diff --git a/pandora_agents/unix/DEBIAN/control b/pandora_agents/unix/DEBIAN/control index fe2025d954..fd9a4b3081 100644 --- a/pandora_agents/unix/DEBIAN/control +++ b/pandora_agents/unix/DEBIAN/control @@ -1,5 +1,5 @@ package: pandorafms-agent-unix -Version: 7.0NG.755-210618 +Version: 7.0NG.755-210621 Architecture: all Priority: optional Section: admin diff --git a/pandora_agents/unix/DEBIAN/make_deb_package.sh b/pandora_agents/unix/DEBIAN/make_deb_package.sh index c8f5fe07e5..955cdea764 100644 --- a/pandora_agents/unix/DEBIAN/make_deb_package.sh +++ b/pandora_agents/unix/DEBIAN/make_deb_package.sh @@ -14,7 +14,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -pandora_version="7.0NG.755-210618" +pandora_version="7.0NG.755-210621" echo "Test if you has the tools for to make the packages." whereis dpkg-deb | cut -d":" -f2 | grep dpkg-deb > /dev/null diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent index 343695c0a0..10e754c2a6 100755 --- a/pandora_agents/unix/pandora_agent +++ b/pandora_agents/unix/pandora_agent @@ -1015,7 +1015,7 @@ my $Sem = undef; my $ThreadSem = undef; use constant AGENT_VERSION => '7.0NG.755'; -use constant AGENT_BUILD => '210618'; +use constant AGENT_BUILD => '210621'; # Agent log default file size maximum and instances use constant DEFAULT_MAX_LOG_SIZE => 600000; diff --git a/pandora_agents/unix/pandora_agent.redhat.spec b/pandora_agents/unix/pandora_agent.redhat.spec index 7dc09fa34a..3a22b0fec6 100644 --- a/pandora_agents/unix/pandora_agent.redhat.spec +++ b/pandora_agents/unix/pandora_agent.redhat.spec @@ -3,7 +3,7 @@ # %define name pandorafms_agent_unix %define version 7.0NG.755 -%define release 210618 +%define release 210621 Summary: Pandora FMS Linux agent, PERL version Name: %{name} diff --git a/pandora_agents/unix/pandora_agent.spec b/pandora_agents/unix/pandora_agent.spec index 347dd6993d..4b35373120 100644 --- a/pandora_agents/unix/pandora_agent.spec +++ b/pandora_agents/unix/pandora_agent.spec @@ -3,7 +3,7 @@ # %define name pandorafms_agent_unix %define version 7.0NG.755 -%define release 210618 +%define release 210621 Summary: Pandora FMS Linux agent, PERL version Name: %{name} diff --git a/pandora_agents/unix/pandora_agent_installer b/pandora_agents/unix/pandora_agent_installer index 77642cb05b..bf9d1f259b 100755 --- a/pandora_agents/unix/pandora_agent_installer +++ b/pandora_agents/unix/pandora_agent_installer @@ -10,7 +10,7 @@ # ********************************************************************** PI_VERSION="7.0NG.755" -PI_BUILD="210618" +PI_BUILD="210621" OS_NAME=`uname -s` FORCE=0 diff --git a/pandora_agents/win32/bin/util/omnishell_client.exe b/pandora_agents/win32/bin/util/omnishell_client.exe old mode 100755 new mode 100644 index f0420231e3..e5b4324b6a Binary files a/pandora_agents/win32/bin/util/omnishell_client.exe and b/pandora_agents/win32/bin/util/omnishell_client.exe differ diff --git a/pandora_agents/win32/installer/pandora.mpi b/pandora_agents/win32/installer/pandora.mpi index c6db424c17..3a426ab723 100644 --- a/pandora_agents/win32/installer/pandora.mpi +++ b/pandora_agents/win32/installer/pandora.mpi @@ -186,7 +186,7 @@ UpgradeApplicationID {} Version -{210618} +{210621} ViewReadme {Yes} diff --git a/pandora_agents/win32/omnishell/omnishell_client.pl b/pandora_agents/win32/omnishell/omnishell_client.pl index 1a684e5448..eb0c630d81 100644 --- a/pandora_agents/win32/omnishell/omnishell_client.pl +++ b/pandora_agents/win32/omnishell/omnishell_client.pl @@ -63,7 +63,7 @@ my $config = read_configuration({},' ', [ if (!defined($ConfFile) || !-e $ConfFile) { print $HELP; - exit 1; + exit 0; } if(!-d dirname($ConfFile).'\commands') { @@ -87,7 +87,7 @@ if ($@) { if (is_enabled($config->{'debug'})) { print STDERR $@."\n"; } - exit 1; + exit 0; } exit 0; \ No newline at end of file diff --git a/pandora_agents/win32/pandora.cc b/pandora_agents/win32/pandora.cc index a6dac6f2e6..0543906fba 100644 --- a/pandora_agents/win32/pandora.cc +++ b/pandora_agents/win32/pandora.cc @@ -30,7 +30,7 @@ using namespace Pandora; using namespace Pandora_Strutils; #define PATH_SIZE _MAX_PATH+1 -#define PANDORA_VERSION ("7.0NG.755 Build 210618") +#define PANDORA_VERSION ("7.0NG.755 Build 210621") string pandora_path; string pandora_dir; diff --git a/pandora_agents/win32/versioninfo.rc b/pandora_agents/win32/versioninfo.rc index 8e62900067..2cd6706c03 100644 --- a/pandora_agents/win32/versioninfo.rc +++ b/pandora_agents/win32/versioninfo.rc @@ -11,7 +11,7 @@ BEGIN VALUE "LegalCopyright", "Artica ST" VALUE "OriginalFilename", "PandoraAgent.exe" VALUE "ProductName", "Pandora FMS Windows Agent" - VALUE "ProductVersion", "(7.0NG.755(Build 210618))" + VALUE "ProductVersion", "(7.0NG.755(Build 210621))" VALUE "FileVersion", "1.0.0.0" END END diff --git a/pandora_console/DEBIAN/control b/pandora_console/DEBIAN/control index 8054509121..107017cec5 100644 --- a/pandora_console/DEBIAN/control +++ b/pandora_console/DEBIAN/control @@ -1,5 +1,5 @@ package: pandorafms-console -Version: 7.0NG.755-210618 +Version: 7.0NG.755-210621 Architecture: all Priority: optional Section: admin diff --git a/pandora_console/DEBIAN/make_deb_package.sh b/pandora_console/DEBIAN/make_deb_package.sh index f006f0b474..fac68dcb19 100644 --- a/pandora_console/DEBIAN/make_deb_package.sh +++ b/pandora_console/DEBIAN/make_deb_package.sh @@ -14,7 +14,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -pandora_version="7.0NG.755-210618" +pandora_version="7.0NG.755-210621" package_pear=0 package_pandora=1 diff --git a/pandora_console/extras/delete_files/delete_files.txt b/pandora_console/extras/delete_files/delete_files.txt index 10e49c14fd..532b1c990d 100644 --- a/pandora_console/extras/delete_files/delete_files.txt +++ b/pandora_console/extras/delete_files/delete_files.txt @@ -100,3 +100,8 @@ enterprise/include/functions_update_manager.php include/ajax/rolling_release.ajax.php extensions/plugin_registration.php enterprise/include/functions_plugins.php +include/help/en/help_event_alert.php +include/help/es/help_event_alert.php +enterprise/godmode/alerts/alert_events.php +enterprise/godmode/alerts/alert_events_list.php +enterprise/godmode/alerts/alert_events_rules.php diff --git a/pandora_console/extras/mr/48.sql b/pandora_console/extras/mr/48.sql index acabd5bbda..4a25b9bb75 100644 --- a/pandora_console/extras/mr/48.sql +++ b/pandora_console/extras/mr/48.sql @@ -13,4 +13,13 @@ CREATE TABLE IF NOT EXISTS `tsync_queue` ( SOURCE './procedures/updateSnmpAlerts.sql'; -COMMIT; \ No newline at end of file +UPDATE pandora.tuser_task +SET parameters='a:7:{i:0;a:7:{s:11:"description";s:30:"Template pending to be created";s:5:"table";s:16:"treport_template";s:8:"field_id";s:9:"id_report";s:10:"field_name";s:4:"name";s:8:"required";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_group";}i:1;a:7:{s:11:"description";s:6:"Agents";s:5:"table";s:7:"tagente";s:8:"field_id";s:9:"id_agente";s:10:"field_name";s:6:"nombre";s:8:"multiple";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_grupo";}i:2;a:2:{s:11:"description";s:16:"Report per agent";s:10:"select_two";b:1;}i:3;a:2:{s:11:"description";s:11:"Report name";s:4:"type";s:6:"string";}i:4;a:2:{s:11:"description";s:47:"Send to e-mail addresses (separated by a comma)";s:4:"type";s:4:"text";}i:5;a:2:{s:11:"description";s:7:"Subject";s:8:"optional";i:1;}i:6;a:3:{s:11:"description";s:7:"Message";s:4:"type";s:4:"text";s:8:"optional";i:1;}}i:7;a:2:{s:11:"description";s:11:"Report Type";s:4:"type";s:11:"report_type";}}' +WHERE id=2; + +UPDATE `tuser_task_scheduled` SET + `args` = REPLACE (`args`, 'a:8', 'a:9'), + `args`= REPLACE(`args`, 's:15:"first_execution"', 'i:2;s:0:"";i:7;s:3:"PDF";s:15:"first_execution"') + WHERE `id_user_task` = 2; + +COMMIT; diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql index b2b72e4e19..485248c846 100644 --- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql +++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql @@ -2562,6 +2562,8 @@ ALTER TABLE `tnetflow_filter` MODIFY COLUMN `router_ip` text NOT NULL; UPDATE tuser_task set parameters = 'a:5:{i:0;a:6:{s:11:\"description\";s:28:\"Report pending to be created\";s:5:\"table\";s:7:\"treport\";s:8:\"field_id\";s:9:\"id_report\";s:10:\"field_name\";s:4:\"name\";s:4:\"type\";s:3:\"int\";s:9:\"acl_group\";s:8:\"id_group\";}i:1;a:2:{s:11:\"description\";s:46:\"Send