From d6ac646046329e40edc7145ce0bf7de2d36df96b Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Tue, 21 Apr 2020 17:57:36 +0200 Subject: [PATCH 01/61] fixed bug: update owner_user when validating an event --- pandora_console/include/functions_events.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index 7fad691c74..3e71596c36 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -612,12 +612,14 @@ function events_update_status($id_evento, $status, $filter=null, $history=false) 'UPDATE %s SET estado = %d, ack_utimestamp = %d, - id_usuario = "%s" + id_usuario = "%s", + owner_user = "%s" WHERE id_evento IN (%s)', $table, $status, time(), $config['id_user'], + $config['id_user'], join(',', $target_ids) ); } From 086bc289868502f46ee8c8a779c35b802fc63c6b Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Mon, 27 Apr 2020 17:27:54 +0200 Subject: [PATCH 02/61] Changed target ip selector in WMI server policy modules --- .../agentes/module_manager_editor_wmi.php | 60 ++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/pandora_console/godmode/agentes/module_manager_editor_wmi.php b/pandora_console/godmode/agentes/module_manager_editor_wmi.php index 09501c358b..9a85c3c19d 100644 --- a/pandora_console/godmode/agentes/module_manager_editor_wmi.php +++ b/pandora_console/godmode/agentes/module_manager_editor_wmi.php @@ -43,7 +43,47 @@ if (empty($update_module_id)) { $data = []; $data[0] = __('Target IP').' '.ui_print_help_icon('wmi_module_tab', true); -$data[1] = html_print_input_text('ip_target', $ip_target, '', 15, 60, true); + +if ($page == 'enterprise/godmode/policies/policy_modules') { + if ($ip_target != 'auto' && $ip_target != '') { + $custom_ip_target = $ip_target; + $ip_target = 'custom'; + } else if ($ip_target == '') { + $ip_target = 'force_pri'; + $custom_ip_target = ''; + } else { + $custom_ip_target = ''; + } + + $target_ip_values = []; + $target_ip_values['auto'] = __('Auto'); + $target_ip_values['force_pri'] = __('Force primary key'); + $target_ip_values['custom'] = __('Custom'); + + $data[1] = html_print_select( + $target_ip_values, + 'ip_target', + $ip_target, + '', + '', + '', + true, + false, + false, + '', + false, + 'width:200px;' + ); + + $data[1] .= html_print_input_text('custom_ip_target', $custom_ip_target, '', 15, 60, true); +} else { + if ($ip_target == 'auto') { + $ip_target = agents_get_address($id_agente); + } + + $data[1] = html_print_input_text('ip_target', $ip_target, '', 15, 60, true); +} + $data[2] = __('Namespace').ui_print_help_tip(__('Optional. WMI namespace. If unsure leave blank.'), true); $data[3] = html_print_input_text( 'tcp_send', @@ -136,3 +176,21 @@ $data[3] = html_print_input_text( ); push_table_simple($data, 'key_field'); +?> + From 4f52a693ac993c0fea9cb9398bde7a639f069daf Mon Sep 17 00:00:00 2001 From: Luis Calvo Date: Wed, 13 May 2020 14:37:20 +0200 Subject: [PATCH 03/61] CSV flot export fixes --- .../flot/jquery.flot.exportdata.pandora.js | 623 +++++++++--------- 1 file changed, 316 insertions(+), 307 deletions(-) diff --git a/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js b/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js index 0b745d8ff5..6466a72835 100644 --- a/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js +++ b/pandora_console/include/graphs/flot/jquery.flot.exportdata.pandora.js @@ -1,227 +1,19 @@ (function ($) { var options = { - export: { - export_data: false, // or true - labels_long: null, - homeurl: '' - } - }; - + export: { + export_data: false, // or true + labels_long: null, + homeurl: "", + }, + }; + function init(plot) { plot.exportDataCSV = function (args) { //amount = plot.getOptions().export.type, //options = options || {}; // Options - var type = 'csv'; - type = type.toLowerCase().trim(); - - var graphData, - dataObject, - dataObjects = plot.getData(), - result = []; - - // Throw errors - var retrieveDataOject = function (dataObjects, custom) { - var result; - if (typeof dataObjects === 'undefined') - throw new Error('Empty parameter'); - - // Try to retrieve the avg set (not 100% reliable, I know) - if (dataObjects.length == 1) { - result = dataObjects.shift(); - } - if (dataObjects.length > 1) { - dataObjects.forEach(function (element) { - if(custom){ - if (/^Avg.:/i.test(element.label)){ - result = element; - } - } else { - result = element; - } - }); - - // If the avg set is missing, retrieve the first set - if (typeof result === 'undefined') - result = dataObjects.shift(); - } - - if (typeof result === 'undefined') - throw new Error('Empty result'); - - return result; - } - - // Throw errors - var processDataObject = function (dataObject) { - var result; - - if (typeof dataObject === 'undefined') - throw new Error('Empty parameter'); - - if (typeof dataObject.data === 'undefined' - || !(dataObject.data instanceof Array)) - throw new Error('Object malformed'); - - /* { - * head: [,,...,], - * data: [ - * [,,...,], - * [,,...,], - * ..., - * [,,...,], - * ] - * } - */ - if (type === 'csv') { - result = { - head: ['timestap', 'date', 'value', 'label'], - data: [] - }; - - dataObject.data.forEach(function (item, index) { - var timestap = item[0]; - - var d = new Date(item[0]); - var monthNames = [ - "Jan", "Feb", "Mar", - "Apr", "May", "Jun", - "Jul", "Aug", "Sep", - "Oct", "Nov", "Dec" - ]; - - date_format = (d.getDate() <10?'0':'') + d.getDate() + " " + - monthNames[d.getMonth()] + " " + - d.getFullYear() + " " + - (d.getHours()<10?'0':'') + d.getHours() + ":" + - (d.getMinutes()<10?'0':'') + d.getMinutes() + ":" + - (d.getSeconds()<10?'0':'') + d.getSeconds(); - - var date = date_format; - - var value = item[1]; - - var clean_label = plot.getOptions().export.labels_long[dataObject.label]; - clean_label = clean_label.replace( new RegExp(" ", "g"), " "); - result.data.push([timestap, date, value, clean_label]); - }); - } - /* [ - * { - * 'date': , - * 'value': - * } - * ], - * [ - * { - * 'date': , - * 'value': - * } - * ], - * ..., - * [ - * { - * 'date': , - * 'value': - * } - * ] - */ - else if (type === 'json') { - result = []; - - dataObject.data.forEach(function (item, index) { - var date = '', value = item[1]; - - // Long labels are preferred - if (typeof labels_long[index] !