protocolSepIndex>=0){
++		this.protocol=this.url.substring(0,protocolSepIndex).toLowerCase();
++		this.host=this.url.substring(protocolSepIndex+3);
++		if(this.host.indexOf('/')>=0) this.host=this.host.substring(0,this.host.indexOf('/'));
++		var atIndex=this.host.indexOf('@');
++		if(atIndex>=0){
++			var credentials=this.host.substring(0,atIndex);
++			var colonIndex=credentials.indexOf(':');
++			if(colonIndex>=0){
++				this.username=credentials.substring(0,colonIndex);
++				this.password=credentials.substring(colonIndex);
++			}else{
++				this.username=credentials;
++			}
++			this.host=this.host.substring(atIndex+1);
++		}
++		
++		var host_ipv6 = this.host.indexOf(']');
++		if(host_ipv6>=0){
++			if(host_ipv6 < (this.host.length-1)){
++				host_ipv6++;
++				var host_less = this.host.substring(host_ipv6);
++
++				var portColonIndex=host_less.indexOf(':');
++				if(portColonIndex>=0){
++					this.port=host_less.substring(portColonIndex+1);
++					this.host=this.host.substring(0,host_ipv6);
++				}
++			}
++		}
++		else{
++			var portColonIndex=this.host.indexOf(':');
++			if(portColonIndex>=0){
++				this.port=this.host.substring(portColonIndex+1);
++				this.host=this.host.substring(0,portColonIndex);
++			}
++		}
++		this.file=this.url.substring(protocolSepIndex+3);
++		this.file=this.file.substring(this.file.indexOf('/'));
++	}else{
++		this.file=this.url;
++	}
++	if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?'));
++
++	var refSepIndex=url.indexOf('#');
++	if(refSepIndex>=0){
++		this.file=this.file.substring(0,refSepIndex);
++		this.reference=this.url.substring(this.url.indexOf('#'));
++	}
++	this.path=this.file;
++	if(this.query.length>0) this.file+='?'+this.query;
++	if(this.reference.length>0) this.file+='#'+this.reference;
++	if(this.query.length > 0)	this.getArguments();
++},
++
++getArguments: function(){
++	var args=this.query.split('&');
++	var keyval='';
++	
++	if(args.length<1) return;
++	
++	for(i=0;i<args.length;i++){
++		keyval=args[i].split('=');
++		this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]);
++	}
++},
++
++getArgumentValue: function(key){
++	if(key.length<1) return '';
++	for(i=0; i < this.arguments.length; i++){
++		if(this.arguments[i][0] == key) return this.arguments[i][1];
++	}
++	
++return '';
++},
++
++getArgumentValues: function(){
++	var a=new Array();
++	var b=this.query.split('&');
++	var c='';
++	if(b.length<1) return a;
++	for(i=0;i<b.length;i++){
++		c=b[i].split('=');
++		a[i]=new Array(c[0],((c.length==1)?c[0]:c[1]));
++	}
++return a;
++},
++
++getUrl: function(){
++	var uri = (this.protocol.length > 0)?(this.protocol+'://'):'';
++	uri +=  encodeURI((this.username.length > 0)?(this.username):'');
++	uri +=  encodeURI((this.password.length > 0)?(':'+this.password):'');
++	uri +=  (this.host.length > 0)?(this.host):'';
++	uri +=  (this.port.length > 0)?(':'+this.port):'';
++	uri +=  encodeURI((this.path.length > 0)?(this.path):'');
++	uri +=  encodeURI((this.query.length > 0)?('?'+this.query):'');
++	uri +=  encodeURI((this.reference.length > 0)?('#'+this.reference):'');
++//	alert(uri.getProtocol()+' : '+uri.getHost()+' : '+uri.getPort()+' : '+uri.getPath()+' : '+uri.getQuery());
++return uri;
++},
++
++setArgument: function(key,value){
++
++	var valueisset = false;
++	if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument';
++	
++	value =('undefined' != typeof(value))?value:'';
++
++	for(i=0; i < this.arguments.length; i++){
++		if(this.arguments[i][0] == key){
++			valueisset = true;
++			this.arguments[i][1] = value;
++		}
++	}	
++	if(!valueisset)	this.arguments[this.arguments.length] = new Array(key,value);
++	this.formatQuery();
++},
++
++formatQuery: function(){
++	if(this.arguments.lenght < 1) return;
++	
++	var query = '';
++	for(i=0; i < this.arguments.length; i++){		
++		query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&';
++	}
++	this.query = query.substring(0,query.length-1);
++},
++
++getPort: function(){ 
++	return this.port;
++},
++
++setPort: function(port){
++	this.port = port;
++},
++
++getQuery: function(){ 
++	return this.query;
++},
++
++setQuery: function(query){ 
++	this.query = query;
++	this.getArgumentValues();
++	this.formatQuery();
++},
++
++/* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */
++getProtocol: function(){
++	return this.protocol;
++},
++
++setProtocol: function(protocol){
++	this.protocol = protocol;
++},
++/* Returns the host name of this URL, i.e. 'server.com' in the url 'http://server.com/' */
++getHost: function(){
++	return this.host;
++},
++
++setHost: function(set){
++	this.host = host;
++},
++
++/* Returns the user name part of this URL, i.e. 'joe' in the url 'http://joe@server.com/' */
++getUserName: function(){
++	return this.username;
++},
++
++setUserName: function(username){
++	this.username = username;
++},
++
++/* Returns the password part of this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */
++getPassword: function(){
++	return this.password;
++},
++
++setPassword: function(password){
++	this.password = password;
++},
++
++/* Returns the file part of this url, i.e. everything after the host name. */
++getFile: function(){
++	return this.file = file;
++},
++
++setFile: function(file){
++	this.file = file;
++},
++
++/* Returns the reference of this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */
++getReference: function(){
++	return this.reference;
++},
++
++setReference: function(reference){
++	this.reference = reference;
++},
++
++/* Returns the file path of this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */
++getPath: function(){
++	return this.path;
++},
++
++setPath: function(path){
++	this.path = path;
++}
++}
+\ No newline at end of file
+Index: frontends/php/js/ajax_req.js
+===================================================================
+--- frontends/php/js/ajax_req.js	(revision 6622)
++++ frontends/php/js/ajax_req.js	(revision 6623)
+@@ -19,6 +19,8 @@
+ **/
+ 
+ function send_params(params){
++	if(typeof(params) == 'undefined') var params = new Array();
++	params['sessionid'] = cookie.read('zbx_sessionid');
+ 
+ 	var uri = new url(location.href);
+ 	new Ajax.Request(uri.getPath()+"?output=ajax",
+Index: frontends/php/dashboard.php
+===================================================================
+--- frontends/php/dashboard.php	(revision 6622)
++++ frontends/php/dashboard.php	(revision 6623)
+@@ -42,8 +42,8 @@
+ 		'view_style'=>	array(T_ZBX_INT, O_OPT,	P_SYS,	IN('0,1'),		NULL),
+ 		'type'=>		array(T_ZBX_INT, O_OPT,	P_SYS,	IN('0,1'),		NULL),
+ 		
+-		'output'=>		array(T_ZBX_STR, O_OPT, P_ACT,	NULL,			NULL),
+-		'jsscriptid'=>	array(T_ZBX_STR, O_OPT, P_ACT,	NULL,			NULL),
++		'output'=>		array(T_ZBX_STR, O_OPT, P_SYS,	NULL,			NULL),
++		'jsscriptid'=>	array(T_ZBX_STR, O_OPT, P_SYS,	NULL,			NULL),
+ 		'fullscreen'=>	array(T_ZBX_INT, O_OPT,	P_SYS,	IN('0,1'),		NULL),
+ 		
+ //ajax
+@@ -56,7 +56,7 @@
+ 	);
+ 
+ 	check_fields($fields);
+-	
++
+ 	$available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_RES_IDS_ARRAY);
+ // ACTION /////////////////////////////////////////////////////////////////////////////
