librenms-librenms/html/netcmd.php

<?php

/*
 * LibreNMS
 *
 *   This file is part of LibreNMS.
 *
 * @package    librenms
 * @subpackage webinterface
 * @copyright  (C) 2006 - 2012 Adam Armstrong
 */

ini_set('allow_url_fopen', 0);
ini_set('display_errors', 0);

if ($_GET[debug]) {
    ini_set('display_errors', 1);
    ini_set('display_startup_errors', 1);
    ini_set('log_errors', 1);
    ini_set('error_reporting', E_ALL);
}

$init_modules = array('web', 'auth');
require realpath(__DIR__ . '/..') . '/includes/init.php';

if (!$_SESSION['authenticated']) {
    echo 'unauthenticated';
    exit;
}

$output = '';
if ($_GET['query'] && $_GET['cmd']) {
    $host = clean($_GET['query']);
    if (filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
        switch ($_GET['cmd']) {
            case 'whois':
                $cmd = $config['whois']." $host | grep -v \%";
                break;

            case 'ping':
                $cmd = $config['ping']." -c 5 $host";
                break;

            case 'tracert':
                $cmd = $config['mtr']." -r -c 5 $host";
                break;

            case 'nmap':
                if ($_SESSION['userlevel'] != '10') {
                    echo 'insufficient privileges';
                } else {
                    $cmd = $config['nmap']." $host";
                }
                break;
        }//end switch

        if (!empty($cmd)) {
            $output = `$cmd`;
        }
    }//end if
}//end if

$output = htmlentities(trim($output), ENT_QUOTES);
echo "<pre>$output</pre>";
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`<?php`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`/*`
Changed package names 2016-08-20 12:16:55 +01:00			`* LibreNMS`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*`
Changed package names 2016-08-20 12:16:55 +01:00			`* This file is part of LibreNMS.`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*`
Changed package names 2016-08-20 12:16:55 +01:00			`* @package librenms`
Revert boilerplate changes 2013-10-29 05:38:12 +10:00			`* @subpackage webinterface`
			`* @copyright (C) 2006 - 2012 Adam Armstrong`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*/`

security fixes. again. git-svn-id: http://www.observium.org/svn/observer/trunk@306 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:28:13 +00:00			`ini_set('allow_url_fopen', 0);`
			`ini_set('display_errors', 0);`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_GET[debug]) {`
			`ini_set('display_errors', 1);`
			`ini_set('display_startup_errors', 1);`
			`ini_set('log_errors', 1);`
			`ini_set('error_reporting', E_ALL);`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00			`}`

refactor: Centralize includes and initialization (#4991) 2016-11-21 14:12:59 -06:00			`$init_modules = array('web', 'auth');`
			`require realpath(__DIR__ . '/..') . '/includes/init.php';`
fixing things, adding better security git-svn-id: http://www.observium.org/svn/observer/trunk@351 61d68cd4-352d-0410-923a-c4978735b2b8 2009-03-11 14:50:24 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if (!$_SESSION['authenticated']) {`
			`echo 'unauthenticated';`
			`exit;`
			`}`
security fixes. again. git-svn-id: http://www.observium.org/svn/observer/trunk@306 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:28:13 +00:00
Test fix for a scrutinizer bug 2014-02-23 15:08:06 +10:00			`$output = '';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_GET['query'] && $_GET['cmd']) {`
security: Fix some reported security issues (#4807) 2016-10-15 20:45:18 +01:00			`$host = clean($_GET['query']);`
			`if (filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) \|\| filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) \|\| filter_var('http://'.$host, FILTER_VALIDATE_URL)) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`switch ($_GET['cmd']) {`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'whois':`
			`$cmd = $config['whois']." $host \| grep -v \%";`
			`break;`
revert r1957 patch git-svn-id: http://www.observium.org/svn/observer/trunk@1960 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-23 09:54:56 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'ping':`
			`$cmd = $config['ping']." -c 5 $host";`
			`break;`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'tracert':`
			`$cmd = $config['mtr']." -r -c 5 $host";`
			`break;`
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`case 'nmap':`
			`if ($_SESSION['userlevel'] != '10') {`
			`echo 'insufficient privileges';`
			`} else {`
			`$cmd = $config['nmap']." $host";`
			`}`
			`break;`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}//end switch`

			`if (!empty($cmd)) {`
			$output = `$cmd`;
			`}`
			`}//end if`
			`}//end if`

Resolved some security issues 2016-06-02 06:56:45 +00:00			`$output = htmlentities(trim($output), ENT_QUOTES);`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo "<pre>$output</pre>";`