tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Console] Fixed a vulnerability into the 'fgraph.php' script

This commit is contained in:
Alejandro Gallardo Escobar 2017-10-30 18:03:09 +01:00
parent 64ec82f9d6
commit 849eba10d4
3 changed files with 30 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pandora_console/godmode/reporting/visual_console_builder.editor.js
View File

@ -32,8 +32,6 @@ var SIZE_GRID = 16; //Const the size (for width and height) of grid.
var img_handler_start;
var img_handler_end;
var font;
function toggle_advance_options_palette(close) {
if ($("#advance_options").css('display') == 'none') {
$("#advance_options").css('display', '');
@ -58,23 +56,6 @@ function visual_map_main() {
img_handler_end = data;
});
//Get the actual system font.
parameter = Array();
parameter.push ({name: "page", value: "include/ajax/visual_console_builder.ajax"});
parameter.push ({name: "action", value: "get_font"});
parameter.push ({name: "id_visual_console",
value: id_visual_console});
jQuery.ajax({
url: get_url_ajax(),
data: parameter,
type: "POST",
dataType: 'json',
success: function (data)
{
font = data['font'];
}
});
//Get the list of posible parents
parents = Base64.decode($("input[name='parents_load']").val());
parents = eval("(" + parents + ")");
@ -1912,9 +1893,9 @@ function setPercentileBar(id_data, values) {
value_text = module_value + " " + unit_text;
}
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?homeurl=../../&graph_type=progressbar&height=15&' +
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?graph_type=progressbar&height=15&' +
'width=' + width_percentile + '&mode=1&progress=' + percentile +
'&font=' + font + '&value_text=' + value_text + '&colorRGB=' + colorRGB;
'&value_text=' + value_text + '&colorRGB=' + colorRGB;
$("#"+ id_data).attr('src', img);
@ -2035,9 +2016,9 @@ function setPercentileBubble(id_data, values) {
value_text = module_value + " " + unit_text;
}
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?homeurl=../../&graph_type=progressbubble&height=' + width_percentile + '&' +
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?graph_type=progressbubble&height=' + width_percentile + '&' +
'width=' + width_percentile + '&mode=1&progress=' + percentile +
'&font=' + font + '&value_text=' + value_text + '&colorRGB=' + colorRGB;
'&value_text=' + value_text + '&colorRGB=' + colorRGB;
$("#image_" + id_data).attr('src', img);

10
pandora_console/include/functions_graph.php
View File

@ -2457,10 +2457,10 @@ function progress_bar($progress, $width, $height, $title = '', $mode = 1, $value
require_once("include_graph_dependencies.php");
include_graphs_dependencies($config['homedir'].'/');
$src = ui_get_full_url(
"/include/graphs/fgraph.php?homeurl=../../&graph_type=progressbar" .
"&width=".$width."&homedir=".$config['homedir']."&height=".$height."&progress=".$progress.
"/include/graphs/fgraph.php?graph_type=progressbar" .
"&width=".$width."&height=".$height."&progress=".$progress.
"&mode=" . $mode . "&out_of_lim_str=".$out_of_lim_str .
"&title=".$title."&font=".$config['fontpath']."&value_text=". $value_text .
"&title=".$title."&value_text=". $value_text .
"&colorRGB=". $colorRGB, false, false, false
);
@ -2492,10 +2492,10 @@ function progress_bubble($progress, $width, $height, $title = '', $mode = 1, $va
include_graphs_dependencies($config['homedir'].'/');
return "<img title='" . $title . "' alt='" . $title . "'" .
" src='" . $config['homeurl'] . $hack_metaconsole . "/include/graphs/fgraph.php?homeurl=../../&graph_type=progressbubble" .
" src='" . $config['homeurl'] . $hack_metaconsole . "/include/graphs/fgraph.php?graph_type=progressbubble" .
"&width=".$width."&height=".$height."&progress=".$progress.
"&mode=" . $mode . "&out_of_lim_str=".$out_of_lim_str .
"&title=".$title."&font=".$config['fontpath']."&value_text=". $value_text .
"&title=".$title."&value_text=". $value_text .
"&colorRGB=". $colorRGB . "' />";
}

