Removing all instances of php_self to stop the spam

I'm tired of getting the reports about supposedly xss vulnerabilities without any proofs of concept.  Since the bulk of our forms don't require an action to be specified I just removed them.  The remaining php_self instances were replaced with script_name.  Hopefully now the useless vulnerability scanners will stop

bulk_importer.php

@@ -36,7 +36,7 @@
 
     $_SESSION['inputfile'] = $targetFile;
 
-    echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['PHP_SELF'] . "?stage=headers'>";
+    echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['SCRIPT_NAME'] . "?stage=headers'>";
     exit;
   } elseif ( isset( $_REQUEST['stage'] ) && $_REQUEST['stage'] == 'headers' ) {
     //
@@ -61,7 +61,7 @@
     $content = "<h3>" . __("Pick the appropriate column header (line 1) for each field name listed below." ) . "</h3>";
     $content .= "<h3>" . __("Mouse over each field for help text.") . "</h3>";
 
-    $content .= '<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
+    $content .= '<form method="POST">
                     <input type="hidden" name="stage" value="validate">
                     <div class="table">';
 
@@ -305,7 +305,7 @@
         if ( ! $valid ) {
           $content .= $tmpCon . "</ul>";
         } else {
-          $content = '<form action="' . $_SERVER['PHP_SELF']. '" method="POST">';
+          $content = '<form method="POST">';
           $content .= "<h3>" . __( "The file has passed validation.  Press the Process button to import." ) . "</h3>";
           $content .= "<input type=\"hidden\" name=\"stage\" value=\"process\">\n";
           foreach( array( "DataCenterID", "Cabinet", "Position", "Label", "Height", "Manufacturer", "Model", "Hostname", "SerialNo", "AssetTag", "ESX", "BackSide", "HalfDepth", "Reservation", "InstallDate", "Owner", "PrimaryContact", "CustomTags" ) as $mapVar ) {
@@ -467,7 +467,7 @@
     //  No parameters were passed with the URL, so this is the top level, where
     //  we need to ask for the user to specify a file to upload.
     //
-    $content = '<form action="' . $_SERVER['PHP_SELF']. '" method="POST" ENCTYPE="multipart/form-data">';
+    $content = '<form method="POST" ENCTYPE="multipart/form-data">';
     $content .= '<div class="table">
                   <div>
                     <div>' . __("Select file to upload:") . '

bulk_moves.php

@@ -36,7 +36,7 @@
 
     $_SESSION['inputfile'] = $targetFile;
 
-    echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['PHP_SELF'] . "?stage=headers'>";
+    echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['SCRIPT_NAME'] . "?stage=headers'>";
     exit;
   } elseif ( isset( $_REQUEST['stage'] ) && $_REQUEST['stage'] == 'headers' ) {
     //
@@ -61,7 +61,7 @@
     $content = "<h3>" . __("Pick the appropriate column header (line 1) for each field name listed below." ) . "</h3>";
     $content .= "<h3>" . __("Mouse over each field for help text.") . "</h3>";
 
-    $content .= '<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
+    $content .= '<form method="POST">
                     <input type="hidden" name="stage" value="validate">
                     <div class="table">';
 
@@ -248,7 +248,7 @@
     if ( $rowError ) {
       $content .= $tmpCon . "</ul>";
     } else {
-      $content = '<form action="' . $_SERVER['PHP_SELF']. '" method="POST">';
+      $content = '<form method="POST">';
       $content .= "<h3>" . __( "The file has passed validation.  Press the Process button to import." ) . "</h3>";
       $content .= "<input type=\"hidden\" name=\"stage\" value=\"process\">\n";
       foreach( array( "DeviceID", "DataCenterID", "Cabinet", "Position", "ProcessDate", "KeyField" ) as $mapVar ) {
@@ -382,7 +382,7 @@
     //  No parameters were passed with the URL, so this is the top level, where
     //  we need to ask for the user to specify a file to upload.
     //
-    $content = '<form action="' . $_SERVER['PHP_SELF']. '" method="POST" ENCTYPE="multipart/form-data">';
+    $content = '<form method="POST" ENCTYPE="multipart/form-data">';
     $content .= '<div class="table">
                   <div>
                     <div>' . __("Select file to upload:") . '

bulk_network.php

@@ -36,7 +36,7 @@
 
     $_SESSION['inputfile'] = $targetFile;
 
