tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Codigo normalizado, se cambian las llamadas y los datos de entrada a los metodos mediante other 

Former-commit-id: 13478c483108b878a4cdc25bf19663bf8ed7d0af
This commit is contained in:
marcos.alconada 2019-04-17 17:25:25 +02:00
parent fb87b97cd4
commit ad4dfc7624
2 changed files with 49 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pandora_console/include/api.php
View File

@ -106,7 +106,7 @@ if ($correctLogin) {
} }
} else { } else {
$function_name = 'api_'.$op.'_'.$op2; $function_name = 'api_'.$op.'_'.$op2;
$id = 1;
if ($op == 'set' && $id) { if ($op == 'set' && $id) {
switch ($op2) { switch ($op2) {
case 'update_agent': case 'update_agent':
@ -151,39 +151,6 @@ if ($correctLogin) {
} }
break; break;
case 'filter_user_group':
$id_os = api_set_filter_user_group($returnType, $user_db, $group_db, $disable);
if ($id_os != 100) {
return;
}
if ($id_os == 100) {
returnError('not_allowed_operation_cluster', $returnType);
return false;
}
break;
case 'info_user_name':
if ($user_db === '') {
returnError(__('User not specified'), __('User not specified'));
return;
}
$id_os = api_set_info_user_name($returnType, $user_db);
if ($id_os != 100) {
return;
}
if ($id_os == 100) {
returnError('not_allowed_operation_cluster', $returnType);
return false;
}
break;
case 'delete_user_profiles': case 'delete_user_profiles':
if ($user_db === '') { if ($user_db === '') {