+ 	if(isset($_REQUEST['favobj'])){
+Index: frontends/php/include/page_header.php
+===================================================================
+--- frontends/php/include/page_header.php	(revision 6622)
++++ frontends/php/include/page_header.php	(revision 6623)
+@@ -428,8 +428,8 @@
+ 
+ <script type="text/javascript" src="js/prototype.js"></script>
+ <script type="text/javascript" src="js/common.js"></script>
++<script type="text/javascript" src="js/gpc.js"></script>
+ <script type="text/javascript" src="js/ajax_req.js"></script>
+-<script type="text/javascript" src="js/url.js"></script>
+ <script type="text/javascript" src="js/chkbxrange.js"></script>
+ <?php
+ 	if(isset($page['scripts']) && is_array($page['scripts'])){
+Index: frontends/php/include/validate.inc.php
+===================================================================
+--- frontends/php/include/validate.inc.php	(revision 6622)
++++ frontends/php/include/validate.inc.php	(revision 6623)
+@@ -432,7 +432,7 @@
+ 			if(!isset($_REQUEST[$field])){
+ 				return ZBX_VALID_OK;
+ 			}
+-			else if(($flags&P_ACT) && !isset($_REQUEST['zbx_form'])){
++			else if(($flags&P_ACT) && !isset($_REQUEST['sessionid'])){
+ 				return ZBX_VALID_ERROR;
+ 			}
+ 		}
+@@ -465,8 +465,7 @@
+ 
+ //		VAR							TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
+ 	$system_fields=array(
+-		'sessionid'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	HEX(), 'isset({zbx_form})'),
+-		'zbx_form'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	NOT_EMPTY, NULL),
++		'sessionid'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	HEX(), NULL),
+ // 
+ 		'switch_node'=>		array(T_ZBX_INT, O_OPT,	 P_SYS,	DB_ID,NULL),
+ 		'triggers_hash'=>	array(T_ZBX_STR, O_OPT,	 P_SYS,	NOT_EMPTY,NULL),
+Index: frontends/php/include/classes/ctree.inc.php
+===================================================================
+--- frontends/php/include/classes/ctree.inc.php	(revision 6622)
++++ frontends/php/include/classes/ctree.inc.php	(revision 6623)
+@@ -214,7 +214,6 @@
+ 	global $page;
+ 		$js = '
+ 		<script src="js/tree.js" type="text/javascript"></script>
+-		<script src="js/cookies.js" type="text/javascript"></script>	
+ 		<script type="text/javascript"> 
+ 				var treenode = new Array(0);
+ 				var tree_name = "tree_'.$this->getUserAlias().'_'.$page["file"].'";
+Index: frontends/php/include/classes/cform.inc.php
+===================================================================
+--- frontends/php/include/classes/cform.inc.php	(revision 6622)
++++ frontends/php/include/classes/cform.inc.php	(revision 6623)
+@@ -27,7 +27,6 @@
+ 			$this->setAction($action);
+ 			$this->setEnctype($enctype);
+ 			
+-			$this->addVar('zbx_form', 'action');
+ 			$this->addVar('sessionid', $_COOKIE['zbx_sessionid']);
+ 		}
+ 		
+Index: frontends/php/index.php
+===================================================================
+--- frontends/php/index.php	(revision 6622)
++++ frontends/php/index.php	(revision 6623)
+@@ -33,8 +33,8 @@
+ 		"password"=>		array(T_ZBX_STR, O_OPT,	NULL,	NULL,		'isset({enter})'),
+ 		"sessionid"=>		array(T_ZBX_STR, O_OPT,	NULL,	NULL,		NULL),
+ 		"message"=>			array(T_ZBX_STR, O_OPT,	NULL,	NULL,		NULL),
+-		"reconnect"=>		array(T_ZBX_INT, O_OPT,	P_ACT, BETWEEN(0,65535),NULL),
+-		"enter"=>			array(T_ZBX_STR, O_OPT, P_SYS|P_ACT,    NULL,   NULL),
++		"reconnect"=>		array(T_ZBX_INT, O_OPT,	NULL, BETWEEN(0,65535),NULL),
++		"enter"=>			array(T_ZBX_STR, O_OPT, P_SYS,    NULL,   NULL),
+ 		"form"=>			array(T_ZBX_STR, O_OPT, P_SYS,  NULL,   	NULL),
+ 		"form_refresh"=>	array(T_ZBX_INT, O_OPT, NULL,   NULL,   	NULL)
+ 	);
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/
+
+Checks if 'zbx_sessionid' cookie is really here before setting
+'sessionid' variable.
+
+Index: frontends/php/include/classes/cform.inc.php
+===================================================================
+--- frontends/php/include/classes/cform.inc.php	(revision 6624)
++++ frontends/php/include/classes/cform.inc.php	(revision 6625)
+@@ -27,7 +27,8 @@
+ 			$this->setAction($action);
+ 			$this->setEnctype($enctype);
+ 			
+-			$this->addVar('sessionid', $_COOKIE['zbx_sessionid']);
++			if(isset($_COOKIE['zbx_sessionid']))
++				$this->addVar('sessionid', $_COOKIE['zbx_sessionid']);
+ 		}
+ 		
+ 		function setMethod($value='post'){
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Obtained from svn://svn.zabbix.com/branches/1.6/frontends/php/
+
+This hunk basically trades the name 'sessionid' for 'sid'.  It also
+reshuffles many functions, adds many whitespace changes and implants
+URL manipulation tools for JavaScript.
+
+Index: frontends/php/users.php
+===================================================================
+--- frontends/php/users.php	(revision 6643)
++++ frontends/php/users.php	(revision 6644)
+@@ -1,7 +1,7 @@
+ <?php
+ /* 
+ ** ZABBIX
+-** Copyright (C) 2000-2005 SIA Zabbix
++** Copyright (C) 2000-2009 SIA Zabbix
+ **
+ ** This program is free software; you can redistribute it and/or modify
+ ** it under the terms of the GNU General Public License as published by
+@@ -24,6 +24,7 @@
+ 	require_once('include/media.inc.php');
+ 	require_once('include/users.inc.php');
+ 	require_once('include/forms.inc.php');
++	require_once('include/classes/curl.inc.php');
+ 	require_once('include/js.inc.php');
+ 
+ 	$page['title'] = 'S_USERS';
+@@ -32,7 +33,6 @@
+ 	$page['scripts'] = array('menu_scripts.js');
+ 
+ include_once('include/page_header.php');
+-
+ ?>
+ <?php
+ 	$_REQUEST['config']=get_request('config',get_profile('web.users.config',0));
+Index: frontends/php/js/menu.js
+===================================================================
+--- frontends/php/js/menu.js	(revision 6643)
++++ frontends/php/js/menu.js	(revision 6644)
+@@ -386,8 +386,13 @@
+ 		this.n_y -= this.getprop('height') * (o_parent.a_config.length - item_offset);
+ 	}
+ 
++	if(!is_null(this.a_config[1]) && (this.a_config[1].indexOf('javascript') == -1)){
++		var uri = new url(this.a_config[1]);
++		this.a_config[1] = uri.getUrl();
++	}
++	
+ 	// generate item's HMTL
+-	var el = document.createElement("a");
++	var el = document.createElement('a');
+ 	el.setAttribute('id', 'e' + o_root.n_id + '_' + this.n_id + 'o');
+ 	el.setAttribute('href', this.a_config[1]);
+ 
+Index: frontends/php/js/updater.js
+===================================================================
+--- frontends/php/js/updater.js	(revision 6643)
++++ frontends/php/js/updater.js	(revision 6644)
+@@ -65,8 +65,6 @@
+ 		obj4update.ready = false;
+ 		
+ 		var uri = new url(obj4update.url);
+-		uri.setArgument('sessionid', cookie.read('zbx_sessionid'));
+-
+ 		new Ajax.Updater(obj4update.id, uri.getUrl(),//obj4update.url,
+ 			{
+ 				method: 'post',
+Index: frontends/php/js/gpc.js
+===================================================================
+--- frontends/php/js/gpc.js	(revision 6643)
++++ frontends/php/js/gpc.js	(revision 6644)
+@@ -96,7 +96,7 @@
+ reference:	'',
+ path:		'',
+ query:		'',
+-arguments: new Array(),
++arguments:  {},
+ 
+ initialize: function(url){
+ 	this.url=unescape(url);