== 'undefined') - date = labels_long[index]; - else if (typeof labels[index] !== 'undefined') - date = labels[index]; - - result.push({ - 'date': date, - 'value': value, - 'label': dataObject.label - }); - }); - } - - if (typeof result === 'undefined') - throw new Error('Empty result'); - - return result; - } - - try { - var elements = []; - var custom_graph = $('#hidden-custom_graph').val(); - - if (custom_graph) { - dataObject = retrieveDataOject(dataObjects,0); - dataObjects.forEach(function (element) { - elements.push(processDataObject(element)); - }); - graphData = elements; - } - else { - dataObject = retrieveDataOject(dataObjects,1); - elements.push(processDataObject(dataObject)); - graphData = elements; - } - - // Transform the object data into a string - // cause PHP has limitations in the number - // of POST params received. - var graphDataStr = JSON.stringify(graphData); - - // Build form - var $form = $('
'), - $dataInput = $(''), - $typeInput = $(''), - $separatorInput = $(''), - $excelInput = $(''); - - $dataInput - .prop('name', 'data') - .prop('type', 'text') - .prop('value', graphDataStr); - - $typeInput - .prop('name', 'type') - .prop('type', 'text') - .prop('value', type); - - $separatorInput - .prop('name', 'separator') - .prop('type', 'text') - .prop('value', ';'); - - $excelInput - .prop('name', 'excel_encoding') - .prop('type', 'text') - .prop('value', 0); - - $form - .prop('method', 'POST') - .prop('action', plot.getOptions().export.homeurl + 'include/graphs/export_data.php') - .append($dataInput, $typeInput, $separatorInput, $excelInput) - .hide() - // Firefox made me write into the DOM for this :( - .appendTo('body') - .submit(); - } - catch (e) { - alert('There was an error exporting the data'); - } - } - - plot.exportDataJSON = function (args) { - //amount = plot.getOptions().export.type, - //options = options || {}; - - // Options - var type = 'json'; + var type = "csv"; type = type.toLowerCase().trim(); var graphData, @@ -233,8 +25,8 @@ var retrieveDataOject = function (dataObjects) { var result; - if (typeof dataObjects === 'undefined') - throw new Error('Empty parameter'); + if (typeof dataObjects === "undefined") + throw new Error("Empty parameter"); // Try to retrieve the avg set (not 100% reliable, I know) if (dataObjects.length == 1) { @@ -242,31 +34,30 @@ } if (dataObjects.length > 1) { dataObjects.forEach(function (element) { - if (/^Avg.:/i.test(element.label)) - result = element; + if (/^Avg.:/i.test(element.label)) result = element; }); // If the avg set is missing, retrieve the first set - if (typeof result === 'undefined') - result = dataObjects.shift(); + if (typeof result === "undefined") result = dataObjects.shift(); } - if (typeof result === 'undefined') - throw new Error('Empty result'); + if (typeof result === "undefined") throw new Error("Empty result"); return result; - } + }; // Throw errors var processDataObject = function (dataObject) { var result; - if (typeof dataObject === 'undefined') - throw new Error('Empty parameter'); + if (typeof dataObject === "undefined") + throw new Error("Empty parameter"); - if (typeof dataObject.data === 'undefined' - || !(dataObject.data instanceof Array)) - throw new Error('Object malformed'); + if ( + typeof dataObject.data === "undefined" || + !(dataObject.data instanceof Array) + ) + throw new Error("Object malformed"); /* { * head: [,,...,], @@ -278,74 +69,291 @@ * ] * } */ - if (type === 'csv') { - + if (type === "csv") { result = { - head: ['date', 'value','label'], - data: [] + head: ["timestap", "date", "value", "label"], + data: [], }; dataObject.data.forEach(function (item, index) { - var date = '', value = item[1]; + var timestap = item[0]; - // Long labels are preferred - if (typeof plot.getOptions().export.labels_long[index] !== 'undefined') - date = plot.getOptions().export.labels_long[index]; - else if (typeof labels[index] !== 'undefined') - date = labels[index]; + var d = new Date(item[0]); + var monthNames = [ + "Jan", + "Feb", + "Mar", + "Apr", + "May", + "Jun", + "Jul", + "Aug", + "Sep", + "Oct", + "Nov", + "Dec", + ]; - result.data.push([date, value,dataObject.label]); + date_format = + (d.getDate() < 10 ? "0" : "") + + d.getDate() + + " " + + monthNames[d.getMonth()] + + " " + + d.getFullYear() + + " " + + (d.getHours() < 10 ? "0" : "") + + d.getHours() + + ":" + + (d.getMinutes() < 10 ? "0" : "") + + d.getMinutes() + + ":" + + (d.getSeconds() < 10 ? "0" : "") + + d.getSeconds(); + + var date = date_format; + + var value = item[1]; + + var clean_label = plot.getOptions().export.labels_long[ + dataObject.label + ]; + clean_label = clean_label.replace(new RegExp(" ", "g"), " "); + result.data.push([timestap, date, value, clean_label]); }); - } - /* [ - * { - * 'date': , - * 'value': - * } - * ], - * [ - * { - * 'date': , - * 'value': - * } - * ], - * ..., - * [ - * { - * 'date': , - * 'value': - * } - * ] - */ - else if (type === 'json') { + } else if (type === "json") { + /* [ + * { + * 'date': , + * 'value': + * } + * ], + * [ + * { + * 'date': , + * 'value': + * } + * ], + * ..., + * [ + * { + * 'date': , + * 'value': + * } + * ] + */ result = []; dataObject.data.forEach(function (item, index) { - var date = '', value = item[1]; + var date = "", + value = item[1]; // Long labels are preferred - if (typeof labels_long[index] !== 'undefined') + if (typeof labels_long[index] !== "undefined") date = labels_long[index]; - else if (typeof labels[index] !== 'undefined') - date = labels[index]; + else if (typeof labels[index] !== "undefined") date = labels[index]; result.push({ - 'date': date, - 'value': value, - 'label': dataObject.label + date: date, + value: value, + label: dataObject.label, }); }); } - if (typeof result === 'undefined') - throw new Error('Empty result'); + if (typeof result === "undefined") throw new Error("Empty result"); return result; - } + }; try { var elements = []; - var custom_graph = $('input:hidden[name=custom_graph]').value; + dataObject = retrieveDataOject(dataObjects); + if (dataObject) { + elements.push(processDataObject(dataObject)); + } + dataObjects.forEach(function (element) { + elements.push(processDataObject(element)); + }); + graphData = elements; + + + // Transform the object data into a string + // cause PHP has limitations in the number + // of POST params received. + var graphDataStr = JSON.stringify(graphData); + + // Build form + var $form = $("
