mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security fix: unauthorized access (#10091)

Browse Source 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
2019-04-11 23:26:42 -05:00
committed by GitHub
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
includes/html/pages/search/arp.inc.php Normal file
View File

@@ -0,0 +1,100 @@
<div class="panel panel-default panel-condensed">
<div class="panel-heading">
<strong>ARP Entries</strong>
</div>
<table id="arp-search" class="table table-hover table-condensed table-striped">
<thead>
<tr>
<th data-column-id="mac_address">MAC Address</th>
<th data-column-id="ipv4_address">IP Address</th>
<th data-column-id="hostname" data-order="asc">Device</th>
<th data-column-id="interface">Interface</th>
<th data-column-id="remote_device" data-sortable="false">Remote device</th>
<th data-column-id="remote_interface" data-sortable="false">Remote interface</th>
</tr>
</thead>
</table>
</div>
<script>
var grid = $("#arp-search").bootgrid({
ajax: true,
rowCount: [50, 100, 250, -1],
templates: {
header: "<div id=\"{{ctx.id}}\" class=\"{{css.header}}\"><div class=\"row\">"+
"<div class=\"col-sm-9 actionBar\"><span class=\"pull-left\">"+
"<form method=\"post\" action=\"\" class=\"form-inline\" role=\"form\">"+
"<div class=\"form-group\">"+
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
"<option value=\"\">All Devices</option>"+
<?php
use LibreNMS\Authentication\LegacyAuth;
// Select the devices only with ARP tables
$sql = 'SELECT D.device_id AS device_id, `hostname`, `D`.`sysName` AS `sysName` FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D';
if (!LegacyAuth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = LegacyAuth::id();
}
$sql .= " WHERE M.port_id = P.port_id AND P.device_id = D.device_id $where GROUP BY `D`.`device_id`, `D`.`hostname`, `D`.`sysName` ORDER BY `hostname`";
foreach (dbFetchRows($sql, $param) as $data) {
echo '"<option value=\"'.$data['device_id'].'\""+';
if ($data['device_id'] == $_POST['device_id']) {
echo '" selected "+';
}
echo '">'.format_hostname($data).'</option>"+';
}
?>
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<select name=\"searchby\" id=\"searchby\" class=\"form-control input-sm\">"+
"<option value=\"mac\" "+
<?php
if ($_POST['searchby'] != 'ip') {
echo '" selected "+';
}
?>
">MAC Address</option>"+
"<option value=\"ip\" "+
<?php
if ($_POST['searchby'] == 'ip') {
echo '" selected "+';
}
?>
">IP Address</option>"+
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"searchPhrase\" id=\"address\" value=\""+
<?php
echo '"'.$_POST['searchPhrase'].'"+';
?>
"\" class=\"form-control input-sm\" placeholder=\"Address\" />"+
"</div>"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
"<div class=\"col-sm-3 actionBar\"><p class=\"{{css.actions}}\"></p></div></div></div>"
},
post: function ()
{
return {
id: "arp-search",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
searchby: '<?php echo mres($_POST['searchby']); ?>',
searchPhrase: '<?php echo mres($_POST['searchPhrase']); ?>'
};
},
url: "ajax_table.php"
});
</script>

