tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2010-09-01 Sergio Martin <sergio.martin@artica.es> 

* operation/menu.php
	operation/events/events_rss.php: Added url parameters
	to the event rss to authenticate the user and fix the ACLs



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3212 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
zarzuelo 2010-09-01 13:34:15 +00:00
parent 71976b83e5
commit 330449d290
3 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/ChangeLog
View File

@ -1,3 +1,9 @@
2010-09-01 Sergio Martin <sergio.martin@artica.es>
* operation/menu.php
operation/events/events_rss.php: Added url parameters
to the event rss to authenticate the user and fix the ACLs
2010-09-01 Sergio Martin <sergio.martin@artica.es> 2010-09-01 Sergio Martin <sergio.martin@artica.es>
* operation/agentes/alerts_status.php * operation/agentes/alerts_status.php

19
pandora_console/operation/events/events_rss.php
View File

@ -26,6 +26,17 @@ $ipOrigin = $_SERVER['REMOTE_ADDR'];
// Uncoment this to activate ACL on RSS Events // Uncoment this to activate ACL on RSS Events
if (!isInACL($ipOrigin)) if (!isInACL($ipOrigin))
exit; exit;
// Check user credentials
$user = get_parameter('user');
$hashup = get_parameter('hashup');
$pss = get_user_info($user);
$hashup2 = md5($user.$pss['password']);
if($hashup != $hashup2){
exit;
}
header("Content-Type: application/xml; charset=UTF-8"); //Send header before starting to output header("Content-Type: application/xml; charset=UTF-8"); //Send header before starting to output
@ -92,9 +103,14 @@ if ($id_agent != -1)
if ($id_event != -1) if ($id_event != -1)
$sql_post .= " AND id_evento = ".$id_event; $sql_post .= " AND id_evento = ".$id_event;
// Avoid to show system events to not administrators
if(!check_acl($user, 0, "PM"))
$sql_post .= " AND `tevento`.`event_type` <> 'system'";
$sql="SELECT `tevento`.`id_evento` AS event_id, $sql="SELECT `tevento`.`id_evento` AS event_id,
`tevento`.`id_agente` AS id_agent, `tevento`.`id_agente` AS id_agent,
`tevento`.`id_usuario` AS validated_by, `tevento`.`id_usuario` AS validated_by,
`tevento`.`id_grupo` AS id_group,
`tevento`.`estado` AS validated, `tevento`.`estado` AS validated,
`tevento`.`evento` AS event_descr, `tevento`.`evento` AS event_descr,
`tevento`.`utimestamp` AS unix_timestamp, `tevento`.`utimestamp` AS unix_timestamp,
@ -130,6 +146,9 @@ if (empty ($result)) {
} }
foreach ($result as $row) { foreach ($result as $row) {
if (!check_acl($user, $row["id_group"], "AR")) {
continue;
}
if ($row["event_type"] == "system") { if ($row["event_type"] == "system") {
$agent_name = __('System'); $agent_name = __('System');
} }

7
pandora_console/operation/menu.php
View File

@ -170,8 +170,11 @@ if (give_acl ($config['id_user'], 0, "AR")) {
$sub["operation/events/event_statistics"]["text"] = __('Statistics'); $sub["operation/events/event_statistics"]["text"] = __('Statistics');
//RSS //RSS
$sub["operation/events/events_rss.php"]["text"] = __('RSS'); $pss = get_user_info($config['id_user']);
$sub["operation/events/events_rss.php"]["type"] = "direct"; $hashup = md5($config['id_user'].$pss['password']);
$sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup]["text"] = __('RSS');
$sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup]["type"] = "direct";
//CSV //CSV
$sub["operation/events/export_csv.php"]["text"] = __('CSV File'); $sub["operation/events/export_csv.php"]["text"] = __('CSV File');