tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/develop' into ent-7074-Command-Center 

Conflicts:
	pandora_agents/unix/Darwin/dmg/resources/text/conclusion.html
	pandora_agents/unix/Darwin/dmg/resources/text/license.html
	pandora_console/extras/delete_files/delete_files.txt
	pandora_console/extras/mr/48.sql
This commit is contained in:
fbsanchez 2021-06-21 17:33:45 +02:00
parent d9bad6f5c6 7937a988df
commit faa9fee273
51 changed files with 510 additions and 279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_agents/unix/DEBIAN/control
View File

@ -1,5 +1,5 @@
package: pandorafms-agent-unix
Version: 7.0NG.755-210618
Version: 7.0NG.755-210621
Architecture: all
Priority: optional
Section: admin

2
pandora_agents/unix/DEBIAN/make_deb_package.sh
View File

@ -14,7 +14,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
pandora_version="7.0NG.755-210618"
pandora_version="7.0NG.755-210621"
echo "Test if you has the tools for to make the packages."
whereis dpkg-deb | cut -d":" -f2 | grep dpkg-deb > /dev/null

2
pandora_agents/unix/pandora_agent
View File

@ -1015,7 +1015,7 @@ my $Sem = undef;
my $ThreadSem = undef;
use constant AGENT_VERSION => '7.0NG.755';
use constant AGENT_BUILD => '210618';
use constant AGENT_BUILD => '210621';
# Agent log default file size maximum and instances
use constant DEFAULT_MAX_LOG_SIZE => 600000;

2
pandora_agents/unix/pandora_agent.redhat.spec
View File

@ -3,7 +3,7 @@
#
%define name pandorafms_agent_unix
%define version 7.0NG.755
%define release 210618
%define release 210621
Summary: Pandora FMS Linux agent, PERL version
Name: %{name}

2
pandora_agents/unix/pandora_agent.spec
View File

@ -3,7 +3,7 @@
#
%define name pandorafms_agent_unix
%define version 7.0NG.755
%define release 210618
%define release 210621
Summary: Pandora FMS Linux agent, PERL version
Name: %{name}

2
pandora_agents/unix/pandora_agent_installer
View File

@ -10,7 +10,7 @@
# **********************************************************************
PI_VERSION="7.0NG.755"
PI_BUILD="210618"
PI_BUILD="210621"
OS_NAME=`uname -s`
FORCE=0

BIN
pandora_agents/win32/bin/util/omnishell_client.exe Executable file → Normal file
View File

Binary file not shown.

2
pandora_agents/win32/installer/pandora.mpi
View File

@ -186,7 +186,7 @@ UpgradeApplicationID
{}
Version
{210618}
{210621}
ViewReadme
{Yes}

4
pandora_agents/win32/omnishell/omnishell_client.pl
View File

@ -63,7 +63,7 @@ my $config = read_configuration({},' ', [
if (!defined($ConfFile) || !-e $ConfFile) {
print $HELP;
exit 1;
exit 0;
}
if(!-d dirname($ConfFile).'\commands') {
@ -87,7 +87,7 @@ if ($@) {
if (is_enabled($config->{'debug'})) {
print STDERR $@."\n";
}
exit 1;
exit 0;
}
exit 0;

2
pandora_agents/win32/pandora.cc
View File

@ -30,7 +30,7 @@ using namespace Pandora;
using namespace Pandora_Strutils;
#define PATH_SIZE _MAX_PATH+1
#define PANDORA_VERSION ("7.0NG.755 Build 210618")
#define PANDORA_VERSION ("7.0NG.755 Build 210621")
string pandora_path;
string pandora_dir;

2
pandora_agents/win32/versioninfo.rc
View File

@ -11,7 +11,7 @@ BEGIN
VALUE "LegalCopyright", "Artica ST"
VALUE "OriginalFilename", "PandoraAgent.exe"
VALUE "ProductName", "Pandora FMS Windows Agent"
VALUE "ProductVersion", "(7.0NG.755(Build 210618))"
VALUE "ProductVersion", "(7.0NG.755(Build 210621))"
VALUE "FileVersion", "1.0.0.0"
END
END

2
pandora_console/DEBIAN/control
View File

@ -1,5 +1,5 @@
package: pandorafms-console
Version: 7.0NG.755-210618
Version: 7.0NG.755-210621
Architecture: all
Priority: optional
Section: admin

2
pandora_console/DEBIAN/make_deb_package.sh
View File

@ -14,7 +14,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
pandora_version="7.0NG.755-210618"
pandora_version="7.0NG.755-210621"
package_pear=0
package_pandora=1

5
pandora_console/extras/delete_files/delete_files.txt
View File

@ -100,3 +100,8 @@ enterprise/include/functions_update_manager.php
include/ajax/rolling_release.ajax.php
extensions/plugin_registration.php
enterprise/include/functions_plugins.php
include/help/en/help_event_alert.php
include/help/es/help_event_alert.php
enterprise/godmode/alerts/alert_events.php
enterprise/godmode/alerts/alert_events_list.php
enterprise/godmode/alerts/alert_events_rules.php

11
pandora_console/extras/mr/48.sql
View File

@ -13,4 +13,13 @@ CREATE TABLE IF NOT EXISTS `tsync_queue` (
SOURCE './procedures/updateSnmpAlerts.sql';
COMMIT;
UPDATE pandora.tuser_task
SET parameters='a:7:{i:0;a:7:{s:11:"description";s:30:"Template pending to be created";s:5:"table";s:16:"treport_template";s:8:"field_id";s:9:"id_report";s:10:"field_name";s:4:"name";s:8:"required";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_group";}i:1;a:7:{s:11:"description";s:6:"Agents";s:5:"table";s:7:"tagente";s:8:"field_id";s:9:"id_agente";s:10:"field_name";s:6:"nombre";s:8:"multiple";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_grupo";}i:2;a:2:{s:11:"description";s:16:"Report per agent";s:10:"select_two";b:1;}i:3;a:2:{s:11:"description";s:11:"Report name";s:4:"type";s:6:"string";}i:4;a:2:{s:11:"description";s:47:"Send to e-mail addresses (separated by a comma)";s:4:"type";s:4:"text";}i:5;a:2:{s:11:"description";s:7:"Subject";s:8:"optional";i:1;}i:6;a:3:{s:11:"description";s:7:"Message";s:4:"type";s:4:"text";s:8:"optional";i:1;}}i:7;a:2:{s:11:"description";s:11:"Report Type";s:4:"type";s:11:"report_type";}}'
WHERE id=2;
UPDATE `tuser_task_scheduled` SET
`args` = REPLACE (`args`, 'a:8', 'a:9'),
`args`= REPLACE(`args`, 's:15:"first_execution"', 'i:2;s:0:"";i:7;s:3:"PDF";s:15:"first_execution"')
WHERE `id_user_task` = 2;
COMMIT;