128
includes/html/pages/search/fdb.inc.php Normal file
View File

@@ -0,0 +1,128 @@
<div class="panel panel-default panel-condensed">
<div class="panel-heading">
<strong>FDB Entries</strong>
</div>
<table id="fdb-search" class="table table-hover table-condensed table-striped">
<thead>
<tr>
<th data-column-id="device">Device</th>
<th data-column-id="mac_address" data-width="150px">MAC Address</th>
<th data-column-id="ipv4_address" data-sortable="false">IPv4 Address</th>
<th data-column-id="interface">Port</th>
<th data-column-id="vlan" data-width="60px">Vlan</th>
<th data-column-id="description">Description</th>
<th data-column-id="dnsname" data-sortable="false" data-visible="false">DNS Name</th>
<th data-column-id="first_seen" data-width="165px">First seen</th>
<th data-column-id="last_seen" data-width="165px">Last seen</th>
</tr>
</thead>
</table>
</div>
<script>
var grid = $("#fdb-search").bootgrid({
ajax: true,
rowCount: [50, 100, 250, -1],
templates: {
header: "<div id=\"{{ctx.id}}\" class=\"{{css.header}}\"><div class=\"row\">"+
"<div class=\"col-sm-9 actionBar\"><span class=\"pull-left\">"+
"<form method=\"post\" action=\"\" class=\"form-inline\" role=\"form\">"+
"<div class=\"form-group\">"+
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
"<option value=\"\">All Devices</option>"+
<?php
use LibreNMS\Authentication\LegacyAuth;
// Select the devices only with FDB tables
$sql = 'SELECT D.device_id AS device_id, `hostname` FROM `ports_fdb` AS F, `ports` AS P, `devices` AS D';
$param = array();
if (!LegacyAuth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = LegacyAuth::id();
}
$sql .= " WHERE F.port_id = P.port_id AND P.device_id = D.device_id $where GROUP BY `D`.`device_id`, `D`.`hostname` ORDER BY `hostname`";
foreach (dbFetchRows($sql, $param) as $data) {
echo '"<option value=\"'.$data['device_id'].'\""+';
if ($data['device_id'] == $vars['device_id']) {
echo '" selected "+';
}
echo '">'.format_hostname($data, $data['hostname']).'</option>"+';
}
?>
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<select name=\"searchby\" id=\"searchby\" class=\"form-control input-sm\">"+
"<option value=\"mac\" "+
<?php
if ($vars['searchby'] == 'mac') {
echo '" selected "+';
}
?>
">MAC Address</option>"+
"<option value=\"ip\" "+
<?php
if ($vars['searchby'] == 'ip') {
echo '" selected "+';
}
?>
">IP Address</option>"+
"<option value=\"dnsname\" "+
<?php
if ($vars['searchby'] == 'dnsname') {
echo '" selected "+';
}
?>
">DNS Name</option>"+
"<option value=\"description\" "+
<?php
if ($vars['searchby'] == 'description') {
echo '" selected "+';
}
?>
">Description</option>"+
"<option value=\"vlan\" "+
<?php
if ($vars['searchby'] == 'vlan') {
echo '" selected "+';
}
?>
">Vlan</option>"+
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"searchPhrase\" id=\"address\" value=\""+
<?php
echo '"'.$vars['searchPhrase'].'"+';
?>
"\" class=\"form-control input-sm\" placeholder=\"Value\" />"+
"</div>"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
"<div class=\"col-sm-3 actionBar\"><p class=\"{{css.actions}}\"></p></div></div></div>"
},
post: function ()
{
return {
device_id: '<?php echo $vars['device_id']; ?>',
searchby: '<?php echo $vars['searchby']; ?>',
searchPhrase: '<?php echo $vars['searchPhrase']; ?>',
dns: $("#fdb-search").bootgrid("getColumnSettings")[6].visible
};
},
url: "ajax/table/fdb-tables"
});
</script>

95
includes/html/pages/search/ipv4.inc.php Normal file
View File

@@ -0,0 +1,95 @@
<div class="panel panel-default panel-condensed">
<div class="panel-heading">
<strong>IPv4 Addresses</strong>
</div>
<table id="ipv4-search" class="table table-hover table-condensed table-striped">
<thead>
<tr>
<th data-column-id="hostname" data-order="asc">Device</th>
<th data-column-id="interface">Interface</th>
<th data-column-id="address" data-sortable="false">Address</th>
<th data-column-id="description" data-sortable="false">Description</th>
</tr>
</thead>
</table>
</div>
<script>
var grid = $("#ipv4-search").bootgrid({
ajax: true,
rowCount: [50, 100, 250, -1],
templates: {
header: "<div id=\"{{ctx.id}}\" class=\"{{css.header}}\"><div class=\"row\">"+
"<div class=\"col-sm-9 actionBar\"><span class=\"pull-left\">"+
"<form method=\"post\" action=\"\" class=\"form-inline\" role=\"form\">"+
"<div class=\"form-group\">"+
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
"<option value=\"\">All Devices</option>"+
<?php
use LibreNMS\Authentication\LegacyAuth;
$sql = 'SELECT `devices`.`device_id`,`hostname`,`sysName` FROM `devices`';
if (!LegacyAuth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' WHERE `DP`.`user_id`=?';
$param[] = LegacyAuth::id();
}
$sql .= " $where ORDER BY `hostname`";
foreach (dbFetchRows($sql, $param) as $data) {
echo '"<option value=\"'.$data['device_id'].'\""+';
if ($data['device_id'] == $_POST['device_id']) {
echo '" selected "+';
}
echo '">'.format_hostname($data, $data['hostname']).'</option>"+';
}
?>
"</select>"+
"</div>&nbsp;"+
"<div class=\"form-group\">"+
"<select name=\"interface\" id=\"interface\" class=\"form-control input-sm\">"+
"<option value=\"\">All Interfaces</option>"+
"<option value=\"Loopback%\""+
<?php
if ($_POST['interface'] == 'Loopback%') {
echo '" selected "+';
}
?>
">Loopbacks</option>"+
"<option value=\"Vlan%\""+
<?php
if ($_POST['interface'] == 'Vlan%') {
echo '" selected "+';
}
?>
">VLANs</option>"+
"</select>"+
"</div>&nbsp;"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $_POST['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv4 Address\"/>"+
"</div>&nbsp;"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
"<div class=\"col-sm-3 actionBar\"><p class=\"{{css.actions}}\"></p></div></div></div>"
},
post: function ()
{
return {
id: "address-search",
search_type: "ipv4",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
interface: '<?php echo mres($_POST['interface']); ?>',
address: '<?php echo mres($_POST['address']); ?>'
};
},
url: "ajax_table.php"
});
</script>

