From 4cac880ecacf6910e714e43b6cdab84a55477c11 Mon Sep 17 00:00:00 2001
From: "alejandro.campos@artica.es" <alejandro.campos@artica.es>
Date: Fri, 5 May 2023 13:04:02 +0200
Subject: [PATCH 1/3] send login hash info in post body in meta links to node

---
 pandora_console/include/functions_events.php  |  25 ++++
 .../include/functions_treeview.php            |  45 ++++++-
 pandora_console/index.php                     |   2 +-
 .../operation/agentes/status_monitor.php      | 112 ++++++++++++++----
 .../operation/agentes/ver_agente.php          |   2 +
 pandora_console/operation/events/events.php   |  32 ++++-
 6 files changed, 193 insertions(+), 25 deletions(-)

diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php
index 9f4ba19bb1..dda802ef5b 100644
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@@ -4345,6 +4345,31 @@ function events_page_details($event, $server_id=0)
                 true,
                 true
             ).ui_print_help_tip(__('This agent belongs to metaconsole, is not possible display it'), true);
+        } else if (can_user_access_node() && is_metaconsole()) {
+            // Workaround to pass login hash data in POST body instead of directly in the URL.
+            parse_str($hashstring, $url_hash_array);
+            $redirection_form = "<form id='agent-redirection' method='POST' action='".$serverstring."index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$event['id_agente']."'>";
+            $redirection_form .= html_print_input_hidden(
+                'loginhash',
+                $url_hash_array['loginhash'],
+                true
+            );
+            $redirection_form .= html_print_input_hidden(
+                'loginhash_data',
+                $url_hash_array['loginhash_data'],
+                true
+            );
+            $redirection_form .= html_print_input_hidden(
+                'loginhash_user',
+                $url_hash_array['loginhash_user'],
+                true
+            );
+            $redirection_form .= '</form>';
+
+            $data[1] = $redirection_form;
+            $data[1] .= "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-redirection\").submit();' href='#'>";
+            $data[1] .= '<b>'.$agent['alias'].'</b>';
+            $data[1] .= '</a>';
         } else if (can_user_access_node()) {
             $data[1] = ui_print_agent_name(
                 $event['id_agente'],
diff --git a/pandora_console/include/functions_treeview.php b/pandora_console/include/functions_treeview.php
index 097530442d..6b30a76661 100755
--- a/pandora_console/include/functions_treeview.php
+++ b/pandora_console/include/functions_treeview.php
@@ -322,9 +322,50 @@ function treeview_printModuleTable($id_module, $server_data=false, $no_head=fals
     $agent_name = db_get_value('nombre', 'tagente', 'id_agente', $module['id_agente']);
 