8
pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
View File

@ -2562,6 +2562,8 @@ ALTER TABLE `tnetflow_filter` MODIFY COLUMN `router_ip` text NOT NULL;
UPDATE tuser_task set parameters = 'a:5:{i:0;a:6:{s:11:\"description\";s:28:\"Report pending to be created\";s:5:\"table\";s:7:\"treport\";s:8:\"field_id\";s:9:\"id_report\";s:10:\"field_name\";s:4:\"name\";s:4:\"type\";s:3:\"int\";s:9:\"acl_group\";s:8:\"id_group\";}i:1;a:2:{s:11:\"description\";s:46:\"Send to email addresses (separated by a comma)\";s:4:\"type\";s:4:\"text\";}i:2;a:2:{s:11:\"description\";s:7:\"Subject\";s:8:\"optional\";i:1;}i:3;a:3:{s:11:\"description\";s:7:\"Message\";s:4:\"type\";s:4:\"text\";s:8:\"optional\";i:1;}i:4;a:2:{s:11:\"description\";s:11:\"Report Type\";s:4:\"type\";s:11:\"report_type\";}}' where function_name = "cron_task_generate_report";
INSERT IGNORE INTO tuser_task VALUES (8, 'cron_task_generate_csv_log', 'a:1:{i:0;a:2:{s:11:"description";s:14:"Send to e-mail";s:4:"type";s:4:"text";}}', 'Send csv log');
UPDATE `tuser_task` SET `parameters`='a:4:{i:0;a:6:{s:11:"description";s:28:"Report pending to be created";s:5:"table";s:7:"treport";s:8:"field_id";s:9:"id_report";s:10:"field_name";s:4:"name";s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_group";}i:1;a:2:{s:11:"description";s:426:"Save to disk in path<a href="javascript:" class="tip" style="" ><img src="http://172.16.0.2/pandora_console/images/tip_help.png" data-title="The Apache user should have read-write access on this folder. E.g. /var/www/html/pandora_console/attachment" data-use_title_for_force_title="1" class="forced_title" alt="The Apache user should have read-write access on this folder. E.g. /var/www/html/pandora_console/attachment" /></a>";s:4:"type";s:6:"string";}i:2;a:2:{s:11:"description";s:16:"File nane prefix";s:4:"type";s:6:"string";}i:3;a:2:{s:11:"description";s:11:"Report Type";s:4:"type";s:11:"report_type";}}' WHERE `id`=3;
UPDATE pandora.tuser_task
SET parameters='a:7:{i:0;a:7:{s:11:"description";s:30:"Template pending to be created";s:5:"table";s:16:"treport_template";s:8:"field_id";s:9:"id_report";s:10:"field_name";s:4:"name";s:8:"required";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_group";}i:1;a:7:{s:11:"description";s:6:"Agents";s:5:"table";s:7:"tagente";s:8:"field_id";s:9:"id_agente";s:10:"field_name";s:6:"nombre";s:8:"multiple";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_grupo";}i:2;a:2:{s:11:"description";s:16:"Report per agent";s:10:"select_two";b:1;}i:3;a:2:{s:11:"description";s:11:"Report name";s:4:"type";s:6:"string";}i:4;a:2:{s:11:"description";s:47:"Send to e-mail addresses (separated by a comma)";s:4:"type";s:4:"text";}i:5;a:2:{s:11:"description";s:7:"Subject";s:8:"optional";i:1;}i:6;a:3:{s:11:"description";s:7:"Message";s:4:"type";s:4:"text";s:8:"optional";i:1;}}i:7;a:2:{s:11:"description";s:11:"Report Type";s:4:"type";s:11:"report_type";}}' WHERE id=2;
DELETE FROM `tuser_task` WHERE id = 6;
-- Migrate old tasks
@ -2576,6 +2578,12 @@ UPDATE `tuser_task_scheduled` SET
`args`= REPLACE(`args`, 's:15:"first_execution"', 'i:2;s:0:"";i:3;s:3:"XML";s:15:"first_execution"')
WHERE `id_user_task` = 6;
UPDATE `tuser_task_scheduled` SET
`args` = REPLACE (`args`, 'a:8', 'a:9'),
`args`= REPLACE(`args`, 's:15:"first_execution"', 'i:2;s:0:"";i:7;s:3:"PDF";s:15:"first_execution"')
WHERE `id_user_task` = 2;
-- ----------------------------------------------------------------------
-- ADD message in table 'tnews'
-- ----------------------------------------------------------------------

7
pandora_console/general/login_page.php
View File

@ -210,7 +210,7 @@ switch ($login_screen) {
case 'login':
if (!empty($page) && !empty($sec)) {
foreach ($_POST as $key => $value) {
html_print_input_hidden(io_safe_input($key), $value);
html_print_input_hidden(io_safe_input($key), io_safe_input($value));
}
}
@ -334,6 +334,9 @@ if ($config['enterprise_installed']) {
}
}
// CSRF validation.
html_print_csrf_hidden();
echo '</form></div>';
echo '<div class="login_data">';
echo '<div class ="text_banner_login">';
@ -686,7 +689,7 @@ html_print_div(['id' => 'forced_title_layer', 'class' => 'forced_title_layer', '
});
$("#submit-hide-login-logout").click (function () {
$("#login_logout").dialog('close');
document.location = "<?php echo ui_get_full_url('index.php'); ?>";
});
});
break;

109
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -160,7 +160,7 @@ $pure = get_parameter('pure', 0);
$schedule_report = get_parameter('schbutton', '');
$pagination = (int) get_parameter('pagination', $config['block_size']);
if ($action == 'edit' && $idReport > 0) {
if ($action === 'edit' && $idReport > 0) {
$report_group = db_get_value(
'id_group',
'treport',
@ -451,6 +451,14 @@ switch ($action) {
} else {
$resultOperationDB = false;
}
header(
sprintf(
'Location: %sindex.php?sec=reporting&sec2=godmode/reporting/reporting_builder&tab=list_items&action=edit&id_report=%d',
$config['homeurl'],
$idReport
)
);
break;
case 'delete_items_pos':
@ -514,6 +522,7 @@ switch ($action) {
}
break;
case 'copy_report':
case 'delete_report':
case 'list':
$buttons = [
@ -666,6 +675,81 @@ switch ($action) {
);
}
if ($action === 'copy_report') {
$copy = false;
switch ($type_access_selected) {
case 'group_view':
if ($config['id_user'] == $report['id_user']
|| is_user_admin($config['id_user'])
) {
$copy = true;
// Owner can delete.
} else {
$copy = check_acl(
$config['id_user'],
$report['id_group'],
'RM'
);
}
break;
case 'group_edit':
if ($config['id_user'] == $report['id_user']
|| is_user_admin($config['id_user'])
) {
$copy = true;
// Owner can delete.
} else {
$copy = check_acl(
$config['id_user'],
$report['id_group'],
'RM'
);
}
break;
case 'user_edit':
if ($config['id_user'] == $report['id_user']
|| is_user_admin($config['id_user'])
) {
$copy = true;
}
break;
default:
// Default.
break;
}
if (! $copy && !empty($type_access_selected)) {
db_pandora_audit(
'ACL Violation',
'Trying to access report builder copy'
);
include 'general/noaccess.php';
exit;
}
$result = reports_copy_report($idReport);
if ($result !== false) {
db_pandora_audit(
'Report management',
'Copy report #'.$idReport
);
} else {
db_pandora_audit(
'Report management',
'Fail try to copy report #'.$idReport
);
}
ui_print_result_message(
$result,
__('Successfully copied'),
__('Could not be copied')
);
}
$id_group = (int) get_parameter('id_group', 0);
$search = trim(get_parameter('search', ''));
@ -1101,6 +1185,27 @@ switch ($action) {
$data[$next] .= '</form>';
}
$data[$next] .= '<form method="post" style="display: inline"; onsubmit="if (!confirm(\''.__('Are you sure?').'\')) return false;">';
$data[$next] .= html_print_input_hidden(
'id_report',
$report['id_report'],
true
);
$data[$next] .= html_print_input_hidden(
'action',
'copy_report',
true
);
$data[$next] .= html_print_input_image(
'dup',
'images/copy.png',
1,
'',
true,
['title' => __('Duplicate')]
);
$data[$next] .= '</form> ';
if ($delete) {
$data[$next] .= '<form method="post" class="inline_line" onsubmit="if (!confirm (\''.__('Are you sure?').'\')) return false">';
$data[$next] .= html_print_input_image(
@ -3349,7 +3454,7 @@ if ($resultOperationDB !== null) {
$textReportName,
'images/op_reporting.png',
false,
$helpers,
'',
false,
$buttons,
[

