tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2010-11-03 Sergio Martin <sergio.martin@artica.es> 

*  include/functions_modules.php
	include/functions_reporting.php
	include/functions.php
	include/functions_db.php
	operation/agentes/ver_agente.php
	godmode/massive/massive_delete_modules.php: Fixed 
	several html entities codifications with safe_input/safe_output



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3502 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
zarzuelo 2010-11-03 12:18:33 +00:00
parent d55df2395b
commit e846299ce7
7 changed files with 45 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pandora_console/ChangeLog
View File

@ -1,3 +1,13 @@
2010-11-03 Sergio Martin <sergio.martin@artica.es>
* include/functions_modules.php
include/functions_reporting.php
include/functions.php
include/functions_db.php
operation/agentes/ver_agente.php
godmode/massive/massive_delete_modules.php: Fixed
several html entities codifications with safe_input/safe_output
2010-11-02 Sergio Martin <sergio.martin@artica.es> 2010-11-02 Sergio Martin <sergio.martin@artica.es>
* pandoradb_data.sql: Changed several spaces and parentheses * pandoradb_data.sql: Changed several spaces and parentheses

9
pandora_console/godmode/massive/massive_delete_modules.php
View File

@ -83,14 +83,13 @@ $delete = (bool) get_parameter_post ('delete');
if ($delete) { if ($delete) {
$result = process_manage_delete ($module_name, $id_agents); $result = process_manage_delete ($module_name, $id_agents);
if ($result) { if ($result) {
pandora_audit("Masive management", "Delete module ", false, false, pandora_audit("Massive management", "Delete module ", false, false,
'Agent: ' . json_encode($id_agents) . ' Module: ' . $module_names); 'Agent: ' . json_encode($id_agents) . ' Module: ' . $module_name);
} }
else { else {
pandora_audit("Masive management", "Fail try to delete module", false, false, pandora_audit("Massive management", "Fail try to delete module", false, false,
'Agent: ' . json_encode($id_agents) . ' Module: ' . $module_names); 'Agent: ' . json_encode($id_agents) . ' Module: ' . $module_name);
} }
} }

3
pandora_console/include/functions.php
View File

@ -1164,10 +1164,9 @@ function string2image($string, $width, $height, $fontsize = 3,
**/ **/
function check_sql ($sql){ function check_sql ($sql){
// We remove "*" to avoid things like SELECT * FROM tusuario // We remove "*" to avoid things like SELECT * FROM tusuario
if (preg_match("/\*|DELETE|DROP|ALTER|MODIFY|UNION|password|pass|INSERT|UPDATE/", $sql)){ if (preg_match("/\*|delete|drop|alter|modify|union|password|pass|insert|update/i", $sql)){
return ""; return "";
} }
return $sql; return $sql;

4
pandora_console/include/functions_db.php
View File

@ -693,9 +693,9 @@ function get_agent_modules ($id_agent, $details = false, $filter = false, $index
%s %s
ORDER BY nombre', ORDER BY nombre',
($details != '*' && $indexed) ? 'id_agente_modulo,' : '', ($details != '*' && $indexed) ? 'id_agente_modulo,' : '',
implode (",", (array) $details), safe_output(implode (",", (array) $details)),
$where); $where);
$sql = safe_output($sql);
$result = get_db_all_rows_sql ($sql); $result = get_db_all_rows_sql ($sql);
if (empty ($result)) { if (empty ($result)) {

5
pandora_console/include/functions_modules.php
View File

@ -2,7 +2,7 @@
// Pandora FMS - http://pandorafms.com // Pandora FMS - http://pandorafms.com
// ================================================== // ==================================================
// Copyright (c) 2005-2009 Artica Soluciones Tecnologicas // Copyright (c) 2005-2010 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list // Please see http://pandorafms.org for full contribution list
// This program is free software; you can redistribute it and/or // This program is free software; you can redistribute it and/or
@ -120,6 +120,9 @@ function copy_agent_module_to_agent ($id_agent_module, $id_destiny_agent, $force
* @return True if the module was deleted. False if not. * @return True if the module was deleted. False if not.
*/ */
function delete_agent_module ($id_agent_module) { function delete_agent_module ($id_agent_module) {
if(!$id_agent_module)
return false;
$where = array ('id_agent_module' => $id_agent_module); $where = array ('id_agent_module' => $id_agent_module);
enterprise_hook('deleteLocalModuleInConf', array(get_agentmodule_agent($id_agent_module), get_agentmodule_name($id_agent_module))); enterprise_hook('deleteLocalModuleInConf', array(get_agentmodule_agent($id_agent_module), get_agentmodule_name($id_agent_module)));

36
pandora_console/include/functions_reporting.php
View File

@ -1968,29 +1968,37 @@ function render_report_html_item ($content, $table, $report, $mini = false) {
} }
if ($content['treport_custom_sql_id'] != 0) { if ($content['treport_custom_sql_id'] != 0) {
$sql = safe_output (get_db_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); $sql = safe_output_html (get_db_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
} }
else { else {
$sql = safe_output ($content['external_source']); $sql = safe_output_html ($content['external_source']);
} }
// Do a security check on SQL coming from the user // Do a security check on SQL coming from the user
$sql = check_sql ($sql); $sql = check_sql ($sql);
$result = get_db_all_rows_sql($sql);
if ($result === false) {
$result = array();
}
if (isset($result[0])) { if($sql != '') {
if (count($result[0]) > count($table2->head)) { $result = get_db_all_rows_sql($sql);
$table2->head = array_pad($table2->head, count($result[0]), '&nbsp;'); if ($result === false) {
$result = array();
}
if (isset($result[0])) {
if (count($result[0]) > count($table2->head)) {
$table2->head = array_pad($table2->head, count($result[0]), '&nbsp;');
}
}
$table2->data = array();
foreach ($result as $row) {
array_push($table2->data, $row);
} }
} }
else {
$table2->data = array(); $table2->data = array();
foreach ($result as $row) { array_push($table2->data, array("id_user" => "<div class='nf'>[".__('Illegal query')."]<br>".
array_push($table2->data, $row); __('Due security restrictions, there are some tokens or words you cannot use').
': *, delete, drop, alter, modify, union, password, pass, insert '.__('or')." update.</div>"));
} }
$cellContent = print_table($table2, true); $cellContent = print_table($table2, true);

4
pandora_console/operation/agentes/ver_agente.php
View File

@ -111,7 +111,7 @@ if (is_ajax ()) {
$result = array(); $result = array();
foreach($nameModules as $nameModule) { foreach($nameModules as $nameModule) {
$result[] = $nameModule['nombre']; $result[] = safe_output($nameModule['nombre']);
} }
echo json_encode($result); echo json_encode($result);
@ -127,7 +127,7 @@ if (is_ajax ()) {
if ($agentName != null) { if ($agentName != null) {
$search = array(); $search = array();
$search['name'] = $agentName; $search['name'] = safe_output($agentName);
} }
else else
$search = false; $search = false;