From d6ac646046329e40edc7145ce0bf7de2d36df96b Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Tue, 21 Apr 2020 17:57:36 +0200 Subject: [PATCH 01/37] fixed bug: update owner_user when validating an event --- pandora_console/include/functions_events.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index 7fad691c74..3e71596c36 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -612,12 +612,14 @@ function events_update_status($id_evento, $status, $filter=null, $history=false) 'UPDATE %s SET estado = %d, ack_utimestamp = %d, - id_usuario = "%s" + id_usuario = "%s", + owner_user = "%s" WHERE id_evento IN (%s)', $table, $status, time(), $config['id_user'], + $config['id_user'], join(',', $target_ids) ); } From 750b8397a3630c15c1e572658ef2edf1d52075c9 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Thu, 23 Apr 2020 12:35:52 +0200 Subject: [PATCH 02/37] fix bad route of background image --- pandora_console/include/functions_visual_map.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pandora_console/include/functions_visual_map.php b/pandora_console/include/functions_visual_map.php index 0cc7d1f8ac..24c07a6487 100755 --- a/pandora_console/include/functions_visual_map.php +++ b/pandora_console/include/functions_visual_map.php @@ -3596,11 +3596,7 @@ function visual_map_print_visual_map( $proportion_width = ($mapWidth / $layout['width']); if ($layout['background'] != 'None.png') { - if (is_metaconsole()) { - $backgroundImage = '/include/Image/image_functions.php?getFile=1&thumb=1&thumb_size='.$mapWidth.'x'.$mapHeight.'&file='.$config['homeurl'].'images/console/background/'.$layout['background']; - } else { $backgroundImage = '/include/Image/image_functions.php?getFile=1&thumb=1&thumb_size='.$mapWidth.'x'.$mapHeight.'&file='.$config['homedir'].'/images/console/background/'.($layout['background']); - } } } else { $mapWidth = $layout['width']; From 4f52a693ac993c0fea9cb9398bde7a639f069daf Mon Sep 17 00:00:00 2001 From: Luis Calvo Date: Wed, 13 May 2020 14:37:20 +0200 Subject: [PATCH 03/37] CSV flot export fixes --- .../flot/jquery.flot.exportdata.pandora.js | 623 +++++++++--------- 1 file changed, 316 insertions(+), 307 deletions(-) diff --git a/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js b/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js index 0b745d8ff5..6466a72835 100644 --- a/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js +++ b/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js @@ -1,227 +1,19 @@ (function ($) { var options = { - export: { - export_data: false, // or true - labels_long: null, - homeurl: '' - } - }; - + export: { + export_data: false, // or true + labels_long: null, + homeurl: "", + }, + }; + function init(plot) { plot.exportDataCSV = function (args) { //amount = plot.getOptions().export.type, //options = options || {}; // Options - var type = 'csv'; - type = type.toLowerCase().trim(); - - var graphData, - dataObject, - dataObjects = plot.getData(), - result = []; - - // Throw errors - var retrieveDataOject = function (dataObjects, custom) { - var result; - if (typeof dataObjects === 'undefined') - throw new Error('Empty parameter'); - - // Try to retrieve the avg set (not 100% reliable, I know) - if (dataObjects.length == 1) { - result = dataObjects.shift(); - } - if (dataObjects.length > 1) { - dataObjects.forEach(function (element) { - if(custom){ - if (/^Avg.:/i.test(element.label)){ - result = element; - } - } else { - result = element; - } - }); - - // If the avg set is missing, retrieve the first set - if (typeof result === 'undefined') - result = dataObjects.shift(); - } - - if (typeof result === 'undefined') - throw new Error('Empty result'); - - return result; - } - - // Throw errors - var processDataObject = function (dataObject) { - var result; - - if (typeof dataObject === 'undefined') - throw new Error('Empty parameter'); - - if (typeof dataObject.data === 'undefined' - || !(dataObject.data instanceof Array)) - throw new Error('Object malformed'); - - /* { - * head: [,,...,], - * data: [ - * [,,...,], - * [,,...,], - * ..., - * [,,...,], - * ] - * } - */ - if (type === 'csv') { - result = { - head: ['timestap', 'date', 'value', 'label'], - data: [] - }; - - dataObject.data.forEach(function (item, index) { - var timestap = item[0]; - - var d = new Date(item[0]); - var monthNames = [ - "Jan", "Feb", "Mar", - "Apr", "May", "Jun", - "Jul", "Aug", "Sep", - "Oct", "Nov", "Dec" - ]; - - date_format = (d.getDate() <10?'0':'') + d.getDate() + " " + - monthNames[d.getMonth()] + " " + - d.getFullYear() + " " + - (d.getHours()<10?'0':'') + d.getHours() + ":" + - (d.getMinutes()<10?'0':'') + d.getMinutes() + ":" + - (d.getSeconds()<10?'0':'') + d.getSeconds(); - - var date = date_format; - - var value = item[1]; - - var clean_label = plot.getOptions().export.labels_long[dataObject.label]; - clean_label = clean_label.replace( new RegExp(" ", "g"), " "); - result.data.push([timestap, date, value, clean_label]); - }); - } - /* [ - * { - * 'date': , - * 'value': - * } - * ], - * [ - * { - * 'date': , - * 'value': - * } - * ], - * ..., - * [ - * { - * 'date': , - * 'value': - * } - * ] - */ - else if (type === 'json') { - result = []; - - dataObject.data.forEach(function (item, index) { - var date = '', value = item[1]; - - // Long labels are preferred - if (typeof labels_long[index] !== 'undefined') - date = labels_long[index]; - else if (typeof labels[index] !== 'undefined') - date = labels[index]; - - result.push({ - 'date': date, - 'value': value, - 'label': dataObject.label - }); - }); - } - - if (typeof result === 'undefined') - throw new Error('Empty result'); - - return result; - } - - try { - var elements = []; - var custom_graph = $('#hidden-custom_graph').val(); - - if (custom_graph) { - dataObject = retrieveDataOject(dataObjects,0); - dataObjects.forEach(function (element) { - elements.push(processDataObject(element)); - }); - graphData = elements; - } - else { - dataObject = retrieveDataOject(dataObjects,1); - elements.push(processDataObject(dataObject)); - graphData = elements; - } - - // Transform the object data into a string - // cause PHP has limitations in the number - // of POST params received. - var graphDataStr = JSON.stringify(graphData); - - // Build form - var $form = $('