-    echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['PHP_SELF'] . "?stage=headers'>";
+    echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['SCRIPT_NAME'] . "?stage=headers'>";
     exit;
   } elseif ( isset( $_REQUEST['stage'] ) && $_REQUEST['stage'] == 'headers' ) {
     //
@@ -61,7 +61,7 @@
     $content = "<h3>" . __("Pick the appropriate column header (line 1) for each field name listed below." ) . "</h3>";
     $content .= "<h3>" . __("Mouse over each field for help text.") . "</h3>";
 
-    $content .= '<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
+    $content .= '<form method="POST">
                     <input type="hidden" name="stage" value="process">
                     <div class="table">';
 
@@ -287,7 +287,7 @@
     //  No parameters were passed with the URL, so this is the top level, where
     //  we need to ask for the user to specify a file to upload.
     //
-    $content = '<form action="' . $_SERVER['PHP_SELF']. '" method="POST" ENCTYPE="multipart/form-data">';
+    $content = '<form method="POST" ENCTYPE="multipart/form-data">';
     $content .= '<div class="table">
                   <div>
                     <div>' . __("Select file to upload:") . '

bulk_power.php

@@ -36,7 +36,7 @@
 
   $_SESSION['inputfile'] = $targetFile;
 
-  echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['PHP_SELF'] . "?stage=headers'>";
+  echo "<meta http-equiv='refresh' content='0; url=" . $_SERVER['SCRIPT_NAME'] . "?stage=headers'>";
   exit;
 } elseif ( isset( $_REQUEST['stage'] ) && $_REQUEST['stage'] == 'headers' ) {
   //
@@ -61,7 +61,7 @@
   $content = "<h3>" . __("Pick the appropriate column header (line 1) for each field name listed below." ) . "</h3>";
   $content .= "<h3>" . __("Mouse over each field for help text.") . "</h3>";
 
-  $content .= '<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
+  $content .= '<form method="POST">
                     <input type="hidden" name="stage" value="process">
                     <div class="table">';
 
@@ -263,7 +263,7 @@
   //  No parameters were passed with the URL, so this is the top level, where
   //  we need to ask for the user to specify a file to upload.
   //
-  $content = '<form action="' . $_SERVER['PHP_SELF']. '" method="POST" ENCTYPE="multipart/form-data">';
+  $content = '<form method="POST" ENCTYPE="multipart/form-data">';
   $content .= '<div class="table">
                   <div>
                     <div>' . __("Select file to upload:") . '

cabrow.php

@@ -131,7 +131,7 @@ function opentree(){
 echo '<div class="main">
 <h3>',$status,'</h3>
 <div class="center"><div>
-<form action="',$_SERVER["PHP_SELF"].$formpatch,'" method="POST">
+<form action="',$_SERVER["SCRIPT_NAME"].$formpatch,'" method="POST">
 <div class="table">
 <div>
    <div><label for="cabrowid">',__("Row"),'</label></div>

cdu_templates.php

@@ -76,7 +76,7 @@
 echo '<div class="main">
 <h3>',$status,'</h3>
 <div class="center"><div>
-<form action="',$_SERVER["PHP_SELF"],'" method="POST">
+<form method="POST">
 <div class="table">
 	<div>
 		<div><label for="templateid">',__("Template"),'</label></div>

configuration.php

@@ -1301,7 +1301,7 @@ function uploadifive() {
 echo '<div class="main">
 <div class="center"><div>
 <h3></h3><h3 id="messages"></h3>
-<form enctype="multipart/form-data" action="',$_SERVER["PHP_SELF"],'" method="POST">
+<form enctype="multipart/form-data" method="POST">
    <input type="hidden" name="Version" value="',$config->ParameterArray["Version"],'">
 