96
includes/html/pages/search/ipv6.inc.php Normal file
View File

@@ -0,0 +1,96 @@
<div class="panel panel-default panel-condensed">
<div class="panel-heading">
<strong>IPv6 Addresses</strong>
</div>
<table id="ipv6-search" class="table table-hover table-condensed table-striped">
<thead>
<tr>
<th data-column-id="hostname">Device</th>
<th data-column-id="interface">Interface</th>
<th data-column-id="address" data-sortable="false">Address</th>
<th data-column-id="description" data-sortable="false">Description</th>
</tr>
<thead>
</table>
</div>
<script>
var grid = $("#ipv6-search").bootgrid({
ajax: true,
rowCount: [50, 100, 250, -1],
templates: {
header: "<div id=\"{{ctx.id}}\" class=\"{{css.header}}\"><div class=\"row\">"+
"<div class=\"col-sm-9 actionBar\"><span class=\"pull-left\">"+
"<form method=\"post\" action=\"\" class=\"form-inline\" role=\"form\">"+
"<div class=\"form-group\">"+
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
"<option value=\"\">All Devices</option>"+
<?php
use LibreNMS\Authentication\LegacyAuth;
$sql = 'SELECT `devices`.`device_id`,`hostname`, `sysName` FROM `devices`';
if (!LegacyAuth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' WHERE `DP`.`user_id`=?';
$param[] = LegacyAuth::id();
}
$sql .= " $where ORDER BY `hostname`";
foreach (dbFetchRows($sql, $param) as $data) {
echo '"<option value=\"'.$data['device_id'].'\""+';
if ($data['device_id'] == $_POST['device_id']) {
echo '" selected"+';
}
echo '">'.format_hostname($data, $data['hostname']).'</option>"+';
}
?>
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<select name=\"interface\" id=\"interface\" class=\"form-control input-sm\">"+
"<option value=\"\">All Interfaces</option>"+
"<option value=\"Loopback%\""+
<?php
if ($_POST['interface'] == 'Loopback%') {
echo '" selected "+';
}
?>
">Loopbacks</option>"+
"<option value=\"Vlan%\""+
<?php
if ($_POST['interface'] == 'Vlan%') {
echo '" selected "+';
}
?>
">VLANs</option>"+
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $_POST['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv6 Address\"/>"+
"</div>"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
"<div class=\"col-sm-3 actionBar\"><p class=\"{{css.actions}}\"></p></div></div></div>"
},
post: function ()
{
return {
id: "address-search",
search_type: "ipv6",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
interface: '<?php echo mres($_POST['interface']); ?>',
address: '<?php echo mres($_POST['address']); ?>'
};
},
url: "ajax_table.php"
});
</script>