to email addresses (separated by a comma)\";s:4:\"type\";s:4:\"text\";}i:2;a:2:{s:11:\"description\";s:7:\"Subject\";s:8:\"optional\";i:1;}i:3;a:3:{s:11:\"description\";s:7:\"Message\";s:4:\"type\";s:4:\"text\";s:8:\"optional\";i:1;}i:4;a:2:{s:11:\"description\";s:11:\"Report Type\";s:4:\"type\";s:11:\"report_type\";}}' where function_name = "cron_task_generate_report"; INSERT IGNORE INTO tuser_task VALUES (8, 'cron_task_generate_csv_log', 'a:1:{i:0;a:2:{s:11:"description";s:14:"Send to e-mail";s:4:"type";s:4:"text";}}', 'Send csv log'); UPDATE `tuser_task` SET `parameters`='a:4:{i:0;a:6:{s:11:"description";s:28:"Report pending to be created";s:5:"table";s:7:"treport";s:8:"field_id";s:9:"id_report";s:10:"field_name";s:4:"name";s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_group";}i:1;a:2:{s:11:"description";s:426:"Save to disk in pathThe Apache user should have read-write access on this folder. E.g. /var/www/html/pandora_console/attachment";s:4:"type";s:6:"string";}i:2;a:2:{s:11:"description";s:16:"File nane prefix";s:4:"type";s:6:"string";}i:3;a:2:{s:11:"description";s:11:"Report Type";s:4:"type";s:11:"report_type";}}' WHERE `id`=3; +UPDATE pandora.tuser_task +SET parameters='a:7:{i:0;a:7:{s:11:"description";s:30:"Template pending to be created";s:5:"table";s:16:"treport_template";s:8:"field_id";s:9:"id_report";s:10:"field_name";s:4:"name";s:8:"required";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_group";}i:1;a:7:{s:11:"description";s:6:"Agents";s:5:"table";s:7:"tagente";s:8:"field_id";s:9:"id_agente";s:10:"field_name";s:6:"nombre";s:8:"multiple";b:1;s:4:"type";s:3:"int";s:9:"acl_group";s:8:"id_grupo";}i:2;a:2:{s:11:"description";s:16:"Report per agent";s:10:"select_two";b:1;}i:3;a:2:{s:11:"description";s:11:"Report name";s:4:"type";s:6:"string";}i:4;a:2:{s:11:"description";s:47:"Send to e-mail addresses (separated by a comma)";s:4:"type";s:4:"text";}i:5;a:2:{s:11:"description";s:7:"Subject";s:8:"optional";i:1;}i:6;a:3:{s:11:"description";s:7:"Message";s:4:"type";s:4:"text";s:8:"optional";i:1;}}i:7;a:2:{s:11:"description";s:11:"Report Type";s:4:"type";s:11:"report_type";}}' WHERE id=2; DELETE FROM `tuser_task` WHERE id = 6; -- Migrate old tasks @@ -2576,6 +2578,12 @@ UPDATE `tuser_task_scheduled` SET `args`= REPLACE(`args`, 's:15:"first_execution"', 'i:2;s:0:"";i:3;s:3:"XML";s:15:"first_execution"') WHERE `id_user_task` = 6; + UPDATE `tuser_task_scheduled` SET + `args` = REPLACE (`args`, 'a:8', 'a:9'), + `args`= REPLACE(`args`, 's:15:"first_execution"', 'i:2;s:0:"";i:7;s:3:"PDF";s:15:"first_execution"') + WHERE `id_user_task` = 2; + + -- ---------------------------------------------------------------------- -- ADD message in table 'tnews' -- ---------------------------------------------------------------------- diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index 9629bb8c75..b7768d81c7 100755 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -210,7 +210,7 @@ switch ($login_screen) { case 'login': if (!empty($page) && !empty($sec)) { foreach ($_POST as $key => $value) { - html_print_input_hidden(io_safe_input($key), $value); + html_print_input_hidden(io_safe_input($key), io_safe_input($value)); } } @@ -334,6 +334,9 @@ if ($config['enterprise_installed']) { } } +// CSRF validation. +html_print_csrf_hidden(); + echo ''; echo '
'; echo '
'; @@ -686,7 +689,7 @@ html_print_div(['id' => 'forced_title_layer', 'class' => 'forced_title_layer', ' }); $("#submit-hide-login-logout").click (function () { - $("#login_logout").dialog('close'); + document.location = ""; }); }); break; diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index c1a238d7d5..6ccf36b4a0 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -160,7 +160,7 @@ $pure = get_parameter('pure', 0); $schedule_report = get_parameter('schbutton', ''); $pagination = (int) get_parameter('pagination', $config['block_size']); -if ($action == 'edit' && $idReport > 0) { +if ($action === 'edit' && $idReport > 0) { $report_group = db_get_value( 'id_group', 'treport', @@ -451,6 +451,14 @@ switch ($action) { } else { $resultOperationDB = false; } + + header( + sprintf( + 'Location: %sindex.php?sec=reporting&sec2=godmode/reporting/reporting_builder&tab=list_items&action=edit&id_report=%d', + $config['homeurl'], + $idReport + ) + ); break; case 'delete_items_pos': @@ -514,6 +522,7 @@ switch ($action) { } break; + case 'copy_report': case 'delete_report': case 'list': $buttons = [ @@ -666,6 +675,81 @@ switch ($action) { ); } + if ($action === 'copy_report') { + $copy = false; + switch ($type_access_selected) { + case 'group_view': + if ($config['id_user'] == $report['id_user'] + || is_user_admin($config['id_user']) + ) { + $copy = true; + // Owner can delete. + } else { + $copy = check_acl( + $config['id_user'], + $report['id_group'], + 'RM' + ); + } + break; + + case 'group_edit': + if ($config['id_user'] == $report['id_user'] + || is_user_admin($config['id_user']) + ) { + $copy = true; + // Owner can delete. + } else { + $copy = check_acl( + $config['id_user'], + $report['id_group'], + 'RM' + ); + } + break; + + case 'user_edit': + if ($config['id_user'] == $report['id_user'] + || is_user_admin($config['id_user']) + ) { + $copy = true; + } + break; + + default: + // Default. + break; + } + + if (! $copy && !empty($type_access_selected)) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access report builder copy' + ); + include 'general/noaccess.php'; + exit; + } + + $result = reports_copy_report($idReport); + if ($result !== false) { + db_pandora_audit( + 'Report management', + 'Copy report #'.$idReport + ); + } else { + db_pandora_audit( + 'Report management', + 'Fail try to copy report #'.$idReport + ); + } + + ui_print_result_message( + $result, + __('Successfully copied'), + __('Could not be copied') + ); + } + $id_group = (int) get_parameter('id_group', 0); $search = trim(get_parameter('search', '')); @@ -1101,6 +1185,27 @@ switch ($action) { $data[$next] .= ''; } + $data[$next] .= '
'; + $data[$next] .= html_print_input_hidden( + 'id_report', + $report['id_report'], + true + ); + $data[$next] .= html_print_input_hidden( + 'action', + 'copy_report', + true + ); + $data[$next] .= html_print_input_image( + 'dup', + 'images/copy.png', + 1, + '', + true, + ['title' => __('Duplicate')] + ); + $data[$next] .= '
'; + if ($delete) { $data[$next] .= '
'; $data[$next] .= html_print_input_image( @@ -3349,7 +3454,7 @@ if ($resultOperationDB !== null) { $textReportName, 'images/op_reporting.png', false, - $helpers, + '', false, $buttons, [ diff --git a/pandora_console/godmode/setup/setup_general.php b/pandora_console/godmode/setup/setup_general.php index 25165996c7..972075f61c 100644 --- a/pandora_console/godmode/setup/setup_general.php +++ b/pandora_console/godmode/setup/setup_general.php @@ -644,14 +644,14 @@ echo ''.__('Mail configuration').''; $table_mail_test->class = 'databox filters'; $table_mail_test->data = []; $table_mail_test->style[0] = 'font-weight: bold;'; - $table_mail_test->style[1] = 'font-weight: bold;display: flex;height: 54px;align-items: center;'; + $table_mail_test->style[1] = 'font-weight: bold;display: flex;height: 54px;align-items: center;padding-left: 15px;'; $table_mail_test->data[0][0] = __('Address'); $table_mail_test->data[0][1] = html_print_input_text( 'email_test_address', '', '', - 40, + 35, 100, true ); diff --git a/pandora_console/include/ajax/planned_downtime.ajax.php b/pandora_console/include/ajax/planned_downtime.ajax.php index f1496dd64a..277ba77411 100644 --- a/pandora_console/include/ajax/planned_downtime.ajax.php +++ b/pandora_console/include/ajax/planned_downtime.ajax.php @@ -65,7 +65,10 @@ if ($get_modules_downtime) { $downtime_module_ids = extract_column($downtime_modules, 'id_agent_module'); $downtime_modules = array_fill_keys($downtime_module_ids, true); - $filter = ['id_agente' => $id_agent, 'delete_pending' => 0]; + $filter = [ + 'id_agente' => $id_agent, + 'delete_pending' => 0, + ]; $modules = db_get_all_rows_filter('tagente_modulo', $filter); if (empty($modules)) { $modules = []; diff --git a/pandora_console/include/class/ExternalTools.class.php b/pandora_console/include/class/ExternalTools.class.php index 1b54a530dc..2b556f2308 100644 --- a/pandora_console/include/class/ExternalTools.class.php +++ b/pandora_console/include/class/ExternalTools.class.php @@ -98,8 +98,12 @@ class ExternalTools extends HTML // Define array for host the command/parameters pair data. $this->pathCustomComm[$customValue] = []; // Ensure the information. - $this->pathCustomComm[$customValue]['command_custom'] = (string) get_parameter('command_custom_'.