 	<div id="configtabs">

datacenter.php

@@ -233,7 +233,7 @@ function cambio_container(){
 echo '<div class="main">
 <h3>',$status,'</h3>
 <div class="center"><div>
-<form id="datacenterform" action="',$_SERVER["PHP_SELF"],'" method="POST">
+<form id="datacenterform" method="POST">
 <div class="table">
 <div>
    <div><label for="datacenterid">',__("Data Center ID"),'</label></div>

dept_groups.php

@@ -61,7 +61,7 @@ function array_obj_diff($array1,$array2){
 <body id="deptgroup">
 <div class="centermargin">
 <?php
-echo '<form action="',$_SERVER["PHP_SELF"],'" method="POST">
+echo '<form method="POST">
 <input type="hidden" name="deptid" value="',$dept->DeptID,'">
 <h3>',__("Group to Administer"),': ',$dept->Name,'<button type="submit" value="Submit" name="action">',__("Submit"),'</button></h3>
 <div>

escalations.php

@@ -62,7 +62,7 @@
 echo '<div class="main">
 <h3>',$status,'</h3>
 <div class="center"><div>
-<form action="',$_SERVER["PHP_SELF"],'" method="POST">
+<form method="POST">
 <div class="table">
 <div>
    <div><label for="escalationid">',__("Escalation Rule"),'</label></div>

install.php

@@ -1350,7 +1350,7 @@ function BuildFileList(){
 <h3>Data Center Department Detail</h3>
 <?php echo $nodept; ?>
 <div class="center"><div>
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>?dept&preflight-ok" method="POST">
+<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>?dept&preflight-ok" method="POST">
 <div class="table centermargin">
 <div>
    <div>Department</div>
@@ -1428,7 +1428,7 @@ function BuildFileList(){
 <h3>Data Center Detail</h3>
 <?php echo $nodc; ?>
 <div class="center"><div>
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>?dc&preflight-ok" method="POST">
+<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>?dc&preflight-ok" method="POST">
 <div class="table">
 <div>
    <div><label for="datacenterid">Data Center ID</label></div>
@@ -1519,7 +1519,7 @@ function BuildFileList(){
 <h3>Data Center Cabinet Inventory</h3>
 <?php echo $nodccab; ?>
 <div class='center'><div>
-<form action='<?php echo $_SERVER['PHP_SELF']; ?>?cab&preflight-ok' method='POST'>
+<form action='<?php echo $_SERVER['SCRIPT_NAME']; ?>?cab&preflight-ok' method='POST'>
 <?php echo '
 <div class="table">
 <div>
@@ -1619,7 +1619,7 @@ function BuildFileList(){
 <h3>Installation Complete</h3>
 <?php echo $nodccab; ?>
 <div class='center'><div>
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>?ldap&preflight-ok" method="POST">
+<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>?ldap&preflight-ok" method="POST">
 <?php
 echo '<div id="ldap">
 	<h3>',__("LDAP Authentication and Authorization Configuration"),'</h3>

mapmaker.php

@@ -88,7 +88,7 @@ function uselessie(){
 
 	<div class="table">
         <div class="title"><?php echo __("Coordinates"); ?></div> 
-	<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="POST">
+	<form method="POST">
     <div class="table"> 
 	<input type="hidden" name="cabinetid" value="<?php printf( "%d", $cab->CabinetID ); ?>">
         <div> 

