tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Console] Fixed XSS vulnerabilities

This commit is contained in:
Alejandro Gallardo Escobar 2017-11-06 15:20:24 +01:00
parent 83becb3e80
commit ac70caac71
4 changed files with 36 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pandora_console/include/functions_networkmap.php
View File

@ -1060,8 +1060,8 @@ function networkmap_create_agent_node ($agent, $simple = 0, $font_size = 10, $cu
}
// Short name
$name = io_safe_output($agent["nombre"]);
if ((strlen ($name) > 16) && ($cut_names)) {
$name = $agent["nombre"];
if ($cut_names) {
$name = ui_print_truncate_text($name, 16, false, true, false);
}
@ -1111,7 +1111,7 @@ function networkmap_create_agent_node ($agent, $simple = 0, $font_size = 10, $cu
}
$node = "\n" . $agent['id_node'].' [ parent="' . $agent['id_parent'] . '", color="'.$status_color.'", fontsize='.$font_size.', style="filled", fixedsize=true, width=0.40, height=0.40, label=<<TABLE CELLPADDING="0" CELLSPACING="0" BORDER="0"><TR><TD>' . $img_node . '</TD></TR>
<TR><TD>'.io_safe_output($name).'</TD></TR></TABLE>>,
<TR><TD>'.$name.'</TD></TR></TABLE>>,
shape="doublecircle", URL="'.$url.'",
tooltip="' . $url_tooltip . '"];' . "\n";
}
@ -1174,7 +1174,7 @@ function networkmap_create_module_group_node ($module_group, $simple = 0, $font_
'", fontsize='.$font_size.', style="filled", ' .
'fixedsize=true, width=0.30, height=0.30, ' .
'label=<<TABLE data-id_agent="' . $module_group['id_agent'] . '" data-status="' . $module_group['status'] . '" CELLPADDING="0" CELLSPACING="0" BORDER="0"><TR><TD>' .
io_safe_output($module_group['name']) . '</TD></TR></TABLE>>,
$module_group['name'] . '</TD></TR></TABLE>>,
shape="square", URL="' . $url . '",
tooltip="' . $url_tooltip . '"];';
}
@ -1268,7 +1268,7 @@ function networkmap_create_module_node ($module, $simple = 0, $font_size = 10, $
'fixedsize=true, width=0.30, height=0.30, ' .
'label=<<TABLE CELLPADDING="0" CELLSPACING="0" BORDER="0"><TR><TD>' .
$img_node . '</TD></TR>
<TR><TD>' . io_safe_output($module['nombre']) . '</TD></TR></TABLE>>,
<TR><TD>' . $module['nombre'] . '</TD></TR></TABLE>>,
shape="circle", URL="' . $url . '",
tooltip="' . $url_tooltip . '"];';
}

9
pandora_console/include/functions_pandora_networkmap.php
View File

@ -374,6 +374,7 @@ function networkmap_db_node_to_js_node($node, &$count, &$count_item_holding_area
$item['image_width'] = (int)$image_size[0];
$item['image_height'] = (int)$image_size[1];
}
$item['raw_text'] = $node['style']['label'];
$item['text'] = io_safe_output($node['style']['label']);
$item['shape'] = $node['style']['shape'];
switch ($node['type']) {
@ -548,7 +549,7 @@ function networkmap_links_to_js_links($relations, $nodes_graph) {
$item['arrow_end'] = 'module';
$item['status_end'] = modules_get_agentmodule_status((int)$id_target_module, false, false, null);
$item['id_module_end'] = (int)$id_target_module;
$text_end = io_safe_output(modules_get_agentmodule_name((int)$id_target_module));
$text_end = modules_get_agentmodule_name((int)$id_target_module);
if (preg_match ("/(.+)_ifOperStatus$/" , (string)$text_end, $matches)) {
if ($matches[1]) {
$item['text_end'] = $matches[1];
@ -559,7 +560,7 @@ function networkmap_links_to_js_links($relations, $nodes_graph) {
$item['arrow_start'] = 'module';
$item['status_start'] = modules_get_agentmodule_status((int)$id_source_module, false, false, null);
$item['id_module_start'] = (int)$id_source_module;
$text_start = io_safe_output(modules_get_agentmodule_name((int)$id_source_module));
$text_start = modules_get_agentmodule_name((int)$id_source_module);
if (preg_match ("/(.+)_ifOperStatus$/" , (string)$text_start, $matches)) {
if ($matches[1]) {
$item['text_start'] = $matches[1];
@ -874,7 +875,6 @@ function networkmap_loadfile($id = 0, $file = '',
modules_get_agentmodule_agent($ids[$node_id]['id_module']);
$text = modules_get_agentmodule_name($data['id_module']);
$text = io_safe_output($text);
$text = ui_print_truncate_text($text,
'agent_medium', false, true, false,
'...', false);
@ -885,7 +885,6 @@ function networkmap_loadfile($id = 0, $file = '',
$data['id_agent'] = $ids[$node_id]['id_agent'];
$text = agents_get_alias($ids[$node_id]['id_agent']);
$text = io_safe_output($text);
$text = ui_print_truncate_text($text,
'agent_medium', false, true, false,
'...', false);
@ -975,7 +974,7 @@ function duplicate_networkmap($id) {
$values = db_get_row('tmap', 'id', $id);
unset($values['id']);
$free_name = false;
$values['name'] = io_safe_input(__('Copy of ') . io_safe_output($values['name']));
$values['name'] = io_safe_input(__('Copy of ')) . $values['name'];
$count = 1;
while (!$free_name) {
$exist = db_get_row_filter('tmap', array('name' => $values['name']));