     if ($user_access_node && check_acl($config['id_user'], $id_group, 'AW')) {
-        // Actions table
         echo '<div class="actions_treeview flex flex-evenly">';
-        echo '<a target=_blank href="'.$console_url.'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente='.$module['id_agente'].'&tab=module&edit_module=1&id_agent_module='.$module['id_agente_modulo'].$url_hash.'">';
+
+        if (is_metaconsole() === true) {
+            echo "<form id='module-table-redirection' method='POST' action='".$console_url."index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&tab=module'>";
+
+            parse_str($url_hash, $url_hash_array);
+
+            html_print_input_hidden(
+                'id_agente',
+                $module['id_agente'],
+                false
+            );
+            html_print_input_hidden(
+                'edit_module',
+                1,
+                false
+            );
+            html_print_input_hidden(
+                'id_agent_module',
+                $module['id_agente_modulo'],
+                false
+            );
+            html_print_input_hidden(
+                'loginhash',
+                $url_hash_array['loginhash'],
+                false
+            );
+            html_print_input_hidden(
+                'loginhash_data',
+                $url_hash_array['loginhash_data'],
+                false
+            );
+            html_print_input_hidden(
+                'loginhash_user',
+                $url_hash_array['loginhash_user'],
+                false
+            );
+
+            echo '</form>';
+            echo "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"module-table-redirection\").submit();' href='#'>";
+        } else {
+            echo '<a target=_blank href="'.$console_url.'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente='.$module['id_agente'].'&tab=module&edit_module=1&id_agent_module='.$module['id_agente_modulo'].$url_hash.'">';
+        }
+
         html_print_submit_button(
             __('Go to module edition'),
             'upd_button',
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 98b3ce716e..527793f566 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -755,7 +755,7 @@ if (isset($config['id_user']) === false) {
         header('Location: '.ui_get_full_url('index.php'.$redirect_url));
         exit;
         // Always exit after sending location headers.
-    } else if (isset($_GET['loginhash']) === true) {
+    } else if (isset($_GET['loginhash']) === true || isset($_POST['loginhash']) === true) {
         // Hash login process.
         $loginhash_data = get_parameter('loginhash_data', '');
         $loginhash_user = str_rot13(get_parameter('loginhash_user', ''));
diff --git a/pandora_console/operation/agentes/status_monitor.php b/pandora_console/operation/agentes/status_monitor.php
index 6201ac691c..ce17dad627 100644
--- a/pandora_console/operation/agentes/status_monitor.php
+++ b/pandora_console/operation/agentes/status_monitor.php
@@ -1615,6 +1615,8 @@ if (empty($result) === false) {
         'web_content_string'
     );
 
+    $inc_id = 0;
+
     foreach ($result as $row) {
         // Avoid unset, null and false value.
         if (empty($row['server_name']) === true) {
@@ -1702,8 +1704,26 @@ if (empty($result) === false) {
             $agent_alias = !empty($row['agent_alias']) ? $row['agent_alias'] : $row['agent_name'];
 
             // TODO: Calculate hash access before to use it more simply like other sections. I.E. Events view
-            if (defined('METACONSOLE')) {
-                $agent_link = '<a href="'.$row['server_url'].'index.php?'.'sec=estado&'.'sec2=operation/agentes/ver_agente&'.'id_agente='.$row['id_agent'].'&'.'loginhash=auto&'.'loginhash_data='.$row['hashdata'].'&'.'loginhash_user='.str_rot13($row['user']).'">';
+            if (is_metaconsole() === true) {
+                echo "<form id='agent-redirection-".$inc_id."' method='POST' action='".$row['server_url']."index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row['id_agent']."'>";
+                html_print_input_hidden(
+                    'loginhash',
+                    'auto',
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_data',
+                    $row['hashdata'],
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_user',
+                    str_rot13($row['user']),
+                    false
+                );
+                echo '</form>';
+                $agent_link = "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-redirection-".$inc_id."\").submit();' href='#'>";
+
                 $agent_alias = ui_print_truncate_text(
                     $agent_alias,
                     'agent_small',
@@ -2231,27 +2251,77 @@ if (empty($result) === false) {
         }
 
