From 02c9326143080037d905d041ff98e6241fa73dd0 Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Sat, 11 Jan 2020 10:21:17 -0700
Subject: [PATCH] Devices - Import/Export: List mods, token fix, etc.

---
 app/devices/device_download.php | 31 +++++++-------
 app/devices/device_imports.php  | 76 ++++++++++++++++-----------------
 2 files changed, 52 insertions(+), 55 deletions(-)
diff --git a/app/devices/device_download.php b/app/devices/device_download.php
index f6662fcbbb..6b83eb4233 100644
--- a/app/devices/device_download.php
+++ b/app/devices/device_download.php
@@ -77,12 +77,12 @@
 
 
 //define possible columns in the array
-	$allowed_columns[] = 'device_uuid';
-	$allowed_columns[] = 'domain_uuid';
-	$allowed_columns[] = 'device_mac_address';
-	$allowed_columns[] = 'device_label';
-	$allowed_columns[] = 'device_template';
-	$allowed_columns[] = 'device_description';
+	$available_columns[] = 'device_uuid';
+	$available_columns[] = 'domain_uuid';
+	$available_columns[] = 'device_mac_address';
+	$available_columns[] = 'device_label';
+	$available_columns[] = 'device_template';
+	$available_columns[] = 'device_description';
 
 //get the devices and send them as output
 	$column_group = $_REQUEST["column_group"];
@@ -98,7 +98,7 @@
 
 		//validate columns
 			foreach ($column_group as $index => $column_name) {
-				if (!in_array($column_name, $allowed_columns)) {
+				if (!in_array($column_name, $available_columns)) {
 					unset($column_group[$index]);
 				}
 			}
@@ -115,7 +115,7 @@
 				//print_r($extensions);
 
 				if (is_array($devices) && @sizeof($devices) != 0) {
-					download_send_headers("data_export_".date("Y-m-d").".csv");
+					download_send_headers("device_export_".date("Y-m-d").".csv");
 					echo array2csv($devices);
 					exit;
 				}
@@ -134,7 +134,7 @@
 //show the content
 	echo "<form method='post' name='frm'>\n";
 
-	echo "<div class='action_bar sub'>\n";
+	echo "<div class='action_bar' id='action_bar'>\n";
 	echo "	<div class='heading'><b>".$text['header-device_export']."</b></div>\n";
 	echo "	<div class='actions'>\n";
 	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'link'=>'devices.php']);
@@ -146,21 +146,20 @@
 	echo "<table class='list'>\n";
 	echo "<tr class='list-header'>\n";
 	echo "	<th class='checkbox'>\n";
-	echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle();' ".($allowed_columns ?: "style='visibility: hidden;'").">\n";
+	echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle();' ".($available_columns ?: "style='visibility: hidden;'").">\n";
 	echo "	</th>\n";
 	echo "	<th>".$text['label-column_name']."</th>\n";
-	echo "	<th>".$text['label-description']."</th>\n";
 	echo "</tr>\n";
 
-	if (is_array($allowed_columns) && @sizeof($allowed_columns) != 0) {
+	if (is_array($available_columns) && @sizeof($available_columns) != 0) {
 		$x = 0;
-		foreach ($allowed_columns as $column_name) {
+		foreach ($available_columns as $column_name) {
+			$list_row_onclick = "if (!this.checked) { document.getElementById('checkbox_all').checked = false; }";
 			echo "<tr class='list-row' href='".$list_row_url."'>\n";
 			echo "	<td class='checkbox'>\n";
-			echo "		<input type='checkbox' name='column_group[]' id='checkbox_".$x."' value=\"".$column_name."\" onclick=\"if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";
+			echo "		<input type='checkbox' name='column_group[]' id='checkbox_".$x."' value=\"".$column_name."\" onclick=\"".$list_row_onclick."\">\n";
 			echo "	</td>\n";
-			echo "	<td>".$column_name."</td>";
-			echo "	<td class='description overflow hide-sm-dn'>&nbsp;</td>";
+			echo "	<td onclick=\"document.getElementById('checkbox_".$x."').checked = document.getElementById('checkbox_".$x."').checked ? false : true; ".$list_row_onclick."\">".$column_name."</td>";
 			echo "</tr>";
 			$x++;
 		}
diff --git a/app/devices/device_imports.php b/app/devices/device_imports.php
index 72e93b8f23..ca9b79beeb 100644
--- a/app/devices/device_imports.php
+++ b/app/devices/device_imports.php
@@ -93,7 +93,7 @@
 
