From 80ddcbe1b610166e148bdd702d77bb46467b6ad9 Mon Sep 17 00:00:00 2001 From: daniel Date: Thu, 14 Jun 2018 16:47:23 +0200 Subject: [PATCH] fixed security error phantomjs --- pandora_console/include/api.php | 13 ++++++++++++ pandora_console/include/chart_generator.php | 8 +++++++- pandora_console/include/functions.php | 1 - pandora_console/include/functions_graph.php | 15 +++++--------- .../include/graphs/flot/pandora.flot.js | 20 ++++++++++--------- .../include/graphs/functions_flot.php | 5 ----- 6 files changed, 36 insertions(+), 26 deletions(-) diff --git a/pandora_console/include/api.php b/pandora_console/include/api.php index 34350a1754..5884aa34dd 100644 --- a/pandora_console/include/api.php +++ b/pandora_console/include/api.php @@ -75,6 +75,14 @@ if (isInACL($ipOrigin)) { if ($user_in_db !== false) { $config['id_user'] = $user_in_db; $correctLogin = true; + + //XXXX + session_start(); + $_SESSION["id_usuario"] = $user; + session_write_close(); + + file_put_contents(session_save_path() . DIRECTORY_SEPARATOR . "pansess_" . session_id(), $user); + } else { $no_login_msg = "Incorrect user credentials"; @@ -177,6 +185,11 @@ if ($correctLogin) { returnError('no_exist_operation', $returnType); } } + + //XXXXX + if (file_exists(session_save_path() . DIRECTORY_SEPARATOR . "pansess_" . session_id())) { + unlink(session_save_path() . DIRECTORY_SEPARATOR . "pansess_" . session_id()); + } } else { // TODO: Implement a new switch in config to enable / disable diff --git a/pandora_console/include/chart_generator.php b/pandora_console/include/chart_generator.php index fef8d1abeb..b36614f6dd 100644 --- a/pandora_console/include/chart_generator.php +++ b/pandora_console/include/chart_generator.php @@ -13,10 +13,16 @@ // GNU General Public License for more details. // Global & session manageme + + session_id($_GET["session_id"]); + +$user = file_get_contents(session_save_path() . "/pansess_" . session_id()); session_start(); +$_SESSION["id_usuario"] = $user; session_write_close(); + require_once ('config.php'); require_once ($config['homedir'] . '/include/auth/mysql.php'); require_once ($config['homedir'] . '/include/functions.php'); @@ -117,4 +123,4 @@ if (file_exists ('languages/'.$user_language.'.mo')) { ?> - \ No newline at end of file + diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 934dbca6aa..9d75e8faee 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -2967,7 +2967,6 @@ function color_graph_array(){ 'alpha' => CHART_DEFAULT_ALPHA ); - //XXX Colores fijos para eventos, alertas, desconocidos, percentil, overlapped, summatory, average, projection $color_series['event'] = array( 'border' => '#ff0000', 'color' => '#FF5733', diff --git a/pandora_console/include/functions_graph.php b/pandora_console/include/functions_graph.php index 948784ca96..50888ebdeb 100644 --- a/pandora_console/include/functions_graph.php +++ b/pandora_console/include/functions_graph.php @@ -234,10 +234,9 @@ function grafico_modulo_sparse_data_chart ( global $config; - //XXXXX - //Para evitar mostrar todos los datos a la vez lo cual puede recargar se hace un sistema de cajas que parte de una constante = 250 - //y el periodo de tiempo seleccionado ademas de poder ir reducciendo el nivel de cajas es decir aumentando el nivel de detalle de la grafica - //hasta la opcion full que mostraria todos los puntos(datos) que contiene ese periodo. + //To avoid showing all the data at the same time which can be reloaded, a system of boxes is made starting from a constant = 250 + //and the selected period of time in addition to being able to reduce the level of boxes, that is, increasing the level of detail of the graph + //until the full option that would show all the points (data) that that period contains. $data_slice = $date_array['period'] / (250 * $params['zoom']); if( $data_module_graph['id_module_type'] == 23 || @@ -431,7 +430,7 @@ function grafico_modulo_sparse_data( return false; } - //XXX Esto es para un tipo especifico de report que consiste en pasarle un intervalo y hacer suma media y avg. + //This is for a specific type of report that consists in passing an interval and doing the average sum and avg. if($params['force_interval'] != ''){ $period_time_interval = $date_array['period'] * 1000; $start_period = $date_array['start_date'] * 1000; @@ -1331,7 +1330,6 @@ function graphic_combined_module ( $params['zoom'] = 1; } - //XXXXXXXX //XXXX Configurable $params['grid_color'] = '#C1C1C1'; $params['legend_color'] = '#636363'; @@ -1460,7 +1458,7 @@ function graphic_combined_module ( } //XXX arreglar estas - $long_index = ''; + $long_index = ''; switch ($params_combined['stacked']) { default: @@ -4283,9 +4281,6 @@ function graphic_module_events ($id_module, $width, $height, $period = 0, $homeu global $graphic_type; $data = array (); -//XXXXXX -$width = 90; -$height = 100; //$resolution = $config['graph_res'] * ($period * 2 / $width); // Number of "slices" we want in graph $resolution = 5 * ($period * 2 / $width); // Number of "slices" we want in graph diff --git a/pandora_console/include/graphs/flot/pandora.flot.js b/pandora_console/include/graphs/flot/pandora.flot.js index 620659eead..796d17c196 100644 --- a/pandora_console/include/graphs/flot/pandora.flot.js +++ b/pandora_console/include/graphs/flot/pandora.flot.js @@ -1676,15 +1676,17 @@ function pandoraFlotArea( graph_id, values, legend, } } -/*//XXXXXXXREvisar esto -if (vconsole) { - var myCanvas = plot.getCanvas(); - plot.setupGrid(); // redraw plot to new size - plot.draw(); - var image = myCanvas.toDataURL("image/png"); - return; - } -*/ + /* + //XXXREvisar esto + if (vconsole) { + var myCanvas = plot.getCanvas(); + plot.setupGrid(); // redraw plot to new size + plot.draw(); + var image = myCanvas.toDataURL("image/png"); + return; + } + */ + // Adjust the overview plot to the width and position of the main plot adjust_left_width_canvas(graph_id, 'overview_'+graph_id); update_left_width_canvas(graph_id); diff --git a/pandora_console/include/graphs/functions_flot.php b/pandora_console/include/graphs/functions_flot.php index 3d90c95c18..7e403efba8 100644 --- a/pandora_console/include/graphs/functions_flot.php +++ b/pandora_console/include/graphs/functions_flot.php @@ -250,11 +250,6 @@ function flot_area_graph ( // Trick to get translated string from javascript $return .= html_print_input_hidden('unknown_text', __('Unknown'), true); -//XXXX Meter en params -/* - mirar tmb lo de force integer -*/ - $values = json_encode($array_data); $legend = json_encode($legend); $series_type = json_encode($series_type);