         if (check_acl_one_of_groups($config['id_user'], $agent_groups, 'AW')) {
-            $url_edit_module = $row['server_url'];
-            $url_edit_module .= 'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&';
-            $url_edit_module .= '&id_agente='.$row['id_agent'];
-            $url_edit_module .= '&tab=module&id_agent_module='.$row['id_agente_modulo'].'&edit_module=1';
+            $table->cellclass[][2] = 'action_buttons';
+
             if (is_metaconsole() === true) {
-                $url_edit_module .= '&loginhash=auto';
-                $url_edit_module .= '&loginhash_data='.$row['hashdata'].'&loginhash_user='.str_rot13($row['user']);
+                echo "<form id='agent-edit-redirection-".$inc_id."' method='POST' action='".$row['server_url']."index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&tab=module&edit_module=1'>";
+                html_print_input_hidden(
+                    'id_agente',
+                    $row['id_agent'],
+                    false
+                );
+                html_print_input_hidden(
+                    'id_agent_module',
+                    $row['id_agente_modulo'],
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash',
+                    'auto',
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_data',
+                    $row['hashdata'],
+                    false
+                );
+                html_print_input_hidden(
+                    'loginhash_user',
+                    str_rot13($row['user']),
+                    false
+                );
+
+                echo '</form>';
+                $agent_link = "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-edit-redirection-".$inc_id."\").submit();' href='#'>";
+
+                $agent_alias = ui_print_truncate_text(
+                    $agent_alias,
+                    'agent_small',
+                    false,
+                    true,
+                    true,
+                    '[&hellip;]',
+                    'font-size:7.5pt;'
+                );
+
+                $data[12] .= $agent_link.html_print_image(
+                    'images/edit.svg',
+                    true,
+                    [
+                        'alt'    => '0',
+                        'border' => '',
+                        'title'  => __('Edit'),
+                        'class'  => 'main_menu_icon invert_filter',
+                    ]
+                ).'</a>';
+            } else {
+                $url_edit_module = $row['server_url'];
+                $url_edit_module .= 'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&';
+                $url_edit_module .= '&id_agente='.$row['id_agent'];
+                $url_edit_module .= '&tab=module&id_agent_module='.$row['id_agente_modulo'].'&edit_module=1';
+                $data[12] .= '<a href="'.$url_edit_module.'">'.html_print_image(
+                    'images/edit.svg',
+                    true,
+                    [
+                        'alt'    => '0',
+                        'border' => '',
+                        'title'  => __('Edit'),
+                        'class'  => 'main_menu_icon invert_filter',
+                    ]
+                ).'</a>';
             }
 
-            $table->cellclass[][2] = 'action_buttons';
-            $data[12] .= '<a href="'.$url_edit_module.'">'.html_print_image(
-                'images/edit.svg',
-                true,
-                [
-                    'alt'    => '0',
-                    'border' => '',
-                    'title'  => __('Edit'),
-                    'class'  => 'main_menu_icon invert_filter',
-                ]
-            ).'</a>';
-
+            // Delete.
             if (is_metaconsole() === false) {
                 $url_delete_module = $row['server_url'].'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente';
                 $url_delete_module .= '&id_agente='.$row['id_agent'].'&delete_module='.$row['id_agente_modulo'];
@@ -2270,6 +2340,8 @@ if (empty($result) === false) {
             }
         }
 
+        $inc_id++;
+
         array_push($table->data, $data);
     }
 
diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php
index 2e2ee2e37a..4610e0e4db 100644
--- a/pandora_console/operation/agentes/ver_agente.php
+++ b/pandora_console/operation/agentes/ver_agente.php
@@ -1301,6 +1301,8 @@ if (is_ajax()) {
 }
 
 $id_agente = (int) get_parameter('id_agente', 0);
+hd("idagente", true);
+hd($id_agent, true);
 if (empty($id_agente)) {
     return;
 }
diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php
index a826986e95..b22c747878 100644
--- a/pandora_console/operation/events/events.php
+++ b/pandora_console/operation/events/events.php
@@ -458,9 +458,11 @@ if (is_ajax() === true) {
             }
 
             if (empty($events) === false) {
+                $redirection_form_id = 0;
+
                 $data = array_reduce(
                     $events,
-                    function ($carry, $item) use ($table_id) {
+                    function ($carry, $item) use ($table_id, $redirection_form_id) {
                         global $config;
 
                         $tmp = (object) $item;
@@ -1015,11 +1017,37 @@ if (is_ajax() === true) {
                             $url_link = $server_url;
                             $url_link .= '/index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=';
                             $url_link_hash = $hashdata;
+
+                            parse_str($url_link_hash, $url_hash_array);
+
+                            $redirection_form = "<form id='agent-table-redirection-".$redirection_form_id."' method='POST' action='".$url_link.$tmp->id_agente."'>";
+                            $redirection_form .= html_print_input_hidden(
+                                'loginhash',
+                                $url_hash_array['loginhash'],
+                                true
+                            );
+                            $redirection_form .= html_print_input_hidden(
+                                'loginhash_data',
+                                $url_hash_array['loginhash_data'],
+                                true
+                            );
+                            $redirection_form .= html_print_input_hidden(
+                                'loginhash_user',
+                                $url_hash_array['loginhash_user'],
+                                true
+                            );
+                            $redirection_form .= '</form>';
                         }
 