"), + $dataInput = $(""), + $typeInput = $(""), + $separatorInput = $(""), + $excelInput = $(""); + + $dataInput + .prop("name", "data") + .prop("type", "text") + .prop("value", graphDataStr); + + $typeInput + .prop("name", "type") + .prop("type", "text") + .prop("value", type); + + $separatorInput + .prop("name", "separator") + .prop("type", "text") + .prop("value", ";"); + + $excelInput + .prop("name", "excel_encoding") + .prop("type", "text") + .prop("value", 0); + + $form + .prop("method", "POST") + .prop( + "action", + plot.getOptions().export.homeurl + "include/graphs/export_data.php" + ) + .append($dataInput, $typeInput, $separatorInput, $excelInput) + .hide() + // Firefox made me write into the DOM for this :( + .appendTo("body") + .submit(); + } catch (e) { + alert("There was an error exporting the data"); + } + }; + + plot.exportDataJSON = function (args) { + //amount = plot.getOptions().export.type, + //options = options || {}; + + // Options + var type = "json"; + type = type.toLowerCase().trim(); + + var graphData, + dataObject, + dataObjects = plot.getData(), + result = []; + + // Throw errors + var retrieveDataOject = function (dataObjects) { + var result; + + if (typeof dataObjects === "undefined") + throw new Error("Empty parameter"); + + // Try to retrieve the avg set (not 100% reliable, I know) + if (dataObjects.length == 1) { + result = dataObjects.shift(); + } + if (dataObjects.length > 1) { + dataObjects.forEach(function (element) { + if (/^Avg.:/i.test(element.label)) result = element; + }); + + // If the avg set is missing, retrieve the first set + if (typeof result === "undefined") result = dataObjects.shift(); + } + + if (typeof result === "undefined") throw new Error("Empty result"); + + return result; + }; + + // Throw errors + var processDataObject = function (dataObject) { + var result; + + if (typeof dataObject === "undefined") + throw new Error("Empty parameter"); + + if ( + typeof dataObject.data === "undefined" || + !(dataObject.data instanceof Array) + ) + throw new Error("Object malformed"); + + /* { + * head: [,,...,], + * data: [ + * [,,...,], + * [,,...,], + * ..., + * [,,...,], + * ] + * } + */ + if (type === "csv") { + result = { + head: ["date", "value", "label"], + data: [], + }; + + dataObject.data.forEach(function (item, index) { + var date = "", + value = item[1]; + + // Long labels are preferred + if ( + typeof plot.getOptions().export.labels_long[index] !== "undefined" + ) + date = plot.getOptions().export.labels_long[index]; + else if (typeof labels[index] !== "undefined") date = labels[index]; + + result.data.push([date, value, dataObject.label]); + }); + } else if (type === "json") { + /* [ + * { + * 'date': , + * 'value': + * } + * ], + * [ + * { + * 'date': , + * 'value': + * } + * ], + * ..., + * [ + * { + * 'date': , + * 'value': + * } + * ] + */ + result = []; + + dataObject.data.forEach(function (item, index) { + var date = "", + value = item[1]; + + // Long labels are preferred + if (typeof labels_long[index] !== "undefined") + date = labels_long[index]; + else if (typeof labels[index] !== "undefined") date = labels[index]; + + result.push({ + date: date, + value: value, + label: dataObject.label, + }); + }); + } + + if (typeof result === "undefined") throw new Error("Empty result"); + + return result; + }; + + try { + var elements = []; + var custom_graph = $("input:hidden[name=custom_graph]").value; if (custom_graph) { dataObject = retrieveDataOject(dataObjects); @@ -353,8 +361,7 @@ elements.push(processDataObject(element)); }); graphData = elements; - } - else { + } else { dataObject = retrieveDataOject(dataObjects); elements.push(processDataObject(dataObject)); graphData = elements; @@ -366,51 +373,53 @@ var graphDataStr = JSON.stringify(graphData); // Build form - var $form = $('
'), - $dataInput = $(''), - $typeInput = $(''), - $separatorInput = $(''), - $excelInput = $(''); + var $form = $("
"), + $dataInput = $(""), + $typeInput = $(""), + $separatorInput = $(""), + $excelInput = $(""); $dataInput - .prop('name', 'data') - .prop('type', 'text') - .prop('value', graphDataStr); + .prop("name", "data") + .prop("type", "text") + .prop("value", graphDataStr); $typeInput - .prop('name', 'type') - .prop('type', 'text') - .prop('value', type); + .prop("name", "type") + .prop("type", "text") + .prop("value", type); $separatorInput - .prop('name', 'separator') - .prop('type', 'text') - .prop('value', ';'); + .prop("name", "separator") + .prop("type", "text") + .prop("value", ";"); $excelInput - .prop('name', 'excel_encoding') - .prop('type', 'text') - .prop('value', 0); + .prop("name", "excel_encoding") + .prop("type", "text") + .prop("value", 0); $form - .prop('method', 'POST') - .prop('action', plot.getOptions().export.homeurl + 'include/graphs/export_data.php') + .prop("method", "POST") + .prop( + "action", + plot.getOptions().export.homeurl + "include/graphs/export_data.php" + ) .append($dataInput, $typeInput, $separatorInput, $excelInput) .hide() // Firefox made me write into the DOM for this :( - .appendTo('body') + .appendTo("body") .submit(); + } catch (e) { + alert("There was an error exporting the data"); } - catch (e) { - alert('There was an error exporting the data'); - } - } + }; } - $.plot.plugins.push({ - init: init, - options: options, - name: 'exportdata', - version: '0.1' - }); -})(jQuery); \ No newline at end of file + $.plot.plugins.push({ + init: init, + options: options, + name: "exportdata", + version: "0.1", + }); +})(jQuery); From 347f6b1bf3b3de73ad5738b923223f8bc8216fb3 Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 18 May 2020 10:15:20 +0200 Subject: [PATCH 04/61] add return error if group = 0 on new agent api --- pandora_console/include/functions_api.