tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-31 01:35:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed allowing invalid parameters in API 'set update_agent'.

Browse Source
This commit is contained in:
Junichi Satoh 2021-02-05 16:00:06 +09:00
parent fffea9fd99
commit 83ac2a134a
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pandora_console/include/functions_api.php
View File

@ -1340,6 +1340,28 @@ function api_set_update_agent($id_agent, $thrash2, $other, $thrash3)
$disabled = $other['data'][11];
$description = $other['data'][12];
// Check parameters.
if ($idGroup == 0) {
$agent_update_error = __('The agent could not be modified. For security reasons, use a group other than 0.');
returnError('generic error', $agent_update_error);
return;
}
$server_name = db_get_value_sql('SELECT name FROM tserver WHERE BINARY name LIKE "'.$nameServer.'"');
if ($alias == '' && $alias_as_name === 0) {
returnError('alias_not_specified', 'No agent alias specified');
return;
} else if (db_get_value_sql('SELECT id_grupo FROM tgrupo WHERE id_grupo = '.$idGroup) === false) {
returnError('id_grupo_not_exist', 'The group doesn`t exist.');
return;
} else if (db_get_value_sql('SELECT id_os FROM tconfig_os WHERE id_os = '.$idOS) === false) {
returnError('id_os_not_exist', 'The OS doesn`t exist.');
return;
} else if ($server_name === false) {
returnError('server_not_exist', 'The '.get_product_name().' Server doesn`t exist.');
return;
}
if ($cascadeProtection == 1) {
if (($idParent != 0) && (db_get_value_sql(
'SELECT id_agente_modulo