tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-30 01:05:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

2012-10-01 Miguel de Dios <miguel.dedios@artica.es>

Browse Source 
* godmode/servers/recon_script.php, godmode/setup/setup.php,
	godmode/users/configure_user.php, include/functions.php,
	include/functions_config.php, extensions/dbmanager.php: now the
	"check_referer" can be disabled in the setup.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@7015 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper 2012-10-01 13:28:34 +00:00
parent ca511ff2e8
commit 39c055b755
7 changed files with 53 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/ChangeLog
View File

@ -1,3 +1,10 @@
2012-10-01 Miguel de Dios <miguel.dedios@artica.es>
* godmode/servers/recon_script.php, godmode/setup/setup.php,
godmode/users/configure_user.php, include/functions.php,
include/functions_config.php, extensions/dbmanager.php: now the
"check_referer" can be disabled in the setup.
2012-10-01 Sergio Martin <sergio.martin@artica.es> 2012-10-01 Sergio Martin <sergio.martin@artica.es>
* include/functions_events.php * include/functions_events.php
@ -19,6 +26,7 @@
major/minor icons and colors major/minor icons and colors
2012-09-28 Miguel de Dios <miguel.dedios@artica.es> 2012-09-28 Miguel de Dios <miguel.dedios@artica.es>
* install.php, operation/agentes/stat_win.php, general/footer.php, * install.php, operation/agentes/stat_win.php, general/footer.php,
include/config_process.php, include/functions_ui.php, include/config_process.php, include/functions_ui.php,
include/functions_graph.php, include/graphs/functions_flot.php, include/functions_graph.php, include/graphs/functions_flot.php,
@ -26,6 +34,7 @@
now it is generated dinamicly. now it is generated dinamicly.
2012-09-27 Miguel de Dios <miguel.dedios@artica.es> 2012-09-27 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_ui.php, operation/agentes/tactical.php: cleaned * include/functions_ui.php, operation/agentes/tactical.php: cleaned
source code style. source code style.

2
pandora_console/extensions/dbmanager.php
View File

@ -89,7 +89,7 @@ function dbmgr_extension_main () {
return; return;
} }
if (!check_refererer()) { if (!check_referer()) {
require ("general/noaccess.php"); require ("general/noaccess.php");
return; return;

2
pandora_console/godmode/servers/recon_script.php
View File

@ -37,7 +37,7 @@ if (! check_acl ($config['id_user'], 0, "LM")) {
return; return;
} }
if (!check_refererer()) { if (!check_referer()) {
require ("general/noaccess.php"); require ("general/noaccess.php");
return; return;

8
pandora_console/godmode/setup/setup.php
View File

@ -325,6 +325,14 @@ $table->data[28][0] = __('Public URL');
$table->data[28][0] .= ui_print_help_tip(__('Set this value when your PandoraFMS across inverse proxy or for example with mod_proxy of Apache.'), true); $table->data[28][0] .= ui_print_help_tip(__('Set this value when your PandoraFMS across inverse proxy or for example with mod_proxy of Apache.'), true);
$table->data[28][1] = html_print_input_text ('public_url', $config['public_url'], '', 40, 255, true); $table->data[28][1] = html_print_input_text ('public_url', $config['public_url'], '', 40, 255, true);
$table->data[29][0] = __('Referer security');
$table->data[29][0] .= ui_print_help_tip(__('When it is set as "yes" in some important sections check if the user have gone from url Pandora.'), true);
$table->data[29][1] = __('Yes') . '&nbsp;&nbsp;&nbsp;' .
html_print_radio_button ('referer_security', 1, '', $config["referer_security"], true) .
'&nbsp;&nbsp;';
$table->data[29][1] .= __('No') . '&nbsp;&nbsp;&nbsp;' .
html_print_radio_button ('referer_security', 0, '', $config["referer_security"], true);
?> ?>
<script type="text/javascript"> <script type="text/javascript">

2
pandora_console/godmode/users/configure_user.php
View File

@ -45,7 +45,7 @@ if (! check_acl ($config['id_user'], 0, "UM")) {
return; return;
} }
if (!check_refererer()) { if (!check_referer()) {
require ("general/noaccess.php"); require ("general/noaccess.php");
return; return;

