Merge branch 'ent-10020-Eliminar-login-hash-de-vistas-metaconsola' into 'develop'

Ent 10020 eliminar login hash de vistas metaconsola See merge request artica/pandorafms!5839
2023-06-29 09:55:53 +00:00 · 2023-06-29 09:55:53 +00:00 · d082687c44
parent 9e6595be18 1225c055a1
commit d082687c44
6 changed files with 199 additions and 26 deletions
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@ -4350,6 +4350,31 @@ function events_page_details($event, $server_id=0)
                true,
                true
            ).ui_print_help_tip(__('This agent belongs to metaconsole, is not possible display it'), true);
+        } else if (can_user_access_node() && is_metaconsole()) {
+            // Workaround to pass login hash data in POST body instead of directly in the URL.
+            parse_str($hashstring, $url_hash_array);
+            $redirection_form = "<form id='agent-redirection' method='POST' action='".$serverstring."index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$event['id_agente']."'>";
+            $redirection_form .= html_print_input_hidden(
+                'loginhash',
+                $url_hash_array['loginhash'],
+                true
+            );
+            $redirection_form .= html_print_input_hidden(
+                'loginhash_data',
+                $url_hash_array['loginhash_data'],
+                true
+            );
+            $redirection_form .= html_print_input_hidden(
+                'loginhash_user',
+                $url_hash_array['loginhash_user'],
+                true
+            );
+            $redirection_form .= '</form>';
+
+            $data[1] = $redirection_form;
+            $data[1] .= "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-redirection\").submit();' href='#'>";
+            $data[1] .= '<b>'.$agent['alias'].'</b>';
+            $data[1] .= '</a>';
        } else if (can_user_access_node()) {
            $data[1] = ui_print_agent_name(
                $event['id_agente'],
--- a/pandora_console/include/functions_treeview.php
+++ b/pandora_console/include/functions_treeview.php
@ -322,9 +322,50 @@ function treeview_printModuleTable($id_module, $server_data=false, $no_head=fals
    $agent_name = db_get_value('nombre', 'tagente', 'id_agente', $module['id_agente']);

    if ($user_access_node && check_acl($config['id_user'], $id_group, 'AW')) {
-        // Actions table
        echo '<div class="actions_treeview flex flex-evenly">';
-        echo '<a target=_blank href="'.$console_url.'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente='.$module['id_agente'].'&tab=module&edit_module=1&id_agent_module='.$module['id_agente_modulo'].$url_hash.'">';
+
+        if (is_metaconsole() === true) {
+            echo "<form id='module-table-redirection' method='POST' action='".$console_url."index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&tab=module'>";
+
+            parse_str($url_hash, $url_hash_array);
+
+            html_print_input_hidden(
+                'id_agente',
+                $module['id_agente'],
+                false
+            );
+            html_print_input_hidden(
+                'edit_module',
+                1,
+                false
+            );
+            html_print_input_hidden(
+                'id_agent_module',
+                $module['id_agente_modulo'],
+                false
+            );
+            html_print_input_hidden(
+                'loginhash',
+                $url_hash_array['loginhash'],
+                false
+            );
+            html_print_input_hidden(
+                'loginhash_data',
+                $url_hash_array['loginhash_data'],
+                false
+            );
+            html_print_input_hidden(
+                'loginhash_user',
+                $url_hash_array['loginhash_user'],
+                false
+            );
+
+            echo '</form>';
+            echo "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"module-table-redirection\").submit();' href='#'>";
+        } else {
+            echo '<a target=_blank href="'.$console_url.'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente='.$module['id_agente'].'&tab=module&edit_module=1&id_agent_module='.$module['id_agente_modulo'].$url_hash.'">';
+        }
+
        html_print_submit_button(
            __('Go to module edition'),
            'upd_button',
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -755,7 +755,7 @@ if (isset($config['id_user']) === false) {
        header('Location: '.ui_get_full_url('index.php'.$redirect_url));
        exit;
        // Always exit after sending location headers.
-    } else if (isset($_GET['loginhash']) === true) {
+    } else if (isset($_GET['loginhash']) === true || isset($_POST['loginhash']) === true) {
        // Hash login process.
        $loginhash_data = get_parameter('loginhash_data', '');
        $loginhash_user = str_rot13(get_parameter('loginhash_user', ''));
--- a/pandora_console/operation/agentes/status_monitor.php
+++ b/pandora_console/operation/agentes/status_monitor.php
@ -1618,6 +1618,8 @@ if (empty($result) === false) {
        'web_content_string'
    );