$customCommandId); - $this->pathCustomComm[$customValue]['params_custom'] = (string) get_parameter('params_custom_'.$customCommandId); + $this->pathCustomComm[$customValue]['command_custom'] = (string) get_parameter( + 'command_custom_'.$customCommandId + ); + $this->pathCustomComm[$customValue]['params_custom'] = (string) get_parameter( + 'params_custom_'.$customCommandId + ); } } } @@ -139,7 +143,7 @@ class ExternalTools extends HTML global $config; $i = 0; - $sounds = $this->get_sounds(); + $sounds = $this->getSounds(); if ($this->updatePaths === true) { $external_tools_config = []; @@ -170,7 +174,9 @@ class ExternalTools extends HTML if ($result === true) { $result = config_update_value( 'external_tools_config', - json_encode($external_tools_config) + io_safe_input( + json_encode($external_tools_config) + ) ); } @@ -181,8 +187,12 @@ class ExternalTools extends HTML ); } else { if (isset($config['external_tools_config']) === true) { - $external_tools_config_output = io_safe_output($config['external_tools_config']); - $external_tools_config = json_decode($external_tools_config_output, true); + $external_tools_config = json_decode( + io_safe_output( + $config['external_tools_config'] + ), + true + ); // Setting paths. $this->pathTraceroute = $external_tools_config['traceroute_path']; $this->pathPing = $external_tools_config['ping_path']; @@ -689,16 +699,32 @@ class ExternalTools extends HTML // Only perform an execution if command is passed. Avoid errors. if (empty($command) === false) { + $resultCode = 0; ob_start(); - system($command); + system(io_safe_output($command), $resultCode); $output .= ob_get_clean(); } else { - $output .= __('No command for perform'); + $output .= __('Command not response'); } $output .= ''; + + if ($resultCode !== 0) { + throw new Exception( + sprintf( + '%s %s', + __('The command failed and obtained the return code:'), + $resultCode + ), + 1 + ); + } } catch (\Throwable $th) { - $output = __('Something went wrong while perform the execution. Please check the configuration.'); + $output = sprintf( + '%s %s', + $th->getMessage(), + __('Something went wrong while perform the execution. Please check the configuration.') + ); } echo $output; @@ -891,7 +917,7 @@ class ExternalTools extends HTML * * @return string Path. */ - private function get_sounds() + private function getSounds() { global $config; @@ -961,11 +987,13 @@ class ExternalTools extends HTML if (parseInt(separatedId[2]) === 0) { $("#text-command_custom_"+fieldLines, "#"+thisNewId) .attr("name", "command_custom_"+fieldLinesAdded) - .attr("id", "text-command_custom_"+fieldLinesAdded); + .attr("id", "text-command_custom_"+fieldLinesAdded) + .val(''); } else if (parseInt(separatedId[2]) === 1) { $("#text-params_custom_"+fieldLines, "#"+thisNewId) .attr("id", "text-params_custom_"+fieldLinesAdded) - .attr("name", "params_custom_"+fieldLinesAdded); + .attr("name", "params_custom_"+fieldLinesAdded) + .val(''); } else if (parseInt(separatedId[2]) === 2) { $("#img_delete_button_custom_"+fieldLines, "#"+thisNewId) .attr("id", "img_delete_button_custom_"+fieldLinesAdded); @@ -979,6 +1007,10 @@ class ExternalTools extends HTML if (parseInt(lineNumber) >= 1 && lineCount > 1) { $("#custom_row_" + lineNumber).remove(); + } else if (lineCount === 1) { + $("#custom_row_" + lineNumber).find('input').each(function() { + $(this).val(''); + }); } if (lineCount === 1) { diff --git a/pandora_console/include/class/Tree.class.php b/pandora_console/include/class/Tree.class.php index 6050bffa2e..8ff384a8fc 100644 --- a/pandora_console/include/class/Tree.class.php +++ b/pandora_console/include/class/Tree.class.php @@ -1126,6 +1126,7 @@ class Tree $agent_search_filter $agent_status_filter $module_search_filter + $module_status_filter $tag_condition GROUP BY tam.id_agente_modulo ORDER BY tam.nombre ASC, tam.id_agente_modulo ASC"; diff --git a/pandora_console/include/config_process.php b/pandora_console/include/config_process.php index ddcfc0ddad..7cd79e3cbb 100644 --- a/pandora_console/include/config_process.php +++ b/pandora_console/include/config_process.php @@ -20,7 +20,7 @@ /** * Pandora build version and version */ -$build_version = 'PC210618'; +$build_version = 'PC210621'; $pandora_version = 'v7.0NG.755'; // Do not overwrite default timezone set if defined. @@ -93,6 +93,8 @@ if (!isset($config['dbport'])) { require_once $ownDir.'constants.php'; require_once $ownDir.'functions_db.php'; require_once $ownDir.'functions.php'; +require_once $ownDir.'functions_io.php'; + // We need a timezone BEFORE calling config_process_config. // If not we will get ugly warnings. Set Europe/Madrid by default diff --git a/pandora_console/include/functions_cron.php b/pandora_console/include/functions_cron.php index 16381f0d10..c93d4d1d0f 100644 --- a/pandora_console/include/functions_cron.php +++ b/pandora_console/include/functions_cron.php @@ -581,11 +581,24 @@ function cron_list_table() continue; } - $agents_id = $args[1]; - $id_group = $args[2]; - $report_per_agent = $args[0]; - $report_name = $args[3]; - $email = $args[4]; + if (empty($args[1]) === false && (string) $args[1] !== '0') { + $agents_id = $args[1]; + } else { + if (empty($args[2]) === false) { + $agents_id = sprintf( + '(%s) %s', + __('regex'), + $args[2] + ); + } else { + $agents_id = __('None'); + } + } + + $report_type = $args[7]; + $report_per_agent = $args[3]; + $report_name = $args[4]; + $email = $args[5]; $data[2] .= '
- '.__('Template').': '; $data[2] .= ''; $data[2] .= $template['name'].''; @@ -593,6 +606,8 @@ function cron_list_table() $data[2] .= '
- '.__('Report per agent').': '.$report_per_agent.''; $data[2] .= '
- '.__('Report name').': '.$report_name.''; $data[2] .= '
- '.__('Email').": ".$email.''; + $data[2] .= '
- '.__('Report type').': '.$report_type; + break; case 'cron_task_execute_custom_script': diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php index c40da89be2..296c512cc3 100644 --- a/pandora_console/include/functions_filemanager.php +++ b/pandora_console/include/functions_filemanager.php @@ -303,7 +303,7 @@ if ($create_dir === true) { $directory = filemanager_safe_directory((string) get_parameter('directory', '/')); $hash = (string) get_parameter('hash'); - $testHash = md5($directory.$config['dbpass']); + $testHash = md5($directory.$config['server_unique_identifier']); if ($hash !== $testHash) { ui_print_error_message(__('Security error.')); @@ -336,7 +336,7 @@ if ($delete_file === true) { $filename = (string) get_parameter('filename'); $filename = io_safe_output($filename); $hash = get_parameter('hash', ''); - $testHash = md5($filename.$config['dbpass']); + $testHash = md5($filename.$config['server_unique_identifier']); if ($hash !== $testHash) { $config['filemanager']['message'] = ui_print_error_message(__('Security error'), '', true); @@ -618,7 +618,7 @@ function filemanager_file_explorer( if (($prev_dir_str != '') && ($father != $relative_directory)) { $table->data[0][0] = html_print_image('images/go_previous.png', true, ['class' => 'invert_filter']); - $table->data[0][1] = ''; + $table->data[0][1] = ''; $table->data[0][1] .= __('Parent directory'); $table->data[0][1] .= ''; @@ -669,7 +669,7 @@ function filemanager_file_explorer( } if ($fileinfo['is_dir']) { - $data[1] = ''.$fileinfo['name'].''; + $data[1] = ''.$fileinfo['name'].''; } else if (!empty($url_file)) { // Set the custom url file $url_file_clean = str_replace('[FILE_FULLPATH]', $fileinfo['realpath'], $url_file); @@ -677,7 +677,7 @@ function filemanager_file_explorer( $data[1] = ''.$fileinfo['name'].''; } else { $filename = base64_encode($relative_directory.'/'.$fileinfo['name']); - $hash = md5($filename.$config['dbpass']); + $hash = md5($filename.$config['server_unique_identifier']); $data[1] = ''.