html/netcmd.php

<?php

/*
 * LibreNMS
 *
 *   This file is part of LibreNMS.
 *
 * @package    librenms
 * @subpackage webinterface
 * @copyright  (C) 2006 - 2012 Adam Armstrong
 */

use LibreNMS\Authentication\Auth;

ini_set('allow_url_fopen', 0);

$init_modules = array('web', 'auth');
require realpath(__DIR__ . '/..') . '/includes/init.php';

set_debug($_GET['debug']);

if (!Auth::check()) {
    echo 'unauthenticated';
    exit;
}

$output = '';
if ($_GET['query'] && $_GET['cmd']) {
    $host = clean($_GET['query']);
    if (filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
        switch ($_GET['cmd']) {
            case 'whois':
                $cmd = $config['whois']." $host | grep -v \%";
                break;

            case 'ping':
                $cmd = $config['ping']." -c 5 $host";
                break;

            case 'tracert':
                $cmd = $config['mtr']." -r -c 5 $host";
                break;

            case 'nmap':
                if (!Auth::user()->isAdmin()) {
                    echo 'insufficient privileges';
                } else {
                    $cmd = $config['nmap']." $host";
                }
                break;
        }//end switch

        if (!empty($cmd)) {
            $output = `$cmd`;
        }
    }//end if
}//end if

$output = htmlentities(trim($output), ENT_QUOTES);
echo "<pre>$output</pre>";
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`<?php`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`/*`
Changed package names 2016-08-20 12:16:55 +01:00			`* LibreNMS`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*`
Changed package names 2016-08-20 12:16:55 +01:00			`* This file is part of LibreNMS.`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*`
Changed package names 2016-08-20 12:16:55 +01:00			`* @package librenms`
Revert boilerplate changes 2013-10-29 05:38:12 +10:00			`* @subpackage webinterface`
			`* @copyright (C) 2006 - 2012 Adam Armstrong`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*/`

refactor: Don't access $_SESSION directly for Auth (#8513) * Don't access $_SESSION directly for Auth * fix style * add property annotations 2018-04-07 15:55:28 -05:00			`use LibreNMS\Authentication\Auth;`

security fixes. again. git-svn-id: http://www.observium.org/svn/observer/trunk@306 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:28:13 +00:00			`ini_set('allow_url_fopen', 0);`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00
refactor: Centralize includes and initialization (#4991) 2016-11-21 14:12:59 -06:00			`$init_modules = array('web', 'auth');`
			`require realpath(__DIR__ . '/..') . '/includes/init.php';`
fixing things, adding better security git-svn-id: http://www.observium.org/svn/observer/trunk@351 61d68cd4-352d-0410-923a-c4978735b2b8 2009-03-11 14:50:24 +00:00
Improved Logging and Debugging (#8870) Use Log facility when Laravel is booted. Update init.php so we can easily boot Laravel for CLI scripts. (and just Eloquent, but that may go away) Move all debug setup into set_debug() function and use that across all scripts. Log Laravel database queries. Send debug output to librenms log file when enabling debug in the webui. Allow for colorized Log CLI output. (currently will leave % tags in log file output) ** Needs testing and perhaps tweaking still. DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-07-13 17:08:00 -05:00			`set_debug($_GET['debug']);`

refactor: Don't access $_SESSION directly for Auth (#8513) * Don't access $_SESSION directly for Auth * fix style * add property annotations 2018-04-07 15:55:28 -05:00			`if (!Auth::check()) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo 'unauthenticated';`
			`exit;`
			`}`
security fixes. again. git-svn-id: http://www.observium.org/svn/observer/trunk@306 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:28:13 +00:00
Test fix for a scrutinizer bug 2014-02-23 15:08:06 +10:00			`$output = '';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_GET['query'] && $_GET['cmd']) {`
security: Fix some reported security issues (#4807) 2016-10-15 20:45:18 +01:00			`$host = clean($_GET['query']);`
			`if (filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) \|\| filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) \|\| filter_var('http://'.$host, FILTER_VALIDATE_URL)) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`switch ($_GET['cmd']) {`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'whois':`
			`$cmd = $config['whois']." $host \| grep -v \%";`
			`break;`
revert r1957 patch git-svn-id: http://www.observium.org/svn/observer/trunk@1960 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-23 09:54:56 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'ping':`
			`$cmd = $config['ping']." -c 5 $host";`
			`break;`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'tracert':`
			`$cmd = $config['mtr']." -r -c 5 $host";`
			`break;`
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'nmap':`
refactor: Don't access $_SESSION directly for Auth (#8513) * Don't access $_SESSION directly for Auth * fix style * add property annotations 2018-04-07 15:55:28 -05:00			`if (!Auth::user()->isAdmin()) {`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`echo 'insufficient privileges';`
			`} else {`
			`$cmd = $config['nmap']." $host";`
			`}`
			`break;`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}//end switch`

			`if (!empty($cmd)) {`
			$output = `$cmd`;
			`}`
			`}//end if`
			`}//end if`

Resolved some security issues 2016-06-02 06:56:45 +00:00			`$output = htmlentities(trim($output), ENT_QUOTES);`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo "<pre>$output</pre>";`