'), - $dataInput = $(''), - $typeInput = $(''), - $separatorInput = $(''), - $excelInput = $(''); - - $dataInput - .prop('name', 'data') - .prop('type', 'text') - .prop('value', graphDataStr); - - $typeInput - .prop('name', 'type') - .prop('type', 'text') - .prop('value', type); - - $separatorInput - .prop('name', 'separator') - .prop('type', 'text') - .prop('value', ';'); - - $excelInput - .prop('name', 'excel_encoding') - .prop('type', 'text') - .prop('value', 0); - - $form - .prop('method', 'POST') - .prop('action', plot.getOptions().export.homeurl + 'include/graphs/export_data.php') - .append($dataInput, $typeInput, $separatorInput, $excelInput) - .hide() - // Firefox made me write into the DOM for this :( - .appendTo('body') - .submit(); - } - catch (e) { - alert('There was an error exporting the data'); - } - } - - plot.exportDataJSON = function (args) { - //amount = plot.getOptions().export.type, - //options = options || {}; - - // Options - var type = 'json'; + var type = "csv"; type = type.toLowerCase().trim(); var graphData, @@ -233,8 +25,8 @@ var retrieveDataOject = function (dataObjects) { var result; - if (typeof dataObjects === 'undefined') - throw new Error('Empty parameter'); + if (typeof dataObjects === "undefined") + throw new Error("Empty parameter"); // Try to retrieve the avg set (not 100% reliable, I know) if (dataObjects.length == 1) { @@ -242,31 +34,30 @@ } if (dataObjects.length > 1) { dataObjects.forEach(function (element) { - if (/^Avg.:/i.test(element.label)) - result = element; + if (/^Avg.:/i.test(element.label)) result = element; }); // If the avg set is missing, retrieve the first set - if (typeof result === 'undefined') - result = dataObjects.shift(); + if (typeof result === "undefined") result = dataObjects.shift(); } - if (typeof result === 'undefined') - throw new Error('Empty result'); + if (typeof result === "undefined") throw new Error("Empty result"); return result; - } + }; // Throw errors var processDataObject = function (dataObject) { var result; - if (typeof dataObject === 'undefined') - throw new Error('Empty parameter'); + if (typeof dataObject === "undefined") + throw new Error("Empty parameter"); - if (typeof dataObject.data === 'undefined' - || !(dataObject.data instanceof Array)) - throw new Error('Object malformed'); + if ( + typeof dataObject.data === "undefined" || + !(dataObject.data instanceof Array) + ) + throw new Error("Object malformed"); /* { * head: [,,...,], @@ -278,74 +69,291 @@ * ] * } */ - if (type === 'csv') { - + if (type === "csv") { result = { - head: ['date', 'value','label'], - data: [] + head: ["timestap", "date", "value", "label"], + data: [], }; dataObject.data.forEach(function (item, index) { - var date = '', value = item[1]; + var timestap = item[0]; - // Long labels are preferred - if (typeof plot.getOptions().export.labels_long[index] !== 'undefined') - date = plot.getOptions().export.labels_long[index]; - else if (typeof labels[index] !== 'undefined') - date = labels[index]; + var d = new Date(item[0]); + var monthNames = [ + "Jan", + "Feb", + "Mar", + "Apr", + "May", + "Jun", + "Jul", + "Aug", + "Sep", + "Oct", + "Nov", + "Dec", + ]; - result.data.push([date, value,dataObject.label]); + date_format = + (d.getDate() < 10 ? "0" : "") + + d.getDate() + + " " + + monthNames[d.getMonth()] + + " " + + d.getFullYear() + + " " + + (d.getHours() < 10 ? "0" : "") + + d.getHours() + + ":" + + (d.getMinutes() < 10 ? "0" : "") + + d.getMinutes() + + ":" + + (d.getSeconds() < 10 ? "0" : "") + + d.getSeconds(); + + var date = date_format; + + var value = item[1]; + + var clean_label = plot.getOptions().export.labels_long[ + dataObject.label + ]; + clean_label = clean_label.replace(new RegExp(" ", "g"), " "); + result.data.push([timestap, date, value, clean_label]); }); - } - /* [ - * { - * 'date': , - * 'value': - * } - * ], - * [ - * { - * 'date': , - * 'value': - * } - * ], - * ..., - * [ - * { - * 'date': , - * 'value': - * } - * ] - */ - else if (type === 'json') { + } else if (type === "json") { + /* [ + * { + * 'date': , + * 'value': + * } + * ], + * [ + * { + * 'date': , + * 'value': + * } + * ], + * ..., + * [ + * { + * 'date': , + * 'value': + * } + * ] + */ result = []; dataObject.data.forEach(function (item, index) { - var date = '', value = item[1]; + var date = "", + value = item[1]; // Long labels are preferred - if (typeof labels_long[index] !== 'undefined') + if (typeof labels_long[index] !== "undefined") date = labels_long[index]; - else if (typeof labels[index] !== 'undefined') - date = labels[index]; + else if (typeof labels[index] !== "undefined") date = labels[index]; result.push({ - 'date': date, - 'value': value, - 'label': dataObject.label + date: date, + value: value, + label: dataObject.label, }); }); } - if (typeof result === 'undefined') - throw new Error('Empty result'); + if (typeof result === "undefined") throw new Error("Empty result"); return result; - } + }; try { var elements = []; - var custom_graph = $('input:hidden[name=custom_graph]').value; + dataObject = retrieveDataOject(dataObjects); + if (dataObject) { + elements.push(processDataObject(dataObject)); + } + dataObjects.forEach(function (element) { + elements.push(processDataObject(element)); + }); + graphData = elements; + + + // Transform the object data into a string + // cause PHP has limitations in the number + // of POST params received. + var graphDataStr = JSON.stringify(graphData); + + // Build form + var $form = $("