+@@ -116,7 +116,8 @@
+ 			if(colonIndex>=0){
+ 				this.username=credentials.substring(0,colonIndex);
+ 				this.password=credentials.substring(colonIndex);
+-			}else{
++			}
++			else{
+ 				this.username=credentials;
+ 			}
+ 			this.host=this.host.substring(atIndex+1);
+@@ -144,9 +145,11 @@
+ 		}
+ 		this.file=this.url.substring(protocolSepIndex+3);
+ 		this.file=this.file.substring(this.file.indexOf('/'));
+-	}else{
++	}
++	else{
+ 		this.file=this.url;
+ 	}
++	
+ 	if(this.file.indexOf('?')>=0) this.file=this.file.substring(0, this.file.indexOf('?'));
+ 
+ 	var refSepIndex=url.indexOf('#');
+@@ -157,42 +160,51 @@
+ 	this.path=this.file;
+ 	if(this.query.length>0) this.file+='?'+this.query;
+ 	if(this.reference.length>0) this.file+='#'+this.reference;
+-	if(this.query.length > 0)	this.getArguments();
++	if(this.query.length > 0)	this.formatArguments();
++	
++	var sid = cookie.read('zbx_sessionid');
++	this.setArgument('sid', sid.substring(16));
+ },
+ 
+-getArguments: function(){
++
++formatQuery: function(){
++	if(this.arguments.lenght < 1) return;
++	
++	var query = '';
++	for(var key in this.arguments){
++		if(typeof(this.arguments[key]) != 'undefined'){
++			query+=key+'='+this.arguments[key]+'&';
++		}
++	}
++	this.query = query.substring(0,query.length-1);
++},
++
++formatArguments: function(){
+ 	var args=this.query.split('&');
+ 	var keyval='';
+-	
++
+ 	if(args.length<1) return;
+ 	
+-	for(i=0;i<args.length;i++){
+-		keyval=args[i].split('=');
+-		this.arguments[i] = new Array(keyval[0],(keyval.length==1)?keyval[0]:keyval[1]);
++	for(i=0; i<args.length; i++){
++		keyval = args[i].split('=');
++		this.arguments[keyval[0]] = (keyval.length>1)?keyval[1]:'';
+ 	}
+ },
+ 
+-getArgumentValue: function(key){
+-	if(key.length<1) return '';
+-	for(i=0; i < this.arguments.length; i++){
+-		if(this.arguments[i][0] == key) return this.arguments[i][1];
+-	}
+-	
+-return '';
++setArgument: function(key,value){
++	this.arguments[key] = value;
++	this.formatQuery();
+ },
+ 
+-getArgumentValues: function(){
+-	var a=new Array();
+-	var b=this.query.split('&');
+-	var c='';
+-	if(b.length<1) return a;
+-	for(i=0;i<b.length;i++){
+-		c=b[i].split('=');
+-		a[i]=new Array(c[0],((c.length==1)?c[0]:c[1]));
+-	}
+-return a;
++getArgument: function(key){
++	if(typeof(this.arguments[key]) != 'undefined') return this.arguments[key];
++	else return null;
+ },
+ 
++getArguments: function(){
++	return this.arguments;
++},
++
+ getUrl: function(){
+ 	var uri = (this.protocol.length > 0)?(this.protocol+'://'):'';
+ 	uri +=  encodeURI((this.username.length > 0)?(this.username):'');
+@@ -206,51 +218,30 @@
+ return uri;
+ },
+ 
+-setArgument: function(key,value){
+-
+-	var valueisset = false;
+-	if(typeof(key) == 'undefined') throw 'Invalid argument past for setArgument';
+-	
+-	value =('undefined' != typeof(value))?value:'';
+-
+-	for(i=0; i < this.arguments.length; i++){
+-		if(this.arguments[i][0] == key){
+-			valueisset = true;
+-			this.arguments[i][1] = value;
+-		}
+-	}	
+-	if(!valueisset)	this.arguments[this.arguments.length] = new Array(key,value);
+-	this.formatQuery();
++setPort: function(port){
++	this.port = port;
+ },
+ 
+-formatQuery: function(){
+-	if(this.arguments.lenght < 1) return;
+-	
+-	var query = '';
+-	for(i=0; i < this.arguments.length; i++){		
+-		query+=this.arguments[i][0]+'='+this.arguments[i][1]+'&';
+-	}
+-	this.query = query.substring(0,query.length-1);
+-},
+-
+ getPort: function(){ 
+ 	return this.port;
+ },
+ 
+-setPort: function(port){
+-	this.port = port;
++setQuery: function(query){ 
++	this.query = query;
++	if(this.query.indexOf('?')>=0){
++		this.query= this.query.substring(this.query.indexOf('?')+1);
++	}
++	
++	this.formatArguments();
++	
++	var sid = cookie.read('zbx_sessionid');
++	this.setArgument('sid', sid.substring(16));
+ },
+ 
+ getQuery: function(){ 
+ 	return this.query;
+ },
+ 
+-setQuery: function(query){ 
+-	this.query = query;
+-	this.getArgumentValues();
+-	this.formatQuery();
+-},
+-
+ /* Returns the protocol of this URL, i.e. 'http' in the url 'http://server/' */
+ getProtocol: function(){
+ 	return this.protocol;
+@@ -264,7 +255,7 @@
+ 	return this.host;
+ },
+ 
+-setHost: function(set){
++setHost: function(host){
+ 	this.host = host;
+ },
+ 
+@@ -288,7 +279,7 @@
+ 
+ /* Returns the file part of this url, i.e. everything after the host name. */
+ getFile: function(){
+-	return this.file = file;
++	return this.file;
+ },
+ 
+ setFile: function(file){
+Index: frontends/php/js/menu_scripts.js
+===================================================================
+--- frontends/php/js/menu_scripts.js	(revision 6643)
++++ frontends/php/js/menu_scripts.js	(revision 6644)
+@@ -64,7 +64,7 @@
+ 	for(var i=0; i < menu_usrgrp_gui.length; i++){
+ 		if((typeof(menu_usrgrp_gui[i]) != 'undefined') && !empty(menu_usrgrp_gui[i])){
+ 			var row = menu_usrgrp_gui[i];
+-			var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=1&userid="+userid+"&usrgrpid="+row.usrgrpid);
++			var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=1&userid='+userid+'&usrgrpid='+row.usrgrpid);
+ 			grp_gui_add_to.push(menu_row);
+ 		}
+ 	}
+@@ -73,7 +73,7 @@
+ 	for(var i=0; i < usr_grp_gui_in.length; i++){
+ 		if((typeof(usr_grp_all_in[i]) != 'undefined') && !empty(usr_grp_gui_in[i])){
+ 			var row = usr_grp_gui_in[i];
+-			var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=0&userid="+userid+"&usrgrpid="+row.usrgrpid);
++			var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=0&userid='+userid+'&usrgrpid='+row.usrgrpid);
+ 			grp_gui_rmv_frm.push(menu_row);
+ 		}
+ 	}
+@@ -89,7 +89,7 @@
+ 	for(var i=0; i < menu_usrgrp_status.length; i++){
+ 		if((typeof(menu_usrgrp_status[i]) != 'undefined') && !empty(menu_usrgrp_status[i])){
+ 			var row = menu_usrgrp_status[i];
+-			var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=1&userid="+userid+"&usrgrpid="+row.usrgrpid);
++			var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=1&userid='+userid+'&usrgrpid='+row.usrgrpid);
+ 			grp_status_add_to.push(menu_row);
+ 		}
+ 	}
+@@ -98,7 +98,7 @@
+ 	for(var i=0; i < usr_grp_status_in.length; i++){
+ 		if((typeof(usr_grp_status_in[i]) != 'undefined') && !empty(usr_grp_status_in[i])){
+ 			var row = usr_grp_status_in[i];
+-			var menu_row = new Array(row.name,"users.php?config=0&form=update&grpaction=0&userid="+userid+"&usrgrpid="+row.usrgrpid);
++			var menu_row = new Array(row.name,'users.php?config=0&form=update&grpaction=0&userid='+userid+'&usrgrpid='+row.usrgrpid);
+ 			grp_status_rmv_frm.push(menu_row);
+ 		}
+ 	}
+Index: frontends/php/js/common.js
+===================================================================
+--- frontends/php/js/common.js	(revision 6643)
++++ frontends/php/js/common.js	(revision 6644)
+@@ -82,6 +82,16 @@
+ 	div_help.appendChild(document.createElement("br"));
+ }
+ 
++function SDJ(obj){
++	var debug = '';
++	for(var key in obj) {
++		var value = obj[key];
++		debug+=key+': '+value+'\n';
++	}
++	SDI('\n'+debug);
++}
++
++
+ /// Alpha-Betic sorting
+ 
+ function addListener(element, eventname, expression, bubbling){
+Index: frontends/php/js/ajax_req.js