+    $inc_id = 0;
+
    foreach ($result as $row) {
        // Avoid unset, null and false value.
        if (empty($row['server_name']) === true) {
@ -1705,8 +1707,26 @@ if (empty($result) === false) {
            $agent_alias = !empty($row['agent_alias']) ? $row['agent_alias'] : $row['agent_name'];

            // TODO: Calculate hash access before to use it more simply like other sections. I.E. Events view
-            if (defined('METACONSOLE')) {
-                $agent_link = '<a href="'.$row['server_url'].'index.php?'.'sec=estado&'.'sec2=operation/agentes/ver_agente&'.'id_agente='.$row['id_agent'].'&'.'loginhash=auto&'.'loginhash_data='.$row['hashdata'].'&'.'loginhash_user='.str_rot13($row['user']).'">';
+            if (is_metaconsole() === true) {
+                echo "<form id='agent-redirection-".$inc_id."' method='POST' action='".$row['server_url']."index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row['id_agent']."'>";
+                html_print_input_hidden(
+                    'loginhash',
+                    'auto',
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_data',
+                    $row['hashdata'],
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_user',
+                    str_rot13($row['user']),
+                    false
+                );
+                echo '</form>';
+                $agent_link = "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-redirection-".$inc_id."\").submit();' href='#'>";
+
                $agent_alias = ui_print_truncate_text(
                    $agent_alias,
                    'agent_small',
@ -2234,27 +2254,77 @@ if (empty($result) === false) {
        }

        if (check_acl_one_of_groups($config['id_user'], $agent_groups, 'AW')) {
-            $url_edit_module = $row['server_url'];
-            $url_edit_module .= 'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&';
-            $url_edit_module .= '&id_agente='.$row['id_agent'];
-            $url_edit_module .= '&tab=module&id_agent_module='.$row['id_agente_modulo'].'&edit_module=1';
+            $table->cellclass[][2] = 'action_buttons';
+
            if (is_metaconsole() === true) {
-                $url_edit_module .= '&loginhash=auto';
-                $url_edit_module .= '&loginhash_data='.$row['hashdata'].'&loginhash_user='.str_rot13($row['user']);
+                echo "<form id='agent-edit-redirection-".$inc_id."' method='POST' action='".$row['server_url']."index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&tab=module&edit_module=1'>";
+                html_print_input_hidden(
+                    'id_agente',
+                    $row['id_agent'],
+                    false
+                );
+                html_print_input_hidden(
+                    'id_agent_module',
+                    $row['id_agente_modulo'],
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash',
+                    'auto',
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_data',
+                    $row['hashdata'],
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_user',
+                    str_rot13($row['user']),
+                    false
+                );
+
+                echo '</form>';
+                $agent_link = "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-edit-redirection-".$inc_id."\").submit();' href='#'>";
+
+                $agent_alias = ui_print_truncate_text(
+                    $agent_alias,
+                    'agent_small',
+                    false,
+                    true,
+                    true,
+                    '[&hellip;]',
+                    'font-size:7.5pt;'
+                );
+
+                $data[12] .= $agent_link.html_print_image(
+                    'images/edit.svg',
+                    true,
+                    [
+                        'alt'    => '0',
+                        'border' => '',
+                        'title'  => __('Edit'),
+                        'class'  => 'main_menu_icon invert_filter',
+                    ]
+                ).'</a>';
+            } else {
+                $url_edit_module = $row['server_url'];
+                $url_edit_module .= 'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&';
+                $url_edit_module .= '&id_agente='.$row['id_agent'];
+                $url_edit_module .= '&tab=module&id_agent_module='.$row['id_agente_modulo'].'&edit_module=1';
+                $data[12] .= '<a href="'.$url_edit_module.'">'.html_print_image(
+                    'images/edit.svg',
+                    true,
+                    [
+                        'alt'    => '0',
+                        'border' => '',
+                        'title'  => __('Edit'),
+                        'class'  => 'main_menu_icon invert_filter',
+                    ]
+                ).'</a>';
            }