"), + $dataInput = $(""), + $typeInput = $(""), + $separatorInput = $(""), + $excelInput = $(""); + + $dataInput + .prop("name", "data") + .prop("type", "text") + .prop("value", graphDataStr); + + $typeInput + .prop("name", "type") + .prop("type", "text") + .prop("value", type); + + $separatorInput + .prop("name", "separator") + .prop("type", "text") + .prop("value", ";"); + + $excelInput + .prop("name", "excel_encoding") + .prop("type", "text") + .prop("value", 0); + + $form + .prop("method", "POST") + .prop( + "action", + plot.getOptions().export.homeurl + "include/graphs/export_data.php" + ) + .append($dataInput, $typeInput, $separatorInput, $excelInput) + .hide() + // Firefox made me write into the DOM for this :( + .appendTo("body") + .submit(); + } catch (e) { + alert("There was an error exporting the data"); + } + }; + + plot.exportDataJSON = function (args) { + //amount = plot.getOptions().export.type, + //options = options || {}; + + // Options + var type = "json"; + type = type.toLowerCase().trim(); + + var graphData, + dataObject, + dataObjects = plot.getData(), + result = []; + + // Throw errors + var retrieveDataOject = function (dataObjects) { + var result; + + if (typeof dataObjects === "undefined") + throw new Error("Empty parameter"); + + // Try to retrieve the avg set (not 100% reliable, I know) + if (dataObjects.length == 1) { + result = dataObjects.shift(); + } + if (dataObjects.length > 1) { + dataObjects.forEach(function (element) { + if (/^Avg.:/i.test(element.label)) result = element; + }); + + // If the avg set is missing, retrieve the first set + if (typeof result === "undefined") result = dataObjects.shift(); + } + + if (typeof result === "undefined") throw new Error("Empty result"); + + return result; + }; + + // Throw errors + var processDataObject = function (dataObject) { + var result; + + if (typeof dataObject === "undefined") + throw new Error("Empty parameter"); + + if ( + typeof dataObject.data === "undefined" || + !(dataObject.data instanceof Array) + ) + throw new Error("Object malformed"); + + /* { + * head: [,,...,], + * data: [ + * [,,...,], + * [,,...,], + * ..., + * [,,...,], + * ] + * } + */ + if (type === "csv") { + result = { + head: ["date", "value", "label"], + data: [], + }; + + dataObject.data.forEach(function (item, index) { + var date = "", + value = item[1]; + + // Long labels are preferred + if ( + typeof plot.getOptions().export.labels_long[index] !== "undefined" + ) + date = plot.getOptions().export.labels_long[index]; + else if (typeof labels[index] !== "undefined") date = labels[index]; + + result.data.push([date, value, dataObject.label]); + }); + } else if (type === "json") { + /* [ + * { + * 'date': , + * 'value': + * } + * ], + * [ + * { + * 'date': , + * 'value': + * } + * ], + * ..., + * [ + * { + * 'date': , + * 'value': + * } + * ] + */ + result = []; + + dataObject.data.forEach(function (item, index) { + var date = "", + value = item[1]; + + // Long labels are preferred + if (typeof labels_long[index] !== "undefined") + date = labels_long[index]; + else if (typeof labels[index] !== "undefined") date = labels[index]; + + result.push({ + date: date, + value: value, + label: dataObject.label, + }); + }); + } + + if (typeof result === "undefined") throw new Error("Empty result"); + + return result; + }; + + try { + var elements = []; + var custom_graph = $("input:hidden[name=custom_graph]").value; if (custom_graph) { dataObject = retrieveDataOject(dataObjects); @@ -353,8 +361,7 @@ elements.push(processDataObject(element)); }); graphData = elements; - } - else { + } else { dataObject = retrieveDataOject(dataObjects); elements.push(processDataObject(dataObject)); graphData = elements; @@ -366,51 +373,53 @@ var graphDataStr = JSON.stringify(graphData); // Build form - var $form = $('
'), - $dataInput = $(''), - $typeInput = $(''), - $separatorInput = $(''), - $excelInput = $(''); + var $form = $("
"), + $dataInput = $(""), + $typeInput = $(""), + $separatorInput = $(""), + $excelInput = $(""); $dataInput - .prop('name', 'data') - .prop('type', 'text') - .prop('value', graphDataStr); + .prop("name", "data") + .prop("type", "text") + .prop("value", graphDataStr); $typeInput - .prop('name', 'type') - .prop('type', 'text') - .prop('value', type); + .prop("name", "type") + .prop("type", "text") + .prop("value", type); $separatorInput - .prop('name', 'separator') - .prop('type', 'text') - .prop('value', ';'); + .prop("name", "separator") + .prop("type", "text") + .prop("value", ";"); $excelInput - .prop('name', 'excel_encoding') - .prop('type', 'text') - .prop('value', 0); + .prop("name", "excel_encoding") + .prop("type", "text") + .prop("value", 0); $form - .prop('method', 'POST') - .prop('action', plot.getOptions().export.homeurl + 'include/graphs/export_data.php') + .prop("method", "POST") + .prop( + "action", + plot.getOptions().export.homeurl + "include/graphs/export_data.php" + ) .append($dataInput, $typeInput, $separatorInput, $excelInput) .hide() // Firefox made me write into the DOM for this :( - .appendTo('body') + .appendTo("body") .submit(); + } catch (e) { + alert("There was an error exporting the data"); } - catch (e) { - alert('There was an error exporting the data'); - } - } + }; } - $.plot.plugins.push({ - init: init, - options: options, - name: 'exportdata', - version: '0.1' - }); -})(jQuery); \ No newline at end of file + $.plot.plugins.push({ + init: init, + options: options, + name: "exportdata", + version: "0.1", + }); +})(jQuery); From 347f6b1bf3b3de73ad5738b923223f8bc8216fb3 Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 18 May 2020 10:15:20 +0200 Subject: [PATCH 04/37] add return error if group = 0 on new agent api --- pandora_console/include/functions_api.