tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#12286 fix dashboard vulnerability login admin

This commit is contained in:
Jonathan 2023-10-19 17:06:01 +02:00
parent 42aa751d29
commit 98388bb7d2
5 changed files with 19 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pandora_console/include/ajax/module.php
View File

@ -1627,7 +1627,6 @@ if (check_login()) {
// Uncompress.
try {
ob_start();
$dateNow = get_system_time();
$final = ($dateNow - $period);
$date = ($dateNow - ($time_all_box * $start));
@ -1751,31 +1750,11 @@ if (check_login()) {
'recordsFiltered' => $total_box,
]
);
$response = ob_get_clean();
// Clean output buffer.
while (ob_get_level() !== 0) {
ob_end_clean();
}
} catch (Exception $e) {
echo json_encode(
['error' => $e->getMessage()]
);
}
// If not valid it will throw an exception.
json_decode($response);
if (json_last_error() === JSON_ERROR_NONE) {
// If valid dump.
echo $response;
} else {
echo json_encode(
['error' => $response]
);
}
return;
}
if ($get_cluster_module_detail === true) {

7
pandora_console/include/lib/Dashboard/Widgets/DataMatrix.php
View File

@ -518,6 +518,10 @@ class DataMatrix extends Widget
$column_names = $info_columns['column_names'];
$columns_sort = $info_columns['columns_sort'];
// Public dashboard.
$hash = get_parameter('auth_hash', '');
$id_user = get_parameter('id_user', '');
$tableId = 'dataMatrix_'.$this->dashboardId.'_'.$this->cellId;
// Load datatables user interface.
ui_print_datatable(
@ -535,6 +539,9 @@ class DataMatrix extends Widget
'slice' => $this->values['slice'],
'formatData' => $this->values['formatData'],
'modules' => json_encode($modules),
'auth_hash' => $hash,
'auth_class' => 'PandoraFMS\Dashboard\Manager',
'id_user' => $id_user,
],
'default_pagination' => $this->values['limit'],
'no_sortable_columns' => $columns_sort,

6
pandora_console/include/lib/Dashboard/Widgets/ITSMIncidences.php
View File

@ -383,6 +383,9 @@ class ITSMIncidences extends Widget
$column_names[] = $fields[$field];
}
$hash = get_parameter('auth_hash', '');
$id_user = get_parameter('id_user', '');
$tableId = 'ITSMIncidence_'.$this->dashboardId.'_'.$this->cellId;
try {
ui_print_datatable(
@ -396,6 +399,9 @@ class ITSMIncidences extends Widget
'ajax_data' => [
'method' => 'getListTickets',
'customSearch' => $this->values['customSearch'],
'auth_hash' => $hash,
'auth_class' => 'PandoraFMS\Dashboard\Manager',
'id_user' => $id_user,
],
'order' => [
'field' => 'updateDate',

5
pandora_console/include/lib/Dashboard/Widgets/ModulesByStatus.php
View File

@ -431,6 +431,8 @@ class ModulesByStatus extends Widget
$info_columns = $this->columns();
$column_names = $info_columns['column_names'];
$columns = $info_columns['columns'];
$hash = get_parameter('auth_hash', '');
$id_user = get_parameter('id_user', '');
$tableId = 'ModuleByStatus_'.$this->dashboardId.'_'.$this->cellId;
// Load datatables user interface.
@ -449,6 +451,9 @@ class ModulesByStatus extends Widget
'status' => $this->values['status'],
'nodes' => $this->values['nodes'],
'disabled_modules' => $this->values['disabled_modules'],
'auth_hash' => $hash,
'auth_class' => 'PandoraFMS\Dashboard\Manager',
'id_user' => $id_user,
],
'default_pagination' => $this->values['limit'],
'order' => [

21
pandora_console/operation/events/events.php
View File

@ -354,8 +354,6 @@ if (is_ajax() === true) {
if ($get_events !== 0) {
try {
ob_start();
$fields = [
'te.id_evento',
'te.id_agente',
@ -1223,32 +1221,15 @@ if (is_ajax() === true) {
'recordsFiltered' => $count,
]
);
$response = ob_get_clean();
// Clean output buffer.
while (ob_get_level() !== 0) {
ob_end_clean();
}
} catch (Exception $e) {
echo json_encode(
['error' => $e->getMessage()]
);
}
// If not valid it will throw an exception.
json_decode($response);
if (json_last_error() == JSON_ERROR_NONE) {
// If valid dump.
echo $response;
} else {
echo json_encode(
['error' => $response]
);
}
}
// AJAX section ends.
exit;
return;
}
/*