+===================================================================
+--- frontends/php/js/ajax_req.js	(revision 6643)
++++ frontends/php/js/ajax_req.js	(revision 6644)
+@@ -20,14 +20,16 @@
+ 
+ function send_params(params){
+ 	if(typeof(params) == 'undefined') var params = new Array();
+-	params['sessionid'] = cookie.read('zbx_sessionid');
+ 
+ 	var uri = new url(location.href);
+-	new Ajax.Request(uri.getPath()+"?output=ajax",
++	uri.setQuery('?output=ajax');
++
++	new Ajax.Request(uri.getUrl(),
+ 					{
+ 						'method': 'post',
+ 						'parameters':params,
+-						'onSuccess': function(resp){ },//alert(resp.responseText);
++						'onSuccess': function(resp){ },
++//						'onSuccess': function(resp){ alert(resp.responseText); },
+ 						'onFailure': function(){ document.location = uri.getPath()+'?'+Object.toQueryString(params); }
+ 					}
+ 	);
+Index: frontends/php/dashboard.php
+===================================================================
+--- frontends/php/dashboard.php	(revision 6643)
++++ frontends/php/dashboard.php	(revision 6644)
+@@ -54,7 +54,7 @@
+ 		'action'=>		array(T_ZBX_STR, O_OPT, P_ACT, 	IN("'add','remove'"),NULL),
+ 		'state'=>		array(T_ZBX_INT, O_OPT, P_ACT,  NOT_EMPTY,		'isset({favobj}) && ("hat"=={favobj})'),
+ 	);
+-
++	
+ 	check_fields($fields);
+ 
+ 	$available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_RES_IDS_ARRAY);
+@@ -179,11 +179,11 @@
+ 	$p_elements = array();
+ // Header	
+ 
+-	$url = '?fullscreen='.($_REQUEST['fullscreen']?'0':'1');
++	$url = new Curl('?fullscreen='.($_REQUEST['fullscreen']?'0':'1'));
+ 
+ 	$fs_icon = new CDiv(SPACE,'fullscreen');
+ 	$fs_icon->AddOption('title',$_REQUEST['fullscreen']?S_NORMAL.' '.S_VIEW:S_FULLSCREEN);
+-	$fs_icon->AddAction('onclick',new CScript("javascript: document.location = '".$url."';"));
++	$fs_icon->AddAction('onclick',new CScript("javascript: document.location = '".$url->getUrl()."';"));
+ //-------------
+ 
+ 	$left_tab = new CTable();
+Index: frontends/php/include/func.inc.php
+===================================================================
+--- frontends/php/include/func.inc.php	(revision 6643)
++++ frontends/php/include/func.inc.php	(revision 6644)
+@@ -344,6 +344,18 @@
+ return $pos;
+ }
+ 
++function zbx_substring($haystack, $start, $end=null){
++	if($end < $start) return '';
++	
++	$len = zbx_strlen($haystack);
++	if(is_null($end))
++		$result = substr($haystack, $start);
++	else
++		$result = substr($haystack, $start, ($end - $start));
++
++return $result;
++}
++
+ function uint_in_array($needle,$haystack){
+ 	foreach($haystack as $id => $value)
+ 		if(bccomp($needle,$value) == 0) return true;
+Index: frontends/php/include/screens.inc.php
+===================================================================
+--- frontends/php/include/screens.inc.php	(revision 6643)
++++ frontends/php/include/screens.inc.php	(revision 6644)
+@@ -886,7 +886,7 @@
+ 					$action = 'screenedit.php?form=update'.url_param('screenid').'&x='.$c.'&y='.$r.'#form';
+ 				else
+ 					$action = NULL;
+-
++					
+ 				if($editmode == 1 && isset($_REQUEST["form"]) && 
+ 					isset($_REQUEST["x"]) && $_REQUEST["x"]==$c &&
+ 					isset($_REQUEST["y"]) && $_REQUEST["y"]==$r)
+Index: frontends/php/include/perm.inc.php
+===================================================================
+--- frontends/php/include/perm.inc.php	(revision 6643)
++++ frontends/php/include/perm.inc.php	(revision 6644)
+@@ -44,7 +44,7 @@
+ 	$USER_DETAILS = NULL;
+ 	$login = FALSE;
+ 	
+-	$sessionid = get_request('sessionid',get_cookie('zbx_sessionid'));
++	$sessionid = get_cookie('zbx_sessionid');
+ 
+ 	if(!is_null($sessionid)){
+ 		$sql = 'SELECT u.*,s.* '.
+Index: frontends/php/include/config.inc.php
+===================================================================
+--- frontends/php/include/config.inc.php	(revision 6643)
++++ frontends/php/include/config.inc.php	(revision 6644)
+@@ -65,6 +65,7 @@
+ 	require_once('include/classes/cpumenu.inc.php');
+ 	require_once('include/classes/graph.inc.php');
+ 	require_once('include/classes/cscript.inc.php');
++	require_once('include/classes/curl.inc.php');
+ 
+ // Include Tactical Overview modules
+ 
+Index: frontends/php/include/validate.inc.php
+===================================================================
+--- frontends/php/include/validate.inc.php	(revision 6643)
++++ frontends/php/include/validate.inc.php	(revision 6644)
+@@ -432,8 +432,13 @@
+ 			if(!isset($_REQUEST[$field])){
+ 				return ZBX_VALID_OK;
+ 			}
+-			else if(($flags&P_ACT) && !isset($_REQUEST['sessionid'])){
+-				return ZBX_VALID_ERROR;
++			else if($flags&P_ACT){
++				if(!isset($_REQUEST['sid'])){
++					return ZBX_VALID_ERROR;
++				}
++				else if(isset($_COOKIE['zbx_sessionid']) && ($_REQUEST['sid'] != substr($_COOKIE['zbx_sessionid'],16,16))){
++					return ZBX_VALID_ERROR;
++				}
+ 			}
+ 		}
+ 
+@@ -465,7 +470,7 @@
+ 
+ //		VAR							TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
+ 	$system_fields=array(
+-		'sessionid'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	HEX(), NULL),
++		'sid'=>		array(T_ZBX_STR, O_OPT,	 P_SYS,	HEX(), NULL),
+ // 
+ 		'switch_node'=>		array(T_ZBX_INT, O_OPT,	 P_SYS,	DB_ID,NULL),
+ 		'triggers_hash'=>	array(T_ZBX_STR, O_OPT,	 P_SYS,	NOT_EMPTY,NULL),
+Index: frontends/php/include/classes/clink.inc.php
+===================================================================
+--- frontends/php/include/classes/clink.inc.php	(revision 6643)
++++ frontends/php/include/classes/clink.inc.php	(revision 6644)
+@@ -19,12 +19,14 @@
+ **/
+ ?>
+ <?php
+-	class CLink extends CTag
+-	{
++	class CLink extends CTag{
+ /* public */
+ 		function CLink($item=NULL,$url=NULL,$class=NULL,$action=NULL){
+ 			parent::CTag('a','yes');
+-
++			
++			$uri = new Curl($url);
++			$url = $uri->getUrl();
++			
+ 			$this->tag_start= '';
+ 			$this->tag_end = '';
+ 			$this->tag_body_start = '';
+@@ -36,14 +38,14 @@
+ 			if(!is_null($action))	$this->SetAction($action);
+ 		}
+ 		
+-		function SetAction($value=NULL){
++		function setAction($value=NULL){
+ 			if(is_null($value))
+ 				return $this->options['action'] = $page['file'];
+ 
+ 			return parent::AddAction('onclick', $value);
+ 		}
+ 		
+-		function SetUrl($value){
++		function setUrl($value){
+ 			$this->AddOption('href', $value);
+ 		}
+ 		
+@@ -54,7 +56,7 @@
+ 				return null;
+ 		}
+ 		
+-		function SetTarget($value=NULL){
++		function setTarget($value=NULL){
+ 			if(is_null($value)){
+ 				unset($this->options['target']);
+ 			}
+Index: frontends/php/include/classes/curl.inc.php
+===================================================================
+--- frontends/php/include/classes/curl.inc.php	(revision 0)
++++ frontends/php/include/classes/curl.inc.php	(revision 6644)
+@@ -0,0 +1,273 @@
++<?php
++/* 
++** ZABBIX
++** Copyright (C) 2000-2005 SIA Zabbix
++**
++** $this program is free software; you can redistribute it and/or modify
++** it under the terms of the GNU General Public License as published by
++** the Free Software Foundation; either version 2 of the License, or
++** (at your option) any later version.