$fileinfo['name'].''; } @@ -712,7 +712,7 @@ function filemanager_file_explorer( $data[4] .= ''; $data[4] .= ''; $data[4] .= html_print_input_hidden('filename', $fileinfo['realpath'], true); - $data[4] .= html_print_input_hidden('hash', md5($fileinfo['realpath'].$config['dbpass']), true); + $data[4] .= html_print_input_hidden('hash', md5($fileinfo['realpath'].$config['server_unique_identifier']), true); $data[4] .= html_print_input_hidden('delete_file', 1, true); $relative_dir = str_replace($homedir_filemanager, '', str_replace('\\', '/', dirname($fileinfo['realpath']))); @@ -721,7 +721,7 @@ function filemanager_file_explorer( $relative_dir = substr($relative_dir, 1); } - $hash2 = md5($relative_dir.$config['dbpass']); + $hash2 = md5($relative_dir.$config['server_unique_identifier']); $data[4] .= html_print_input_hidden('directory', $relative_dir, true); $data[4] .= html_print_input_hidden('hash2', $hash2, true); @@ -731,7 +731,7 @@ function filemanager_file_explorer( if (($typefile != 'bin') && ($typefile != 'pdf') && ($typefile != 'png') && ($typefile != 'jpg') && ($typefile != 'iso') && ($typefile != 'docx') && ($typefile != 'doc') && ($fileinfo['mime'] != MIME_DIR) ) { - $hash = md5($fileinfo['realpath'].$config['dbpass']); + $hash = md5($fileinfo['realpath'].$config['server_unique_identifier']); $data[4] .= "".html_print_image('images/edit.png', true, ['style' => 'margin-top: 2px;', 'title' => __('Edit file'), 'class' => 'invert_filter']).''; } } @@ -739,7 +739,7 @@ function filemanager_file_explorer( if ((!$fileinfo['is_dir']) && ($download_button)) { $filename = base64_encode($fileinfo['name']); - $hash = md5($filename.$config['dbpass']); + $hash = md5($filename.$config['server_unique_identifier']); $data[4] .= ''; $data[4] .= html_print_image('images/file.png', true, ['class' => 'invert_filter']); $data[4] .= ''; @@ -797,13 +797,13 @@ function filemanager_file_explorer( '; echo '
'; +
'.html_print_input_text('dirname', '', '', 30, 255, true).html_print_submit_button(__('Create'), 'crt', false, 'class="sub next"', true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('create_dir', 1, true).html_print_input_hidden('hash', md5($relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['server_unique_identifier']), true).'
'; echo ''; +
'.ui_print_help_tip(__('The zip upload in this dir, easy to upload multiple files.'), true).html_print_input_file('file', true, false).html_print_input_hidden('umask', $umask, true).html_print_checkbox('decompress', 1, false, true).__('Decompress').html_print_submit_button(__('Go'), 'go', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('hash2', md5($relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('upload_file_or_zip', 1, true).'
'; echo ' '; +
'.html_print_input_text('name_file', '', '', 30, 50, true).html_print_submit_button(__('Create'), 'create', false, 'class="sub next"', true).html_print_input_hidden('real_directory', $real_directory, true).html_print_input_hidden('directory', $relative_directory, true).html_print_input_hidden('hash', md5($real_directory.$relative_directory.$config['server_unique_identifier']), true).html_print_input_hidden('umask', $umask, true).html_print_input_hidden('create_text_file', 1, true).'
'; echo "
"; diff --git a/pandora_console/include/functions_graph.php b/pandora_console/include/functions_graph.php index 923138e88e..a5463283db 100644 --- a/pandora_console/include/functions_graph.php +++ b/pandora_console/include/functions_graph.php @@ -1412,6 +1412,14 @@ function graphic_combined_module( $labels = []; $modules = []; foreach ($sources as $source) { + $id_agent = agents_get_module_id( + $source['id_agent_module'] + ); + + if (!$id_agent) { + continue; + } + if (is_metaconsole() === true) { metaconsole_restore_db(); $server = metaconsole_get_connection_by_id($source['id_server']); @@ -1428,9 +1436,6 @@ function graphic_combined_module( array_push($modules, $modulepush); array_push($weights, $source['weight']); if ($source['label'] != '' || $params_combined['labels']) { - $id_agent = agents_get_module_id( - $source['id_agent_module'] - ); $agent_description = agents_get_description($id_agent); $agent_group = agents_get_agent_group($id_agent); $agent_address = agents_get_address($id_agent); diff --git a/pandora_console/include/functions_reports.php b/pandora_console/include/functions_reports.php index f688ea78b6..b19be7f93c 100755 --- a/pandora_console/include/functions_reports.php +++ b/pandora_console/include/functions_reports.php @@ -275,13 +275,12 @@ function reports_get_content($id_report_content, $filter=false, $fields=false) /** - * Get all the contents of a report. + * Creates the contents of a report. * * @param int Report id to get contents. - * @param array Extra filters for the contents. - * @param array Fields to be fetched. All fields by default + * @param array values to be created. * - * @return array All the contents of a report. + * @return boolean true id succed, false otherwise. */ function reports_create_content($id_report, $values) { @@ -305,7 +304,11 @@ function reports_create_content($id_report, $values) switch ($config['dbtype']) { case 'mysql': - unset($values['`order`']); + if (isset($values['`order`'])) { + unset($values['`order`']); + } else { + unset($values['order']); + } $order = (int) db_get_value('MAX(`order`)', 'treport_content', 'id_report', $id_report); $values['`order`'] = ($order + 1); @@ -907,3 +910,100 @@ function reports_get_report_types($template=false, $not_editor=false) return $types; } + + +function reports_copy_report($id_report) +{ + $report = reports_get_report($id_report); + + // Unset original report id_report. + unset($report['id_report']); + + $original_name = $report['name']; + $original_group = $report['id_group']; + + $copy_name = io_safe_input(sprintf(__('copy of %s'), io_safe_output($original_name))); + + $copy_report = reports_create_report($copy_name, $original_group, $report); + + if ($copy_report !== false) { + $original_contents = reports_get_contents($id_report); + if (empty($original_contents) === false) { + foreach ($original_contents as $original_content) { + $original_content['id_report'] = $copy_report; + $original_id_rc = $original_content['id_rc']; + unset($original_content['id_rc']); + $result_content = db_process_sql_insert('treport_content', $original_content); + + if ($result_content === false) { + $result = false; + break; + } + + switch (io_safe_output($original_content['type'])) { + case 'SLA': + case 'SLA_monthly': + case 'SLA_weekly': + case 'SLA_hourly': + case 'availability_graph': + + $slas = db_get_all_rows_field_filter('treport_content_sla_combined', 'id_report_content', $original_id_rc); + if ($slas === false) { + $slas = []; + } + + foreach ($slas as $sla) { + unset($sla['id']); + + // Set id report to copy id. + $sla['id_report_content'] = $result_content; + $sla_copy = db_process_sql_insert('treport_content_sla_combined', $sla); + + if ($sla_copy === false) { + reports_delete_content($result_content); + $result = false; + break; + } + } + break; + + case 'general': + case 'top_n': + case 'availability': + case 'exception': + + $items = db_get_all_rows_field_filter('treport_content_item', 'id_report_content', $original_id_rc); + if ($items === false) { + $items = []; + } + + foreach ($items as $item) { + unset($item['id']); + + // Set id report to copy id. + $item['id_report_content'] = $result_content; + $item_copy = db_process_sql_insert('treport_content_item', $item); + + if ($item_copy === false) { + reports_delete_content($result_content); + $result = false; + break; + } + } + break; + + default: + // Empty default. + break; + } + } + } + } + + if ($result === false) { + reports_delete_report($copy_report); + return false; + } + + return true; +} diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php index f5ccaecd99..8de031a79b 100644 --- a/pandora_console/include/get_file.php +++ b/pandora_console/include/get_file.php @@ -35,7 +35,7 @@ $file = base64_decode(urldecode($file_raw)); $hash = get_parameter('hash', null); -if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['dbpass']) || !isset($_SERVER['HTTP_REFERER'])) { +if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['server_unique_identifier']) || !isset($_SERVER['HTTP_REFERER'])) { echo "