4
pandora_console/godmode/setup/setup_general.php
View File

@ -644,14 +644,14 @@ echo '<legend>'.__('Mail configuration').'</legend>';
$table_mail_test->class = 'databox filters';
$table_mail_test->data = [];
$table_mail_test->style[0] = 'font-weight: bold;';
$table_mail_test->style[1] = 'font-weight: bold;display: flex;height: 54px;align-items: center;';
$table_mail_test->style[1] = 'font-weight: bold;display: flex;height: 54px;align-items: center;padding-left: 15px;';
$table_mail_test->data[0][0] = __('Address');
$table_mail_test->data[0][1] = html_print_input_text(
'email_test_address',
'',
'',
40,
35,
100,
true
);

5
pandora_console/include/ajax/planned_downtime.ajax.php
View File

@ -65,7 +65,10 @@ if ($get_modules_downtime) {
$downtime_module_ids = extract_column($downtime_modules, 'id_agent_module');
$downtime_modules = array_fill_keys($downtime_module_ids, true);
$filter = ['id_agente' => $id_agent, 'delete_pending' => 0];
$filter = [
'id_agente' => $id_agent,
'delete_pending' => 0,
];
$modules = db_get_all_rows_filter('tagente_modulo', $filter);
if (empty($modules)) {
$modules = [];

56
pandora_console/include/class/ExternalTools.class.php
View File

@ -98,8 +98,12 @@ class ExternalTools extends HTML
// Define array for host the command/parameters pair data.
$this->pathCustomComm[$customValue] = [];
// Ensure the information.
$this->pathCustomComm[$customValue]['command_custom'] = (string) get_parameter('command_custom_'.$customCommandId);
$this->pathCustomComm[$customValue]['params_custom'] = (string) get_parameter('params_custom_'.$customCommandId);
$this->pathCustomComm[$customValue]['command_custom'] = (string) get_parameter(
'command_custom_'.$customCommandId
);
$this->pathCustomComm[$customValue]['params_custom'] = (string) get_parameter(
'params_custom_'.$customCommandId
);
}
}
}
@ -139,7 +143,7 @@ class ExternalTools extends HTML
global $config;
$i = 0;
$sounds = $this->get_sounds();
$sounds = $this->getSounds();
if ($this->updatePaths === true) {
$external_tools_config = [];
@ -170,7 +174,9 @@ class ExternalTools extends HTML
if ($result === true) {
$result = config_update_value(
'external_tools_config',
json_encode($external_tools_config)
io_safe_input(
json_encode($external_tools_config)
)
);
}
@ -181,8 +187,12 @@ class ExternalTools extends HTML
);
} else {
if (isset($config['external_tools_config']) === true) {
$external_tools_config_output = io_safe_output($config['external_tools_config']);
$external_tools_config = json_decode($external_tools_config_output, true);
$external_tools_config = json_decode(
io_safe_output(
$config['external_tools_config']
),
true
);
// Setting paths.
$this->pathTraceroute = $external_tools_config['traceroute_path'];
$this->pathPing = $external_tools_config['ping_path'];
@ -689,16 +699,32 @@ class ExternalTools extends HTML
// Only perform an execution if command is passed. Avoid errors.
if (empty($command) === false) {
$resultCode = 0;
ob_start();
system($command);
system(io_safe_output($command), $resultCode);
$output .= ob_get_clean();
} else {
$output .= __('No command for perform');
$output .= __('Command not response');
}
$output .= '</pre>';
if ($resultCode !== 0) {
throw new Exception(
sprintf(
'%s %s',
__('The command failed and obtained the return code:'),
$resultCode
),
1
);
}
} catch (\Throwable $th) {
$output = __('Something went wrong while perform the execution. Please check the configuration.');
$output = sprintf(
'%s %s',
$th->getMessage(),
__('Something went wrong while perform the execution. Please check the configuration.')
);
}
echo $output;
@ -891,7 +917,7 @@ class ExternalTools extends HTML
*
* @return string Path.
*/
private function get_sounds()
private function getSounds()
{
global $config;
@ -961,11 +987,13 @@ class ExternalTools extends HTML
if (parseInt(separatedId[2]) === 0) {
$("#text-command_custom_"+fieldLines, "#"+thisNewId)
.attr("name", "command_custom_"+fieldLinesAdded)
.attr("id", "text-command_custom_"+fieldLinesAdded);
.attr("id", "text-command_custom_"+fieldLinesAdded)
.val('');
} else if (parseInt(separatedId[2]) === 1) {
$("#text-params_custom_"+fieldLines, "#"+thisNewId)
.attr("id", "text-params_custom_"+fieldLinesAdded)
.attr("name", "params_custom_"+fieldLinesAdded);
.attr("name", "params_custom_"+fieldLinesAdded)
.val('');
} else if (parseInt(separatedId[2]) === 2) {
$("#img_delete_button_custom_"+fieldLines, "#"+thisNewId)
.attr("id", "img_delete_button_custom_"+fieldLinesAdded);
@ -979,6 +1007,10 @@ class ExternalTools extends HTML
if (parseInt(lineNumber) >= 1 && lineCount > 1) {
$("#custom_row_" + lineNumber).remove();
} else if (lineCount === 1) {
$("#custom_row_" + lineNumber).find('input').each(function() {
$(this).val('');
});
}
if (lineCount === 1) {

1
pandora_console/include/class/Tree.class.php
View File

@ -1126,6 +1126,7 @@ class Tree
$agent_search_filter
$agent_status_filter
$module_search_filter
$module_status_filter
$tag_condition
GROUP BY tam.id_agente_modulo
ORDER BY tam.nombre ASC, tam.id_agente_modulo ASC";

4
pandora_console/include/config_process.php
View File

@ -20,7 +20,7 @@
/**
* Pandora build version and version
*/
$build_version = 'PC210618';
$build_version = 'PC210621';
$pandora_version = 'v7.0NG.755';
// Do not overwrite default timezone set if defined.
@ -93,6 +93,8 @@ if (!isset($config['dbport'])) {
require_once $ownDir.'constants.php';
require_once $ownDir.'functions_db.php';
require_once $ownDir.'functions.php';
require_once $ownDir.'functions_io.php';
// We need a timezone BEFORE calling config_process_config.
// If not we will get ugly warnings. Set Europe/Madrid by default