-            $table->cellclass[][2] = 'action_buttons';
-            $data[12] .= '<a href="'.$url_edit_module.'">'.html_print_image(
-                'images/edit.svg',
-                true,
-                [
-                    'alt'    => '0',
-                    'border' => '',
-                    'title'  => __('Edit'),
-                    'class'  => 'main_menu_icon invert_filter',
-                ]
-            ).'</a>';
-
+            // Delete.
            if (is_metaconsole() === false) {
                $url_delete_module = $row['server_url'].'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente';
                $url_delete_module .= '&id_agente='.$row['id_agent'].'&delete_module='.$row['id_agente_modulo'];
@ -2273,6 +2343,8 @@ if (empty($result) === false) {
            }
        }

+        $inc_id++;
+
        array_push($table->data, $data);
    }

--- a/pandora_console/operation/agentes/ver_agente.php
+++ b/pandora_console/operation/agentes/ver_agente.php
@ -1313,6 +1313,7 @@ if (is_ajax()) {
 }

 $id_agente = (int) get_parameter('id_agente', 0);
+
 if (empty($id_agente)) {
    return;
 }
--- a/pandora_console/operation/events/events.php
+++ b/pandora_console/operation/events/events.php
@ -458,9 +458,11 @@ if (is_ajax() === true) {
            }

            if (empty($events) === false) {
+                $redirection_form_id = 0;
+
                $data = array_reduce(
                    $events,
-                    function ($carry, $item) use ($table_id) {
+                    function ($carry, $item) use ($table_id, &$redirection_form_id) {
                        global $config;

                        $tmp = (object) $item;
@ -1015,11 +1017,37 @@ if (is_ajax() === true) {
                            $url_link = $server_url;
                            $url_link .= '/index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=';
                            $url_link_hash = $hashdata;
+
+                            parse_str($url_link_hash, $url_hash_array);
+
+                            $redirection_form = "<form id='agent-table-redirection-".$redirection_form_id."' method='POST' action='".$url_link.$tmp->id_agente."'>";
+                            $redirection_form .= html_print_input_hidden(
+                                'loginhash',
+                                $url_hash_array['loginhash'],
+                                true
+                            );
+                            $redirection_form .= html_print_input_hidden(
+                                'loginhash_data',
+                                $url_hash_array['loginhash_data'],
+                                true
+                            );
+                            $redirection_form .= html_print_input_hidden(
+                                'loginhash_user',
+                                $url_hash_array['loginhash_user'],
+                                true
+                            );
+                            $redirection_form .= '</form>';
                        }

                        // Agent name link.
                        if ($tmp->id_agente > 0) {
-                            $draw_agent_name = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            if ($tmp->meta === true) {
+                                $draw_agent_name = $redirection_form;
+                                $draw_agent_name .= "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-table-redirection-".$redirection_form_id."\").submit();' href='#'>";
+                            } else {
+                                $draw_agent_name = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            }
+
                            $draw_agent_name .= $tmp->agent_name;
                            $draw_agent_name .= '</a>';
                            $tmp->agent_name = $draw_agent_name;
@ -1029,7 +1057,13 @@ if (is_ajax() === true) {

                        // Agent ID link.
                        if ($tmp->id_agente > 0) {
-                            $draw_agent_id = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            if ($tmp->meta === true) {
+                                $draw_agent_id = "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-table-redirection-".$redirection_form_id."\").submit();' href='#'>";
+                                $redirection_form_id++;
+                            } else {
+                                $draw_agent_id = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            }
+
                            $draw_agent_id .= $tmp->id_agente;
                            $draw_agent_id .= '</a>';
                            $tmp->id_agente = $draw_agent_id;