".__('Security error. Please contact the administrator.').'

'; } else { $downloadable_file = ''; diff --git a/pandora_console/include/help/en/help_event_alert.php b/pandora_console/include/help/en/help_event_alert.php deleted file mode 100644 index 04cf373b38..0000000000 --- a/pandora_console/include/help/en/help_event_alert.php +++ /dev/null @@ -1,66 +0,0 @@ - - -

Event Alerts

- -It is possible to define alerts on events, that allows to work from a completely new approach much more flexible. This is an Enterprise feature.
- -To create the new event alerts, click on the Create button in the Event alerts menu from the Administration menu.

- - -

- - - '250px']); ?> - - -
-An event alert is composed by different rules, linked between them by logical operators (and, or, xor, nand, nor, nxor). -

- - '550px']); ?> - -
-To could work easier with them, the configuration parameters of an event alert are identical to the module alert. Here could be find a detailed explanation of any of them. There are only two specific parameters of the event alerts: -

- Rule evaluation mode: There are two options Pass and Drop. Pass means that if a event fullfilled with a alert the alerts bellow are evaluated. Drop means that if a event fullfilled with a alert the alerts bellow stop to evaluated. -

- Group by: Allows to group the rules by agent, module, alert or group. For example, if a rule is configured to it fires when we receive two critical events, and it's grouped by agent, there should arrive two critical events from the same agent. It's possible to switch off. -

-Each rule is configured to fire with an specific kind of event. The alert will be fired when the logical equation defined by the rules and its operators is fulfilled -

- - - '550px']); ?> - -
- -The configuration parameters of one rule that are possible are: -

- Name: Name of the rule.
- User comment: Free comment.
- Event: Regular expression that matches with the event text.
- Window: The events that have been generated out of the time window will be rejected
- Count: Number of events that have to match with the rule to it could be fired.
- Agent: Regular expression that matches with the name of the agent that generated the event.
- Module: Regular expression that matches with the name of the module that generated the event.
- Module alerts: Regular expression that matches with the name of the alert that generated the event.
- Group: Group the agent belongs to.
- Criticity: Event criticity.
- Tag: Tags associated to the event.
- User: User associated to the event.
- Event type: Kind of event.