25
pandora_console/include/functions_cron.php
View File

@ -581,11 +581,24 @@ function cron_list_table()
continue;
}
$agents_id = $args[1];
$id_group = $args[2];
$report_per_agent = $args[0];
$report_name = $args[3];
$email = $args[4];
if (empty($args[1]) === false && (string) $args[1] !== '0') {
$agents_id = $args[1];
} else {
if (empty($args[2]) === false) {
$agents_id = sprintf(
'(%s) %s',
__('regex'),
$args[2]
);
} else {
$agents_id = __('None');
}
}
$report_type = $args[7];
$report_per_agent = $args[3];
$report_name = $args[4];
$email = $args[5];
$data[2] .= '<br>- '.__('Template').': ';
$data[2] .= '<a href="'.ui_get_full_url('index.php?sec=reporting&sec2=enterprise/godmode/reporting/reporting_builder.template&action=edit&id_template='.$args[0]).'">';
$data[2] .= $template['name'].'</a>';
@ -593,6 +606,8 @@ function cron_list_table()
$data[2] .= '<br>- '.__('Report per agent').': '.$report_per_agent.'</a>';
$data[2] .= '<br>- '.__('Report name').': '.$report_name.'</a>';
$data[2] .= '<br>- '.__('Email').": <a href='mailto:".$email."'>".$email.'</a>';
$data[2] .= '<br>- '.__('Report type').': '.$report_type;
break;
case 'cron_task_execute_custom_script':

24
pandora_console/include/functions_filemanager.php
View File

@ -303,7 +303,7 @@ if ($create_dir === true) {
$directory = filemanager_safe_directory((string) get_parameter('directory', '/'));
$hash = (string) get_parameter('hash');
$testHash = md5($directory.$config['dbpass']);
$testHash = md5($directory.$config['server_unique_identifier']);
if ($hash !== $testHash) {
ui_print_error_message(__('Security error.'));
@ -336,7 +336,7 @@ if ($delete_file === true) {
$filename = (string) get_parameter('filename');
$filename = io_safe_output($filename);
$hash = get_parameter('hash', '');
$testHash = md5($filename.$config['dbpass']);
$testHash = md5($filename.$config['server_unique_identifier']);
if ($hash !== $testHash) {
$config['filemanager']['message'] = ui_print_error_message(__('Security error'), '', true);
@ -618,7 +618,7 @@ function filemanager_file_explorer(
if (($prev_dir_str != '') && ($father != $relative_directory)) {
$table->data[0][0] = html_print_image('images/go_previous.png', true, ['class' => 'invert_filter']);
$table->data[0][1] = '<a href="'.$url.'&directory='.$prev_dir_str.'&hash2='.md5($prev_dir_str.$config['dbpass']).'">';
$table->data[0][1] = '<a href="'.$url.'&directory='.$prev_dir_str.'&hash2='.md5($prev_dir_str.$config['server_unique_identifier']).'">';
$table->data[0][1] .= __('Parent directory');
$table->data[0][1] .= '</a>';
@ -669,7 +669,7 @@ function filemanager_file_explorer(
}
if ($fileinfo['is_dir']) {
$data[1] = '<a href="'.$url.'&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2='.md5($relative_directory.'/'.$fileinfo['name'].$config['dbpass']).'">'.$fileinfo['name'].'</a>';
$data[1] = '<a href="'.$url.'&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2='.md5($relative_directory.'/'.$fileinfo['name'].$config['server_unique_identifier']).'">'.$fileinfo['name'].'</a>';
} else if (!empty($url_file)) {
// Set the custom url file
$url_file_clean = str_replace('[FILE_FULLPATH]', $fileinfo['realpath'], $url_file);
@ -677,7 +677,7 @@ function filemanager_file_explorer(
$data[1] = '<a href="'.$url_file_clean.'">'.$fileinfo['name'].'</a>';
} else {
$filename = base64_encode($relative_directory.'/'.$fileinfo['name']);
$hash = md5($filename.$config['dbpass']);
$hash = md5($filename.$config['server_unique_identifier']);
$data[1] = '<a href="'.$hack_metaconsole.'include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'">'.$fileinfo['name'].'</a>';
}
@ -712,7 +712,7 @@ function filemanager_file_explorer(
$data[4] .= '<form method="post" action="'.$url.'" style="">';
$data[4] .= '<input type="image" class="invert_filter" src="images/cross.png" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;">';
$data[4] .= html_print_input_hidden('filename', $fileinfo['realpath'], true);
$data[4] .= html_print_input_hidden('hash', md5($fileinfo['realpath'].$config['dbpass']), true);
$data[4] .= html_print_input_hidden('hash', md5($fileinfo['realpath'].$config['server_unique_identifier']), true);
$data[4] .= html_print_input_hidden('delete_file', 1, true);
$relative_dir = str_replace($homedir_filemanager, '', str_replace('\\', '/', dirname($fileinfo['realpath'])));
@ -721,7 +721,7 @@ function filemanager_file_explorer(
$relative_dir = substr($relative_dir, 1);
}
$hash2 = md5($relative_dir.$config['dbpass']);
$hash2 = md5($relative_dir.$config['server_unique_identifier']);
$data[4] .= html_print_input_hidden('directory', $relative_dir, true);
$data[4] .= html_print_input_hidden('hash2', $hash2, true);
@ -731,7 +731,7 @@ function filemanager_file_explorer(
if (($typefile != 'bin') && ($typefile != 'pdf') && ($typefile != 'png') && ($typefile != 'jpg')
&& ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') && ($fileinfo['mime'] != MIME_DIR)
) {
$hash = md5($fileinfo['realpath'].$config['dbpass']);
$hash = md5($fileinfo['realpath'].$config['server_unique_identifier']);
$data[4] .= "<a style='vertical-align: top;' href='$url&edit_file=1&hash=".$hash.'&location_file='.$fileinfo['realpath']."' style='float: left;'>".html_print_image('images/edit.png', true, ['style' => 'margin-top: 2px;', 'title' => __('Edit file'), 'class' => 'invert_filter']).'</a>';
}
}
@ -739,7 +739,7 @@ function filemanager_file_explorer(
if ((!$fileinfo['is_dir']) && ($download_button)) {
$filename = base64_encode($fileinfo['name']);
$hash = md5($filename.$config['dbpass']);
$hash = md5($filename.$config['server_unique_identifier']);
$data[4] .= '<a href="include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'" style="vertical-align: 25%;">';
$data[4] .= html_print_image('images/file.png', true, ['class' => 'invert_filter']);
$data[4] .= '</a>';
@ -797,13 +797,13 @@ function filemanager_file_explorer(
</li></ul>';
echo '<div id="create_folder" class="invisible">'.$tabs_dialog.'
<form method="post" action="'.$url.'">'.html_print_input_text('dirname', '', '', 30, 255, true).html_print_submit_button(__('Create'), 'crt', false, 'class="sub next"', true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('create_dir', 1, true).html_print_input_hidden('hash', md5($relative_directory.$config['dbpass']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['dbpass']), true).'</form></div>';
<form method="post" action="'.$url.'">'.html_print_input_text('dirname', '', '', 30, 255, true).html_print_submit_button(__('Create'), 'crt', false, 'class="sub next"', true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('create_dir', 1, true).html_print_input_hidden('hash', md5($relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['server_unique_identifier']), true).'</form></div>';
echo '<div id="upload_file" class="invisible"> '.$tabs_dialog.'
<form method="post" action="'.$url.'" enctype="multipart/form-data">'.ui_print_help_tip(__('The zip upload in this dir, easy to upload multiple files.'), true).html_print_input_file('file', true, false).html_print_input_hidden('umask', $umask, true).html_print_checkbox('decompress', 1, false, true).__('Decompress').html_print_submit_button(__('Go'), 'go', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['dbpass']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['dbpass']), true).html_print_input_hidden('upload_file_or_zip', 1, true).'</form></div>';
<form method="post" action="'.$url.'" enctype="multipart/form-data">'.ui_print_help_tip(__('The zip upload in this dir, easy to upload multiple files.'), true).html_print_input_file('file', true, false).html_print_input_hidden('umask', $umask, true).html_print_checkbox('decompress', 1, false, true).__('Decompress').html_print_submit_button(__('Go'), 'go', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('upload_file_or_zip', 1, true).'</form></div>';
echo ' <div id="create_text_file" class="invisible">'.$tabs_dialog.'
<form method="post" action="'.$url.'">'.html_print_input_text('name_file', '', '', 30, 50, true).html_print_submit_button(__('Create'), 'create', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['dbpass']), true).html_print_input_hidden('umask', $umask, true).html_print_input_hidden('create_text_file', 1, true).'</form></div>';
<form method="post" action="'.$url.'">'.html_print_input_text('name_file', '', '', 30, 50, true).html_print_submit_button(__('Create'), 'create', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('umask', $umask, true).html_print_input_hidden('create_text_file', 1, true).'</form></div>';
echo "<div style='width: ".$table->width.";' class='file_table_buttons'>";

