librenms-librenms/html/netcmd.php

<?php

/*
 * Observium
 *
 *   This file is part of Observium.
 *
 * @package    observium
 * @subpackage webinterface
 * @author     Adam Armstrong <adama@memetic.org>
 * @copyright  (C) 2006 - 2012 Adam Armstrong
 */

ini_set('allow_url_fopen', 0);
ini_set('display_errors', 0);

if ($_GET[debug]) {
    ini_set('display_errors', 1);
    ini_set('display_startup_errors', 1);
    ini_set('log_errors', 1);
    ini_set('error_reporting', E_ALL);
}

require '../includes/defaults.inc.php';
require '../config.php';
require_once '../includes/definitions.inc.php';
require 'includes/functions.inc.php';
require '../includes/functions.php';
require 'includes/authenticate.inc.php';

if (!$_SESSION['authenticated']) {
    echo 'unauthenticated';
    exit;
}

$output = '';
if ($_GET['query'] && $_GET['cmd']) {
    $host = $_GET['query'];
    if (Net_IPv6::checkIPv6($host) || Net_IPv4::validateip($host) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
        switch ($_GET['cmd']) {
        case 'whois':
            $cmd = $config['whois']." $host | grep -v \%";
            break;

        case 'ping':
            $cmd = $config['ping']." -c 5 $host";
            break;

        case 'tracert':
            $cmd = $config['mtr']." -r -c 5 $host";
            break;

        case 'nmap':
            if ($_SESSION['userlevel'] != '10') {
                echo 'insufficient privileges';
            }
            else {
                $cmd = $config['nmap']." $host";
            }
            break;
        }//end switch

        if (!empty($cmd)) {
            $output = `$cmd`;
        }
    }//end if
}//end if

$output = htmlentities(trim($output), ENT_QUOTES);
echo "<pre>$output</pre>";
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00			`<?php`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`/*`
Revert boilerplate changes 2013-10-29 05:38:12 +10:00			`* Observium`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*`
Revert boilerplate changes 2013-10-29 05:38:12 +10:00			`* This file is part of Observium.`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*`
Revert boilerplate changes 2013-10-29 05:38:12 +10:00			`* @package observium`
			`* @subpackage webinterface`
			`* @author Adam Armstrong <adama@memetic.org>`
			`* @copyright (C) 2006 - 2012 Adam Armstrong`
phpDocumentator headers. retire static-config. IF YOU ARE READING THIS, REMOVE IT FROM THE BOTTOM YOUR CONFIG.PHP. YES. YOU. git-svn-id: http://www.observium.org/svn/observer/trunk@3150 61d68cd4-352d-0410-923a-c4978735b2b8 2012-05-09 10:01:42 +00:00			`*/`

security fixes. again. git-svn-id: http://www.observium.org/svn/observer/trunk@306 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:28:13 +00:00			`ini_set('allow_url_fopen', 0);`
			`ini_set('display_errors', 0);`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_GET[debug]) {`
			`ini_set('display_errors', 1);`
			`ini_set('display_startup_errors', 1);`
			`ini_set('log_errors', 1);`
			`ini_set('error_reporting', E_ALL);`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`require '../includes/defaults.inc.php';`
			`require '../config.php';`
			`require_once '../includes/definitions.inc.php';`
			`require 'includes/functions.inc.php';`
			`require '../includes/functions.php';`
			`require 'includes/authenticate.inc.php';`
fixing things, adding better security git-svn-id: http://www.observium.org/svn/observer/trunk@351 61d68cd4-352d-0410-923a-c4978735b2b8 2009-03-11 14:50:24 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if (!$_SESSION['authenticated']) {`
			`echo 'unauthenticated';`
			`exit;`
			`}`
security fixes. again. git-svn-id: http://www.observium.org/svn/observer/trunk@306 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:28:13 +00:00
Test fix for a scrutinizer bug 2014-02-23 15:08:06 +10:00			`$output = '';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_GET['query'] && $_GET['cmd']) {`
			`$host = $_GET['query'];`
Resolved some security issues 2016-06-02 06:56:45 +00:00			`if (Net_IPv6::checkIPv6($host) \|\| Net_IPv4::validateip($host) \|\| filter_var('http://'.$host, FILTER_VALIDATE_URL)) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`switch ($_GET['cmd']) {`
			`case 'whois':`
			`$cmd = $config['whois']." $host \| grep -v \%";`
			`break;`
revert r1957 patch git-svn-id: http://www.observium.org/svn/observer/trunk@1960 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-23 09:54:56 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`case 'ping':`
			`$cmd = $config['ping']." -c 5 $host";`
			`break;`
security fixes. AMG SECURIITAHHHHHHHHH! git-svn-id: http://www.observium.org/svn/observer/trunk@305 61d68cd4-352d-0410-923a-c4978735b2b8 2008-11-13 17:19:43 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`case 'tracert':`
			`$cmd = $config['mtr']." -r -c 5 $host";`
			`break;`
Initial Import git-svn-id: http://www.observium.org/svn/observer/trunk@2 61d68cd4-352d-0410-923a-c4978735b2b8 2007-04-03 14:10:23 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`case 'nmap':`
			`if ($_SESSION['userlevel'] != '10') {`
			`echo 'insufficient privileges';`
			`}`
			`else {`
			`$cmd = $config['nmap']." $host";`
			`}`
			`break;`
			`}//end switch`

			`if (!empty($cmd)) {`
			$output = `$cmd`;
			`}`
			`}//end if`
			`}//end if`

Resolved some security issues 2016-06-02 06:56:45 +00:00			`$output = htmlentities(trim($output), ENT_QUOTES);`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo "<pre>$output</pre>";`