- -For example, we could configure a rule that matches with the events generated by any module that is named cpu_load of any agent of the Servers group that has associated the tag System when the module goes to critical status: -

- - - '550px']); ?> - -
-

Given the high number of events that the database could store, the server works on an event window that is defined in the pandora_server.conf configuration file through the parameter event_window. The events that have been generated out of this time window won't be processed by the server, so it doesn't make sense to specify in a rule a time window higher to the one configured in the server

- - diff --git a/pandora_console/include/help/es/help_event_alert.php b/pandora_console/include/help/es/help_event_alert.php deleted file mode 100644 index 5c326796dd..0000000000 --- a/pandora_console/include/help/es/help_event_alert.php +++ /dev/null @@ -1,64 +0,0 @@ - - -

Alerta de evento

- -Desde la versión 4.0 de se pueden definir alertas sobre los eventos, lo que permite trabajar desde una perspectiva completamente nueva y mucho más flexible. Esta es una característica Enterprise.

- -Las Alertas de evento nuevas se crean pinchando en el botón Create en el menú Event alerts en el menú de Administración. -

- - - '250px']); ?> - - -
-Una alerta de eventos está compuesta por distintas reglas, relacionadas entre sí por operadores lógicos (and, or, xor, nand, nor, nxor). -

- - '550px']); ?> - -
-Para hacer más fácil trabajar con ellas, los parámetros de configuración de una alerta de eventos son idénticos a los de una alerta de módulo. Aquí se puede encontrar una explicación detallada de cada uno de ellos. Únicamente existen dos parámetros específicos de las alertas de eventos: -

- Rule evaluation mode: Hay dos opciones Pass y Drop. Pass significa que en caso de que un evento coincida con una alerta se sigan evaluando el resto de alertas. Drop significa que en caso de que un evento coincida con una alerta no se evaluen el resto de alertas. -

- Group by: Permite agrupar las reglas por agente, módulo, alerta o grupo. Por ejemplo, si se configura una regla para que salte cuando se reciban dos eventos críticos y se agrupa por agente, deberán llegar dos eventos críticos de un mismo agente. Se puede desactivar. -

-Cada regla se configura para saltar ante un determinado tipo de evento, cuando se cumple la ecuación lógica definida por las reglas y sus operadores, la alerta se dispara. -

- - - '550px']); ?> - -
- -Los posibles parámetros de configuración de una regla son: -

- Name: Nombre de la regla.
- User comment: Comentario libre.
- Event: Expresión regular que casa con el texto del evento.
- Window: Los eventos que se hayan generado fuera de la ventana de tiempo serán descartados.
- Count: Número de eventos que tienen que casar con la regla para que ésta se dispare.
- Agent: Expresión regular que casa con el nombre del agente que generó el evento.
- Module: Expresión regular que casa con el nombre del módulo que generó el evento.
- Module alerts: Expresión regular que casa con el nombre de la alerta que generó el evento.
- Group: Grupo al que pertenece el Agente.
- Criticity: Criticidad del evento.
- Tag: Tags asociados al evento.
- User: Usuario asociado al evento.
- Event type: Tipo de evento.

- -Por ejemplo, podríamos configurar una regla que case con los eventos generados por cualquier módulo que se llame cpu_load de cualquier agente del grupo Servers que lleve asociado el tag System cuando el módulo pasa al estado crítico: -

- - - '550px']); ?> - -
-

Dado el elevado número de eventos que puede llegar a albergar la base de datos de , el servidor trabaja sobre una ventana de eventos que se define en el fichero de configuración pandora_server.conf mediante el parámetro event_window. Los eventos que se hayan generado fuera de esta ventana de tiempo no serán procesados por el servidor, de modo que no tiene sentido especificar en una regla una ventana de tiempo superior a la configurada en el servidor