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 76e10533aa..9d8cae52b2 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -1506,6 +1506,12 @@ function api_set_new_agent($thrash1, $thrash2, $other, $thrash3) return; } + if ((int) $other['data'][3] == 0) { + $agent_creation_error = __('The agent could not be created, for security reasons use a group another than 0'); + returnError('generic error', $agent_creation_error); + return; + } + $alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $other['data'][0]))); $direccion_agente = io_safe_input($other['data'][1]); $nombre_agente = hash('sha256', $direccion_agente.'|'.$direccion_agente.'|'.time().'|'.sprintf('%04d', rand(0, 10000))); From 7a35e8550c89554d513a15b0c5e3ff7e34200b48 Mon Sep 17 00:00:00 2001 From: Luis Calvo Date: Tue, 19 May 2020 18:53:09 +0200 Subject: [PATCH 05/37] Fixed collections symlinks --- .../include/functions_filemanager.php | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php index a3cf4ac0a5..cf587f8081 100644 --- a/pandora_console/include/functions_filemanager.php +++ b/pandora_console/include/functions_filemanager.php @@ -369,11 +369,21 @@ if ($delete_file) { $config['filemanager']['message'] = ui_print_success_message(__('Deleted'), '', true); if (is_dir($filename)) { - rmdir($filename); - $config['filemanager']['delete'] = 1; + if (rmdir($filename)) { + $config['filemanager']['delete'] = 1; + } else { + $config['filemanager']['delete'] = 0; + } } else { - unlink($filename); - $config['filemanager']['delete'] = 1; + if (unlink($filename)) { + $config['filemanager']['delete'] = 1; + } else { + $config['filemanager']['delete'] = 0; + } + } + + if ($config['filemanager']['delete'] == 0) { + $config['filemanager']['message'] = ui_print_error_message(__('Deleted'), '', true); } } } @@ -743,7 +753,7 @@ function filemanager_file_explorer( if (($editor) && (!$readOnly)) { if (($typefile != 'bin') && ($typefile != 'pdf') && ($typefile != 'png') && ($typefile != 'jpg') - && ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') + && ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') && ($fileinfo['mime'] != MIME_DIR) ) { $hash = md5($fileinfo['realpath'].$config['dbpass']); $data[4] .= "".html_print_image('images/edit.png', true, ['style' => 'margin-top: 2px;', 'title' => __('Edit file')]).''; From 3857d04df16a72e2144cc5a8bf2835faaa52654c Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Wed, 20 May 2020 10:54:07 +0200 Subject: [PATCH 06/37] Fixed input type number size in Firefox --- pandora_console/include/functions_html.php | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index adf978d13f..477e23eb1e 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -1758,13 +1758,6 @@ function html_print_input_number(array $settings):string $settings['maxlength'] = 255; } - // Check Size. - if (isset($settings['size']) === false - || $settings['size'] === 0 - ) { - $settings['size'] = 255; - } - foreach ($settings as $attribute => $attr_value) { // Check valid attribute. if (in_array($attribute, $valid_attrs) === false) { From a73ec18867e595751f0565585598ff2a4ddf9fb5 Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Thu, 21 May 2020 09:13:39 +0200 Subject: [PATCH 07/37] Fixed errors filter search with pagination --- pandora_console/godmode/reporting/reporting_builder.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index 60464ee953..cfd1a14b9a 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -767,9 +767,14 @@ switch ($action) { ) ); - if (count($reports)) { + $filters = [ + 'search' => $search, + 'id_group' => $id_group, + ]; + $filtersStr = http_build_query($filters, '', '&'); $url = 'index.php?sec=reporting&sec2=godmode/reporting/reporting_builder'; + $url .= '&'.$filtersStr; ui_pagination($total_reports, $url, $offset, $pagination); $table = new stdClass(); From ab8916a0daf5147638d01d35745ef444f862424a Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Fri, 22 May 2020 09:39:10 +0200 Subject: [PATCH 08/37] Fixed error functions date default type --- pandora_console/include/functions.php | 28 ++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index eaea211d2a..284b8c83b7 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -477,7 +477,8 @@ function set_user_language() /** - * INTERNAL (use ui_print_timestamp for output): Transform an amount of time in seconds into a human readable + * INTERNAL (use ui_print_timestamp for output): + * Transform an amount of time in seconds into a human readable * strings of minutes, hours or days. * * @param integer $seconds Seconds elapsed time @@ -488,17 +489,11 @@ function set_user_language() */ function human_time_description_raw($seconds, $exactly=false, $units='large') { - switch ($units) { - case 'large': - $secondsString = __('seconds'); - $daysString = __('days'); - $monthsString = __('months'); - $yearsString = __('years'); - $minutesString = __('minutes'); - $hoursString = __('hours'); - $nowString = __('Now'); - break; + if (isset($units) === false || empty($units) === true) { + $units = 'large'; + } + switch ($units) { case 'tiny': $secondsString = __('s'); $daysString = __('d'); @@ -508,6 +503,17 @@ function human_time_description_raw($seconds, $exactly=false, $units='large') $hoursString = __('h'); $nowString = __('N'); break; + + default: + case 'large': + $secondsString = __('seconds'); + $daysString = __('days'); + $monthsString = __('months'); + $yearsString = __('years'); + $minutesString = __('minutes'); + $hoursString = __('hours'); + $nowString = __('Now'); + break; } if (empty($seconds)) { From 1d167d4aba0aff44b66bbfb65325544568c73540 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Mon, 25 May 2020 11:12:29 +0200 Subject: [PATCH 09/37] fixed agent id strange behavior in events table --- pandora_console/operation/events/events.