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 76e10533aa..9d8cae52b2 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -1506,6 +1506,12 @@ function api_set_new_agent($thrash1, $thrash2, $other, $thrash3) return; } + if ((int) $other['data'][3] == 0) { + $agent_creation_error = __('The agent could not be created, for security reasons use a group another than 0'); + returnError('generic error', $agent_creation_error); + return; + } + $alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $other['data'][0]))); $direccion_agente = io_safe_input($other['data'][1]); $nombre_agente = hash('sha256', $direccion_agente.'|'.$direccion_agente.'|'.time().'|'.sprintf('%04d', rand(0, 10000))); From 7a35e8550c89554d513a15b0c5e3ff7e34200b48 Mon Sep 17 00:00:00 2001 From: Luis Calvo Date: Tue, 19 May 2020 18:53:09 +0200 Subject: [PATCH 05/61] Fixed collections symlinks --- .../include/functions_filemanager.php | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php index a3cf4ac0a5..cf587f8081 100644 --- a/pandora_console/include/functions_filemanager.php +++ b/pandora_console/include/functions_filemanager.php @@ -369,11 +369,21 @@ if ($delete_file) { $config['filemanager']['message'] = ui_print_success_message(__('Deleted'), '', true); if (is_dir($filename)) { - rmdir($filename); - $config['filemanager']['delete'] = 1; + if (rmdir($filename)) { + $config['filemanager']['delete'] = 1; + } else { + $config['filemanager']['delete'] = 0; + } } else { - unlink($filename); - $config['filemanager']['delete'] = 1; + if (unlink($filename)) { + $config['filemanager']['delete'] = 1; + } else { + $config['filemanager']['delete'] = 0; + } + } + + if ($config['filemanager']['delete'] == 0) { + $config['filemanager']['message'] = ui_print_error_message(__('Deleted'), '', true); } } } @@ -743,7 +753,7 @@ function filemanager_file_explorer( if (($editor) && (!$readOnly)) { if (($typefile != 'bin') && ($typefile != 'pdf') && ($typefile != 'png') && ($typefile != 'jpg') - && ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') + && ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') && ($fileinfo['mime'] != MIME_DIR) ) { $hash = md5($fileinfo['realpath'].$config['dbpass']); $data[4] .= "".html_print_image('images/edit.png', true, ['style' => 'margin-top: 2px;', 'title' => __('Edit file')]).''; From 3857d04df16a72e2144cc5a8bf2835faaa52654c Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Wed, 20 May 2020 10:54:07 +0200 Subject: [PATCH 06/61] Fixed input type number size in Firefox --- pandora_console/include/functions_html.php | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index adf978d13f..477e23eb1e 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -1758,13 +1758,6 @@ function html_print_input_number(array $settings):string $settings['maxlength'] = 255; } - // Check Size. - if (isset($settings['size']) === false - || $settings['size'] === 0 - ) { - $settings['size'] = 255; - } - foreach ($settings as $attribute => $attr_value) { // Check valid attribute. if (in_array($attribute, $valid_attrs) === false) { From 78e5438e54dd9d530ad17f3c3dde1650e0003257 Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Wed, 20 May 2020 12:30:19 +0200 Subject: [PATCH 07/61] Fixed error time refresh initial page CV --- pandora_console/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/index.php b/pandora_console/index.php index 4d643de5ae..22948247da 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -1160,7 +1160,7 @@ if ($searchPage) { if (($home_url == '') || ($id_visualc == false)) { $str = 'sec=network&sec2=operation/visual_console/index&refr=60'; } else { - $str = 'sec=network&sec2=operation/visual_console/render_view&id='.$id_visualc.'&refr=60'; + $str = 'sec=network&sec2=operation/visual_console/render_view&id='.$id_visualc; } parse_str($str, $res); From db630a75dbd70ef8b28e9cbd9bce519b7532dd2b Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Wed, 20 May 2020 16:39:19 +0200 Subject: [PATCH 08/61] Fixed SLA error counter check --- .../include/functions_reporting.php | 40 ++++++++++++++++--- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/pandora_console/include/functions_reporting.php b/pandora_console/include/functions_reporting.php index 98eb1b5025..be2203489d 100755 --- a/pandora_console/include/functions_reporting.php +++ b/pandora_console/include/functions_reporting.php @@ -6147,7 +6147,13 @@ function reporting_advanced_sla( $time_total += $time_interval; if ($time_interval > 0) { - $total_checks++; + if (isset($current_data['type']) === false + || ((int) $current_data['type'] === 0 + && $i !== 0) + ) { + $total_checks++; + } + if ((isset($current_data['datos'])) && ($current_data['datos'] !== false) ) { @@ -6159,7 +6165,7 @@ function reporting_advanced_sla( $match = preg_match('/'.$max_value.'/', $current_data['datos']); } - // Take notice of $inverse_interval value, + // Take notice of $inverse_interval value. if ($inverse_interval == 0) { $sla_check_value = $match; } else { @@ -6176,19 +6182,41 @@ function reporting_advanced_sla( // Not unknown nor not init values. if ($sla_check_value) { - $ok_checks++; + if (isset($current_data['type']) === false + || ((int) $current_data['type'] === 0 + && $i !== 0) + ) { + $ok_checks++; + } + $time_in_ok += $time_interval; } else { - $bad_checks++; + if (isset($current_data['type']) === false + || ((int) $current_data['type'] === 0 + && $i !== 0) + ) { + $bad_checks++; + } + $time_in_error += $time_interval; } } else { if ($current_data['datos'] === null) { $time_in_unknown += $time_interval; - $unknown_checks++; + if (isset($current_data['type']) === false + || ((int) $current_data['type'] === 0 + && $i !