++**
++** $this program is distributed in the hope that it will be useful,
++** but WITHOUT ANY WARRANTY; without even the implied warranty of
++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++** GNU General Public License for more details.
++**
++** You should have received a copy of the GNU General Public License
++** along with $this program; if not, write to the Free Software
++** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++**/
++?>
++<?php
++// Title: url manipulation class
++// Author: Aly
++
++class Curl{
++/*
++private $url = 			'';		//	actually, it's depricated/private variable 
++private $port =			false;
++private $host = 		'';
++private $protocol = 	'';
++private $username =		'';
++private $password =		'';
++private $filr =			'';
++private $reference =	'';
++private $path =			'';
++private $query =		'';
++private $arguments = 	array();
++//*/
++
++function curl($url=null){
++	global $USER_DETAILS;
++	
++	$this->url = 		'';		//	actually, it's depricated/private variable 
++	$this->port =		false;
++	$this->host = 		'';
++	$this->protocol = 	'';
++	$this->username =	'';
++	$this->password =	'';
++	$this->filr =		'';
++	$this->reference =	'';
++	$this->path =		'';
++	$this->query =		'';
++	$this->arguments = 	array();
++
++	if(empty($url)){
++		$this->formatArguments();
++		$this->url = $url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'].'?'.$this->getQuery();
++	}
++	else{
++		$this->url=urldecode($url);
++
++		$tmp_pos = strpos($this->url,'?');
++		$this->query=($tmp_pos!==false)?(substr($this->url,$tmp_pos+1)):'';
++
++		$tmp_pos = strpos($this->query,'#');
++		if($tmp_pos!==false) $this->query=zbx_substring($this->query,0,$tmp_pos);
++
++		$this->formatArguments($this->query);
++	}
++
++	$protocolSepIndex=strpos($this->url,'://');	
++	if($protocolSepIndex!==false){
++		$this->protocol= strtolower(zbx_substring($this->url,0,$protocolSepIndex));
++		
++		$this->host=substr($this->url, $protocolSepIndex+3);
++		
++		$tmp_pos = strpos($this->host,'/');
++		if($tmp_pos!==false) $this->host=zbx_substring($this->host,0,$tmp_pos);
++		
++		$atIndex=strpos($this->host,'@');
++		if($atIndex!==false){
++			$credentials=zbx_substring($this->host,0,$atIndex);
++			
++			$colonIndex=strpos(credentials,':');
++			if($colonIndex!==false){
++				$this->username=zbx_substring($credentials,0,$colonIndex);
++				$this->password=substr($credentials,$colonIndex);
++			}
++			else{
++				$this->username=$credentials;
++			}
++			$this->host=substr($this->host,$atIndex+1);
++		}
++		
++		$host_ipv6 = strpos($this->host,']');
++		if($host_ipv6!==false){
++			if($host_ipv6 < (zbx_strlen($this->host)-1)){
++				$host_ipv6++;
++				$host_less = substr($this->host,$host_ipv6);
++
++				$portColonIndex=strpos($host_less,':');
++				if($portColonIndex!==false){
++					$this->host=zbx_substring($this->host,0,$host_ipv6);
++					$this->port=substr($host_less,$portColonIndex+1);
++				}
++			}
++		}
++		else{
++			$portColonIndex=strpos($this->host,':');
++			if($portColonIndex!==false){
++				$this->host=zbx_substring($this->host,0,$portColonIndex);
++				$this->port=substr($this->host,$portColonIndex+1);
++			}
++		}
++		
++		$this->file = substr($this->url,$protocolSepIndex+3);
++		$this->file = substr($this->file, strpos($this->file,'/'));
++	}
++	else{
++		$this->file = $this->url;
++	}
++	
++	$tmp_pos = strpos($this->file,'?');
++	if($tmp_pos!==false) $this->file=zbx_substring($this->file, 0, $tmp_pos);
++
++	$refSepIndex=strpos($url,'#');
++	if($refSepIndex!==false){
++		$this->file = zbx_substring($this->file,0,$refSepIndex);
++		$this->reference = substr($url,strpos($url,'#')+1);
++	}
++	
++	$this->path=$this->file;
++	if(zbx_strlen($this->query)>0) 		$this->file.='?'.$this->query;
++	if(zbx_strlen($this->reference)>0)	$this->file.='#'.$this->reference;
++	
++	if(isset($_COOKIE['zbx_sessionid']))
++		$this->setArgument('sid', substr($_COOKIE['zbx_sessionid'],16,16));
++}
++
++function formatQuery(){
++	$query = '';
++	foreach($this->arguments as $key => $value){
++		$query.= $key.'='.$value.'&';
++	}
++	$this->query = rtrim($query,'&');
++}
++
++function formatArguments($query=null){
++	if(is_null($query)){
++		$this->arguments = $_REQUEST;
++	}
++	else{
++		$query=ltrim($query,'?');
++		$args = explode('&',$query);
++		foreach($args as $id => $arg){
++			if(empty($arg)) continue;
++
++			$tmp = explode('=',$arg);
++			$this->arguments[$tmp[0]] = isset($tmp[1])?$tmp[1]:'';
++		}
++	}
++	$this->formatQuery();
++}
++
++function getUrl(){
++	$url = (zbx_strlen($this->protocol) > 0)?($this->protocol.'://'):'';
++	$url .=  (zbx_strlen($this->username) > 0)?$this->username:'';
++	$url .=  (zbx_strlen($this->password) > 0)?':'.$this->password:'';
++	$url .=  (zbx_strlen($this->host) > 0)?$this->host:'';
++	$url .=  $this->port?(':'.$this->port):'';
++	$url .=  (zbx_strlen($this->path) > 0)?$this->path:'';
++	$url .=  (zbx_strlen($this->query) > 0)?('?'.$this->query):'';
++	$url .=  (zbx_strlen($this->reference) > 0)?('#'.urlencode($this->reference)):'';
++	
++//SDI($this->getProtocol().' : '.$this->getHost().' : '.$this->getPort().' : '.$this->getPath().' : '.$this->getQuery());
++return $url;
++}
++
++function setPort($port){
++	$this->port = $port;
++}
++
++function getPort(){ 
++	return $this->port;
++}
++
++function setArgument($key,$value=''){
++	$this->arguments[$key] = $value;
++	$this->formatQuery();
++}
++
++function getArgument($key){
++	if(isset($this->arguments[$key])) return $this->arguments[$key];
++	else return NULL;
++}
++
++function setQuery($query){ 
++	$this->query = $query;
++	$this->formatArguments();
++	$this->formatQuery();
++}
++
++function getQuery(){ 
++	return $this->query;
++}
++
++function setProtocol($protocol){
++	$this->protocol = $protocol;
++}
++
++/* Returns the protocol of $this URL, i.e. 'http' in the url 'http://server/' */
++function getProtocol(){
++	return $this->protocol;
++}
++
++function setHost($host){
++	$this->host = $host;
++}
++
++/* Returns the host name of $this URL, i.e. 'server.com' in the url 'http://server.com/' */