11
pandora_console/include/functions_graph.php
View File

@ -1412,6 +1412,14 @@ function graphic_combined_module(
$labels = [];
$modules = [];
foreach ($sources as $source) {
$id_agent = agents_get_module_id(
$source['id_agent_module']
);
if (!$id_agent) {
continue;
}
if (is_metaconsole() === true) {
metaconsole_restore_db();
$server = metaconsole_get_connection_by_id($source['id_server']);
@ -1428,9 +1436,6 @@ function graphic_combined_module(
array_push($modules, $modulepush);
array_push($weights, $source['weight']);
if ($source['label'] != '' || $params_combined['labels']) {
$id_agent = agents_get_module_id(
$source['id_agent_module']
);
$agent_description = agents_get_description($id_agent);
$agent_group = agents_get_agent_group($id_agent);
$agent_address = agents_get_address($id_agent);

110
pandora_console/include/functions_reports.php
View File

@ -275,13 +275,12 @@ function reports_get_content($id_report_content, $filter=false, $fields=false)
/**
* Get all the contents of a report.
* Creates the contents of a report.
*
* @param int Report id to get contents.
* @param array Extra filters for the contents.
* @param array Fields to be fetched. All fields by default
* @param array values to be created.
*
* @return array All the contents of a report.
* @return boolean true id succed, false otherwise.
*/
function reports_create_content($id_report, $values)
{
@ -305,7 +304,11 @@ function reports_create_content($id_report, $values)
switch ($config['dbtype']) {
case 'mysql':
unset($values['`order`']);
if (isset($values['`order`'])) {
unset($values['`order`']);
} else {
unset($values['order']);
}
$order = (int) db_get_value('MAX(`order`)', 'treport_content', 'id_report', $id_report);
$values['`order`'] = ($order + 1);
@ -907,3 +910,100 @@ function reports_get_report_types($template=false, $not_editor=false)
return $types;
}
function reports_copy_report($id_report)
{
$report = reports_get_report($id_report);
// Unset original report id_report.
unset($report['id_report']);
$original_name = $report['name'];
$original_group = $report['id_group'];
$copy_name = io_safe_input(sprintf(__('copy of %s'), io_safe_output($original_name)));
$copy_report = reports_create_report($copy_name, $original_group, $report);
if ($copy_report !== false) {
$original_contents = reports_get_contents($id_report);
if (empty($original_contents) === false) {
foreach ($original_contents as $original_content) {
$original_content['id_report'] = $copy_report;
$original_id_rc = $original_content['id_rc'];
unset($original_content['id_rc']);
$result_content = db_process_sql_insert('treport_content', $original_content);
if ($result_content === false) {
$result = false;
break;
}
switch (io_safe_output($original_content['type'])) {
case 'SLA':
case 'SLA_monthly':
case 'SLA_weekly':
case 'SLA_hourly':
case 'availability_graph':
$slas = db_get_all_rows_field_filter('treport_content_sla_combined', 'id_report_content', $original_id_rc);
if ($slas === false) {
$slas = [];
}
foreach ($slas as $sla) {
unset($sla['id']);
// Set id report to copy id.
$sla['id_report_content'] = $result_content;
$sla_copy = db_process_sql_insert('treport_content_sla_combined', $sla);
if ($sla_copy === false) {
reports_delete_content($result_content);
$result = false;
break;
}
}
break;
case 'general':
case 'top_n':
case 'availability':
case 'exception':
$items = db_get_all_rows_field_filter('treport_content_item', 'id_report_content', $original_id_rc);
if ($items === false) {
$items = [];
}
foreach ($items as $item) {
unset($item['id']);
// Set id report to copy id.
$item['id_report_content'] = $result_content;
$item_copy = db_process_sql_insert('treport_content_item', $item);
if ($item_copy === false) {
reports_delete_content($result_content);
$result = false;
break;
}
}
break;
default:
// Empty default.
break;
}
}
}
}
if ($result === false) {
reports_delete_report($copy_report);
return false;
}
return true;
}

2
pandora_console/include/get_file.php
View File

@ -35,7 +35,7 @@ $file = base64_decode(urldecode($file_raw));
$hash = get_parameter('hash', null);
if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['dbpass']) || !isset($_SERVER['HTTP_REFERER'])) {
if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_unique_identifier']) || !isset($_SERVER['HTTP_REFERER'])) {
echo "<h3 style='".$styleError."'>".__('Security error. Please contact the administrator.').'</h3>';
} else {
$downloadable_file = '';

66
pandora_console/include/help/en/help_event_alert.php
View File

@ -1,66 +0,0 @@
<?php
/*
* @package Include/help/en
*/
?>
<h1>Event Alerts</h1>
It is possible to define alerts on events, that allows to work from a completely new approach much more flexible. This is an Enterprise feature.<br>
To create the new event alerts, click on the Create button in the Event alerts menu from the Administration menu. <br><br>
<br><br>
<?php html_print_image('images/help/event01.png', false, ['width' => '250px']); ?>
<br>
An event alert is composed by different rules, linked between them by logical operators (and, or, xor, nand, nor, nxor).
<br><br>
<?php html_print_image('images/help/event02.png', false, ['width' => '550px']); ?>
<br>
To could work easier with them, the configuration parameters of an event alert are identical to the module alert. Here could be find a detailed explanation of any of them. There are only two specific parameters of the event alerts:
<br><br>
<b>Rule evaluation mode:</b> There are two options Pass and Drop. Pass means that if a event fullfilled with a alert the alerts bellow are evaluated. Drop means that if a event fullfilled with a alert the alerts bellow stop to evaluated.
<br><br>
<b>Group by:</b> Allows to group the rules by agent, module, alert or group. For example, if a rule is configured to it fires when we receive two critical events, and it's grouped by agent, there should arrive two critical events from the same agent. It's possible to switch off.
<br><br>
Each rule is configured to fire with an specific kind of event. The alert will be fired when the logical equation defined by the rules and its operators is fulfilled
<br><br>
<?php html_print_image('images/help/event03.png', false, ['width' => '550px']); ?>
<br>
The configuration parameters of one rule that are possible are:
<br><br>
<b>Name:</b> Name of the rule.<br>
<b>User comment:</b> Free comment. <br>
<b>Event:</b> Regular expression that matches with the event text. <br>
<b>Window: </b>The events that have been generated out of the time window will be rejected<br>
<b>Count:</b> Number of events that have to match with the rule to it could be fired.<br>
<b>Agent: </b>Regular expression that matches with the name of the agent that generated the event. <br>
<b>Module:</b> Regular expression that matches with the name of the module that generated the event. <br>
<b>Module alerts:</b> Regular expression that matches with the name of the alert that generated the event. <br>
<b>Group: </b>Group the agent belongs to. <br>
<b>Criticity:</b> Event criticity. <br>
<b>Tag:</b> Tags associated to the event. <br>
<b>User:</b> User associated to the event. <br>
<b>Event type:</b> Kind of event. <br><br>
For example, we could configure a rule that matches with the events generated by any module that is named cpu_load of any agent of the Servers group that has associated the tag System when the module goes to critical status:
<br><br>
<?php html_print_image('images/help/event04.png', false, ['width' => '550px']); ?>
<br>
<p>Given the high number of events that the <?php echo get_product_name(); ?> database could store, the server works on an event window that is defined in the pandora_server.conf configuration file through the parameter event_window. The events that have been generated out of this time window won't be processed by the server, so it doesn't make sense to specify in a rule a time window higher to the one configured in the server </p>