== 0) + ) { + $unknown_checks++; + } } else if ($current_data['datos'] === false) { $time_in_not_init += $time_interval; - $not_init_checks++; + if (isset($current_data['type']) === false + || ((int) $current_data['type'] === 0 + && $i !== 0) + ) { + $not_init_checks++; + } } } } From a73ec18867e595751f0565585598ff2a4ddf9fb5 Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Thu, 21 May 2020 09:13:39 +0200 Subject: [PATCH 09/61] Fixed errors filter search with pagination --- pandora_console/godmode/reporting/reporting_builder.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index 60464ee953..cfd1a14b9a 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -767,9 +767,14 @@ switch ($action) { ) ); - if (count($reports)) { + $filters = [ + 'search' => $search, + 'id_group' => $id_group, + ]; + $filtersStr = http_build_query($filters, '', '&'); $url = 'index.php?sec=reporting&sec2=godmode/reporting/reporting_builder'; + $url .= '&'.$filtersStr; ui_pagination($total_reports, $url, $offset, $pagination); $table = new stdClass(); From ab8916a0daf5147638d01d35745ef444f862424a Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Fri, 22 May 2020 09:39:10 +0200 Subject: [PATCH 10/61] Fixed error functions date default type --- pandora_console/include/functions.php | 28 ++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index eaea211d2a..284b8c83b7 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -477,7 +477,8 @@ function set_user_language() /** - * INTERNAL (use ui_print_timestamp for output): Transform an amount of time in seconds into a human readable + * INTERNAL (use ui_print_timestamp for output): + * Transform an amount of time in seconds into a human readable * strings of minutes, hours or days. * * @param integer $seconds Seconds elapsed time @@ -488,17 +489,11 @@ function set_user_language() */ function human_time_description_raw($seconds, $exactly=false, $units='large') { - switch ($units) { - case 'large': - $secondsString = __('seconds'); - $daysString = __('days'); - $monthsString = __('months'); - $yearsString = __('years'); - $minutesString = __('minutes'); - $hoursString = __('hours'); - $nowString = __('Now'); - break; + if (isset($units) === false || empty($units) === true) { + $units = 'large'; + } + switch ($units) { case 'tiny': $secondsString = __('s'); $daysString = __('d'); @@ -508,6 +503,17 @@ function human_time_description_raw($seconds, $exactly=false, $units='large') $hoursString = __('h'); $nowString = __('N'); break; + + default: + case 'large': + $secondsString = __('seconds'); + $daysString = __('days'); + $monthsString = __('months'); + $yearsString = __('years'); + $minutesString = __('minutes'); + $hoursString = __('hours'); + $nowString = __('Now'); + break; } if (empty($seconds)) { From 1d167d4aba0aff44b66bbfb65325544568c73540 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Mon, 25 May 2020 11:12:29 +0200 Subject: [PATCH 11/61] fixed agent id strange behavior in events table --- pandora_console/operation/events/events.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php index 1c91ebaf54..ba029bfb17 100644 --- a/pandora_console/operation/events/events.php +++ b/pandora_console/operation/events/events.php @@ -1962,17 +1962,7 @@ function process_datatables_item(item) { /* Agent ID link */ if (item.id_agente > 0) { - - item.id_agente = '' + item.id_agente + ''; - - item.id_agente = '' + item.agent_name + ''; - + item.id_agente = '' + item.id_agente + ''; } else { item.id_agente = ''; } From 4d7341917c46a16917fe747663ebf280da1a350f Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Mon, 25 May 2020 13:10:46 +0200 Subject: [PATCH 12/61] Added cases when critical, warning or normal alert has been fired --- pandora_console/include/functions_api.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 76e10533aa..6ee93eb409 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -2048,31 +2048,31 @@ function api_get_all_agents($thrash1, $thrash2, $other, $returnType) // Filter by status switch ($other['data'][2]) { case 'warning': - if ($status == 2) { + if ($status == AGENT_MODULE_STATUS_WARNING || $status == AGENT_MODULE_STATUS_WARNING_ALERT) { $result_agents[] = $agent; } break; case 'critical': - if ($status == 1) { + if ($status == AGENT_MODULE_STATUS_CRITICAL_BAD || $status == AGENT_MODULE_STATUS_CRITICAL_ALERT) { $result_agents[] = $agent; } break; case 'unknown': - if ($status == 3) { + if ($status == AGENT_MODULE_STATUS_UNKNOWN) { $result_agents[] = $agent; } break; case 'normal': - if ($status == 0) { + if ($status == AGENT_MODULE_STATUS_NORMAL || $status == AGENT_MODULE_STATUS_NORMAL_ALERT) { $result_agents[] = $agent; } break; case 'alert_fired': - if ($status == 4) { + if ($status == AGENT_STATUS_ALERT_FIRED) { $result_agents[] = $agent; } break; From 37058537aa9638f7835362730f3d92f38db26140 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Mon, 25 May 2020 17:06:23 +0200 Subject: [PATCH 13/61] Fix #5779 --- pandora_console/godmode/massive/massive_operations.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/godmode/massive/massive_operations.php b/pandora_console/godmode/massive/massive_operations.php index 0fb08d0034..d7aec41af8 100755 --- a/pandora_console/godmode/massive/massive_operations.php +++ b/pandora_console/godmode/massive/massive_operations.php @@ -246,7 +246,7 @@ ui_print_page_header( $help_header, true, $onheader, - true, + false, 'massivemodal' ); From e8a3cb698d538fb4c2a6ba248ebcaeebb567e4ce Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Tue, 26 May 2020 11:26:49 +0200 Subject: [PATCH 14/61] Time selector adjustment --- pandora_console/include/functions_html.php | 16 ++++++++-------- pandora_console/include/javascript/pandora.js | 8 ++++---- pandora_console/include/styles/wizard.css | 3 +-- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index adf978d13f..2a4e8aff92 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -1088,8 +1088,8 @@ function html_print_extended_select_for_time( } ob_start(); - // Use the no_meta parameter because this image is only in the base console - echo '