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php index 1c91ebaf54..ba029bfb17 100644 --- a/pandora_console/operation/events/events.php +++ b/pandora_console/operation/events/events.php @@ -1962,17 +1962,7 @@ function process_datatables_item(item) { /* Agent ID link */ if (item.id_agente > 0) { - - item.id_agente = '' + item.id_agente + ''; - - item.id_agente = '' + item.agent_name + ''; - + item.id_agente = '' + item.id_agente + ''; } else { item.id_agente = ''; } From 4d7341917c46a16917fe747663ebf280da1a350f Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Mon, 25 May 2020 13:10:46 +0200 Subject: [PATCH 10/37] Added cases when critical, warning or normal alert has been fired --- pandora_console/include/functions_api.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 76e10533aa..6ee93eb409 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -2048,31 +2048,31 @@ function api_get_all_agents($thrash1, $thrash2, $other, $returnType) // Filter by status switch ($other['data'][2]) { case 'warning': - if ($status == 2) { + if ($status == AGENT_MODULE_STATUS_WARNING || $status == AGENT_MODULE_STATUS_WARNING_ALERT) { $result_agents[] = $agent; } break; case 'critical': - if ($status == 1) { + if ($status == AGENT_MODULE_STATUS_CRITICAL_BAD || $status == AGENT_MODULE_STATUS_CRITICAL_ALERT) { $result_agents[] = $agent; } break; case 'unknown': - if ($status == 3) { + if ($status == AGENT_MODULE_STATUS_UNKNOWN) { $result_agents[] = $agent; } break; case 'normal': - if ($status == 0) { + if ($status == AGENT_MODULE_STATUS_NORMAL || $status == AGENT_MODULE_STATUS_NORMAL_ALERT) { $result_agents[] = $agent; } break; case 'alert_fired': - if ($status == 4) { + if ($status == AGENT_STATUS_ALERT_FIRED) { $result_agents[] = $agent; } break; From 37058537aa9638f7835362730f3d92f38db26140 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Mon, 25 May 2020 17:06:23 +0200 Subject: [PATCH 11/37] Fix #5779 --- pandora_console/godmode/massive/massive_operations.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/godmode/massive/massive_operations.php b/pandora_console/godmode/massive/massive_operations.php index 0fb08d0034..d7aec41af8 100755 --- a/pandora_console/godmode/massive/massive_operations.php +++ b/pandora_console/godmode/massive/massive_operations.php @@ -246,7 +246,7 @@ ui_print_page_header( $help_header, true, $onheader, - true, + false, 'massivemodal' ); From e8ca0c72edf8c39a176cdc7673447602e0462979 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Tue, 26 May 2020 13:13:51 +0200 Subject: [PATCH 12/37] Fixed snmp_read_mib call --- .../include/functions_snmp_browser.php | 45 ++++++++++++++++--- 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/pandora_console/include/functions_snmp_browser.php b/pandora_console/include/functions_snmp_browser.php index 224a4ecc3f..89f7615b08 100644 --- a/pandora_console/include/functions_snmp_browser.php +++ b/pandora_console/include/functions_snmp_browser.php @@ -238,8 +238,17 @@ function snmp_browser_print_tree( /** * Build the SNMP tree for the given SNMP agent. * - * @param target_ip string IP of the SNMP agent. - * @param community string SNMP community to use. + * @param string $target_ip Target_ip. + * @param string $community Community. + * @param string $starting_oid Starting_oid. + * @param string $version Version. + * @param string $snmp3_auth_user Snmp3_auth_user. + * @param string $snmp3_security_level Snmp3_security_level. + * @param string $snmp3_auth_method Snmp3_auth_method. + * @param string $snmp3_auth_pass Snmp3_auth_pass. + * @param string $snmp3_privacy_method Snmp3_privacy_method. + * @param string $snmp3_privacy_pass Snmp3_privacy_pass. + * @param string|null $snmp3_context_engine_id Snmp3_context_engine_id. * * @return array The SNMP tree. */ @@ -253,7 +262,8 @@ function snmp_browser_get_tree( $snmp3_auth_method='', $snmp3_auth_pass='', $snmp3_privacy_method='', - $snmp3_privacy_pass='' + $snmp3_privacy_pass='', + $snmp3_context_engine_id=null ) { global $config; @@ -277,6 +287,7 @@ function snmp_browser_get_tree( default: $snmp_version = SNMP::VERSION_2c; + break; } $snmp_session = new SNMP($snmp_version, $target_ip, $community); @@ -284,10 +295,34 @@ function snmp_browser_get_tree( // Set security if SNMP Version is 3. if ($snmp_version == SNMP::VERSION_3) { - $snmp_session->setSecurity($snmp3_security_level, $snmp3_auth_method, $snmp3_auth_pass, $snmp3_privacy_method, $snmp3_privacy_pass); + $snmp_session->setSecurity( + $snmp3_security_level, + $snmp3_auth_method, + $snmp3_auth_pass, + $snmp3_privacy_method, + $snmp3_privacy_pass, + $community, + $snmp3_context_engine_id + ); } - snmp_read_mib($config['homedir'].'/attachment/mibs'); + $mibs_dir = $config['homedir'].'/attachment/mibs'; + $_dir = opendir($mibs_dir); + + // Future. Recomemended: Use a global config limit of MIBs loaded. + while (($mib_file = readdir($_dir)) !== false) { + if ($mib_file == '..' || $mib_file == '.') { + continue; + } + + $rs = snmp_read_mib($mibs_dir.'/'.$mib_file); + if ($rs !== true) { + error_log('Failed while reading MIB file: '.