64
pandora_console/include/help/es/help_event_alert.php
View File

@ -1,64 +0,0 @@
<?php
/*
* @package Include/help/es
*/
?>
<h1>Alerta de evento</h1>
Desde la versión 4.0 de <?php echo get_product_name(); ?> se pueden definir alertas sobre los eventos, lo que permite trabajar desde una perspectiva completamente nueva y mucho más flexible. Esta es una característica Enterprise.<br><br>
Las Alertas de evento nuevas se crean pinchando en el botón Create en el menú Event alerts en el menú de Administración.
<br><br>
<?php html_print_image('images/help/event01.png', false, ['width' => '250px']); ?>
<br>
Una alerta de eventos está compuesta por distintas reglas, relacionadas entre por operadores lógicos (and, or, xor, nand, nor, nxor).
<br><br>
<?php html_print_image('images/help/event02.png', false, ['width' => '550px']); ?>
<br>
Para hacer más fácil trabajar con ellas, los parámetros de configuración de una alerta de eventos son idénticos a los de una alerta de módulo. Aquí se puede encontrar una explicación detallada de cada uno de ellos. Únicamente existen dos parámetros específicos de las alertas de eventos:
<br><br>
<b>Rule evaluation mode:</b> Hay dos opciones Pass y Drop. Pass significa que en caso de que un evento coincida con una alerta se sigan evaluando el resto de alertas. Drop significa que en caso de que un evento coincida con una alerta no se evaluen el resto de alertas.
<br><br>
<b>Group by:</b> Permite agrupar las reglas por agente, módulo, alerta o grupo. Por ejemplo, si se configura una regla para que salte cuando se reciban dos eventos críticos y se agrupa por agente, deberán llegar dos eventos críticos de un mismo agente. Se puede desactivar.
<br><br>
Cada regla se configura para saltar ante un determinado tipo de evento, cuando se cumple la ecuación lógica definida por las reglas y sus operadores, la alerta se dispara.
<br><br>
<?php html_print_image('images/help/event03.png', false, ['width' => '550px']); ?>
<br>
Los posibles parámetros de configuración de una regla son:
<br><br>
<b>Name:</b> Nombre de la regla.<br>
<b>User comment:</b> Comentario libre.<br>
<b>Event:</b> Expresión regular que casa con el texto del evento.<br>
<b>Window: </b>Los eventos que se hayan generado fuera de la ventana de tiempo serán descartados.<br>
<b>Count:</b> Número de eventos que tienen que casar con la regla para que ésta se dispare.<br>
<b>Agent: </b>Expresión regular que casa con el nombre del agente que generó el evento.<br>
<b>Module:</b> Expresión regular que casa con el nombre del módulo que generó el evento.<br>
<b>Module alerts:</b> Expresión regular que casa con el nombre de la alerta que generó el evento.<br>
<b>Group: </b>Grupo al que pertenece el Agente.<br>
<b>Criticity:</b> Criticidad del evento.<br>
<b>Tag:</b> Tags asociados al evento.<br>
<b>User:</b> Usuario asociado al evento.<br>
<b>Event type:</b> Tipo de evento. <br><br>
Por ejemplo, podríamos configurar una regla que case con los eventos generados por cualquier módulo que se llame cpu_load de cualquier agente del grupo Servers que lleve asociado el tag System cuando el módulo pasa al estado crítico:
<br><br>
<?php html_print_image('images/help/event04.png', false, ['width' => '550px']); ?>
<br>
<p>Dado el elevado número de eventos que puede llegar a albergar la base de datos de <?php echo get_product_name(); ?>, el servidor trabaja sobre una ventana de eventos que se define en el fichero de configuración pandora_server.conf mediante el parámetro event_window. Los eventos que se hayan generado fuera de esta ventana de tiempo no serán procesados por el servidor, de modo que no tiene sentido especificar en una regla una ventana de tiempo superior a la configurada en el servidor </p>

1
pandora_console/include/javascript/pandora_dashboards.js
View File

@ -843,6 +843,7 @@ function processTreeSearch(settings) {
filters.searchModule = settings.searchModule;
filters.statusModule = settings.statusModule;
filters.groupID = settings.searchGroup;
filters.searchHirearchy = 1;
$.ajax({
type: "POST",

9
pandora_console/include/lib/Dashboard/Widgets/events_list.php
View File

@ -535,6 +535,15 @@ class EventsListWidget extends Widget
$filter['tag_without'] = base64_encode(
json_encode($filter['tag_without'])
);
if (!empty($filter['id_agent_module'])) {
$name = \modules_get_modules_name(
' FROM tagente_modulo',
' WHERE id_agente_modulo = '.$filter['id_agent_module'],
is_metaconsole()
);
$filter['module_search'] = $name[0]['nombre'];
}
} else {
// Filtering.
$filter['event_view_hr'] = $hours;

44
pandora_console/include/lib/Dashboard/Widgets/tree_view.php
View File

@ -418,28 +418,30 @@ class TreeViewWidget extends Widget
AGENT_MODULE_STATUS_NOT_INIT => __('Not init'),
];
$inputs[] = [
'label' => __('Modules status'),
'arguments' => [
'type' => 'select',
'fields' => $fields,
'name' => 'moduleStatus',
'selected' => $values['moduleStatus'],
'return' => true,
],
];
if (is_metaconsole() === false) {
$inputs[] = [
'label' => __('Modules status'),
'arguments' => [
'type' => 'select',
'fields' => $fields,
'name' => 'moduleStatus',
'selected' => $values['moduleStatus'],
'return' => true,
],
];
// Filter modules.
$inputs[] = [
'label' => __('Filter modules'),
'arguments' => [
'name' => 'filterModule',
'type' => 'text',
'value' => $values['filterModule'],
'return' => true,
'size' => 0,
],
];
// Filter modules.
$inputs[] = [
'label' => __('Filter modules'),
'arguments' => [
'name' => 'filterModule',
'type' => 'text',
'value' => $values['filterModule'],
'return' => true,
'size' => 0,
],
];
}
return $inputs;
}

8
pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php
View File

@ -157,6 +157,14 @@ final class DonutGraph extends Item
if ($isString === true) {
$graphData = \get_donut_module_data($moduleId);
if (empty($graphData) || $graphData === null) {
$aux = [];
$aux[0]['tag_name'] = 'No data to show';
$aux[0]['color'] = '#aa3333';
$aux[0]['value'] = 1;
$aux[0]['percent'] = 100;
$graphData = $aux;
}
$data['html'] = \d3_donut_graph(
(int) $data['id'],