'; + // Use the no_meta parameter because this image is only in the base console. + echo '
'; html_print_select( $fields, $uniq_name.'_select', @@ -1104,7 +1104,7 @@ function html_print_extended_select_for_time( $readonly, 'font-size: xx-small;'.$select_style ); - // The advanced control is only for admins + // The advanced control is only for admins. if ($admin) { echo ' '.html_print_image( 'images/pencil.png', @@ -1123,7 +1123,7 @@ function html_print_extended_select_for_time( echo '
'; - echo '
'; + echo '
'; html_print_input_text($uniq_name.'_text', $selected, '', $size, 255, false, $readonly, false, '', $class); html_print_input_hidden($name, $selected, false, $uniq_name); @@ -1154,15 +1154,15 @@ function html_print_extended_select_for_time( echo '
'; echo ""; $returnString = ob_get_clean(); diff --git a/pandora_console/include/javascript/pandora.js b/pandora_console/include/javascript/pandora.js index c91339f0c6..89fa9c63f3 100644 --- a/pandora_console/include/javascript/pandora.js +++ b/pandora_console/include/javascript/pandora.js @@ -838,7 +838,7 @@ function post_process_select_events(name) { function period_select_init(name, allow_zero) { // Manual mode is hidden by default $("#" + name + "_manual").css("display", "none"); - $("#" + name + "_default").css("display", "flex"); + $("#" + name + "_default").css("display", "inline"); // If the text input is empty, we put on it 5 minutes by default if ($("#text-" + name + "_text").val() == "") { @@ -852,7 +852,7 @@ function period_select_init(name, allow_zero) { } } else if ($("#text-" + name + "_text").val() == 0 && allow_zero != true) { $("#" + name + "_units option:last").prop("selected", false); - $("#" + name + "_manual").css("display", "flex"); + $("#" + name + "_manual").css("display", "inline"); $("#" + name + "_default").css("display", "none"); } } @@ -941,13 +941,13 @@ function selectFirst(name) { */ function toggleBoth(name) { if ($("#" + name + "_default").css("display") == "none") { - $("#" + name + "_default").css("display", "flex"); + $("#" + name + "_default").css("display", "inline"); } else { $("#" + name + "_default").css("display", "none"); } if ($("#" + name + "_manual").css("display") == "none") { - $("#" + name + "_manual").css("display", "flex"); + $("#" + name + "_manual").css("display", "inline"); } else { $("#" + name + "_manual").css("display", "none"); } diff --git a/pandora_console/include/styles/wizard.css b/pandora_console/include/styles/wizard.css index 69209ce17c..b2e9b044b1 100644 --- a/pandora_console/include/styles/wizard.css +++ b/pandora_console/include/styles/wizard.css @@ -70,9 +70,8 @@ ul.wizard li > textarea { } .wizard .discovery_inline_input { - display: flex; + display: inline; align-content: end; - flex: 0; align-self: flex-start; } From 2481bcc669d7238c48473596be648beb9f2fd770 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Tue, 26 May 2020 13:56:39 +0200 Subject: [PATCH 15/61] Update default value for use_xml_timestamp --- pandora_server/lib/PandoraFMS/Config.pm | 3 ++- pandora_server/lib/PandoraFMS/DataServer.pm | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm index 5babae0d3c..c19aed0317 100644 --- a/pandora_server/lib/PandoraFMS/Config.pm +++ b/pandora_server/lib/PandoraFMS/Config.pm @@ -399,7 +399,8 @@ sub pandora_load_config { $pa_config->{'max_log_generation'} = 1; # Ignore the timestamp in the XML and use the file timestamp instead - $pa_config->{'use_xml_timestamp'} = 0; + # If 1 => uses timestamp from received XML #5763. + $pa_config->{'use_xml_timestamp'} = 1; # Server restart delay in seconds $pa_config->{'restart_delay'} = 60; diff --git a/pandora_server/lib/PandoraFMS/DataServer.pm b/pandora_server/lib/PandoraFMS/DataServer.pm index f82a58a120..69efd9f45a 100644 --- a/pandora_server/lib/PandoraFMS/DataServer.pm +++ b/pandora_server/lib/PandoraFMS/DataServer.pm @@ -234,6 +234,7 @@ sub data_consumer ($$) { } # Ignore the timestamp in the XML and use the file timestamp instead + # If 1 => uses timestamp from received XML #5763. $xml_data->{'timestamp'} = strftime ("%Y-%m-%d %H:%M:%S", localtime((stat($file_name))[9])) if ($pa_config->{'use_xml_timestamp'} eq '0' || ! defined ($xml_data->{'timestamp'})); # Double check that the file exists From 2ae11577cee1c4d73da892406be480eae11e9cb2 Mon Sep 17 00:00:00 2001 From: Manuel Montes Date: Tue, 26 May 2020 14:42:06 +0200 Subject: [PATCH 16/61] Added case insensitive in agent search --- pandora_console/godmode/users/user_list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index 8fb461a355..24f2a38a65 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -367,11 +367,11 @@ if ($search) { $found = false; if (!empty($filter_search)) { - if (preg_match('/.*'.$filter_search.'.*/', $user_info['fullname']) != 0) { + if (preg_match('/.*'.strtolower($filter_search).'.*/', strtolower($user_info['fullname'])) != 0) { $found = true; } - if (preg_match('/.*'.$filter_search.'.*/', $user_info['id_user']) != 0) { + if (preg_match('/.*'.strtolower($filter_search).'.*/', strtolower($user_info['id_user'])) != 0) { $found = true; } From f2f1eaf58e35e0dff8e36470ba35a5d3f881ad9a Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Tue, 26 May 2020 14:44:52 +0200 Subject: [PATCH 17/61] Fixed values legend charts sparse --- pandora_console/include/functions.php | 8 ++++++++ pandora_console/include/graphs/flot/pandora.flot.js | 8 +++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index eaea211d2a..d409096b06 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -3718,6 +3718,14 @@ function series_type_graph_array($data, $show_elements_graph) } } + if ((int) $value['min'] === PHP_INT_MAX) { + $value['min'] = 0; + } + + if ((int) $value['max'] === (-PHP_INT_MAX)) { + $value['max'] = 0; + } + $data_return['legend'][$key] .