$mib_file); + } + } + + closedir($_dir); + $output = $snmp_session->walk($starting_oid); if ($output == false) { $output = $snmp_session->getError(); From 2481bcc669d7238c48473596be648beb9f2fd770 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Tue, 26 May 2020 13:56:39 +0200 Subject: [PATCH 13/37] Update default value for use_xml_timestamp --- pandora_server/lib/PandoraFMS/Config.pm | 3 ++- pandora_server/lib/PandoraFMS/DataServer.pm | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm index 5babae0d3c..c19aed0317 100644 --- a/pandora_server/lib/PandoraFMS/Config.pm +++ b/pandora_server/lib/PandoraFMS/Config.pm @@ -399,7 +399,8 @@ sub pandora_load_config { $pa_config->{'max_log_generation'} = 1; # Ignore the timestamp in the XML and use the file timestamp instead - $pa_config->{'use_xml_timestamp'} = 0; + # If 1 => uses timestamp from received XML #5763. + $pa_config->{'use_xml_timestamp'} = 1; # Server restart delay in seconds $pa_config->{'restart_delay'} = 60; diff --git a/pandora_server/lib/PandoraFMS/DataServer.pm b/pandora_server/lib/PandoraFMS/DataServer.pm index f82a58a120..69efd9f45a 100644 --- a/pandora_server/lib/PandoraFMS/DataServer.pm +++ b/pandora_server/lib/PandoraFMS/DataServer.pm @@ -234,6 +234,7 @@ sub data_consumer ($$) { } # Ignore the timestamp in the XML and use the file timestamp instead + # If 1 => uses timestamp from received XML #5763. $xml_data->{'timestamp'} = strftime ("%Y-%m-%d %H:%M:%S", localtime((stat($file_name))[9])) if ($pa_config->{'use_xml_timestamp'} eq '0' || ! defined ($xml_data->{'timestamp'})); # Double check that the file exists From 2ae11577cee1c4d73da892406be480eae11e9cb2 Mon Sep 17 00:00:00 2001 From: Manuel Montes Date: Tue, 26 May 2020 14:42:06 +0200 Subject: [PATCH 14/37] Added case insensitive in agent search --- pandora_console/godmode/users/user_list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index 8fb461a355..24f2a38a65 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -367,11 +367,11 @@ if ($search) { $found = false; if (!empty($filter_search)) { - if (preg_match('/.*'.$filter_search.'.*/', $user_info['fullname']) != 0) { + if (preg_match('/.*'.strtolower($filter_search).'.*/', strtolower($user_info['fullname'])) != 0) { $found = true; } - if (preg_match('/.*'.$filter_search.'.*/', $user_info['id_user']) != 0) { + if (preg_match('/.*'.strtolower($filter_search).'.*/', strtolower($user_info['id_user'])) != 0) { $found = true; } From f2f1eaf58e35e0dff8e36470ba35a5d3f881ad9a Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Tue, 26 May 2020 14:44:52 +0200 Subject: [PATCH 15/37] Fixed values legend charts sparse --- pandora_console/include/functions.php | 8 ++++++++ pandora_console/include/graphs/flot/pandora.flot.js | 8 +++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index eaea211d2a..d409096b06 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -3718,6 +3718,14 @@ function series_type_graph_array($data, $show_elements_graph) } } + if ((int) $value['min'] === PHP_INT_MAX) { + $value['min'] = 0; + } + + if ((int) $value['max'] === (-PHP_INT_MAX)) { + $value['max'] = 0; + } + $data_return['legend'][$key] .= __('Min:').remove_right_zeros( number_format( $value['min'], diff --git a/pandora_console/include/graphs/flot/pandora.flot.js b/pandora_console/include/graphs/flot/pandora.flot.js index 175173160c..48aaa94ee5 100644 --- a/pandora_console/include/graphs/flot/pandora.flot.js +++ b/pandora_console/include/graphs/flot/pandora.flot.js @@ -3009,7 +3009,7 @@ function number_format(number, force_integer, unit, short_data, divisor) { var decimals = 2; if (unit == "KB") { - return number + unit; + return Math.round(number * decimals) + unit; } // Set maximum decimal precision to 99 in case short_data is not set. @@ -3038,6 +3038,12 @@ function number_format(number, force_integer, unit, short_data, divisor) { if (divisor) { number = Math.round(number * decimals) / decimals; + } else { + number = Math.round(number * decimals); + } + + if (isNaN(number)) { + number = 0; } return number + " " + shorts[pos] + unit; From b7c0f0e4c3dffa8614b57a2afa0f1ab92c5eebde Mon Sep 17 00:00:00 2001 From: Kike Date: Thu, 28 May 2020 15:50:49 +0200 Subject: [PATCH 16/37] Fixed sintax error for some OS --- pandora_agents/unix/pandora_agent_installer | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pandora_agents/unix/pandora_agent_installer b/pandora_agents/unix/pandora_agent_installer index 1a9e6ebbe0..dd69f50e8a 100755 --- a/pandora_agents/unix/pandora_agent_installer +++ b/pandora_agents/unix/pandora_agent_installer @@ -164,7 +164,7 @@ uninstall () { rm -f $DESTDIR/etc/logrotate.d/pandora_agent # Remove systemd service if exists - if [ $(systemctl --v | grep systemd | wc -l) != 0 ] + if [ `systemctl --v 2> /dev/null | grep systemd | wc -l` != 0 ] then PANDORA_AGENT_SERVICE="/etc/systemd/system/pandora_agent_daemon.service" rm -f $PANDORA_AGENT_SERVICE @@ -480,7 +480,7 @@ install () { fi # Create systemd service - if [ $(systemctl --v | grep systemd | wc -l) != 0 ] + if [ `systemctl --v 2> /dev/null | grep systemd | wc -l` != 0 ] then echo "Creating systemd service for pandora_agent_daemon" From 754023f90891ded8107f22a156cb442311b9d2c8 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Mon, 8 Jun 2020 17:12:33 +0200 Subject: [PATCH 17/37] fix XSS --- pandora_console/godmode/wizards/HostDevices.class.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pandora_console/godmode/wizards/HostDevices.class.php b/pandora_console/godmode/wizards/HostDevices.class.php index 9cb9505a5b..80810b7cf2 100755 --- a/pandora_console/godmode/wizards/HostDevices.class.php +++ b/pandora_console/godmode/wizards/HostDevices.class.php @@ -692,9 +692,7 @@ class HostDevices extends Wizard if ($this->page == 1) { $title = __( '"%s" features', - io_safe_output( - $this->task['name'] - ) + $this->task['name'] ); } From 120b78b5c55126a41eb04e3f4c967a59749c4310 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Mon, 8 Jun 2020 17:36:32 +0200 Subject: [PATCH 18/37] Control vulnerable fields --- pandora_console/godmode/tag/edit_tag.