58
pandora_console/include/graphs/fgraph.php
View File

@ -10,48 +10,29 @@
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
$ttl = 1;
$homeurl = '';
if (isset($_GET['homeurl'])) {
$homeurl = $_GET['homeurl'];
}
else $homeurl = '';
$homeurl = ((bool)filter_var($homeurl, FILTER_VALIDATE_URL) == 1) ? '' : $homeurl;
if (isset($_GET['ttl'])) {
$ttl = $_GET['ttl'];
}
else $ttl_param = 1;
if (isset($_GET['graph_type'])) {
$graph_type = $_GET['graph_type'];
}
else $graph_type = '';
//$graph_type = get_parameter('graph_type', '');
//$ttl_param = get_parameter('ttl', 1);
//$homeurl_param = get_parameter('homeurl', '');
// Turn on output buffering.
// The entire buffer will be discarded later so that any accidental output
// does not corrupt images generated by fgraph.
ob_start();
if (!empty($graph_type)) {
$homedir = $_GET['homedir'];
if ($homedir != null) {
$config['homedir'] = $homedir;
global $config;
if (empty($config['homedir'])) {
require_once ('../../include/config.php');
global $config;
}
include_once($homeurl . 'include/functions.php');
include_once($homeurl . 'include/functions_html.php');
include_once($config['homedir'] . '/include/functions.php');
include_once($homeurl . 'include/graphs/functions_gd.php');
include_once($homeurl . 'include/graphs/functions_utils.php');
include_once($homeurl . 'include/graphs/functions_d3.php');
include_once($homeurl . 'include/graphs/functions_flot.php');
$ttl = get_parameter('ttl', 1);
$graph_type = get_parameter('graph_type', '');
if (!empty($graph_type)) {
include_once($config['homedir'] . '/include/functions_html.php');
include_once($config['homedir'] . '/include/graphs/functions_gd.php');
include_once($config['homedir'] . '/include/graphs/functions_utils.php');
include_once($config['homedir'] . '/include/graphs/functions_d3.php');
include_once($config['homedir'] . '/include/graphs/functions_flot.php');
}
// Clean the output buffer and turn off output buffering
@ -61,13 +42,12 @@ switch($graph_type) {
case 'histogram':
$width = get_parameter('width');
$height = get_parameter('height');
$font = get_parameter('font');
$data = json_decode(io_safe_output(get_parameter('data')), true);
$max = get_parameter('max');
$title = get_parameter('title');
$mode = get_parameter ('mode', 1);
gd_histogram ($width, $height, $mode, $data, $max, $font, $title);
gd_histogram ($width, $height, $mode, $data, $max, $config['fontpath'], $title);
break;
case 'progressbar':
$width = get_parameter('width');
@ -77,7 +57,6 @@ switch($graph_type) {
$out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false));
$out_of_lim_image = get_parameter('out_of_lim_image', false);
$font = get_parameter('font');
$title = get_parameter('title');
$mode = get_parameter('mode', 1);
@ -87,7 +66,7 @@ switch($graph_type) {
$value_text = get_parameter('value_text', '');
$colorRGB = get_parameter('colorRGB', '');
gd_progress_bar ($width, $height, $progress, $title, $font,
gd_progress_bar ($width, $height, $progress, $title, $config['fontpath'],
$out_of_lim_str, $out_of_lim_image, $mode, $fontsize,
$value_text, $colorRGB);
break;
@ -99,7 +78,6 @@ switch($graph_type) {
$out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false));
$out_of_lim_image = get_parameter('out_of_lim_image', false);
$font = get_parameter('font');
$title = get_parameter('title');
$mode = get_parameter('mode', 1);
@ -109,7 +87,7 @@ switch($graph_type) {
$value_text = get_parameter('value_text', '');
$colorRGB = get_parameter('colorRGB', '');
gd_progress_bubble ($width, $height, $progress, $title, $font,
gd_progress_bubble ($width, $height, $progress, $title, $config['fontpath'],
$out_of_lim_str, $out_of_lim_image, $mode, $fontsize,
$value_text, $colorRGB);
break;