= __('Min:').remove_right_zeros( number_format( $value['min'], diff --git a/pandora_console/include/graphs/flot/pandora.flot.js b/pandora_console/include/graphs/flot/pandora.flot.js index 175173160c..48aaa94ee5 100644 --- a/pandora_console/include/graphs/flot/pandora.flot.js +++ b/pandora_console/include/graphs/flot/pandora.flot.js @@ -3009,7 +3009,7 @@ function number_format(number, force_integer, unit, short_data, divisor) { var decimals = 2; if (unit == "KB") { - return number + unit; + return Math.round(number * decimals) + unit; } // Set maximum decimal precision to 99 in case short_data is not set. @@ -3038,6 +3038,12 @@ function number_format(number, force_integer, unit, short_data, divisor) { if (divisor) { number = Math.round(number * decimals) / decimals; + } else { + number = Math.round(number * decimals); + } + + if (isNaN(number)) { + number = 0; } return number + " " + shorts[pos] + unit; From 6866beef52eb76b3d4c313f1e719c2ed59e1a143 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Tue, 26 May 2020 17:44:38 +0200 Subject: [PATCH 18/61] fixed bad constants --- pandora_console/include/constants.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pandora_console/include/constants.php b/pandora_console/include/constants.php index e6c4108615..6fc34abbec 100644 --- a/pandora_console/include/constants.php +++ b/pandora_console/include/constants.php @@ -149,8 +149,8 @@ define('COL_IGNORED', '#DDD'); define('COL_ALERTFIRED', '#F36201'); define('COL_MINOR', '#F099A2'); define('COL_MAJOR', '#C97A4A'); -define('COL_INFORMATIONAL', '#E4E4E4'); -define('COL_MAINTENANCE', '#4a83f3'); +define('COL_INFORMATIONAL', '#4a83f3'); +define('COL_MAINTENANCE', '#E4E4E4'); define('COL_GRAPH1', '#C397F2'); define('COL_GRAPH2', '#FFE66C'); From 43701f953dae05a6d3fa39edb7ec3e91bb29687b Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Wed, 3 Jun 2020 17:37:12 +0200 Subject: [PATCH 19/61] fixed ad authentication --- pandora_console/include/auth/mysql.php | 45 ++++++++++++++------------ 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index ed5e56782a..064be4a93e 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -85,7 +85,7 @@ function process_user_login($login, $pass, $api=false) return process_user_login_local($login, $pass, $api); } else { $login_remote = process_user_login_remote($login, io_safe_output($pass), $api); - if ($login_remote == false) { + if ($login_remote == false && $config['fallback_local_auth']) { return process_user_login_local($login, $pass, $api); } else { return $login_remote; @@ -258,27 +258,32 @@ function process_user_login_remote($login, $pass, $api=false) return false; } - if (($config['auth'] === 'ad') - && (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) - ) { - $return = enterprise_hook( - 'prepare_permissions_groups_of_user_ad', - [ - $login, - $pass, - false, - true, - defined('METACONSOLE'), - ] - ); + if (($config['auth'] === 'ad')) { + // Check if autocreate remote users is active. + if ($config['autocreate_remote_users'] == 1) { + change_local_user_pass_ldap($login, $pass); + } - if ($return === 'error_permissions') { - $config['auth_error'] = __('Problems with configuration permissions. Please contact with Administrator'); - return false; - } else { - if ($return === 'permissions_changed') { - $config['auth_error'] = __('Your permissions have changed. Please, login again.'); + if (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) { + $return = enterprise_hook( + 'prepare_permissions_groups_of_user_ad', + [ + $login, + $pass, + false, + true, + defined('METACONSOLE'), + ] + ); + + if ($return === 'error_permissions') { + $config['auth_error'] = __('Problems with configuration permissions. Please contact with Administrator'); return false; + } else { + if ($return === 'permissions_changed') { + $config['auth_error'] = __('Your permissions have changed. Please, login again.'); + return false; + } } } } else if ($config['auth'] === 'ldap') { From c6b1e92bda7de0322c97e55d2116721c84f0f0ae Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Mon, 8 Jun 2020 08:44:24 +0200 Subject: [PATCH 20/61] Modified match for forbidden words. Now not allows spaces or scaped chars. Other cases must not be problemathic --- pandora_console/include/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 724fe11fd6..8805a0b1e2 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -2136,7 +2136,7 @@ function check_sql($sql) { // We remove "*" to avoid things like SELECT * FROM tusuario // Check that it not delete_ as "delete_pending" (this is a common field in pandora tables). - if (preg_match('/\*|delete[^_]|drop|alter|modify|password|pass|insert|update/i', $sql)) { + if (preg_match('/([ ]*(delete|drop|alter|modify|password|pass|insert|update)\b[ \\]+)/i', $sql)) { return ''; } From 82b66d567d676c65b49d7c745381868a92a80299 Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Mon, 8 Jun 2020 14:14:35 +0200 Subject: [PATCH 21/61] Fixed sla graph in pdf --- pandora_console/include/chart_generator.php | 3 ++- .../include/graphs/functions_flot.php | 21 +++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/pandora_console/include/chart_generator.php b/pandora_console/include/chart_generator.php index edd8208b05..97fdf32b9c 100644 --- a/pandora_console/include/chart_generator.php +++ b/pandora_console/include/chart_generator.php @@ -277,7 +277,8 @@ if (file_exists('languages/'.$user_language.'.mo') === true) { $params['ttl'], $params['sizeForTicks'], $params['show'], - $params['date_to'] + $params['date_to'], + $params['server_id'] ); break; diff --git a/pandora_console/include/graphs/functions_flot.php b/pandora_console/include/graphs/functions_flot.php index 1a74f456b2..9666196a6c 100644 --- a/pandora_console/include/graphs/functions_flot.php +++ b/pandora_console/include/graphs/functions_flot.php @@ -699,6 +699,7 @@ function flot_slicesbar_graph( 'show' => $show, 'return_img_base_64' => true, 'date_to' => $date_to, + 'server_id' => $server_id, ]; $graph = '"; $return .= "//"; $return .= ''; From 11dbe46a96a82aff3a4ae5c5af469fd1bf21f816 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Mon, 8 Jun 2020 15:23:09 +0200 Subject: [PATCH 22/61] Allowed toggled rows --- .../godmode/wizards/Wizard.main.php | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/pandora_console/godmode/wizards/Wizard.main.php b/pandora_console/godmode/wizards/Wizard.main.php index 7320934826..9af64a7c39 100644 --- a/pandora_console/godmode/wizards/Wizard.main.php +++ b/pandora_console/godmode/wizards/Wizard.main.php @@ -832,7 +832,7 @@ class Wizard $first_block_printed = true; } - $output .= '