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pandora_console/godmode/tag/edit_tag.php b/pandora_console/godmode/tag/edit_tag.php index 2db4cfed33..96b4e158e3 100644 --- a/pandora_console/godmode/tag/edit_tag.php +++ b/pandora_console/godmode/tag/edit_tag.php @@ -31,11 +31,10 @@ $id_tag = (int) get_parameter('id_tag', 0); $update_tag = (int) get_parameter('update_tag', 0); $create_tag = (int) get_parameter('create_tag', 0); $name_tag = (string) get_parameter('name_tag', ''); -$description_tag = (string) get_parameter('description_tag', ''); -$description_tag = io_safe_input(strip_tags(io_safe_output($description_tag))); +$description_tag = io_safe_input(strip_tags(io_safe_output((string) get_parameter('description_tag')))); $url_tag = (string) get_parameter('url_tag', ''); -$email_tag = (string) get_parameter('email_tag', ''); -$phone_tag = (string) get_parameter('phone_tag', ''); +$email_tag = io_safe_input(strip_tags(io_safe_output(((string) get_parameter('email_tag'))))); +$phone_tag = io_safe_input(strip_tags(io_safe_output(((string) get_parameter('phone_tag'))))); $tab = (string) get_parameter('tab', 'list'); if (defined('METACONSOLE')) { From a30f73d6c2970b4c921e58e5b4468bda77b7ca04 Mon Sep 17 00:00:00 2001 From: artica Date: Tue, 9 Jun 2020 01:00:18 +0200 Subject: [PATCH 19/37] Auto-updated build strings. --- pandora_agents/unix/DEBIAN/control | 2 +- pandora_agents/unix/DEBIAN/make_deb_package.sh | 2 +- pandora_agents/unix/pandora_agent | 2 +- pandora_agents/unix/pandora_agent.redhat.spec | 2 +- pandora_agents/unix/pandora_agent.spec | 2 +- pandora_agents/unix/pandora_agent_installer | 2 +- pandora_agents/win32/installer/pandora.mpi | 2 +- pandora_agents/win32/pandora.cc | 2 +- pandora_agents/win32/versioninfo.rc | 2 +- pandora_console/DEBIAN/control | 2 +- pandora_console/DEBIAN/make_deb_package.sh | 2 +- pandora_console/include/config_process.php | 2 +- pandora_console/install.php | 2 +- pandora_console/pandora_console.redhat.spec | 2 +- pandora_console/pandora_console.rhel7.spec | 2 +- pandora_console/pandora_console.spec | 2 +- pandora_server/DEBIAN/control | 2 +- pandora_server/DEBIAN/make_deb_package.sh | 2 +- pandora_server/lib/PandoraFMS/Config.pm | 2 +- pandora_server/lib/PandoraFMS/PluginTools.pm | 2 +- pandora_server/pandora_server.redhat.spec | 2 +- pandora_server/pandora_server.spec | 2 +- pandora_server/pandora_server_installer | 2 +- pandora_server/util/pandora_db.pl | 2 +- pandora_server/util/pandora_manage.pl | 2 +- 25 files changed, 25 insertions(+), 25 deletions(-) diff --git a/pandora_agents/unix/DEBIAN/control b/pandora_agents/unix/DEBIAN/control index 0dd301b279..91f1551288 100644 --- a/pandora_agents/unix/DEBIAN/control +++ b/pandora_agents/unix/DEBIAN/control @@ -1,5 +1,5 @@ package: pandorafms-agent-unix -Version: 7.0NG.746-200608 +Version: 7.0NG.746-200609 Architecture: all Priority: optional Section: admin diff --git a/pandora_agents/unix/DEBIAN/make_deb_package.sh b/pandora_agents/unix/DEBIAN/make_deb_package.sh index d50e91910f..b7d12ad61d 100644 --- a/pandora_agents/unix/DEBIAN/make_deb_package.sh +++ b/pandora_agents/unix/DEBIAN/make_deb_package.sh @@ -14,7 +14,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -pandora_version="7.0NG.746-200608" +pandora_version="7.0NG.746-200609" echo "Test if you has the tools for to make the packages." whereis dpkg-deb | cut -d":" -f2 | grep dpkg-deb > /dev/null diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent index 162d35a9fa..8e7691ae39 100755 --- a/pandora_agents/unix/pandora_agent +++ b/pandora_agents/unix/pandora_agent @@ -55,7 +55,7 @@ my $Sem = undef; my $ThreadSem = undef; use constant AGENT_VERSION => '7.0NG.746'; -use constant AGENT_BUILD => '200608'; +use constant AGENT_BUILD => '200609'; # Agent log default file size maximum and instances use constant DEFAULT_MAX_LOG_SIZE => 600000; diff --git a/pandora_agents/unix/pandora_agent.redhat.spec b/pandora_agents/unix/pandora_agent.redhat.spec index ca8cbadcd7..3ee225b4d2 100644 --- a/pandora_agents/unix/pandora_agent.redhat.spec +++ b/pandora_agents/unix/pandora_agent.redhat.spec @@ -3,7 +3,7 @@ # %define name pandorafms_agent_unix %define version 7.0NG.746 -%define release 200608 +%define release 200609 Summary: Pandora FMS Linux agent, PERL version Name: %{name} diff --git a/pandora_agents/unix/pandora_agent.spec b/pandora_agents/unix/pandora_agent.spec index 65a10b77a2..5d86f42c13 100644 --- a/pandora_agents/unix/pandora_agent.spec +++ b/pandora_agents/unix/pandora_agent.spec @@ -3,7 +3,7 @@ # %define name pandorafms_agent_unix %define version 7.0NG.746 -%define release 200608 +%define release 200609 Summary: Pandora FMS Linux agent, PERL version Name: %{name} diff --git a/pandora_agents/unix/pandora_agent_installer b/pandora_agents/unix/pandora_agent_installer index d364284eb7..9a0b6c68ab 100755 --- a/pandora_agents/unix/pandora_agent_installer +++ b/pandora_agents/unix/pandora_agent_installer @@ -10,7 +10,7 @@ # ********************************************************************** PI_VERSION="7.0NG.746" -PI_BUILD="200608" +PI_BUILD="200609" OS_NAME=`uname -s` FORCE=0 diff --git a/pandora_agents/win32/installer/pandora.mpi b/pandora_agents/win32/installer/pandora.mpi index 1bfa0b58a2..6a7e527c5f 100644 --- a/pandora_agents/win32/installer/pandora.mpi +++ b/pandora_agents/win32/installer/pandora.mpi @@ -186,7 +186,7 @@ UpgradeApplicationID {} Version -{200608} +{200609} ViewReadme {Yes} diff --git a/pandora_agents/win32/pandora.cc b/pandora_agents/win32/pandora.cc index bd048d925b..4a74065ff8 100644 --- a/pandora_agents/win32/pandora.cc +++ b/pandora_agents/win32/pandora.cc @@ -30,7 +30,7 @@ using namespace Pandora; using namespace Pandora_Strutils; #define PATH_SIZE _MAX_PATH+1 -#define PANDORA_VERSION ("7.0NG.746(Build 200608)") +#define PANDORA_VERSION ("7.0NG.746(Build 200609)") string pandora_path; string pandora_dir; diff --git a/pandora_agents/win32/versioninfo.rc b/pandora_agents/win32/versioninfo.rc index 83c10b276a..8420db0322 100644 --- a/pandora_agents/win32/versioninfo.rc +++ b/pandora_agents/win32/versioninfo.rc @@ -11,7 +11,7 @@ BEGIN VALUE "LegalCopyright", "Artica ST" VALUE "OriginalFilename", "PandoraAgent.exe" VALUE "ProductName", "Pandora FMS Windows Agent" - VALUE "ProductVersion", "(7.0NG.746(Build 200608))" + VALUE "ProductVersion", "(7.0NG.746(Build 200609))" VALUE "FileVersion", "1.0.0.0" END END diff --git a/pandora_console/DEBIAN/control b/pandora_console/DEBIAN/control index 6fb556e0d4..6fc8c22bb2 100644 --- a/pandora_console/DEBIAN/control +++ b/pandora_console/DEBIAN/control @@ -1,5 +1,5 @@ package: pandorafms-console -Version: 7.0NG.746-200608 +Version: 7.0NG.746-200609 Architecture: all Priority: optional Section: admin diff --git a/pandora_console/DEBIAN/make_deb_package.sh b/pandora_console/DEBIAN/make_deb_package.sh index 6d9c01a1af..0c5a4417bb 100644 --- a/pandora_console/DEBIAN/make_deb_package.sh +++ b/pandora_console/DEBIAN/make_deb_package.sh @@ -14,7 +14,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -pandora_version="7.0NG.746-200608" +pandora_version="7.0NG.746-200609" package_pear=0 package_pandora=1 diff --git a/pandora_console/include/config_process.php b/pandora_console/include/config_process.php index 1091b024d2..786ac47d9f 100644 --- a/pandora_console/include/config_process.php +++ b/pandora_console/include/config_process.php @@ -20,7 +20,7 @@ /** * Pandora build version and version */ -$build_version = 'PC200608'; +$build_version = 'PC200609'; $pandora_version = 'v7.0NG.746'; // Do not overwrite default timezone set if defined. diff --git a/pandora_console/install.php b/pandora_console/install.php index 7ccfa3ff85..77eb8b9e7a 100644 --- a/pandora_console/install.php +++ b/pandora_console/install.php @@ -129,7 +129,7 @@
[ qw() ] ); diff --git a/pandora_server/pandora_server.redhat.spec b/pandora_server/pandora_server.redhat.spec index e293a8ba15..80d1ade9ea 100644 --- a/pandora_server/pandora_server.redhat.spec +++ b/pandora_server/pandora_server.redhat.spec @@ -3,7 +3,7 @@ # %define name pandorafms_server %define version 7.0NG.746 -%define release 200608 +%define release 200609 Summary: Pandora FMS Server Name: %{name} diff --git a/pandora_server/pandora_server.spec b/pandora_server/pandora_server.spec index 331187a494..52f0f55f79 100644 --- a/pandora_server/pandora_server.spec +++ b/pandora_server/pandora_server.spec @@ -3,7 +3,7 @@ # %define name pandorafms_server %define version 7.0NG.746 -%define release 200608 +%define release 200609 Summary: Pandora FMS Server Name: %{name} diff --git a/pandora_server/pandora_server_installer b/pandora_server/pandora_server_installer index c958c422de..fb0959023f 100755 --- a/pandora_server/pandora_server_installer +++ b/pandora_server/pandora_server_installer @@ -9,7 +9,7 @@ # ********************************************************************** PI_VERSION="7.0NG.746" -PI_BUILD="200608" +PI_BUILD="200609" MODE=$1 if [ $# -gt 1 ]; then diff --git a/pandora_server/util/pandora_db.pl b/pandora_server/util/pandora_db.pl index 354ea2905e..c2201aaf14 100755 --- a/pandora_server/util/pandora_db.pl +++ b/pandora_server/util/pandora_db.pl @@ -35,7 +35,7 @@ use PandoraFMS::Config; use PandoraFMS::DB; # version: define current version -my $version = "7.0NG.746 PS200608"; +my $version = "7.0NG.746 PS200609"; # Pandora server configuration my %conf; diff --git a/pandora_server/util/pandora_manage.pl b/pandora_server/util/pandora_manage.pl index 3d76f3c082..856f5ee22e 100755 --- a/pandora_server/util/pandora_manage.pl +++ b/pandora_server/util/pandora_manage.pl @@ -36,7 +36,7 @@ use Encode::Locale; Encode::Locale::decode_argv; # version: define current version -my $version = "7.0NG.746 PS200608"; +my $version = "7.0NG.746 PS200609"; # save program name for logging my $progname = basename($0); From 73cf98fc02d03b13586f8d5cb77b2c7091b84325 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Tue, 9 Jun 2020 10:22:54 +0200 Subject: [PATCH 20/37] Cleaned tags for affected fields --- pandora_console/include/functions_config.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index 96f266fc1e..b7d23fbb7d 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -1212,8 +1212,8 @@ function config_update_config() // -------------------------------------------------- // CUSTOM VALUES POST PROCESS // -------------------------------------------------- - $custom_value = get_parameter('custom_value'); - $custom_text = get_parameter('custom_text'); + $custom_value = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_value')))); + $custom_text = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_text')))); $custom_value_add = (bool) get_parameter('custom_value_add', 0); $custom_value_to_delete = get_parameter('custom_value_to_delete', 0); @@ -1284,8 +1284,8 @@ function config_update_config() // -------------------------------------------------- // MODULE CUSTOM UNITS // -------------------------------------------------- - $custom_unit = get_parameter('custom_module_unit'); - $custom_unit_to_delete = get_parameter('custom_module_unit_to_delete', ''); + $custom_unit = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_module_unit')))); + $custom_unit_to_delete = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_module_unit_to_delete', '')))); if (!empty($custom_unit)) { if (!add_custom_module_unit( From cfe30d5b7d5431141b211fa8666bde6fe7f8b4cf Mon Sep 17 00:00:00 2001 From: marcos Date: Tue, 9 Jun 2020 10:37:11 +0200 Subject: [PATCH 21/37] fixed vulnerability on special days --- .../godmode/alerts/alert_special_days.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/alerts/alert_special_days.php b/pandora_console/godmode/alerts/alert_special_days.php index 7dd02c28bd..d3f2c41ed1 100644 --- a/pandora_console/godmode/alerts/alert_special_days.php +++ b/pandora_console/godmode/alerts/alert_special_days.php @@ -118,6 +118,10 @@ if ($create_special_day) { $values['id_group'] = (string) get_parameter('id_group'); $values['description'] = (string) get_parameter('description'); + $aviable_description = true; + if (preg_match('