This file is indexed.

/usr/share/zabbix/include/classes/class.cbuttonqmessage.php is in zabbix-frontend-php 1:1.8.11-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
/*
** ZABBIX
** Copyright (C) 2000-2009 SIA Zabbix
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
**/
?>
<?php
class CButtonQMessage extends CButton{
 public $vars;
 public $msg;
 public $name;

	public function __construct($name, $caption, $msg=NULL, $vars=NULL){
		$this->vars = null;
		$this->msg = null;
		$this->name = $name;

		parent::__construct($name,$caption);

		$this->setMessage($msg);
		$this->setVars($vars);
		$this->setAction(NULL);
	}

	public function setVars($value=NULL){
		if(!is_string($value) && !is_null($value)){
			return $this->error('Incorrect value for setVars ['.$value.']');
		}
		$this->vars = $value;
		$this->setAction(NULL);
	}

	public function setMessage($value=NULL){
		if(is_null($value))
			$value = S_ARE_YOU_SURE_YOU_WANT_TO_PERFORM_THIS_ACTION;

		if(!is_string($value)){
			return $this->error(sprintf(S_INCORRECT_VALUE_FOR_SETMESSAGE, $value));
		}
		// if message will contain single quotes, it will break everything, so it must be escaped
		$this->msg = zbx_jsvalue(
			$value,
			false, // not as object
			false  // do not add quotes to the string
		);
		$this->setAction(NULL);
	}

	public function setAction($value=null){
		if(!is_null($value))
			return parent::setAction($value);

		global $page;

		$confirmation = "Confirm('".$this->msg."')";

		if(isset($this->vars)){
			$link = $page['file'].'?'.$this->name.'=1'.$this->vars;
			$url = new Curl($link);

			$action = "redirect('".$url->getUrl()."')";
		}
		else{
			$action = 'true';
		}

		return parent::setAction('if('.$confirmation.') return '.$action.'; else return false;');
	}
}
?>