'; + $row_output = '
'; foreach ($row['columns'] as $column) { $width = isset($column['width']) ? 'width: '.$column['width'].';' : 'width: 100%;'; @@ -841,23 +841,36 @@ class Wizard $extra_styles = isset($column['style']) ? $column['style'] : ''; $class = isset($column['class']) ? $column['class'] : ''; - $output .= '
'; + $row_output .= '
'; foreach ($column['inputs'] as $input) { if (is_array($input)) { if ($input['arguments']['type'] != 'submit') { - $output .= $this->printBlockAsGrid($input, true); + $row_output .= $this->printBlockAsGrid($input, true); } else { $output_submit .= $this->printBlockAsGrid($input, true); } } else { - $output .= $input; + $row_output .= $input; } } - $output .= '
'; + $row_output .= '
'; + } + + if (isset($row['toggle'])) { + $output .= ui_print_toggle( + [ + 'content' => $row_output, + 'name' => $row['toggle_label'], + 'hidden_default' => ! (bool) $row['toggle'], + 'return' => true, + ] + ); + } else { + $output .= $row_output; } $output .= '
'; From 754023f90891ded8107f22a156cb442311b9d2c8 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Mon, 8 Jun 2020 17:12:33 +0200 Subject: [PATCH 23/61] fix XSS --- pandora_console/godmode/wizards/HostDevices.class.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pandora_console/godmode/wizards/HostDevices.class.php b/pandora_console/godmode/wizards/HostDevices.class.php index 9cb9505a5b..80810b7cf2 100755 --- a/pandora_console/godmode/wizards/HostDevices.class.php +++ b/pandora_console/godmode/wizards/HostDevices.class.php @@ -692,9 +692,7 @@ class HostDevices extends Wizard if ($this->page == 1) { $title = __( '"%s" features', - io_safe_output( - $this->task['name'] - ) + $this->task['name'] ); } From 120b78b5c55126a41eb04e3f4c967a59749c4310 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Mon, 8 Jun 2020 17:36:32 +0200 Subject: [PATCH 24/61] Control vulnerable fields --- pandora_console/godmode/tag/edit_tag.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pandora_console/godmode/tag/edit_tag.php b/pandora_console/godmode/tag/edit_tag.php index 2db4cfed33..96b4e158e3 100644 --- a/pandora_console/godmode/tag/edit_tag.php +++ b/pandora_console/godmode/tag/edit_tag.php @@ -31,11 +31,10 @@ $id_tag = (int) get_parameter('id_tag', 0); $update_tag = (int) get_parameter('update_tag', 0); $create_tag = (int) get_parameter('create_tag', 0); $name_tag = (string) get_parameter('name_tag', ''); -$description_tag = (string) get_parameter('description_tag', ''); -$description_tag = io_safe_input(strip_tags(io_safe_output($description_tag))); +$description_tag = io_safe_input(strip_tags(io_safe_output((string) get_parameter('description_tag')))); $url_tag = (string) get_parameter('url_tag', ''); -$email_tag = (string) get_parameter('email_tag', ''); -$phone_tag = (string) get_parameter('phone_tag', ''); +$email_tag = io_safe_input(strip_tags(io_safe_output(((string) get_parameter('email_tag'))))); +$phone_tag = io_safe_input(strip_tags(io_safe_output(((string) get_parameter('phone_tag'))))); $tab = (string) get_parameter('tab', 'list'); if (defined('METACONSOLE')) { From 73cf98fc02d03b13586f8d5cb77b2c7091b84325 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Tue, 9 Jun 2020 10:22:54 +0200 Subject: [PATCH 25/61] Cleaned tags for affected fields --- pandora_console/include/functions_config.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index 96f266fc1e..b7d23fbb7d 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -1212,8 +1212,8 @@ function config_update_config() // -------------------------------------------------- // CUSTOM VALUES POST PROCESS // -------------------------------------------------- - $custom_value = get_parameter('custom_value'); - $custom_text = get_parameter('custom_text'); + $custom_value = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_value')))); + $custom_text = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_text')))); $custom_value_add = (bool) get_parameter('custom_value_add', 0); $custom_value_to_delete = get_parameter('custom_value_to_delete', 0); @@ -1284,8 +1284,8 @@ function config_update_config() // -------------------------------------------------- // MODULE CUSTOM UNITS // -------------------------------------------------- - $custom_unit = get_parameter('custom_module_unit'); - $custom_unit_to_delete = get_parameter('custom_module_unit_to_delete', ''); + $custom_unit = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_module_unit')))); + $custom_unit_to_delete = io_safe_input(strip_tags(io_safe_output(get_parameter('custom_module_unit_to_delete', '')))); if (!empty($custom_unit)) { if (!add_custom_module_unit( From cfe30d5b7d5431141b211fa8666bde6fe7f8b4cf Mon Sep 17 00:00:00 2001 From: marcos Date: Tue, 9 Jun 2020 10:37:11 +0200 Subject: [PATCH 26/61] fixed vulnerability on special days --- .../godmode/alerts/alert_special_days.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/alerts/alert_special_days.php b/pandora_console/godmode/alerts/alert_special_days.php index 7dd02c28bd..d3f2c41ed1 100644 --- a/pandora_console/godmode/alerts/alert_special_days.php +++ b/pandora_console/godmode/alerts/alert_special_days.php @@ -118,6 +118,10 @@ if ($create_special_day) { $values['id_group'] = (string) get_parameter('id_group'); $values['description'] = (string) get_parameter('description'); + $aviable_description = true; + if (preg_match('