80
pandora_console/include/functions_api.php
View File

@ -14804,7 +14804,7 @@ function api_get_list_all_user($thrash1, $thrash2, $other, $returnType)
*/ */
function api_set_info_user_name($returnType, $user_db) function api_get_info_user_name($thrash1, $thrash2, $other, $returnType)
{ {
global $config; global $config;
@ -14814,17 +14814,21 @@ function api_set_info_user_name($returnType, $user_db)
} }
$sql = sprintf( $sql = sprintf(
'SELECT 'SELECT tup.id_usuario AS user_id,
tup.id_usuario AS user_id, tp.id_perfil AS profile_id, tu.fullname AS fullname,
tp.name AS profile_name, tup.id_grupo AS group_id, tp.id_perfil AS profile_id,
tg.nombre AS group_name tp.name AS profile_name,
FROM tperfil tp tup.id_grupo AS group_id,
INNER JOIN tusuario_perfil tup tg.nombre AS group_name
ON tp.id_perfil = tup.id_perfil FROM tperfil tp
LEFT OUTER JOIN tgrupo tg INNER JOIN tusuario_perfil tup
ON tup.id_grupo = tg.id_grupo ON tp.id_perfil = tup.id_perfil
WHERE tup.id_usuario = %s', LEFT OUTER JOIN tgrupo tg
io_safe_output($user_db) ON tup.id_grupo = tg.id_grupo
LEFT OUTER JOIN tusuario tu
ON tu.id_user = tup.id_usuario
WHERE tup.id_usuario = "%s"',
io_safe_output($other['data'][0])
); );
$user_profile = db_get_all_rows_sql($sql); $user_profile = db_get_all_rows_sql($sql);
@ -14839,6 +14843,7 @@ function api_set_info_user_name($returnType, $user_db)
$values[$i] = [ $values[$i] = [
'id_usuario' => $up['user_id'], 'id_usuario' => $up['user_id'],
'fullname' => $up['fullname'],
'id_perfil' => $up['profile_id'], 'id_perfil' => $up['profile_id'],
'perfil_name' => $up['profile_name'], 'perfil_name' => $up['profile_name'],
'id_grupo' => $up['group_id'], 'id_grupo' => $up['group_id'],
@ -14868,7 +14873,7 @@ function api_set_info_user_name($returnType, $user_db)
*/ */
function api_set_filter_user_group($returnType, $user_db, $group_db, $disable) function api_get_filter_user_group($thrash1, $thrash2, $other, $returnType)
{ {
global $config; global $config;
@ -14878,19 +14883,20 @@ function api_set_filter_user_group($returnType, $user_db, $group_db, $disable)
} }
$filter_group = ''; $filter_group = '';
if ($group_db !== null) { if ($other['data'][1] !== null) {
$filter_group = 'AND tup.id_grupo = '.io_safe_output($group_db).''; $filter_group = 'AND tup.id_grupo = '.io_safe_output($other['data'][1]).'';
} }
$sql_disable = ''; $sql_disable = '';
if ($disable !== null) { if ($other['data'][2] !== null) {
$sql_disable = 'INNER JOIN tusuario tu $sql_disable = 'LEFT OUTER JOIN tusuario tus
ON tu.disabled = '.io_safe_output($disable).''; ON tus.disabled ='.io_safe_output($other['data'][2]).'';
} }
$sql = sprintf( $sql = sprintf(
'SELECT DISTINCT 'SELECT DISTINCT
tup.id_usuario AS user_id, tup.id_usuario AS user_id,
tu.fullname AS fullname,
tp.id_perfil AS profile_id, tp.id_perfil AS profile_id,
tp.name AS profile_name, tp.name AS profile_name,
tup.id_grupo AS group_id, tup.id_grupo AS group_id,
@ -14900,9 +14906,11 @@ function api_set_filter_user_group($returnType, $user_db, $group_db, $disable)
ON tp.id_perfil = tup.id_perfil ON tp.id_perfil = tup.id_perfil
LEFT OUTER JOIN tgrupo tg LEFT OUTER JOIN tgrupo tg
ON tup.id_grupo = tg.id_grupo ON tup.id_grupo = tg.id_grupo
LEFT OUTER JOIN tusuario tu
ON tu.id_user = tup.id_usuario
'.$sql_disable.' '.$sql_disable.'
WHERE tup.id_usuario = %s '.$filter_group.'', WHERE tup.id_usuario = "%s" '.$filter_group.'',
io_safe_output($user_db) io_safe_output($other['data'][0])
); );
$filter_user = db_get_all_rows_sql($sql); $filter_user = db_get_all_rows_sql($sql);
@ -14917,6 +14925,7 @@ function api_set_filter_user_group($returnType, $user_db, $group_db, $disable)
$values[$i] = [ $values[$i] = [
'id_usuario' => $up['user_id'], 'id_usuario' => $up['user_id'],
'fullname' => $up['fullname'],
'id_perfil' => $up['profile_id'], 'id_perfil' => $up['profile_id'],
'perfil_name' => $up['profile_name'], 'perfil_name' => $up['profile_name'],
'id_grupo' => $up['group_id'], 'id_grupo' => $up['group_id'],
@ -14945,7 +14954,7 @@ function api_set_filter_user_group($returnType, $user_db, $group_db, $disable)
*/ */
function api_set_delete_user_profiles($user_db, $id_up) function api_set_delete_user_profiles($thrash1, $thrash2, $other, $returnType)
{ {
global $config; global $config;
@ -14954,10 +14963,17 @@ function api_set_delete_user_profiles($user_db, $id_up)
return; return;
} }
$values = [ if ($other['data'][1] == '') {
'id_usuario' => io_safe_output($user_db), $values = [
'id_up' => io_safe_output($id_up), 'id_usuario' => io_safe_output($other['data'][0]),
]; ];
} else {
$values = [
'id_usuario' => io_safe_output($other['data'][0]),
'id_up' => io_safe_output($other['data'][1]),
];
}
$deleted_permission = db_process_sql_delete('tusuario_perfil', $values); $deleted_permission = db_process_sql_delete('tusuario_perfil', $values);
if ($deleted_permission == false) { if ($deleted_permission == false) {
@ -14987,7 +15003,7 @@ function api_set_delete_user_profiles($user_db, $id_up)
*/ */
function api_set_add_permission_user_to_group($returnType, $user_db, $group_db, $id_up, $id_profile) function api_set_add_permission_user_to_group($thrash1, $thrash2, $other, $returnType)
{ {
global $config; global $config;
@ -14998,14 +15014,14 @@ function api_set_add_permission_user_to_group($returnType, $user_db, $group_db,
$sql = 'SELECT id_up $sql = 'SELECT id_up
FROM tusuario_perfil FROM tusuario_perfil
WHERE id_up = '.$id_profile.''; WHERE id_up = '.$other['data'][3].'';
$exist_profile = db_get_value_sql($sql); $exist_profile = db_get_value_sql($sql);
$values = [ $values = [
'id_usuario' => $user_db, 'id_usuario' => $other['data'][0],
'id_perfil' => $id_up, 'id_perfil' => $other['data'][2],
'id_grupo' => $group_db, 'id_grupo' => $other['data'][1],
'no_hierarchy' => 0, 'no_hierarchy' => 0,
'assigned_by' => 0, 'assigned_by' => 0,
'id_policy' => 0, 'id_policy' => 0,
@ -15013,8 +15029,8 @@ function api_set_add_permission_user_to_group($returnType, $user_db, $group_db,
]; ];
$where_id_up = ['id_up' => $id_profile]; $where_id_up = ['id_up' => $other['data'][3]];
if ($exist_profile == $id_profile) { if ($exist_profile === $other['data'][3] && $where_id_up !== null) {
$sucessfull_insert = db_process_sql_update('tusuario_perfil', $values, $where_id_up); $sucessfull_insert = db_process_sql_update('tusuario_perfil', $values, $where_id_up);
} else { } else {
$sucessfull_insert = db_process_sql_insert('tusuario_perfil', $values); $sucessfull_insert = db_process_sql_insert('tusuario_perfil', $values);