34
pandora_console/include/javascript/functions_pandora_networkmap.js
View File

@ -240,10 +240,11 @@ function update_node_name(id_db_node) {
jQuery.each(graph.nodes, function (i, element) {
if (element.id_db == id_db_node) {
graph.nodes[i].text = name;
graph.nodes[i]['text'] = data['text'];
graph.nodes[i]['raw_text'] = data['raw_text'];
$("#id_node_" + i + networkmap_id + " title").html(name);
$("#id_node_" + i + networkmap_id + " tspan").html(name);
$("#id_node_" + i + networkmap_id + " title").html(data['raw_text']);
$("#id_node_" + i + networkmap_id + " tspan").html(data['raw_text']);
}
});
@ -664,7 +665,6 @@ function edit_node(data_node, dblClick) {
$("#node_options-node_name-2 input")
.attr("onclick", "update_node_name(" + node_selected.id_db + ");");
$("#node_details-0-1").html('<a href="index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=' + node_selected["id_agent"] + '">' + node_selected["text"] + '</a>');
var params = [];
params.push("get_agent_info=1");
params.push("id_agent=" + node_selected["id_agent"]);
@ -676,11 +676,19 @@ function edit_node(data_node, dblClick) {
type: 'POST',
url: action = "ajax.php",
success: function (data) {
var adressess = "";
for (adress in data['adressess']) {
adressess += adress + "<br>";
$("#node_details-0-1").html('<a href="index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=' + node_selected["id_agent"] + '">' + data['alias'] + '</a>');
var addresses = "";
if (data['adressess'] instanceof Array) {
for (var i; i < data['adressess'].length; i++) {
addresses += data['adressess'][i] + "<br>";
}
} else {
for (address in data['adressess']) {
addresses += address + "<br>";
}
}
$("#node_details-1-1").html(adressess);
$("#node_details-1-1").html(addresses);
$("#node_details-2-1").html(data["os"]);
$("#node_details-3-1").html(data["group"]);
@ -693,7 +701,7 @@ function edit_node(data_node, dblClick) {
$("#dialog_node_edit")
.dialog("option", "title",
dialog_node_edit_title.replace("%s", node_selected.text));
dialog_node_edit_title.replace("%s", node_selected['text'])); // It doesn't eval the possible XSS so it's ok
$("#dialog_node_edit").dialog("open");
if (node_selected.id_agent == undefined || node_selected.id_agent == -2) {
@ -701,7 +709,7 @@ function edit_node(data_node, dblClick) {
$("#node_options-fictional_node_name")
.css("display", "");
$("input[name='edit_name_fictional_node']")
.val(node_selected.text);
.val(node_selected.text); // It doesn't eval the possible XSS so it's ok
$("#node_options-fictional_node_networkmap_link")
.css("display", "");
$("#edit_networkmap_to_link")
@ -715,7 +723,7 @@ function edit_node(data_node, dblClick) {
}
else {
$("input[name='edit_name_node']")
.val(node_selected.text);
.val(node_selected.text); // It doesn't eval the possible XSS so it's ok
$("#node_options-fictional_node_name")
.css("display", "none");
$("#node_options-fictional_node_networkmap_link")
@ -866,9 +874,9 @@ function load_interfaces(selected_links) {
});
$("#relations_table-template_row-node_source", template_relation_row)
.html(link_each.source.text);
.html(link_each.source['raw_text']);
$("#relations_table-template_row-node_target", template_relation_row)
.html(link_each.target.text);
.html(link_each.target['raw_text']);
$("#relations_table-template_row-edit", template_relation_row)
.attr("align", "center");
$("#relations_table-template_row-edit .delete_icon", template_relation_row)

12
pandora_console/operation/agentes/pandora_networkmap.view.php
View File

@ -72,7 +72,7 @@ if (is_ajax ()) {
if ($update_fictional_point) {
$id_node = (int)get_parameter('id_node', 0);
$name = io_safe_output(get_parameter('name', ''));
$name = get_parameter('name', '');
$shape = get_parameter('shape', 0);
$radious = (int)get_parameter('radious', 20);
$color = get_parameter('color', 0);
@ -123,7 +123,7 @@ if (is_ajax ()) {
$id = (int)get_parameter('id', 0);
$x = (int)get_parameter('x', 0);
$y = (int)get_parameter('y', 0);
$id_agents = io_safe_output(get_parameter('id_agents', ''));
$id_agents = get_parameter('id_agents', '');
$id_agents = json_decode($id_agents, true);
if ($id_agents === null)
@ -426,7 +426,7 @@ if (is_ajax ()) {
if ($get_agent_pos_search) {
$id = (int)get_parameter('id', 0);
$name = io_safe_output((string)get_parameter('name', 0));
$name = (string)get_parameter('name');
$return = array();
$return['correct'] = true;
@ -447,7 +447,7 @@ if (is_ajax ()) {
$id = (int)get_parameter('id', 0);
/* q is what autocomplete plugin gives */
$string = io_safe_output((string) get_parameter ('q'));
$string = (string) get_parameter('q');
$agents = db_get_all_rows_filter('titem',
array('id_map' => $id,
@ -459,7 +459,7 @@ if (is_ajax ()) {
$data = array();
foreach ($agents as $agent) {
$style = json_decode($agent['style'], true);
$data[] = array('name' => io_safe_output($style['label']));
$data[] = array('name' => $style['label']);
}
echo json_encode($data);
@ -750,7 +750,7 @@ else {
}
if (!$dash_mode) {
ui_print_page_header(io_safe_output($networkmap['name']),
ui_print_page_header($networkmap['name'],
"images/bricks.png", false, "network_map_enterprise",
false, $buttons, false, '', $config['item_title_size_text']);
}