From 9e449fe1c32a15560eb8275cc24d5a5f0aaec9b5 Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Wed, 24 Jun 2020 13:05:40 +0200 Subject: [PATCH] id server check in api event creation #4158 --- pandora_console/include/functions_api.php | 25 ++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index d045577f4e..cadf0a545c 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -12284,12 +12284,29 @@ function api_set_create_event($id, $trash1, $other, $returnType) return; } + if (!empty($other['data'][17]) && is_metaconsole()) { + $id_server = db_get_row_filter('tmetaconsole_setup', ['id' => $other['data'][17]]); + if ($id_server === false) { + returnError('error_create_event', __('Server id does not exist in database.')); + return; + } + + $values['server_id'] = $other['data'][17]; + } else { + $values['server_id'] = 0; + } + $error_msg = ''; if ($other['data'][2] != '') { $id_agent = $other['data'][2]; if (is_metaconsole()) { // On metaconsole, connect with the node to check the permissions - $agent_cache = db_get_row('tmetaconsole_agent', 'id_tagente', $id_agent); + if (empty($values['server_id'])) { + $agent_cache = db_get_row('tmetaconsole_agent', 'id_tagente', $id_agent); + } else { + $agent_cache = db_get_row_filter('tmetaconsole_agent', ['id_tagente' => $id_agent, 'id_tmetaconsole_setup' => $values['server_id']]); + } + if ($agent_cache === false) { returnError('id_not_found', 'string'); return; @@ -12418,12 +12435,6 @@ function api_set_create_event($id, $trash1, $other, $returnType) $values['custom_data'] = ''; } - if ($other['data'][17] != '') { - $values['server_id'] = $other['data'][17]; - } else { - $values['server_id'] = 0; - } - if ($other['data'][18] != '') { $values['id_extra'] = $other['data'][18]; $sql_validation = 'SELECT id_evento FROM tevento where estado IN (0,2) and id_extra ="'.$other['data'][18].'";';