                         // Agent name link.
                         if ($tmp->id_agente > 0) {
-                            $draw_agent_name = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            if ($tmp->meta === true) {
+                                $draw_agent_name = $redirection_form;
+                                $draw_agent_name .= "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-table-redirection-".$redirection_form_id."\").submit();' href='#'>";
+                                $redirection_form_id++;
+                            } else {
+                                $draw_agent_name = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            }
                             $draw_agent_name .= $tmp->agent_name;
                             $draw_agent_name .= '</a>';
                             $tmp->agent_name = $draw_agent_name;

From 9c0ef3e5aa9d6b4ad0eb9d4ab56987e0d63eaf60 Mon Sep 17 00:00:00 2001
From: "alejandro.campos@artica.es" <alejandro.campos@artica.es>
Date: Fri, 5 May 2023 13:05:38 +0200
Subject: [PATCH 2/3] send login hash info in post body in meta links to node

---
 pandora_console/operation/agentes/ver_agente.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php
index 4610e0e4db..3bb5846113 100644
--- a/pandora_console/operation/agentes/ver_agente.php
+++ b/pandora_console/operation/agentes/ver_agente.php
@@ -1301,8 +1301,7 @@ if (is_ajax()) {
 }
 
 $id_agente = (int) get_parameter('id_agente', 0);
-hd("idagente", true);
-hd($id_agent, true);
+
 if (empty($id_agente)) {
     return;
 }

From 1225c055a1f3a06e642c3b3c27e914da2118e86b Mon Sep 17 00:00:00 2001
From: "alejandro.campos@artica.es" <alejandro.campos@artica.es>
Date: Wed, 28 Jun 2023 09:35:49 +0200
Subject: [PATCH 3/3] removed hash in url from agent id link

---
 pandora_console/operation/events/events.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php
index b22c747878..6f96cd3588 100644
--- a/pandora_console/operation/events/events.php
+++ b/pandora_console/operation/events/events.php
@@ -462,7 +462,7 @@ if (is_ajax() === true) {
 
                 $data = array_reduce(
                     $events,
-                    function ($carry, $item) use ($table_id, $redirection_form_id) {
+                    function ($carry, $item) use ($table_id, &$redirection_form_id) {
                         global $config;
 
                         $tmp = (object) $item;
@@ -1044,10 +1044,10 @@ if (is_ajax() === true) {
                             if ($tmp->meta === true) {
                                 $draw_agent_name = $redirection_form;
                                 $draw_agent_name .= "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-table-redirection-".$redirection_form_id."\").submit();' href='#'>";
-                                $redirection_form_id++;
                             } else {
                                 $draw_agent_name = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
                             }
+
                             $draw_agent_name .= $tmp->agent_name;
                             $draw_agent_name .= '</a>';
                             $tmp->agent_name = $draw_agent_name;
@@ -1057,7 +1057,13 @@ if (is_ajax() === true) {
 
                         // Agent ID link.
                         if ($tmp->id_agente > 0) {
-                            $draw_agent_id = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            if ($tmp->meta === true) {
+                                $draw_agent_id = "<a target=_blank onclick='event.preventDefault(); document.getElementById(\"agent-table-redirection-".$redirection_form_id."\").submit();' href='#'>";
+                                $redirection_form_id++;
+                            } else {
+                                $draw_agent_id = '<a href="'.$url_link.$tmp->id_agente.$url_link_hash.'">';
+                            }
+
                             $draw_agent_id .= $tmp->id_agente;
                             $draw_agent_id .= '</a>';
                             $tmp->id_agente = $draw_agent_id;