31
pandora_console/include/functions.php
View File

@ -30,9 +30,13 @@ require_once('functions_io.php');
* *
* @return bool true if all is ok, false if referer is not equal to current web page * @return bool true if all is ok, false if referer is not equal to current web page
*/ */
function check_refererer() { function check_referer() {
global $config; global $config;
//If it is disabled the check referer security
if (!$config["referer_security"])
return true;
$referer = ''; $referer = '';
if (isset($_SERVER['HTTP_REFERER'])) { if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER']; $referer = $_SERVER['HTTP_REFERER'];
@ -1569,7 +1573,10 @@ function get_os_name ($id_os) {
* @return array Dashboard name of the given user. * @return array Dashboard name of the given user.
*/ */
function get_user_dashboards ($id_user) { function get_user_dashboards ($id_user) {
$sql = "SELECT name FROM tdashboard WHERE id_user="."'".$id_user."'"; $sql = "SELECT name
FROM tdashboard
WHERE id_user="."'".$id_user."'";
return db_get_all_rows_sql ($sql); return db_get_all_rows_sql ($sql);
} }
@ -1582,20 +1589,20 @@ function get_periods () {
$periods = array (); $periods = array ();
$periods[-1] = __('custom'); $periods[-1] = __('custom');
$periods[SECONDS_5MINUTES] = '5 '.__('minutes'); $periods[SECONDS_5MINUTES] = sprintf(__('%s minutes'), '5');
$periods[SECONDS_30MINUTES] = '30 '.__('minutes'); $periods[SECONDS_30MINUTES] = sprintf(__('%s minutes'), '30 ');
$periods[SECONDS_1HOUR] = __('1 hour'); $periods[SECONDS_1HOUR] = __('1 hour');
$periods[SECONDS_6HOURS] = '6 '.__('hours'); $periods[SECONDS_6HOURS] = sprintf(__('%s hours'), '6 ');
$periods[SECONDS_12HOURS] = '12 '.__('hours'); $periods[SECONDS_12HOURS] = sprintf(__('%s hours'), '12 ');
$periods[SECONDS_1DAY] = __('1 day'); $periods[SECONDS_1DAY] = __('1 day');
$periods[SECONDS_1WEEK] = __('1 week'); $periods[SECONDS_1WEEK] = __('1 week');
$periods[SECONDS_15DAYS] = __('15 days'); $periods[SECONDS_15DAYS] = __('15 days');
$periods[SECONDS_1MONTH] = '1 '.__('month'); $periods[SECONDS_1MONTH] = __('1 month');
$periods[SECONDS_3MONTHS] = '3 '.__('months'); $periods[SECONDS_3MONTHS] = sprintf(__('%s months'), '3 ');
$periods[SECONDS_6MONTHS] = '6 '.__('months'); $periods[SECONDS_6MONTHS] = sprintf(__('%s months'), '6 ');
$periods[SECONDS_1YEAR] = '1 '.__('year'); $periods[SECONDS_1YEAR] = __('1 year');
$periods[SECONDS_2YEARS] = '2 '.__('years'); $periods[SECONDS_2YEARS] = sprintf(__('%s years'), '2 ');
$periods[SECONDS_3YEARS] = '3 '.__('years'); $periods[SECONDS_3YEARS] = sprintf(__('%s years'), '3 ');
return $periods; return $periods;
} }

5
pandora_console/include/functions_config.php
View File

@ -129,6 +129,7 @@ function config_update_config () {
config_update_value ('activate_netflow', (bool) get_parameter ('activate_netflow')); config_update_value ('activate_netflow', (bool) get_parameter ('activate_netflow'));
config_update_value ('public_url', get_parameter('public_url')); config_update_value ('public_url', get_parameter('public_url'));
config_update_value ('referer_security', get_parameter('referer_security'));
$enterprise = enterprise_include_once ('godmode/setup/setup.php'); $enterprise = enterprise_include_once ('godmode/setup/setup.php');
if ($enterprise !== ENTERPRISE_NOT_HOOK) { if ($enterprise !== ENTERPRISE_NOT_HOOK) {
@ -728,6 +729,10 @@ function config_process_config () {
config_update_value ('public_url', ""); config_update_value ('public_url', "");
} }
if (!isset($config['referer_security'])) {
config_update_value ('referer_security', 0);
}
/* Finally, check if any value was overwritten in a form */ /* Finally, check if any value was overwritten in a form */
config_update_config(); config_update_config();
} }