#11312 fixed url public in visual console

This commit is contained in:
Daniel Cebrian 2023-05-25 14:01:43 +02:00
parent 72108c6bea
commit 562aebfb85
3 changed files with 17 additions and 13 deletions

View File

@ -770,8 +770,8 @@ function loadVisualConsoleData(
page: "include/rest-api/index",
getVisualConsole: 1,
visualConsoleId: vcId,
id_user: typeof id_user == undefined ? id_user : null,
auth_hash: typeof hash == undefined ? hash : null
id_user: typeof id_user !== undefined ? id_user : null,
auth_hash: typeof hash !== undefined ? hash : null
},
"json"
)

View File

@ -61,6 +61,18 @@ echo '<link rel="stylesheet" href="'.$url_css.'?v='.$config['current_package'].'
require_once 'include/functions_visual_map.php';
$hash = (string) get_parameter('hash');
// Check input hash.
// DO NOT move it after of get parameter user id.
if (User::validatePublicHash($hash) !== true) {
db_pandora_audit(
AUDIT_LOG_VISUAL_CONSOLE_MANAGEMENT,
'Trying to access public visual console'
);
include 'general/noaccess.php';
exit;
}
$visualConsoleId = (int) get_parameter('id_layout');
$userAccessMaintenance = null;
if (empty($config['id_user']) === true) {
@ -75,16 +87,6 @@ if (!isset($config['pure'])) {
$config['pure'] = 0;
}
// Check input hash.
if (User::validatePublicHash($hash) !== true) {
db_pandora_audit(
AUDIT_LOG_VISUAL_CONSOLE_MANAGEMENT,
'Trying to access public visual console'
);
include 'general/noaccess.php';
exit;
}
// Load Visual Console.
use Models\VisualConsole\Container as VisualConsole;
$visualConsole = null;

View File

@ -85,6 +85,8 @@ $width = (int) get_parameter('width', 0);
$height = (int) get_parameter('height', 0);
// Load Visual Console.
use Models\VisualConsole\Container as VisualConsole;
use PandoraFMS\User;
$visualConsole = null;
try {
$visualConsole = VisualConsole::fromDB(['id' => $visualConsoleId]);
@ -152,7 +154,7 @@ if ($aclWrite === true || $aclManage === true) {
$baseUrl = 'index.php?operation=edit_visualmap&sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&action2='.$action;
}
$hash = md5($config['dbpass'].$visualConsoleId.$config['id_user']);
$hash = User::generatePublicHash();
$options['public_link']['text'] = '<a href="'.ui_get_full_url(
'operation/visual_console/public_console.php?hash='.$hash.'&id_layout='.$visualConsoleId.'&refr='.$refr.'&id_user='.$config['id_user'],