98
includes/html/pages/search/mac.inc.php Normal file
View File

@@ -0,0 +1,98 @@
<div class="panel panel-default panel-condensed">
<div class="panel-heading">
<strong>MAC Addresses</strong>
</div>
<table id="mac-search" class="table table-hover table-condensed table-striped">
<thead>
<tr>
<th data-column-id="hostname" data-order="asc">Device</th>
<th data-column-id="interface">Interface</th>
<th data-column-id="address" data-sortable="false">MAC Address</th>
<th data-column-id="description" data-sortable="false">Description</th></tr>
</tr>
</thead>
</table>
</div>
<script>
var grid = $("#mac-search").bootgrid({
ajax: true,
rowCount: [50, 100, 250, -1],
templates: {
header: "<div id=\"{{ctx.id}}\" class=\"{{css.header}}\"><div class=\"row\">"+
"<div class=\"col-sm-9 actionBar\"><span class=\"pull-left\">"+
"<form method=\"post\" action=\"\" class=\"form-inline\" role=\"form\">"+
"<div class=\"form-group\">"+
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
"<option value=\"\">All Devices</option>"+
<?php
use LibreNMS\Authentication\LegacyAuth;
$sql = 'SELECT `devices`.`device_id`,`hostname`, `sysName` FROM `devices`';
if (!LegacyAuth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' WHERE `DP`.`user_id`=?';
$param[] = LegacyAuth::id();
}
$sql .= " $where ORDER BY `hostname`";
foreach (dbFetchRows($sql, $param) as $data) {
echo '"<option value=\"'.$data['device_id'].'\""+';
if ($data['device_id'] == $_POST['device_id']) {
echo '" selected "+';
}
echo '">'.format_hostname($data).'</option>"+';
}
?>
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<select name=\"interface\" id=\"interface\" class=\"form-control input-sm\">"+
"<option value=\"\">All Interfaces</option>"+
"<option value=\"Loopback%\" "+
<?php
if ($_POST['interface'] == 'Loopback%') {
echo '" selected "+';
}
?>
">Loopbacks</option>"+
"<option value=\"Vlan%\""+
<?php
if ($_POST['interface'] == 'Vlan%') {
echo '" selected "+';
}
?>
">VLANs</option>"+
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"address\" id=\"address\" value=\""+
<?php
echo '"'.$_POST['address'].'"+';
?>
"\" class=\"form-control input-sm\" placeholder=\"Mac Address\"/>"+
"</div>"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
"<div class=\"col-sm-3 actionBar\"><p class=\"{{css.actions}}\"></p></div></div></div>"
},
post: function ()
{
return {
id: "address-search",
search_type: "mac",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
interface: '<?php echo mres($_POST['interface']); ?>',
address: '<?php echo mres($_POST['address']); ?>'
};
},
url: "ajax_table.php"
});
</script>