misc.inc.php

@@ -786,7 +786,7 @@ function buildnavmenu($ma,&$tl){
 if(isset($devMode)&&$devMode){
 	// Development mode, so don't apply the upgrades
 }else{
-	if(file_exists("install.php") && basename($_SERVER['PHP_SELF'])!="install.php" ){
+	if(file_exists("install.php") && basename($_SERVER['SCRIPT_NAME'])!="install.php" ){
 		// new installs need to run the install first.
 		header("Location: ".redirect('install.php'));
 		exit;
@@ -813,7 +813,7 @@ function buildnavmenu($ma,&$tl){
 }
 
 if( AUTHENTICATION=="LDAP" && !isset($_SESSION['userid']) && php_sapi_name()!="cli" && !isset($loginPage)) {
-	$savedurl = $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'];
+	$savedurl = $_SERVER['SCRIPT_NAME'] . "?" . $_SERVER['QUERY_STRING'];
 	setcookie( 'targeturl', $savedurl, time()+60 );
 	header("Location: ".redirect('login_ldap.php'));
 	exit;

pathmaker.php

@@ -380,7 +380,7 @@ function displayjson($array){
 			$path.="\t<tr>\n\t\t<td colspan=6>&nbsp;</td>\n\t</tr></table>";
 
 			//Implement Form
-			$path.= "<form action=\"{$_SERVER["PHP_SELF"]}\" method=\"POST\">\n";
+			$path.= "<form method=\"POST\">\n";
 			$path.= "<br>\n"; 
 			$path.= "<div>\n";
 			//PATH INFO
@@ -485,7 +485,7 @@ function displayjson($array){
 echo '<div class="main">
 <h3>',$status,'</h3>
 <div class="center"><div><div>
-<form action="',$_SERVER["PHP_SELF"],'" method="POST">
+<form method="POST">
 <table id=crit_busc>
 <tr><td>
 <fieldset class=crit_busc>

paths.php

@@ -581,7 +581,7 @@ function builddclist($id=null){
 <tr><td>
 <fieldset class="crit_busc">
 		<legend>'.__("Search by path identifier").'</legend>
-<form action="',$_SERVER["PHP_SELF"],'" method="POST">
+<form method="POST">
 <div class="table">
 <br>
 <div>

people_depts.php

@@ -61,7 +61,7 @@ function array_obj_diff($array1,$array2){
 <body id="deptgroup">
 <div class="centermargin">
 <?php
-echo '<form action="',$_SERVER["PHP_SELF"],'" method="POST">
+echo '<form method="POST">
 <input type="hidden" name="personid" value="',$person->PersonID,'">
 <h3>',__("Department Membership"),': ',$dept->Name,'<button type="submit" value="Submit" name="action">',__("Submit"),'</button></h3>
 <div>

project_members.php

@@ -75,7 +75,7 @@
 <body id="projectgroup">
 <div class="centermargin">
 <?php
-echo '<form id="projectform" action="',$_SERVER["PHP_SELF"],'" method="POST">
+echo '<form id="projectform" method="POST">
 <input type="hidden" name="projectid" id="projectid" value="',$proj->ProjectID,'">
 <h3>',__("Project to Administer"),': ',$proj->ProjectName,'</h3>
 <select name="datacenterid" id="datacenterid" width="200px"><option value="0">Choose a Data Center</option>';

rackrequest.php

@@ -103,7 +103,7 @@
 			Please allow up to 2 business days for requests to be completed.'),$req->Label)."</p>
 
 			<p>".sprintf(__('Your Request ID is %1$d and you may view the request online at'),$req->RequestID)."
-			<a href=\"https://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}?requestid=$req->RequestID\">
+			<a href=\"https://{$_SERVER['SERVER_NAME']}{$_SERVER['SCRIPT_NAME']}?requestid=$req->RequestID\">
 			".__("this link")."</a>.</p>
 			
