diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 03fb8b9be2..c3363a8c76 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -3958,7 +3958,7 @@ function api_set_create_plugin_module($id, $thrash1, $other, $thrash3) 'plugin_pass' => $other['data'][24], 'plugin_parameter' => $other['data'][25], 'disabled_types_event' => $disabled_types_event, - 'macros' => base64_decode($other['data'][27]), + 'macros' => base64_decode(str_replace(' ', '+', $other['data'][27])), 'module_macros' => $other['data'][28], 'each_ff' => $other['data'][29], 'min_ff_event_normal' => $other['data'][30], @@ -3969,6 +3969,22 @@ function api_set_create_plugin_module($id, $thrash1, $other, $thrash3) 'ff_type' => $other['data'][35], ]; + $plugin = db_get_row('tplugin', 'id', $values['id_plugin']); + if (empty($plugin)) { + returnError('id_not_found'); + return; + } + $plugin_command_macros = $plugin['macros']; + + if (!empty($values['macros'])) { + $macros = io_safe_input_json($values['macros']); + if (empty($macros)) { + returnError('JSON string in macros is invalid.'); + exit; + } + $values['macros'] = io_merge_json_value($plugin_command_macros, $macros); + } + if (! $values['descripcion']) { $values['descripcion'] = ''; // Column 'descripcion' cannot be null. @@ -4119,13 +4135,29 @@ function api_set_update_plugin_module($id_module, $thrash1, $other, $thrash3) $values[$field] = $other['data'][$cont]; if ($field === 'macros') { - $values[$field] = base64_decode($values[$field]); + $values[$field] = base64_decode(str_replace(' ', '+', $values[$field])); } } $cont++; } + $plugin = db_get_row('tplugin', 'id', $values['id_plugin']); + if (empty($plugin)) { + returnError('id_not_found'); + return; + } + $plugin_command_macros = $plugin['macros']; + + if (!empty($values['macros'])) { + $macros = io_safe_input_json($values['macros']); + if (empty($macros)) { + returnError('JSON string in macros is invalid.'); + exit; + } + $values['macros'] = io_merge_json_value($plugin_command_macros, $macros); + } + $values['policy_linked'] = 0; $result_update = modules_update_agent_module($id_module, $values); @@ -8205,7 +8237,7 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3) return; } - if ($other['data'][22] == '') { + if ($other['data'][21] == '') { returnError('The plugin module could not be added. Id_plugin cannot be left blank.'); return; } @@ -8248,7 +8280,7 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3) $values['plugin_pass'] = $other['data'][23]; $values['plugin_parameter'] = $other['data'][24]; $values['disabled_types_event'] = $disabled_types_event; - $values['macros'] = base64_decode($other['data'][26]); + $values['macros'] = base64_decode(str_replace(' ', '+', $other['data'][26])); $values['module_macros'] = $other['data'][27]; $values['each_ff'] = $other['data'][28]; $values['min_ff_event_normal'] = $other['data'][29]; @@ -8263,6 +8295,22 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3) } } + $plugin = db_get_row('tplugin', 'id', $values['id_plugin']); + if (empty($plugin)) { + returnError('id_not_found'); + return; + } + $plugin_command_macros = $plugin['macros']; + + if (!empty($values['macros'])) { + $macros = io_safe_input_json($values['macros']); + if (empty($macros)) { + returnError('JSON string in macros is invalid.'); + exit; + } + $values['macros'] = io_merge_json_value($plugin_command_macros, $macros); + } + $success = enterprise_hook('policies_create_module', [$other['data'][0], $id, 4, $values, false]); if ($success) { diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index 5edc3e5f49..ec888735f2 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -622,3 +622,82 @@ function io_safe_html_tags(string $string) return $output; } + +/** + * Execute io_safe_input againt each values in JSON. + * + * @param string json + * + * @return string json where each value is encoded + */ +function io_safe_input_json($json) +{ + $output_json = ""; + + if (empty($json)) { + return $output_json; + } + + $array_json = json_decode($json, true); + if (json_last_error() != JSON_ERROR_NONE) { + return $output_json; + } + + foreach ($array_json as $key => $value) { + if (is_array($value)) { + $value_json = json_encode($value, JSON_UNESCAPED_UNICODE); + $array_json[$key] = json_decode(io_safe_input_json($value_json), true); + } else { + $array_json[$key] = io_safe_input($value); + } + } + $output_json = json_encode($array_json, JSON_UNESCAPED_UNICODE); + + return $output_json; +} + +/** + * Merge json value in $json_merge to $json + * + * @param string json to be merged. + * @param string json containing the values to merge. + * @param boolean limit the values to be merged to those with a key of 'value', true by default. + * + * @retrun string merged json + * + * e.g.) + * arg1 json: {"1":{"macro":"_field1_","desc":"DESCRIPTION","help":"HELP","value":"","hide":""}} + * arg2 json: {"1":{"value":"xxxx"}} + * -> return json: {"1":{"macro":"_field1_","desc":"DESCRIPTION","help":"HELP","value":"xxxx","hide":""}} + */ +function io_merge_json_value($json, $json_merge, $value_key_only=true) +{ + $output_json = ""; + + $array_json = json_decode($json, true); + if (json_last_error() != JSON_ERROR_NONE) { + return $output_json; + } + $array_json_merge = json_decode($json_merge, true); + if (json_last_error() != JSON_ERROR_NONE) { + return $output_json; + } + + foreach ($array_json_merge as $key => $value) { + if (is_array($value) && !empty($array_json[$key])) { + $merged_json = io_merge_json_value( + json_encode($array_json[$key], JSON_UNESCAPED_UNICODE), + json_encode($value, JSON_UNESCAPED_UNICODE), + $value_key_only); + $array_json[$key] = json_decode($merged_json, true); + } else { + if (array_key_exists($key, $array_json) && + ($value_key_only == false || $key == 'value')) { + $array_json[$key] = $array_json_merge[$key]; + } + } + } + $output_json = json_encode($array_json, JSON_UNESCAPED_UNICODE); + + return $output_json; +}