196
includes/html/pages/search/packages.inc.php Normal file
View File

@@ -0,0 +1,196 @@
<?php
/* Copyright (C) 2014 Daniel Preussker <f0o@devilcode.org>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Package Search
* @author Daniel Preussker <f0o@devilcode.org>
* @copyright 2014 f0o, LibreNMS
* @license GPL
* @package LibreNMS
* @subpackage Search
*/
use LibreNMS\Authentication\LegacyAuth;
print_optionbar_start(28);
?>
<form method="post" action="" class="form-inline" role="form">
<div class="form-group">
<label for="package">Package</label>
<input type="text" name="package" id="package" size=20 value="<?php echo($_POST['package']); ?>" class="form-control input-sm" placeholder="Any" />
</div>
<div class="form-group">
<label for="version">Version</label>
<input type="text" name="version" id="version" size=20 value="<?php echo($_POST['version']); ?>" class="form-control input-sm" placeholder="Any" />
</div>
<div class="form-group">
<label for="version">Arch</label>
<input type="text" name="arch" id="arch" size=20 value="<?php echo($_POST['arch']); ?>" class="form-control input-sm" placeholder="Any" />
</div>
<button type="submit" class="btn btn-default input-sm">Search</button>
</form>
<?php
print_optionbar_end();
if (isset($_POST['results_amount']) && $_POST['results_amount'] > 0) {
$results = $_POST['results'];
} else {
$results = 50;
}
?>
<form method="post" action="search/search=packages/" id="result_form">
<table class="table table-hover table-condensed table-striped">
<tr>
<td colspan="3"><strong>Packages</strong></td>
<td><select name="results" id="results" class="form-control input-sm" onChange="updateResults(this);">
<?php
$result_options = array('10','50','100','250','500','1000','5000');
foreach ($result_options as $option) {
echo "<option value='$option'";
if ($results == $option) {
echo " selected";
}
echo ">$option</option>";
}
?>
</select></td>
</tr>
<?php
$count_query = "SELECT COUNT(*) FROM ( ";
$full_query = "";
$query = 'SELECT packages.name FROM packages,devices ';
$param = array();
if (!LegacyAuth::user()->hasGlobalRead()) {
$query .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
$sql_where .= " AND `DP`.`user_id`=?";
$param[] = LegacyAuth::id();
}
$query .= " WHERE packages.device_id = devices.device_id AND packages.name LIKE '%".mres($_POST['package'])."%' $sql_where GROUP BY packages.name";
$where = '';
$ver = "";
$opt = "";
if (!empty($_POST['arch'])) {
$where .= ' AND packages.arch = ?';
$param[] = mres($_POST['arch']);
}
if (is_numeric($_REQUEST['device_id'])) {
$where .= " AND packages.device_id = ?";
$param[] = $_REQUEST['device_id'];
}
$count_query .= $query." ) sub";
$query .= $where." ORDER BY packages.name, packages.arch, packages.version";
$count = dbFetchCell($count_query, $param);
if (!isset($_POST['page_number']) && $_POST['page_number'] < 1) {
$page_number = 1;
} else {
$page_number = $_POST['page_number'];
}
$start = ($page_number - 1) * $results;
$full_query = $full_query . $query . " LIMIT $start,$results";
?>
<tr>
<th>Package</th>
<th>Version</th>
<th>Arch</th>
<th>Device</th>
</tr>
<?php
$ordered = array();
foreach (dbFetchRows($full_query, $param) as $entry) {
$tmp = dbFetchRows("SELECT packages.*,devices.hostname FROM packages,devices WHERE packages.device_id=devices.device_id AND packages.name = ?", array($entry['name']));
foreach ($tmp as $entry) {
if (!is_array($ordered[$entry['name']])) {
$ordered[$entry['name']] = array( $entry );
} else {
$ordered[$entry['name']][] = $entry;
}
}
}
if (!empty($_POST['version'])) {
list($opt, $ver) = explode(" ", $_POST['version']);
}
foreach ($ordered as $name => $entry) {
$vers = array();
$arch = array();
$devs = array();
foreach ($entry as $variation) {
$variation['version'] = str_replace(":", ".", $variation['version']);
if (!in_array($variation['version'], $vers) && (empty($ver) || version_compare($variation['version'], $ver, $opt))) {
$vers[] = $variation['version'];
}
if (!in_array($variation['arch'], $arch)) {
$arch[] = $variation['arch'];
}
if (!in_array($variation['hostname'], $devs)) {
unset($variation['version']);
$devs[] = generate_device_link($variation);
}
}
if (sizeof($arch) > 0 && sizeof($vers) > 0) {
?>
<tr>
<td><a href="<?php echo(generate_url(array('page'=>'packages','name'=>$name))); ?>"><?php echo $name; ?></a></td>
<td><?php echo implode('<br/>', $vers); ?></td>
<td><?php echo implode('<br/>', $arch); ?></td>
<td><?php echo implode('<br/>', $devs); ?></td>
</tr>
<?php
}
}
if ((int) ($count / $results) > 0 && $count != $results) {
?>
<tr>
<td colspan="6" align="center"><?php echo generate_pagination($count, $results, $page_number); ?></td>
</tr>
<?php
}
?>
</table>
<input type="hidden" name="page_number" id="page_number" value="<?php echo $page_number; ?>">
<input type="hidden" name="results_amount" id="results_amount" value="<?php echo $results; ?>">
<input type="hidden" name="package" id="results_packages" value="<?php echo $_POST['package']; ?>">
<input type="hidden" name="version" id="results_version" value="<?php echo $_POST['version']; ?>">
<input type="hidden" name="arch" id="results_arch" value="<?php echo $_POST['arch']; ?>">
</form>
<script type="text/javascript">
function updateResults(results) {
$('#results_amount').val(results.value);
$('#page_number').val(1);
$('#result_form').submit();
}
function changePage(page,e) {
e.preventDefault();
$('#page_number').val(page);
$('#result_form').submit();
}
</script>