 			</body></html>";
@@ -335,7 +335,7 @@
 
 echo '<div class="center"><div>
 <div id="positionselector"></div>
-<form name="deviceform" id="deviceform" action="',$_SERVER["PHP_SELF"],$formfix,'" method="POST">
+<form name="deviceform" id="deviceform" action="',$_SERVER["SCRIPT_NAME"],$formfix,'" method="POST">
 	<input type="hidden" name="requestid" value="',$req->RequestID,'">';
 
 echo '<div class="table">

report_audit.php

@@ -35,7 +35,7 @@ function Header() {
 			$endDate = date( "M d, Y" );
 
 		$this->pdfconfig = new Config();
-		$this->Link( 10, 8, 100, 20, 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] );
+		$this->Link( 10, 8, 100, 20, 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] );
 		if ( file_exists( 'images/' . $this->pdfconfig->ParameterArray['PDFLogoFile'] )) {
 	    	$this->Image( 'images/' . $this->pdfconfig->ParameterArray['PDFLogoFile'],10,8,100);
 		}
@@ -177,7 +177,7 @@ function _putcatalog()
 ?>
 <div class="main">
 <div class="center"><div>
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" id="auditform">
+<form method="post" id="auditform">
 <div class="table">
 	<div>
 		<div><label for="datacenterid">Data Center:</label></div>

report_audit_frequency.php

@@ -20,7 +20,7 @@ class PDF extends FPDF {
 
 	function Header() {
 		$this->pdfconfig = new Config();
-		$this->Link( 10, 8, 100, 20, 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] );
+		$this->Link( 10, 8, 100, 20, 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] );
 		if ( file_exists( 'images/' . $this->pdfconfig->ParameterArray['PDFLogoFile'] )) {
 	    	$this->Image( 'images/' . $this->pdfconfig->ParameterArray['PDFLogoFile'],10,8,100);
 		}
@@ -162,7 +162,7 @@ function _putcatalog()
 ?>
 <div class="main">
 <div class="center"><div>
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" id="auditform">
+<form method="post" id="auditform">
 <div class="table">
 	<div>
 		<div><label for="datacenterid">Data Center:</label></div>

report_cabinets.php

@@ -60,7 +60,7 @@
 <?php include( 'sidebar.inc.php' ); ?>
 <div class="main">
 <div class="center"><div>
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" id="panelform">
+<form method="post" id="panelform">
 
 <?php
     if(@$_REQUEST['datacenterid'] == 0) {

report_department.php

@@ -23,7 +23,7 @@ function PDF(){
 
 	function Header() {
 		$this->pdfconfig = new Config();
-		$this->Link( 10, 8, 100, 20, 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] );
+		$this->Link( 10, 8, 100, 20, 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] );
         if ( file_exists( 'images/' . $this->pdfconfig->ParameterArray['PDFLogoFile'] )) {
             $this->Image( 'images/' . $this->pdfconfig->ParameterArray['PDFLogoFile'],10,8,100);
         }

report_outage_simulator.php

@@ -38,7 +38,7 @@
 <div class="main">
 <h2>openDCIM</h2>
 <h3>Outage Impact Simulation</h3>
-<form action="<?php printf( "%s", $_SERVER['PHP_SELF'] ); ?>" method="post">
+<form method="post">
 <table align="center" border=0>
 <?php
 	if ( @$_REQUEST['datacenterid'] == 0 ) {

report_panel_schedule.php

@@ -45,7 +45,7 @@
 <?php include( 'sidebar.inc.php' ); ?>
 <div class="main">
 <div class="center"><div>
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" id="panelform">
+<form method="post" id="panelform">
 
 <?php
 	if ( @$_REQUEST['datacenterid'] == 0 ) {

report_project_outage_simulator.php

@@ -41,7 +41,7 @@
 <div class="main">
 <h2>openDCIM</h2>
 <h3>Outage Impact Simulation</h3>
-<form action="<?php printf( "%s", $_SERVER['PHP_SELF'] ); ?>" method="post">
+<form method="post">
 <table align="center" border=0>
 <?php
 	if ( @$_REQUEST['datacenterid'] == 0 ) {