tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Extra ID validations on CLI and API

This commit is contained in:
Félix Suárez 2024-04-01 10:26:51 -06:00
parent 439f569a9a
commit a6fad32374
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/include/functions_api.php
View File

@ -13150,9 +13150,16 @@ function api_set_create_event($id, $trash1, $other, $returnType)
if ($other['data'][18] != '') { if ($other['data'][18] != '') {
$values['id_extra'] = $other['data'][18]; $values['id_extra'] = $other['data'][18];
$id_extra_db_len = strlen(io_safe_input(io_safe_output($values['id_extra'])));
if($id_extra_db_len > 255){
returnError('The id_extra field after insertion will exceed the allowed length (255), current length (' . $id_extra_db_len . ')' );
return;
}
$sql_validation = 'SELECT id_evento,estado,ack_utimestamp,id_usuario,event_custom_id $sql_validation = 'SELECT id_evento,estado,ack_utimestamp,id_usuario,event_custom_id
FROM tevento FROM tevento
WHERE estado IN (0,2) AND id_extra ="'.$other['data'][18].'";'; WHERE estado IN (0,2) AND id_extra ="'.$values['id_extra'].'";';
$validation = db_get_all_rows_sql($sql_validation); $validation = db_get_all_rows_sql($sql_validation);

30
pandora_server/util/pandora_manage.pl
View File

@ -1227,6 +1227,18 @@ sub param_error ($$) {
exit 1; exit 1;
} }
###############################################################################
# Print a 'length' error and exit the program.
# Param 0: field name
# Param 1: field max size
# Param 2: field current size
###############################################################################
sub length_error ($$$) {
print (STDERR "[ERROR] Error: The $_[0] after insertion will exceed the allowed length ($_[1]), current length ($_[2]).\n\n");
logger( $conf, "($progname) [ERROR] Error: The $_[0] after insertion will exceed the allowed length ($_[1]), current length ($_[2]).", 10);
exit 1;
}
############################################################################### ###############################################################################
# Print a 'does not exist' error and exit the program. # Print a 'does not exist' error and exit the program.
############################################################################### ###############################################################################
@ -1287,6 +1299,20 @@ sub param_check ($$;$) {
} }
} }
###############################################################################
# Check the length and call the error if exeeds the allowed.
# Param 0: field name
# Param 1: field content
# Param 2: field max size
###############################################################################
sub length_check ($$$) {
my $field_length = length(safe_input($_[0]));
if($field_length > $_[2]) {
length_error($_[1],$_[2],$field_length);
}
}
############################################################################## ##############################################################################
# Print a help line. # Print a help line.
############################################################################## ##############################################################################
@ -4466,6 +4492,10 @@ sub cli_create_event() {
$event_status = 0 unless defined($event_status); $event_status = 0 unless defined($event_status);
$severity = 0 unless defined($severity); $severity = 0 unless defined($severity);
if (defined($id_extra) && $id_extra ne '') {
length_check($id_extra, 'id_extra', 255);
}
my $id_user; my $id_user;
if (!defined($user_name) || $user_name eq '') { if (!defined($user_name) || $user_name eq '') {