1
pandora_console/include/styles/pandora.css
View File

@ -2563,7 +2563,6 @@ select {
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
border-radius: 3px;
font-size: 10pt;
font-family: inherit;
}

144
pandora_console/index.php
View File

@ -246,6 +246,8 @@ $page = $sec2;
// Reference variable for old time sake.
$sec = get_parameter_get('sec');
$sec = safe_url_extraclean($sec);
// CSRF Validation.
$validatedCSRF = validate_csrf_code();
$process_login = false;
@ -319,7 +321,7 @@ if (! isset($config['id_user'])) {
// Code.
$code = (string) get_parameter_post('auth_code');
if (!empty($code)) {
if (empty($code) === false) {
$result = validate_double_auth_code($nick, $code);
if ($result === true) {
@ -331,7 +333,7 @@ if (! isset($config['id_user'])) {
// Error message.
$config['auth_error'] = __('Invalid code');
if (!isset($_SESSION['prepared_login_da']['attempts'])) {
if (isset($_SESSION['prepared_login_da']['attempts']) === false) {
$_SESSION['prepared_login_da']['attempts'] = 0;
}
@ -471,6 +473,18 @@ if (! isset($config['id_user'])) {
}
}
// CSRF Validation not pass in login.
if ($validatedCSRF === false) {
$process_error_message = __(
'%s cannot verify the origin of the request. Try again, please.',
get_product_name()
);
include_once 'general/login_page.php';
// Finish the execution.
exit('</html>');
}
if (($nick_in_db !== false) && $expired_pass) {
// Login ok and password has expired.
include_once 'general/login_page.php';
@ -747,16 +761,17 @@ if (! isset($config['id_user'])) {
enterprise_include_once('include/functions_reset_pass.php');
}
$correct_pass_change = (boolean) get_parameter('correct_pass_change', 0);
$reset = (boolean) get_parameter('reset', 0);
$first = (boolean) get_parameter('first', 0);
$reset_hash = get_parameter('reset_hash', '');
// Boolean parameters.
$correct_pass_change = (boolean) get_parameter('correct_pass_change', false);
$reset = (boolean) get_parameter('reset', false);
$first = (boolean) get_parameter('first', false);
// Strings.
$reset_hash = get_parameter('reset_hash');
$pass1 = get_parameter_post('pass1');
$pass2 = get_parameter_post('pass2');
$id_user = get_parameter_post('id_user');
$pass1 = get_parameter_post('pass1');
$pass2 = get_parameter_post('pass2');
$id_user = get_parameter_post('id_user');
if ($reset_hash != '') {
if (empty($reset_hash) === false) {
$hash_data = explode(':::', $reset_hash);
$id_user = $hash_data[0];
$codified_hash = $hash_data[1];
@ -764,45 +779,61 @@ if (! isset($config['id_user'])) {
$db_reset_pass_entry = db_get_value_filter('reset_time', 'treset_pass', ['id_user' => $id_user, 'cod_hash' => $id_user.':::'.$codified_hash]);
}
if ($correct_pass_change && !empty($pass1) && !empty($pass2) && !empty($id_user) && $db_reset_pass_entry) {
delete_reset_pass_entry($id_user);
if ($correct_pass_change === true
&& empty($pass1) === false
&& empty($pass2) === false
&& empty($id_user) === false
&& $db_reset_pass_entry !== false
) {
// The CSRF does not be validated.
if ($validatedCSRF === false) {
$process_error_message = __(
'%s cannot verify the origin of the request. Try again, please.',
get_product_name()
);
$correct_reset_pass_process = '';
$process_error_message = '';
include_once 'general/login_page.php';
// Finish the execution.
exit('</html>');
} else {
delete_reset_pass_entry($id_user);
$correct_reset_pass_process = '';
$process_error_message = '';
if ($pass1 == $pass2) {
$res = update_user_password($id_user, $pass1);
if ($res) {
db_process_sql_insert(
'tsesion',
[
'id_sesion' => '',
'id_usuario' => $id_user,
'ip_origen' => $_SERVER['REMOTE_ADDR'],
'accion' => 'Reset&#x20;change',
'descripcion' => 'Successful reset password process ',
'fecha' => date('Y-m-d H:i:s'),
'utimestamp' => time(),
]
);
if ($pass1 === $pass2) {
$res = update_user_password($id_user, $pass1);
if ($res) {
db_process_sql_insert(
'tsesion',
[
'id_sesion' => '',
'id_usuario' => $id_user,
'ip_origen' => $_SERVER['REMOTE_ADDR'],
'accion' => 'Reset&#x20;change',
'descripcion' => 'Successful reset password process ',
'fecha' => date('Y-m-d H:i:s'),
'utimestamp' => time(),
]
);
$correct_reset_pass_process = __('Password changed successfully');
$correct_reset_pass_process = __('Password changed successfully');
register_pass_change_try($id_user, 1);
register_pass_change_try($id_user, 1);
} else {
register_pass_change_try($id_user, 0);
$process_error_message = __('Failed to change password');
}
} else {
register_pass_change_try($id_user, 0);
$process_error_message = __('Failed to change password');
$process_error_message = __('Passwords must be the same');
}
} else {
register_pass_change_try($id_user, 0);
$process_error_message = __('Passwords must be the same');
include_once 'general/login_page.php';
}
include_once 'general/login_page.php';
} else {
if ($reset_hash != '') {
if (empty($reset_hash) === false) {
$process_error_message = '';
if ($db_reset_pass_entry) {
@ -819,23 +850,35 @@ if (! isset($config['id_user'])) {
include_once 'general/login_page.php';
}
} else {
if (!$reset) {
if ($reset === false) {
include_once 'general/login_page.php';
} else {
$user_reset_pass = get_parameter('user_reset_pass', '');
$user_reset_pass = get_parameter('user_reset_pass');
$error = '';
$mail = '';
$show_error = false;
if (!$first) {
if ($user_reset_pass == '') {
if ($first === false) {
// The CSRF does not be validated.
if ($validatedCSRF === false) {
$process_error_message = __(
'%s cannot verify the origin of the request. Try again, please.',
get_product_name()
);
include_once 'general/login_page.php';
// Finish the execution.
exit('</html>');
}
if (empty($user_reset_pass) === true) {
$reset = false;
$error = __('Id user cannot be empty');
$show_error = true;
} else {
$check_user = check_user_id($user_reset_pass);
if (!$check_user) {
if ($check_user === false) {
$reset = false;
register_pass_change_try($user_reset_pass, 0);
$error = __('Error in reset password request');
@ -868,9 +911,9 @@ if (! isset($config['id_user'])) {
$body .= '<p />';
$body .= '<em>'.__('Please do not reply to this email.').'</em>';
$result = send_email_to_user($mail, $body, $subject);
$result = (bool) send_email_to_user($mail, $body, $subject);
if (!$result) {
if ($result === false) {
$process_error_message = __('Error at sending the email');
} else {
send_token_to_db($user_reset_pass, $cod_hash);
@ -1154,7 +1197,7 @@ if ($searchPage) {
} else {
// Home screen chosen by the user.
$home_page = '';
if (isset($config['id_user'])) {
if (isset($config['id_user']) === true) {
$user_info = users_get_user_by_id($config['id_user']);
$home_page = io_safe_output($user_info['section']);
$home_url = $user_info['data_section'];
@ -1188,7 +1231,8 @@ if ($searchPage) {
break;
case 'Dashboard':
$str = 'sec=reporting&sec2=operation/dashboard/dashboard&dashboardId='.$home_url.'&d_from_main_page=1';
$_GET['specialSec2'] = sprintf('operation/dashboard/dashboard&dashboardId=%s', $home_url);
$str = sprintf('sec=reporting&sec2=%s&d_from_main_page=1', $_GET['specialSec2']);
parse_str($str, $res);
foreach ($res as $key => $param) {
$_GET[$key] = $param;
@ -1224,7 +1268,7 @@ if ($searchPage) {
break;
}
if (isset($_GET['sec2'])) {
if (isset($_GET['sec2']) === true) {
$file = $_GET['sec2'].'.php';
// Make file path absolute to prevent accessing remote files.
$file = __DIR__.'/'.$file;
@ -1233,7 +1277,7 @@ if ($searchPage) {
$_GET['sec'] = ($main_sec == false) ? $_GET['sec'] : $main_sec;
// Third condition is aimed to prevent from traversal attack.
if (!file_exists($file)
if (file_exists($file) === false
|| ($_GET['sec2'] != 'general/logon_ok' && enterprise_hook(
'enterprise_acl',
[