 		//get the schema
 			$x = 0;
-			include ("app/devices/app_config.php");
+			include "app/devices/app_config.php";
 			$i = 0;
 			foreach ($apps[0]['db'] as $table) {
 				//get the table name and parent name
@@ -113,7 +113,7 @@
 					$table_name == "device_keys" || $table_name == "device_settings") {
 					$schema[$i]['table'] = $table_name;
 					$schema[$i]['parent'] = $parent_name;
-					foreach($table['fields'] as $row) {
+					foreach ($table['fields'] as $row) {
 						if ($row['deprecated'] !== 'true') {
 							if (is_array($row['name'])) {
 								$field_name = $row['name']['text'];
@@ -137,6 +137,18 @@
 //match the column names to the field names
 	if (strlen($delimiter) > 0 && file_exists($_SESSION['file']) && $action != 'import') {
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: device_imports.php');
+				exit;
+			}
+
+		//create token
+			$object = new token;
+			$token = $object->create($_SERVER['PHP_SELF']);
+
 		//include header
 			$document['title'] = $text['title-device_import'];
 			require_once "resources/header.php";
@@ -163,13 +175,13 @@
 			foreach ($line_fields as $line_field) {
 				$line_field = trim(trim($line_field), $enclosure);
 				echo "<tr>\n";
-				echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+				echo "	<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				//echo "    ".$text['label-zzz']."\n";
 				echo $line_field;
-				echo "</td>\n";
-				echo "<td width='70%' class='vtable' align='left'>\n";
-				echo "    			<select class='formfld' style='' name='fields[$x]'>\n";
-				echo "    			<option value=''></option>\n";
+				echo "	</td>\n";
+				echo "	<td width='70%' class='vtable' align='left'>\n";
+				echo "    	<select class='formfld' style='' name='fields[$x]'>\n";
+				echo "    		<option value=''></option>\n";
 				foreach($schema as $row) {
 					echo "			<optgroup label='".$row['table']."'>\n";
 					foreach($row['fields'] as $field) {
@@ -183,26 +195,21 @@
 					}
 					echo "			</optgroup>\n";
 				}
-				echo "    			</select>\n";
+				echo "    	</select>\n";
 				//echo "<br />\n";
 				//echo $text['description-zzz']."\n";
-				echo "			</td>\n";
-				echo "		</tr>\n";
+				echo "	</td>\n";
+				echo "</tr>\n";
 				$x++;
 			}
 
-			echo "		<tr>\n";
-			echo "			<td colspan='2' valign='top' align='right' nowrap='nowrap'>\n";
-			echo "				<input name='action' type='hidden' value='import'>\n";
-			echo "				<input name='from_row' type='hidden' value='$from_row'>\n";
-			echo "				<input name='data_delimiter' type='hidden' value='$delimiter'>\n";
-			echo "				<input name='data_enclosure' type='hidden' value='$enclosure'>\n";
-			echo "			</td>\n";
-			echo "		</tr>\n";
+			echo "</table>\n";
 
-			echo "	</table>\n";
-
-			echo "	<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+			echo "<input name='action' type='hidden' value='import'>\n";
+			echo "<input name='from_row' type='hidden' value='$from_row'>\n";
+			echo "<input name='data_delimiter' type='hidden' value='$delimiter'>\n";
+			echo "<input name='data_enclosure' type='hidden' value='$enclosure'>\n";
+			echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 
 			echo "</form>\n";
 
@@ -237,14 +244,10 @@
 			$token = new token;
 			if (!$token->validate($_SERVER['PHP_SELF'])) {
 				message::add($text['message-invalid_token'],'negative');
-				header('Location: users.php');
+				header('Location: device_imports.php');
 				exit;
 			}
 
-		//form to match the fields to the column names
-			//$document['title'] = $text['title-device_import'];
-			//require_once "resources/header.php";
-
 		//user selected fields
 			$fields = $_POST['fields'];
 			
@@ -441,25 +444,20 @@
 
 	echo "<tr>\n";
 	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
-	echo "			".$text['label-import_file_upload']."\n";
+	echo "	".$text['label-import_file_upload']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-	echo "			<input name='ulfile' type='file' class='formfld fileinput' id='ulfile'>\n";
-	echo "<br />\n";
+	echo "	<input name='ulfile' type='file' class='formfld fileinput' id='ulfile'>\n";
+	echo "	<br />\n";
 	echo "</td>\n";
 	echo "</tr>\n";
 
-	echo "	<tr>\n";
-	echo "		<td valign='bottom'>\n";
-	echo "			&nbsp;\n";
-	echo "		</td>\n";
-	echo "		<td valign='bottom' align='right' nowrap>\n";
-	echo "			<input name='type' type='hidden' value='csv'>\n";
-	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
-	echo "		</td>\n";
-	echo "	</tr>\n";
-	echo "	</table>\n";
+	echo "</table>\n";
 	echo "<br><br>";
+
+	echo "<input name='type' type='hidden' value='csv'>\n";
+	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+
 	echo "</form>";
 
 //include the footer

\n"; - echo " \n"; + echo " \n"; echo "	".$text['label-column_name']."	".$text['label-description']."
\n"; - echo " \n"; + echo " \n"; echo "	".$column_name."		".$column_name."
\n"; + echo "	\n"; //echo " ".$text['label-zzz']."\n"; echo $line_field; - echo "	\n"; - echo "	\n"; + echo " \n"; + echo " \n"; //echo " \n"; //echo $text['description-zzz']."\n"; - echo "
\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo "