tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-6002-pandora-communty-vulnerabilities' into 'develop' 

Fixed xss event comments vulnerabiluty and some acls on event ajax

See merge request artica/pandorafms!3335
This commit is contained in:
Alejandro Fraguas 2020-07-13 10:06:26 +02:00
parent fe48741abe 9a8c42f4ac
commit bd6904b99f
4 changed files with 67 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pandora_console/include/ajax/events.php
View File

@ -871,6 +871,11 @@ if ($get_response_description) {
} }
if ($get_response_params) { if ($get_response_params) {
if (! check_acl($config['id_user'], 0, 'EW')) {
echo 'unauthorized';
return;
}
$response_id = get_parameter('response_id'); $response_id = get_parameter('response_id');
$params = db_get_value('params', 'tevent_response', 'id', $response_id); $params = db_get_value('params', 'tevent_response', 'id', $response_id);
@ -885,6 +890,11 @@ if ($get_response_params) {
} }
if ($get_response_target) { if ($get_response_target) {
if (! check_acl($config['id_user'], 0, 'EW')) {
echo 'unauthorized';
return;
}
$response_id = (int) get_parameter('response_id'); $response_id = (int) get_parameter('response_id');
$event_id = (int) get_parameter('event_id'); $event_id = (int) get_parameter('event_id');
$server_id = (int) get_parameter('server_id'); $server_id = (int) get_parameter('server_id');
@ -901,6 +911,11 @@ if ($get_response_target) {
} }
if ($get_response) { if ($get_response) {
if (! check_acl($config['id_user'], 0, 'EW')) {
echo 'unauthorized';
return;
}
$response_id = get_parameter('response_id'); $response_id = get_parameter('response_id');
$event_response = db_get_row('tevent_response', 'id', $response_id); $event_response = db_get_row('tevent_response', 'id', $response_id);
@ -917,6 +932,11 @@ if ($get_response) {
if ($perform_event_response) { if ($perform_event_response) {
global $config; global $config;
if (! check_acl($config['id_user'], 0, 'EW')) {
echo 'unauthorized';
return;
}
$response_id = get_parameter('response_id'); $response_id = get_parameter('response_id');
$event_id = (int) get_parameter('event_id'); $event_id = (int) get_parameter('event_id');
$server_id = (int) get_parameter('server_id', 0); $server_id = (int) get_parameter('server_id', 0);
@ -1011,6 +1031,11 @@ if ($perform_event_response) {
if ($dialogue_event_response) { if ($dialogue_event_response) {
global $config; global $config;
if (! check_acl($config['id_user'], 0, 'EW')) {
echo 'unauthorized';
return;
}
$event_id = get_parameter('event_id'); $event_id = get_parameter('event_id');
$response_id = get_parameter('response_id'); $response_id = get_parameter('response_id');
$command = get_parameter('target'); $command = get_parameter('target');

4
pandora_console/include/functions_events.php
View File

@ -2118,7 +2118,7 @@ function events_comment(
switch ($comments_format) { switch ($comments_format) {
case 'new': case 'new':
$comment_for_json['comment'] = $comment; $comment_for_json['comment'] = io_safe_input($comment);
$comment_for_json['action'] = $action; $comment_for_json['action'] = $action;
$comment_for_json['id_user'] = $config['id_user']; $comment_for_json['id_user'] = $config['id_user'];
$comment_for_json['utimestamp'] = time(); $comment_for_json['utimestamp'] = time();
@ -2141,7 +2141,7 @@ function events_comment(
$comment = str_replace(["\r\n", "\r", "\n"], '<br>', $comment); $comment = str_replace(["\r\n", "\r", "\n"], '<br>', $comment);
if ($comment != '') { if ($comment != '') {
$commentbox = '<div style="border:1px dotted #CCC; min-height: 10px;">'.$comment.'</div>'; $commentbox = '<div style="border:1px dotted #CCC; min-height: 10px;">'.io_safe_input($comment).'</div>';
} else { } else {
$commentbox = ''; $commentbox = '';
} }

38
pandora_console/operation/events/events.build_table.php
View File

@ -982,24 +982,26 @@ if ($group_rep == 2) {
$array_events_actions[$val['id']] = $val['name']; $array_events_actions[$val['id']] = $val['name'];
} }
if ($config['event_replication'] != 1) { if (check_acl($config['id_user'], 0, 'EW')) {
echo '<div style="width:100%;text-align:right;">'; if ($config['event_replication'] != 1) {
echo '<form method="post" id="form_event_response">'; echo '<div style="width:100%;text-align:right;">';
html_print_select($array_events_actions, 'response_id', '', '', '', 0, false, false, false); echo '<form method="post" id="form_event_response">';
echo '&nbsp&nbsp'; html_print_select($array_events_actions, 'response_id', '', '', '', 0, false, false, false);
html_print_button(__('Execute event response'), 'submit_event_response', false, 'execute_event_response(true);', 'class="sub next"'); echo '&nbsp&nbsp';
echo "<span id='response_loading_dialog' style='display:none'>".html_print_image('images/spinner.gif', true).'</span>'; html_print_button(__('Execute event response'), 'submit_event_response', false, 'execute_event_response(true);', 'class="sub next"');
echo '</form>'; echo "<span id='response_loading_dialog' style='display:none'>".html_print_image('images/spinner.gif', true).'</span>';
echo '<span id="max_custom_event_resp_msg" style="display:none; color:#e63c52; line-height: 200%;">'; echo '</form>';
echo __( echo '<span id="max_custom_event_resp_msg" style="display:none; color:#e63c52; line-height: 200%;">';
'A maximum of %s event custom responses can be selected', echo __(
$config['max_execution_event_response'] 'A maximum of %s event custom responses can be selected',
).'</span>'; $config['max_execution_event_response']
echo '<span id="max_custom_selected" style="display:none; color:#e63c52; line-height: 200%;">'; ).'</span>';
echo __( echo '<span id="max_custom_selected" style="display:none; color:#e63c52; line-height: 200%;">';
'Please, select an event' echo __(
).'</span>'; 'Please, select an event'
echo '</div>'; ).'</span>';
echo '</div>';
}
} }
} }

40
pandora_console/operation/events/events.php
View File

@ -1530,26 +1530,26 @@ foreach ($event_responses as $val) {
$array_events_actions[$val['id']] = $val['name']; $array_events_actions[$val['id']] = $val['name'];
} }
if (check_acl($config['id_user'], 0, 'EW')) {
echo '<div class="multi-response-buttons">'; echo '<div class="multi-response-buttons">';
echo '<form method="post" id="form_event_response">'; echo '<form method="post" id="form_event_response">';
echo '<input type="hidden" id="max_execution_event_response" value="'.$config['max_execution_event_response'].'" />'; echo '<input type="hidden" id="max_execution_event_response" value="'.$config['max_execution_event_response'].'" />';
html_print_select($array_events_actions, 'response_id', '', '', '', 0, false, false, false); html_print_select($array_events_actions, 'response_id', '', '', '', 0, false, false, false);
echo '&nbsp&nbsp'; echo '&nbsp&nbsp';
html_print_button(__('Execute event response'), 'submit_event_response', false, 'execute_event_response(true);', 'class="sub next"'); html_print_button(__('Execute event response'), 'submit_event_response', false, 'execute_event_response(true);', 'class="sub next"');
echo "<span id='response_loading_dialog' style='display:none'>".html_print_image('images/spinner.gif', true).'</span>'; echo "<span id='response_loading_dialog' style='display:none'>".html_print_image('images/spinner.gif', true).'</span>';
echo '</form>'; echo '</form>';
echo '<span id="max_custom_event_resp_msg" style="display:none; color:#e63c52; line-height: 200%;">'; echo '<span id="max_custom_event_resp_msg" style="display:none; color:#e63c52; line-height: 200%;">';
echo __( echo __(
'A maximum of %s event custom responses can be selected', 'A maximum of %s event custom responses can be selected',
$config['max_execution_event_response'] $config['max_execution_event_response']
).'</span>'; ).'</span>';
echo '<span id="max_custom_selected" style="display:none; color:#e63c52; line-height: 200%;">'; echo '<span id="max_custom_selected" style="display:none; color:#e63c52; line-height: 200%;">';
echo __( echo __(
'Please, select an event' 'Please, select an event'
).'</span>'; ).'</span>';
echo '</div>'; echo '</div>';
}
// Close viewer. // Close viewer.
enterprise_hook('close_meta_frame'); enterprise_hook('close_meta_frame');