2
pandora_console/install.php
View File

@ -129,7 +129,7 @@
<div style='height: 10px'>
<?php
$version = '7.0NG.755';
$build = '210618';
$build = '210621';
$banner = "v$version Build $build";
error_reporting(0);

2
pandora_console/pandora_console.redhat.spec
View File

@ -3,7 +3,7 @@
#
%define name pandorafms_console
%define version 7.0NG.755
%define release 210618
%define release 210621
# User and Group under which Apache is running
%define httpd_name httpd

2
pandora_console/pandora_console.rhel7.spec
View File

@ -3,7 +3,7 @@
#
%define name pandorafms_console
%define version 7.0NG.755
%define release 210618
%define release 210621
# User and Group under which Apache is running
%define httpd_name httpd

2
pandora_console/pandora_console.spec
View File

@ -3,7 +3,7 @@
#
%define name pandorafms_console
%define version 7.0NG.755
%define release 210618
%define release 210621
%define httpd_name httpd
# User and Group under which Apache is running
%define httpd_name apache2

2
pandora_server/DEBIAN/control
View File

@ -1,5 +1,5 @@
package: pandorafms-server
Version: 7.0NG.755-210618
Version: 7.0NG.755-210621
Architecture: all
Priority: optional
Section: admin

2
pandora_server/DEBIAN/make_deb_package.sh
View File

@ -14,7 +14,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
pandora_version="7.0NG.755-210618"
pandora_version="7.0NG.755-210621"
package_cpan=0
package_pandora=1

2
pandora_server/lib/PandoraFMS/Config.pm
View File

@ -46,7 +46,7 @@ our @EXPORT = qw(
# version: Defines actual version of Pandora Server for this module only
my $pandora_version = "7.0NG.755";
my $pandora_build = "210618";
my $pandora_build = "210621";
our $VERSION = $pandora_version." ".$pandora_build;
# Setup hash

6
pandora_server/lib/PandoraFMS/Core.pm
View File

@ -5645,6 +5645,8 @@ Set the status of unknown modules.
sub pandora_module_unknown ($$) {
my ($pa_config, $dbh) = @_;
my $timestamp = strftime ("%Y-%m-%d %H:%M:%S", localtime(time()));
# Warmup interval for unknown modules.
if ($pa_config->{'warmup_unknown_on'} == 1) {
@ -5702,7 +5704,7 @@ sub pandora_module_unknown ($$) {
# Generate alerts
if (pandora_inhibit_alerts ($pa_config, $agent, $dbh, 0) == 0 && pandora_cps_enabled($agent, $module) == 0) {
my $extra_macros = { _modulelaststatuschange_ => $module->{'last_status_change'}};
pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $extra_macros, undef, 0, 'unknown');
pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $timestamp, $extra_macros, 0, 'unknown');
}
else {
logger($pa_config, "Alerts inhibited for agent '" . $agent->{'nombre'} . "'.", 10);
@ -5749,7 +5751,7 @@ sub pandora_module_unknown ($$) {
# Generate alerts
if (pandora_inhibit_alerts ($pa_config, $agent, $dbh, 0) == 0 && pandora_cps_enabled($agent, $module) == 0) {
my $extra_macros = { _modulelaststatuschange_ => $module->{'last_status_change'}};
pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $extra_macros, undef, 0, 'unknown');
pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $timestamp, $extra_macros, 0, 'unknown');
}
else {
logger($pa_config, "Alerts inhibited for agent '" . $agent->{'nombre'} . "'.", 10);

2
pandora_server/lib/PandoraFMS/Goliat/GoliatCURL.pm
View File

@ -254,6 +254,8 @@ sub g_http_task {
utf8::decode($match_string);
}
$match_string = quotemeta($match_string);
if ( $as_string =~ m/$match_string/i ){
$total_valid_requests++;
} else {

2
pandora_server/lib/PandoraFMS/PluginTools.pm
View File

@ -34,7 +34,7 @@ our @ISA = qw(Exporter);
# version: Defines actual version of Pandora Server for this module only
my $pandora_version = "7.0NG.755";
my $pandora_build = "210618";
my $pandora_build = "210621";
our $VERSION = $pandora_version." ".$pandora_build;
our %EXPORT_TAGS = ( 'all' => [ qw() ] );

2
pandora_server/pandora_server.redhat.spec
View File

@ -3,7 +3,7 @@
#
%define name pandorafms_server
%define version 7.0NG.755
%define release 210618
%define release 210621
Summary: Pandora FMS Server
Name: %{name}

2
pandora_server/pandora_server.spec
View File

@ -3,7 +3,7 @@
#
%define name pandorafms_server
%define version 7.0NG.755
%define release 210618
%define release 210621
Summary: Pandora FMS Server
Name: %{name}

2
pandora_server/pandora_server_installer
View File

@ -9,7 +9,7 @@
# **********************************************************************
PI_VERSION="7.0NG.755"
PI_BUILD="210618"
PI_BUILD="210621"
MODE=$1
if [ $# -gt 1 ]; then

2
pandora_server/util/pandora_db.pl
View File

@ -35,7 +35,7 @@ use PandoraFMS::Config;
use PandoraFMS::DB;
# version: define current version
my $version = "7.0NG.755 Build 210618";
my $version = "7.0NG.755 Build 210621";
# Pandora server configuration
my %conf;

12
pandora_server/util/pandora_manage.pl
View File

@ -36,7 +36,7 @@ use Encode::Locale;
Encode::Locale::decode_argv;
# version: define current version
my $version = "7.0NG.755 Build 210618";
my $version = "7.0NG.755 Build 210621";
# save program name for logging
my $progname = basename($0);
@ -3111,10 +3111,16 @@ sub cli_agent_update() {
# Add the address to the agent
if (defined $use_alias and $use_alias eq 'use_alias') {
foreach my $id (@id_agents) {
add_new_address_agent ($dbh, $address_id, $id->{'id_agente'});
my $ag_addr_id = get_agent_addr_id($dbh, $address_id, $id->{'id_agente'});
if($ag_addr_id == -1) {
add_new_address_agent ($dbh, $address_id, $id->{'id_agente'});
}
}
} else {
add_new_address_agent ($dbh, $address_id, $id_agent);
my $ag_addr_id = get_agent_addr_id($dbh, $address_id, $id_agent);
if($ag_addr_id == -1) {
add_new_address_agent ($dbh, $address_id, $id_agent);
}
}
$field = 'direccion';