++function getHost(){
++	return $this->host;
++}
++
++function setUserName($username){
++	$this->username = $username;
++}
++
++/* Returns the user name part of $this URL, i.e. 'joe' in the url 'http://joe@server.com/' */
++function getUserName(){
++	return $this->username;
++}
++
++function setPassword($password){
++	$this->password = $password;
++}
++
++/* Returns the password part of $this url, i.e. 'secret' in the url 'http://joe:secret@server.com/' */
++function getPassword(){
++	return $this->password;
++}
++
++function setFile($file){
++	$this->file = $file;
++}
++
++/* Returns the file part of $this url, i.e. everything after the host name. */
++function getFile(){
++	return $this->file;
++}
++
++function setReference($reference){
++	$this->reference = $reference;
++}
++
++/* Returns the reference of $this url, i.e. 'bookmark' in the url 'http://server/file.html#bookmark' */
++function getReference(){
++	return $this->reference;
++}
++
++function setPath($path){
++	$this->path = $path;
++}
++
++/* Returns the file path of $this url, i.e. '/dir/file.html' in the url 'http://server/dir/file.html' */
++function getPath(){
++	return $this->path;
++}
++
++function toString(){
++	return $this->getUrl();
++}
++}
+\ No newline at end of file
+Index: frontends/php/include/classes/cform.inc.php
+===================================================================
+--- frontends/php/include/classes/cform.inc.php	(revision 6643)
++++ frontends/php/include/classes/cform.inc.php	(revision 6644)
+@@ -28,7 +28,7 @@
+ 			$this->setEnctype($enctype);
+ 			
+ 			if(isset($_COOKIE['zbx_sessionid']))
+-				$this->addVar('sessionid', $_COOKIE['zbx_sessionid']);
++				$this->addVar('sid', substr($_COOKIE['zbx_sessionid'],16,16));
+ 		}
+ 		
+ 		function setMethod($value='post'){
+Index: frontends/php/include/classes/ctag.inc.php
+===================================================================
+--- frontends/php/include/classes/ctag.inc.php	(revision 6643)
++++ frontends/php/include/classes/ctag.inc.php	(revision 6644)
+@@ -1,7 +1,7 @@
+ <?php
+ /* 
+ ** ZABBIX
+-** Copyright (C) 2000-2005 SIA Zabbix
++** Copyright (C) 2000-2009 SIA Zabbix
+ **
+ ** This program is free software; you can redistribute it and/or modify
+ ** it under the terms of the GNU General Public License as published by
+@@ -19,272 +19,258 @@
+ **/
+ ?>
+ <?php
+-	function destroy_objects()
+-	{
+-		global $GLOBALS;
+-
+-		if(isset($GLOBALS)) foreach($GLOBALS as $name => $value)
+-		{
+-			if(!is_object($GLOBALS[$name])) continue;
+-			unset($GLOBALS[$name]);
+-		}
++function destroy_objects(){
++	if(isset($GLOBALS)) foreach($GLOBALS as $name => $value){
++		if(!is_object($GLOBALS[$name])) continue;
++		unset($GLOBALS[$name]);
+ 	}
+-	
+-	function unpack_object(&$item)
+-	{
+-		$res = "";
++}
+ 
+-		if(is_object($item))
+-		{
+-			$res = $item->ToString(false);
+-		}
+-		elseif(is_array($item))
+-		{
+-			foreach($item as $id => $dat)	
+-				$res .= unpack_object($item[$id]); // Attention, recursion !!!
+-		}
+-		elseif(!is_null($item))
+-		{
+-			$res = strval($item);
+-			unset($item);
+-		}
+-		return $res;
++function unpack_object(&$item){
++	$res = '';
++
++	if(is_object($item)){
++		$res = $item->toString(false);
+ 	}
++	else if(is_array($item)){
++		foreach($item as $id => $dat)	
++			$res .= unpack_object($item[$id]); // Attention, recursion !!!
++	}
++	else if(!is_null($item)){
++		$res = strval($item);
++		unset($item);
++	}
++return $res;
++}
+ 
+-	function implode_objects($glue, &$pieces)
+-	{
+-		if( !is_array($pieces) )	return unpack_object($pieces);
++function implode_objects($glue, &$pieces){
++	if( !is_array($pieces) )	return unpack_object($pieces);
+ 
+-		foreach($pieces as $id => $piece)
+-			$pieces[$id] = unpack_object($piece);
++	foreach($pieces as $id => $piece)
++		$pieces[$id] = unpack_object($piece);
+ 
+-		return implode($glue, $pieces);
+-	}
++return implode($glue, $pieces);
++}
+ 
+-	class CObject
+-	{
+-		function CObject($items=null)
+-		{
+-			$this->items = array();
+-			if(isset($items))
+-			{
+-				$this->AddItem($items);
+-			}
++class CObject{
++	function CObject($items=null){
++		$this->items = array();
++		if(isset($items)){
++			$this->addItem($items);
+ 		}
+-		
+-		function ToString($destroy=true)
+-		{
+-			$res = implode('',$this->items);
+-			if($destroy) $this->Destroy();
+-			return $res;
+-		}
++	}
++	
++	function toString($destroy=true){
++		$res = implode('',$this->items);
++		if($destroy) $this->destroy();
++		return $res;
++	}
+ 
+-		function Show($destroy=true){
+-			echo $this->ToString($destroy);			
+-		}
++	function show($destroy=true){
++		echo $this->toString($destroy);			
++	}
+ 
+-		function Destroy()
+-		{
++	function destroy(){
+ // TODO Problem under PHP 5.0  "Fatal error: Cannot re-assign $this in ..."
+ //			$this = null;
+-			$this->CleanItems();
+-		}
++		$this->cleanItems();
++	}
+ 
+-		function CleanItems(){	
+-			$this->items = array();	
++	function cleanItems(){	
++		$this->items = array();	
++	}
++	
++	function itemsCount(){	
++		return count($this->items);	
++	}
++	
++	function addItem($value){
++	
++		if(is_object($value)){
++			array_push($this->items,unpack_object($value));
+ 		}
+-		
+-		function ItemsCount(){	
+-			return count($this->items);	
++		else if(is_string($value)){
++			array_push($this->items,str_replace(array('<','>','"'),array('&lt;','&gt;','&quot;'),$value));
++//				array_push($this->items,htmlspecialchars($value));
+ 		}
+-		
+-		function AddItem($value){
+-		
+-			if(is_object($value)){
+-				array_push($this->items,unpack_object($value));
++		else if(is_array($value)){
++			foreach($value as $item){
++				$this->addItem($item);			 // Attention, recursion !!!
+ 			}
+-			else if(is_string($value)){
+-				array_push($this->items,str_replace(array('<','>','"'),array('&lt;','&gt;','&quot;'),$value));
+-//				array_push($this->items,htmlspecialchars($value));
+-			}
+-			else if(is_array($value)){
+-				foreach($value as $item){
+-					$this->AddItem($item);			 // Attention, recursion !!!