- - diff --git a/pandora_console/include/javascript/pandora_dashboards.js b/pandora_console/include/javascript/pandora_dashboards.js index 0b370deab7..d5bea39443 100644 --- a/pandora_console/include/javascript/pandora_dashboards.js +++ b/pandora_console/include/javascript/pandora_dashboards.js @@ -843,6 +843,7 @@ function processTreeSearch(settings) { filters.searchModule = settings.searchModule; filters.statusModule = settings.statusModule; filters.groupID = settings.searchGroup; + filters.searchHirearchy = 1; $.ajax({ type: "POST", diff --git a/pandora_console/include/lib/Dashboard/Widgets/events_list.php b/pandora_console/include/lib/Dashboard/Widgets/events_list.php index 388c8e34c9..5f5f732128 100644 --- a/pandora_console/include/lib/Dashboard/Widgets/events_list.php +++ b/pandora_console/include/lib/Dashboard/Widgets/events_list.php @@ -535,6 +535,15 @@ class EventsListWidget extends Widget $filter['tag_without'] = base64_encode( json_encode($filter['tag_without']) ); + + if (!empty($filter['id_agent_module'])) { + $name = \modules_get_modules_name( + ' FROM tagente_modulo', + ' WHERE id_agente_modulo = '.$filter['id_agent_module'], + is_metaconsole() + ); + $filter['module_search'] = $name[0]['nombre']; + } } else { // Filtering. $filter['event_view_hr'] = $hours; diff --git a/pandora_console/include/lib/Dashboard/Widgets/tree_view.php b/pandora_console/include/lib/Dashboard/Widgets/tree_view.php index edb843bda0..cbeba60d3f 100644 --- a/pandora_console/include/lib/Dashboard/Widgets/tree_view.php +++ b/pandora_console/include/lib/Dashboard/Widgets/tree_view.php @@ -418,28 +418,30 @@ class TreeViewWidget extends Widget AGENT_MODULE_STATUS_NOT_INIT => __('Not init'), ]; - $inputs[] = [ - 'label' => __('Modules status'), - 'arguments' => [ - 'type' => 'select', - 'fields' => $fields, - 'name' => 'moduleStatus', - 'selected' => $values['moduleStatus'], - 'return' => true, - ], - ]; + if (is_metaconsole() === false) { + $inputs[] = [ + 'label' => __('Modules status'), + 'arguments' => [ + 'type' => 'select', + 'fields' => $fields, + 'name' => 'moduleStatus', + 'selected' => $values['moduleStatus'], + 'return' => true, + ], + ]; - // Filter modules. - $inputs[] = [ - 'label' => __('Filter modules'), - 'arguments' => [ - 'name' => 'filterModule', - 'type' => 'text', - 'value' => $values['filterModule'], - 'return' => true, - 'size' => 0, - ], - ]; + // Filter modules. + $inputs[] = [ + 'label' => __('Filter modules'), + 'arguments' => [ + 'name' => 'filterModule', + 'type' => 'text', + 'value' => $values['filterModule'], + 'return' => true, + 'size' => 0, + ], + ]; + } return $inputs; } diff --git a/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php b/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php index f73806967e..6774dd7fbd 100644 --- a/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php +++ b/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php @@ -157,6 +157,14 @@ final class DonutGraph extends Item if ($isString === true) { $graphData = \get_donut_module_data($moduleId); + if (empty($graphData) || $graphData === null) { + $aux = []; + $aux[0]['tag_name'] = 'No data to show'; + $aux[0]['color'] = '#aa3333'; + $aux[0]['value'] = 1; + $aux[0]['percent'] = 100; + $graphData = $aux; + } $data['html'] = \d3_donut_graph( (int) $data['id'], diff --git a/pandora_console/include/styles/pandora.css b/pandora_console/include/styles/pandora.css index 32d559abce..3b37291fe4 100644 --- a/pandora_console/include/styles/pandora.css +++ b/pandora_console/include/styles/pandora.css @@ -2563,7 +2563,6 @@ select { -moz-border-radius: 3px; -webkit-border-radius: 3px; border-radius: 3px; - font-size: 10pt; font-family: inherit; } diff --git a/pandora_console/index.php b/pandora_console/index.php index ac14a19818..667c6cfd72 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -246,6 +246,8 @@ $page = $sec2; // Reference variable for old time sake. $sec = get_parameter_get('sec'); $sec = safe_url_extraclean($sec); +// CSRF Validation. +$validatedCSRF = validate_csrf_code(); $process_login = false; @@ -319,7 +321,7 @@ if (! isset($config['id_user'])) { // Code. $code = (string) get_parameter_post('auth_code'); - if (!empty($code)) { + if (empty($code) === false) { $result = validate_double_auth_code($nick, $code); if ($result === true) { @@ -331,7 +333,7 @@ if (! isset($config['id_user'])) { // Error message. $config['auth_error'] = __('Invalid code'); - if (!isset($_SESSION['prepared_login_da']['attempts'])) { + if (isset($_SESSION['prepared_login_da']['attempts']) === false) { $_SESSION['prepared_login_da']['attempts'] = 0; } @@ -471,6 +473,18 @@ if (! isset($config['id_user'])) { } } + // CSRF Validation not pass in login. + if ($validatedCSRF === false) { + $process_error_message = __( + '%s cannot verify the origin of the request. Try again, please.', + get_product_name() + ); + + include_once 'general/login_page.php'; + // Finish the execution. + exit(''); + } + if (($nick_in_db !== false) && $expired_pass) { // Login ok and password has expired. include_once 'general/login_page.php'; @@ -747,16 +761,17 @@ if (! isset($config['id_user'])) { enterprise_include_once('include/functions_reset_pass.php'); } - $correct_pass_change = (boolean) get_parameter('correct_pass_change', 0); - $reset = (boolean) get_parameter('reset', 0); - $first = (boolean) get_parameter('first', 0); - $reset_hash = get_parameter('reset_hash', ''); + // Boolean parameters. + $correct_pass_change = (boolean) get_parameter('correct_pass_change', false); + $reset = (boolean) get_parameter('reset', false); + $first = (boolean) get_parameter('first', false); + // Strings. + $reset_hash = get_parameter('reset_hash'); + $pass1 = get_parameter_post('pass1'); + $pass2 = get_parameter_post('pass2'); + $id_user = get_parameter_post('id_user'); - $pass1 = get_parameter_post('pass1'); - $pass2 = get_parameter_post('pass2'); - $id_user = get_parameter_post('id_user'); - - if ($reset_hash != '') { + if (empty($reset_hash) === false) { $hash_data = explode(':::', $reset_hash); $id_user = $hash_data[0]; $codified_hash = $hash_data[1]; @@ -764,45 +779,61 @@ if (! isset($config['id_user'])) { $db_reset_pass_entry = db_get_value_filter('reset_time', 'treset_pass', ['id_user' => $id_user, 'cod_hash' => $id_user.':::'.$codified_hash]); } - if ($correct_pass_change && !empty($pass1) && !empty($pass2) && !empty($id_user) && $db_reset_pass_entry) { - delete_reset_pass_entry($id_user); + if ($correct_pass_change === true + && empty($pass1) === false + && empty($pass2) === false + && empty($id_user) === false + && $db_reset_pass_entry !== false + ) { + // The CSRF does not be validated. + if ($validatedCSRF === false) { + $process_error_message = __( + '%s cannot verify the origin of the request. Try again, please.', + get_product_name() + ); - $correct_reset_pass_process = ''; - $process_error_message = ''; + include_once 'general/login_page.php'; + // Finish the execution. + exit(''); + } else { + delete_reset_pass_entry($id_user); + $correct_reset_pass_process = ''; + $process_error_message = ''; - if ($pass1 == $pass2) { - $res = update_user_password($id_user, $pass1); - if ($res) { - db_process_sql_insert( - 'tsesion', - [ - 'id_sesion' => '', - 'id_usuario' => $id_user, - 'ip_origen' => $_SERVER['REMOTE_ADDR'], - 'accion' => 'Reset change', - 'descripcion' => 'Successful reset password process ', - 'fecha' => date('Y-m-d H:i:s'), - 'utimestamp' => time(), - ] - ); + if ($pass1 === $pass2) { + $res = update_user_password($id_user, $pass1); + if ($res) { + db_process_sql_insert( + 'tsesion', + [ + 'id_sesion' => '', + 'id_usuario' => $id_user, + 'ip_origen' => $_SERVER['REMOTE_ADDR'], + 'accion' => 'Reset change', + 'descripcion' => 'Successful reset password process ', + 'fecha' => date('Y-m-d H:i:s'), + 'utimestamp' => time(), + ] + ); - $correct_reset_pass_process = __('Password changed successfully'); + $correct_reset_pass_process = __('Password changed successfully'); - register_pass_change_try($id_user, 1); + register_pass_change_try($id_user, 1); + } else { + register_pass_change_try($id_user, 0); + + $process_error_message = __('Failed to change password'); + } } else { register_pass_change_try($id_user, 0); - $process_error_message = __('Failed to change password'); + $process_error_message = __('Passwords must be the same'); } - } else { - register_pass_change_try($id_user, 0); - $process_error_message = __('Passwords must be the same'); + include_once 'general/login_page.php'; } - - include_once 'general/login_page.php'; } else { - if ($reset_hash != '') { + if (empty($reset_hash) === false) { $process_error_message = ''; if ($db_reset_pass_entry) { @@ -819,23 +850,35 @@ if (! isset($config['id_user'])) { include_once 'general/login_page.php'; } } else { - if (!$reset) { + if ($reset === false) { include_once 'general/login_page.php'; } else { - $user_reset_pass = get_parameter('user_reset_pass', ''); + $user_reset_pass = get_parameter('user_reset_pass'); $error = ''; $mail = ''; $show_error = false; - if (!$first) { - if ($user_reset_pass == '') { + if ($first === false) { + // The CSRF does not be validated. + if ($validatedCSRF === false) { + $process_error_message = __( + '%s cannot verify the origin of the request. Try again, please.', + get_product_name() + ); + + include_once 'general/login_page.php'; + // Finish the execution. + exit(''); + } + + if (empty($user_reset_pass) === true) { $reset = false; $error = __('Id user cannot be empty'); $show_error = true; } else { $check_user = check_user_id($user_reset_pass); - if (!$check_user) { + if ($check_user === false) { $reset = false; register_pass_change_try($user_reset_pass, 0); $error = __('Error in reset password request'); @@ -868,9 +911,9 @@ if (! isset($config['id_user'])) { $body .= '