+-				}
+-			}
+-			else if(!is_null($value)){
+-				array_push($this->items,unpack_object($value));
+-			}
+ 		}
++		else if(!is_null($value)){
++			array_push($this->items,unpack_object($value));
++		}
+ 	}
++}
+ 
+-	class CTag extends CObject{
++class CTag extends CObject{
+ /* private *//*
+-		var $tagname;
+-		var $options = array();
+-		var $paired;*/
++	var $tagname;
++	var $options = array();
++	var $paired;*/
+ /* protected *//*
+-		var $items = array();
++	var $items = array();
+ 
+-		var $tag_body_start;
+-		var $tag_body_end;
+-		var $tag_start;
+-		var $tag_end;*/
++	var $tag_body_start;
++	var $tag_body_end;
++	var $tag_start;
++	var $tag_end;*/
+ 
+ /* public */
+-		function CTag($tagname=NULL, $paired='no', $body=NULL, $class=null){
+-			parent::CObject();
++	function CTag($tagname=NULL, $paired='no', $body=NULL, $class=null){
++		parent::CObject();
+ 
+-			$this->options = array();
++		$this->options = array();
+ 
+-			if(!is_string($tagname)){
+-				return $this->error('Incorrect tagname for CTag ['.$tagname.']');
+-			}
+-			
+-			$this->tagname = $tagname;
+-			$this->paired = $paired;
+-
+-			$this->tag_start = $this->tag_end = $this->tag_body_start = $this->tag_body_end = '';
+-
+-			if(is_null($body)){
+-				$this->tag_end = $this->tag_body_start = "\n";
+-			}
+-			else{
+-				CTag::AddItem($body);
+-			}
+-
+-			$this->SetClass($class);
++		if(!is_string($tagname)){
++			return $this->error('Incorrect tagname for CTag ['.$tagname.']');
+ 		}
+ 		
+-		function ShowStart()	{	echo $this->StartToString();	}
+-		function ShowBody()	{	echo $this->BodyToString();	}
+-		function ShowEnd()	{	echo $this->EndToString();	}
++		$this->tagname = $tagname;
++		$this->paired = $paired;
+ 
+-		function StartToString(){
+-			$res = $this->tag_start.'<'.$this->tagname;
+-			foreach($this->options as $key => $value){
+-				$res .= ' '.$key.'="'.$value.'"';
+-			}
+-			$res .= ($this->paired=='yes')?'>':' />';
+-		return $res;
+-		}
++		$this->tag_start = $this->tag_end = $this->tag_body_start = $this->tag_body_end = '';
+ 
+-		function BodyToString(){
+-			$res = $this->tag_body_start;
+-		return $res.parent::ToString(false);
+-			
+-			/*foreach($this->items as $item)
+-				$res .= $item;
+-			return $res;*/
++		if(is_null($body)){
++			$this->tag_end = $this->tag_body_start = "\n";
+ 		}
+-		
+-		function EndToString(){
+-			$res = ($this->paired=='yes') ? $this->tag_body_end.'</'.$this->tagname.'>' : '';
+-			$res .= $this->tag_end;
+-		return $res;
++		else{
++			CTag::addItem($body);
+ 		}
+-		
+-		function ToString($destroy=true){
+-			$res  = $this->StartToString();
+-			$res .= $this->BodyToString();
+-			$res .= $this->EndToString();
+ 
+-			if($destroy) $this->Destroy();
++		$this->setClass($class);
++	}
++	
++	function showStart()	{	echo $this->startToString();	}
++	function showBody()	{	echo $this->bodyToString();	}
++	function showEnd()	{	echo $this->endToString();	}
+ 
+-		return $res;
++	function startToString(){
++		$res = $this->tag_start.'<'.$this->tagname;
++		foreach($this->options as $key => $value){
++			$res .= ' '.$key.'="'.$value.'"';
+ 		}
+-		
+-		function SetName($value){
+-			if(is_null($value)) return $value;
++		$res .= ($this->paired=='yes')?'>':' />';
++	return $res;
++	}
+ 
+-			if(!is_string($value)){
+-				return $this->error("Incorrect value for SetName [$value]");
+-			}
+-		return $this->AddOption("name",$value);
+-		}
++	function bodyToString(){
++		$res = $this->tag_body_start;
++	return $res.parent::ToString(false);
+ 		
+-		function GetName(){
+-			if(isset($this->options['name']))
+-				return $this->options['name'];
+-		return NULL;
+-		}
+-		
+-		function SetClass($value){
+-			if(isset($value))
+-				$this->options['class'] = $value;
+-			else
+-				unset($this->options['class']);
++		/*foreach($this->items as $item)
++			$res .= $item;
++		return $res;*/
++	}
++	
++	function endToString(){
++		$res = ($this->paired=='yes') ? $this->tag_body_end.'</'.$this->tagname.'>' : '';
++		$res .= $this->tag_end;
++	return $res;
++	}
++	
++	function toString($destroy=true){
++		$res  = $this->startToString();
++		$res .= $this->bodyToString();
++		$res .= $this->endToString();
+ 
+-		return $value;
++		if($destroy) $this->Destroy();
++
++	return $res;
++	}
++	
++	function setName($value){
++		if(is_null($value)) return $value;
++
++		if(!is_string($value)){
++			return $this->error("Incorrect value for setName [$value]");
+ 		}
+-		
+-		function DelOption($name){
+-			unset($this->options[$name]);
+-		}
+-		
+-		function GetOption($name){
+-			$ret = NULL;
+-			if(isset($this->options[$name]))
+-				$ret =& $this->options[$name];
+-		return $ret;
+-		}
++	return $this->addOption("name",$value);
++	}
++	
++	function getName(){
++		if(isset($this->options['name']))
++			return $this->options['name'];
++	return NULL;
++	}
++	
++	function setClass($value){
++		if(isset($value))
++			$this->options['class'] = $value;
++		else
++			unset($this->options['class']);
+ 
+-		function SetHint($text, $width='', $class=''){
+-			if(empty($text)) return false;
++	return $value;
++	}
++	
++	function DelOption($name){
++		unset($this->options[$name]);
++	}
++	
++	function getOption($name){
++		$ret = NULL;
++		if(isset($this->options[$name]))
++			$ret =& $this->options[$name];
++	return $ret;
++	}
+ 
+-			insert_showhint_javascript();
++	function setHint($text, $width='', $class=''){
++		if(empty($text)) return false;
+ 
+-			$text = unpack_object($text);
+-			if($width != '' || $class != ''){
+-				$code = "show_hint_ext(this,event,'".$text."','".$width."','".$class."');";
+-			}
+-			else{
+-				$code = "show_hint(this,event,'".$text."');";
+-			}
++		insert_showhint_javascript();
+ 
+-			$this->AddAction('onMouseOver',	$code);
+-			$this->AddAction('onMouseMove',	'update_hint(this,event);');
++		$text = unpack_object($text);
++		if($width != '' || $class != ''){
++			$code = "show_hint_ext(this,event,'".$text."','".$width."','".$class."');";
+ 		}
+-
+-		function OnClick($handle_code){
+-			$this->AddAction('onclick', $handle_code);
++		else{
++			$code = "show_hint(this,event,'".$text."');";
+ 		}
+ 
+-		function AddAction($name, $value){
+-			if(is_object($value)){
+-				$this->options[$name] = unpack_object($value);
+-			}
+-			else if(!empty($value)){
+-				$this->options[$name] = htmlentities(str_replace(array("\r", "\n"), '', strval($value)),ENT_COMPAT,S_HTML_CHARSET);
+-			}
++		$this->addAction('onMouseOver',	$code);
++		$this->addAction('onMouseMove',	'update_hint(this,event);');
++	}
++
++	function onClick($handle_code){
++		$this->addAction('onclick', $handle_code);
++	}
++
++	function addAction($name, $value){
++		if(is_object($value)){
++			$this->options[$name] = unpack_object($value);
+ 		}
++		else if(!empty($value)){
++			$this->options[$name] = htmlentities(str_replace(array("\r", "\n"), '', strval($value)),ENT_COMPAT,S_HTML_CHARSET);
++		}
++	}
+ 
+-		function AddOption($name, $value){
+-			if(is_object($value)){
+-				$this->options[$name] = unpack_object($value);
+-			}
+-			else if(isset($value))
+-				$this->options[$name] = htmlspecialchars(strval($value)); 
+-			else
+-				unset($this->options[$name]);
++	function addOption($name, $value){
++		if(is_object($value)){
++			$this->options[$name] = unpack_object($value);
+ 		}
++		else if(isset($value))
++			$this->options[$name] = htmlspecialchars(strval($value)); 
++		else
++			unset($this->options[$name]);
++	}
+ 
+-		function SetEnabled($value='yes'){
+-			if((is_string($value) && ($value == 'yes' || $value == 'enabled' || $value=='on') || $value=='1')
+-				|| (is_int($value) && $value<>0))
+-			{
+-				unset($this->options['disabled']);
+-			}
+-			else if((is_string($value) && ($value == 'no' || $value == 'disabled' || $value=='off') || $value=='0')
+-				|| (is_int($value) && $value==0))
+-			{
+-				$this->options['disabled'] = 'disabled';
+-			}
++	function setEnabled($value='yes'){
++		if((is_string($value) && ($value == 'yes' || $value == 'enabled' || $value=='on') || $value=='1')
++			|| (is_int($value) && $value<>0))
++		{
++			unset($this->options['disabled']);
+ 		}
+-		
+-		function error($value){
+-			error('class('.get_class($this).') - '.$value);
+-			return 1;
++		else if((is_string($value) && ($value == 'no' || $value == 'disabled' || $value=='off') || $value=='0')
++			|| (is_int($value) && $value==0))
++		{
++			$this->options['disabled'] = 'disabled';
+ 		}
+ 	}
+-?>
++	
++	function error($value){
++		error('class('.get_class($this).') - '.$value);
++		return 1;
++	}
++}
++?>
+\ No newline at end of file
+Index: frontends/php/include/classes/cmap.inc.php
+===================================================================
+--- frontends/php/include/classes/cmap.inc.php	(revision 6643)
++++ frontends/php/include/classes/cmap.inc.php	(revision 6644)
+@@ -19,78 +19,75 @@
+ **/
+ ?>
+ <?php
+-	class CMap extends CTag
+-	{
++class CMap extends CTag{
+ /* public */
+-		function CMap($name="")
+-		{
+-			parent::CTag("map","yes");
+-			$this->SetName($name);
+-		}
+-		function AddRectArea($x1,$y1,$x2,$y2,$href,$alt)
+-		{ 
+-			return $this->AddArea(array($x1,$y1,$x2,$y2),$href,$alt,'rect'); 
+-		}
+-		function AddArea($coords,$href,$alt,$shape)
+-		{
+-			return $this->AddItem(new CArea($coords,$href,$alt,$shape));
+-		}
+-		function AddItem($value)
+-		{
+-			if(strtolower(get_class($value)) != 'carea')
+-				return $this->error("Incorrect value for AddItem [$value]");
++	function CMap($name=''){
++		parent::CTag('map','yes');
++		$this->setName($name);
++	}
++	
++	function addRectArea($x1,$y1,$x2,$y2,$href,$alt){ 
++		return $this->addArea(array($x1,$y1,$x2,$y2),$href,$alt,'rect'); 
++	}
++	
++	function addArea($coords,$href,$alt,$shape){
++		return $this->addItem(new CArea($coords,$href,$alt,$shape));
++	}
++	
++	function addItem($value){
++		if(strtolower(get_class($value)) != 'carea')
++			return $this->error('Incorrect value for addItem ['.$value.']');
+ 
+-			return parent::AddItem($value);
+-		}
++		return parent::addItem($value);
+ 	}
++}
+ 
+-	class CArea extends CTag
+-	{
+-		function CArea($coords,$href,$alt,$shape)
+-		{
+-			parent::CTag("area","no");
+-			$this->SetCoords($coords);
+-			$this->SetShape($shape);
+-			$this->SetHref($href);
+-			$this->SetAlt($alt);
+-		}
+-		function SetCoords($value)
+-		{
+-			if(!is_array($value))
+-				return $this->error("Incorrect value for SetCoords [$value]");
+-			if(count($value)<3)
+-				return $this->error("Incorrect values count for SetCoords [".count($value)."]");
++class CArea extends CTag{
++	function CArea($coords,$href,$alt,$shape){
++		parent::CTag('area','no');
++		$this->setCoords($coords);
++		$this->setShape($shape);
++		$this->setHref($href);
++		$this->setAlt($alt);
++	}
++	
++	function setCoords($value){
++		if(!is_array($value))
++			return $this->error('Incorrect value for setCoords ['.$value.']');
++		if(count($value)<3)
++			return $this->error('Incorrect values count for setCoords ['.count($value).']');
+ 
+-			$str_val = "";
+-			foreach($value as $val)
+-			{
+-				if(!is_numeric($val))
+-					return $this->error("Incorrect value for SetCoords [$val]");
++		$str_val = '';
++		foreach($value as $val){
++			if(!is_numeric($val))
++				return $this->error('Incorrect value for setCoords ['.$val.']');
+ 
+-				$str_val .= $val.",";
+-			}
+-			$this->AddOption("coords",trim($str_val,','));
++			$str_val .= $val.',';
+ 		}
+-		function SetShape($value)
+-		{
+-			if(!is_string($value))
+-				return $this->error("Incorrect value for SetShape [$value]");
++		$this->addOption('coords',trim($str_val,','));
++	}
+ 
+-			$this->AddOption("shape",$value);
+-		}
+-		function SetHref($value)
+-		{
+-			if(!is_string($value))
+-				return $this->error("Incorrect value for SetHref [$value]");
++	function setShape($value){
++		if(!is_string($value))
++			return $this->error('Incorrect value for setShape ['.$value.']');
+ 
+-			$this->AddOption("href",$value);
+-		}
+-		function SetAlt($value)
+-		{
+-			if(!is_string($value))
+-				return $this->error("Incorrect value for SetAlt [$value]");
++		$this->addOption('shape',$value);
++	}
+ 
+-			$this->AddOption("alt",$value);
+-		}
++	function setHref($value){
++		if(!is_string($value))
++			return $this->error('Incorrect value for setHref ['.$value.']');
++		$url = new Curl($value);
++		$value = $url->getUrl();
++		
++		$this->addOption('href',$value);
+ 	}
+-?>
++	
++	function setAlt($value){
++		if(!is_string($value))
++			return $this->error('Incorrect value for setAlt ['.$value.']');
++
++		$this->addOption('alt',$value);
++	}
++}
++?>
+\ No newline at end of file
+Index: frontends/php/include/html.inc.php
+===================================================================
+--- frontends/php/include/html.inc.php	(revision 6643)
++++ frontends/php/include/html.inc.php	(revision 6644)
+@@ -58,7 +58,7 @@
+ 	}
+ 
+ 	function prepare_url(&$var, $varname=null){
+-		$result = "";
++		$result = '';
+ 
+ 		if(is_array($var)){
+ 			foreach($var as $id => $par)
+Index: frontends/php/items.php
+===================================================================
+--- frontends/php/items.php	(revision 6643)
++++ frontends/php/items.php	(revision 6644)
+@@ -944,16 +944,17 @@
+ //				url_param('groupid'),
+ 				'action'));
+ 
+-			$status=new CCol(new CLink(item_status2str($db_item["status"]),
+-					"?group_itemid%5B%5D=".$db_item["itemid"].
+-					"&group_task=".($db_item["status"] ? "Activate+selected" : "Disable+selected"),
+-					item_status2style($db_item["status"])));
++			$status=new CCol(new CLink(item_status2str($db_item['status']),
++//					'?sessionid='.$USER_DETAILS['sessionid'].
++					'?group_itemid%5B%5D='.$db_item['itemid'].
++					'&group_task='.($db_item['status']?'Activate+selected':'Disable+selected'),
++					item_status2style($db_item['status'])));
+ 	
+-			if($db_item["error"] == ''){
+-				$error=new CCol('-',"off");
++			if($db_item['error'] == ''){
++				$error=new CCol('-','off');
+ 			}
+ 			else{
+-				$error=new CCol($db_item["error"],"on");
++				$error=new CCol($db_item['error'],'on');
+ 			}
+ 			
+ 			$applications = $show_applications ? implode(', ', get_applications_by_itemid($db_item["itemid"], 'name')) : null;
-- 
cgit v1.2.3