'; $body .= ''.__('Please do not reply to this email.').''; - $result = send_email_to_user($mail, $body, $subject); + $result = (bool) send_email_to_user($mail, $body, $subject); - if (!$result) { + if ($result === false) { $process_error_message = __('Error at sending the email'); } else { send_token_to_db($user_reset_pass, $cod_hash); @@ -1154,7 +1197,7 @@ if ($searchPage) { } else { // Home screen chosen by the user. $home_page = ''; - if (isset($config['id_user'])) { + if (isset($config['id_user']) === true) { $user_info = users_get_user_by_id($config['id_user']); $home_page = io_safe_output($user_info['section']); $home_url = $user_info['data_section']; @@ -1188,7 +1231,8 @@ if ($searchPage) { break; case 'Dashboard': - $str = 'sec=reporting&sec2=operation/dashboard/dashboard&dashboardId='.$home_url.'&d_from_main_page=1'; + $_GET['specialSec2'] = sprintf('operation/dashboard/dashboard&dashboardId=%s', $home_url); + $str = sprintf('sec=reporting&sec2=%s&d_from_main_page=1', $_GET['specialSec2']); parse_str($str, $res); foreach ($res as $key => $param) { $_GET[$key] = $param; @@ -1224,7 +1268,7 @@ if ($searchPage) { break; } - if (isset($_GET['sec2'])) { + if (isset($_GET['sec2']) === true) { $file = $_GET['sec2'].'.php'; // Make file path absolute to prevent accessing remote files. $file = __DIR__.'/'.$file; @@ -1233,7 +1277,7 @@ if ($searchPage) { $_GET['sec'] = ($main_sec == false) ? $_GET['sec'] : $main_sec; // Third condition is aimed to prevent from traversal attack. - if (!file_exists($file) + if (file_exists($file) === false || ($_GET['sec2'] != 'general/logon_ok' && enterprise_hook( 'enterprise_acl', [ diff --git a/pandora_console/install.php b/pandora_console/install.php index 4684286100..2af7534dd1 100644 --- a/pandora_console/install.php +++ b/pandora_console/install.php @@ -129,7 +129,7 @@

{'warmup_unknown_on'} == 1) { @@ -5702,7 +5704,7 @@ sub pandora_module_unknown ($$) { # Generate alerts if (pandora_inhibit_alerts ($pa_config, $agent, $dbh, 0) == 0 && pandora_cps_enabled($agent, $module) == 0) { my $extra_macros = { _modulelaststatuschange_ => $module->{'last_status_change'}}; - pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $extra_macros, undef, 0, 'unknown'); + pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $timestamp, $extra_macros, 0, 'unknown'); } else { logger($pa_config, "Alerts inhibited for agent '" . $agent->{'nombre'} . "'.", 10); @@ -5749,7 +5751,7 @@ sub pandora_module_unknown ($$) { # Generate alerts if (pandora_inhibit_alerts ($pa_config, $agent, $dbh, 0) == 0 && pandora_cps_enabled($agent, $module) == 0) { my $extra_macros = { _modulelaststatuschange_ => $module->{'last_status_change'}}; - pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $extra_macros, undef, 0, 'unknown'); + pandora_generate_alerts ($pa_config, 0, 3, $agent, $module, time (), $dbh, $timestamp, $extra_macros, 0, 'unknown'); } else { logger($pa_config, "Alerts inhibited for agent '" . $agent->{'nombre'} . "'.", 10); diff --git a/pandora_server/lib/PandoraFMS/Goliat/GoliatCURL.pm b/pandora_server/lib/PandoraFMS/Goliat/GoliatCURL.pm index 63fe5ca5de..bd63fb5449 100755 --- a/pandora_server/lib/PandoraFMS/Goliat/GoliatCURL.pm +++ b/pandora_server/lib/PandoraFMS/Goliat/GoliatCURL.pm @@ -254,6 +254,8 @@ sub g_http_task { utf8::decode($match_string); } + $match_string = quotemeta($match_string); + if ( $as_string =~ m/$match_string/i ){ $total_valid_requests++; } else { diff --git a/pandora_server/lib/PandoraFMS/PluginTools.pm b/pandora_server/lib/PandoraFMS/PluginTools.pm index 37347c5d8e..fb547bc9b5 100644 --- a/pandora_server/lib/PandoraFMS/PluginTools.pm +++ b/pandora_server/lib/PandoraFMS/PluginTools.pm @@ -34,7 +34,7 @@ our @ISA = qw(Exporter); # version: Defines actual version of Pandora Server for this module only my $pandora_version = "7.0NG.755"; -my $pandora_build = "210618"; +my $pandora_build = "210621"; our $VERSION = $pandora_version." ".$pandora_build; our %EXPORT_TAGS = ( 'all' => [ qw() ] ); diff --git a/pandora_server/pandora_server.redhat.spec b/pandora_server/pandora_server.redhat.spec index 4c24a764bb..0ff9f342e1 100644 --- a/pandora_server/pandora_server.redhat.spec +++ b/pandora_server/pandora_server.redhat.spec @@ -3,7 +3,7 @@ # %define name pandorafms_server %define version 7.0NG.755 -%define release 210618 +%define release 210621 Summary: Pandora FMS Server Name: %{name} diff --git a/pandora_server/pandora_server.spec b/pandora_server/pandora_server.spec index f0a5cbc220..362b042917 100644 --- a/pandora_server/pandora_server.spec +++ b/pandora_server/pandora_server.spec @@ -3,7 +3,7 @@ # %define name pandorafms_server %define version 7.0NG.755 -%define release 210618 +%define release 210621 Summary: Pandora FMS Server Name: %{name} diff --git a/pandora_server/pandora_server_installer b/pandora_server/pandora_server_installer index 7b751eacfd..06453ddfe2 100755 --- a/pandora_server/pandora_server_installer +++ b/pandora_server/pandora_server_installer @@ -9,7 +9,7 @@ # ********************************************************************** PI_VERSION="7.0NG.755" -PI_BUILD="210618" +PI_BUILD="210621" MODE=$1 if [ $# -gt 1 ]; then diff --git a/pandora_server/util/pandora_db.pl b/pandora_server/util/pandora_db.pl index 3c4e7f4b83..f17dc0988c 100755 --- a/pandora_server/util/pandora_db.pl +++ b/pandora_server/util/pandora_db.pl @@ -35,7 +35,7 @@ use PandoraFMS::Config; use PandoraFMS::DB; # version: define current version -my $version = "7.0NG.755 Build 210618"; +my $version = "7.0NG.755 Build 210621"; # Pandora server configuration my %conf; diff --git a/pandora_server/util/pandora_manage.pl b/pandora_server/util/pandora_manage.pl index d2526a7254..bff6517be4 100755 --- a/pandora_server/util/pandora_manage.pl +++ b/pandora_server/util/pandora_manage.pl @@ -36,7 +36,7 @@ use Encode::Locale; Encode::Locale::decode_argv; # version: define current version -my $version = "7.0NG.755 Build 210618"; +my $version = "7.0NG.755 Build 210621"; # save program name for logging my $progname = basename($0); @@ -3111,10 +3111,16 @@ sub cli_agent_update() { # Add the address to the agent if (defined $use_alias and $use_alias eq 'use_alias') { foreach my $id (@id_agents) { - add_new_address_agent ($dbh, $address_id, $id->{'id_agente'}); + my $ag_addr_id = get_agent_addr_id($dbh, $address_id, $id->{'id_agente'}); + if($ag_addr_id == -1) { + add_new_address_agent ($dbh, $address_id, $id->{'id_agente'}); + } } } else { - add_new_address_agent ($dbh, $address_id, $id_agent); + my $ag_addr_id = get_agent_addr_id($dbh, $address_id, $id_agent); + if($ag_addr_id == -1) { + add_new_address_agent ($dbh, $address_id, $id_agent); + } } $field = 'direccion';