mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2979 from f0o/sanity

Browse Source 
[WIP] Sanity!
This commit is contained in:
Neil Lathwood
2016-02-16 21:44:10 +00:00
parent 736b0a0ffd 568875ad83
commit 633ac101eb
37 changed files with 135 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
alerts.php
View File

@@ -182,7 +182,7 @@ function RunFollowUp() {
}
$alert['details'] = json_decode(gzuncompress($alert['details']), true);
$rextra = json_decode($alert['extra'], true);
$rextra = json_decode(htmlspecialchars_decode($alert['extra']), true);
if ($rextra['invert']) {
continue;
}
@@ -237,7 +237,7 @@ function RunAlerts() {
$noiss = false;
$noacc = false;
$updet = false;
$rextra = json_decode($alert['extra'], true);
$rextra = json_decode(htmlspecialchars_decode($alert['extra']), true);
$chk = dbFetchRow('SELECT alerts.alerted,devices.ignore,devices.disabled FROM alerts,devices WHERE alerts.device_id = ? && devices.device_id = alerts.device_id && alerts.rule_id = ?', array($alert['device_id'], $alert['rule_id']));
if ($chk['alerted'] == $alert['state']) {
$noiss = true;

2
html/ajax_dash.php
View File

@@ -39,7 +39,7 @@ elseif (is_file('includes/common/'.$type.'.inc.php')) {
$title = ucfirst($type);
$unique_id = str_replace(array("-","."),"_",uniqid($type,true));
$widget_id = mres($_POST['id']);
$widget_settings = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?',array($widget_id)),true);
$widget_settings = json_decode(htmlspecialchars_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?',array($widget_id))),true);
$widget_dimensions = $_POST['dimensions'];
if( !empty($_POST['settings']) ) {
define('show_settings',true);

4
html/includes/dev-overview-data.inc.php
View File

@@ -68,14 +68,14 @@ if ($device['sysContact']) {
<td>Contact</td>';
if (get_dev_attrib($device, 'override_sysContact_bool')) {
echo '
<td>'.htmlspecialchars(get_dev_attrib($device, 'override_sysContact_string')).'</td>
<td>'.get_dev_attrib($device, 'override_sysContact_string').'</td>
</tr>
<tr>
<td>SNMP Contact</td>';
}
echo '
<td>'.htmlspecialchars($device['sysContact']).'</td>
<td>'.$device['sysContact'].'</td>
</tr>';
}

2
html/includes/print-alert-rules.php
View File

@@ -205,7 +205,7 @@ foreach (dbFetchRows($full_query, $param) as $rule) {
echo '<strong><em>Inverted</em></strong> ';
}
echo '<i>'.htmlentities($rule['rule']).'</i></td>';
echo '<i>'.$rule['rule'].'</i></td>';
echo '<td>'.$rule['severity'].'</td>';
echo "<td><span id='alert-rule-".$rule['id']."' class='glyphicon glyphicon-".$ico.' glyphicon-large text-'.$col."'></span> ";
if ($rule_extra['mute'] === true) {

2
html/includes/print-alerts.inc.php
View File

@@ -15,7 +15,7 @@ if (!isset($alert_entry['device'])) {
</td>';
}
echo '<td>'.htmlspecialchars($alert_entry['name']).'</td>';
echo '<td>'.$alert_entry['name'].'</td>';
if ($alert_state != '') {
if ($alert_state == '0') {

2
html/includes/print-event-short.inc.php
View File

@@ -25,6 +25,6 @@ if ($entry['type'] == 'interface') {
$entry['link'] = '<b>'.generate_port_link(getifbyid($entry['reference'])).'</b>';
}
echo $entry['link'].' '.htmlspecialchars($entry['message']).'</td>
echo $entry['link'].' '.$entry['message'].'</td>
<td></td>
</tr>';

2
html/includes/print-event.inc.php
View File

@@ -31,5 +31,5 @@ else {
echo '<td>'.$entry['link'].'</td>';
echo '<td>'.htmlspecialchars($entry['message']).'</td>
echo '<td>'.$entry['message'].'</td>
</tr>';

4
html/includes/print-syslog.inc.php
View File

@@ -8,10 +8,10 @@ if (device_permitted($entry['device_id'])) {
if ($vars['page'] != 'device') {
$syslog_output .= '<td>'.$entry['date'].'</td>
<td><strong>'.generate_device_link($entry).'</strong></td>
<td><strong>'.$entry['program'].' : </strong> '.htmlspecialchars($entry['msg']).'</td>';
<td><strong>'.$entry['program'].' : </strong> '.$entry['msg'].'</td>';
}
else {
$syslog_output .= '<td><i>'.$entry['date'].'</i>&nbsp;&nbsp;&nbsp;<strong>'.$entry['program'].'</strong>&nbsp;&nbsp;&nbsp;'.htmlspecialchars($entry['msg']).'</td>';
$syslog_output .= '<td><i>'.$entry['date'].'</i>&nbsp;&nbsp;&nbsp;<strong>'.$entry['program'].'</strong>&nbsp;&nbsp;&nbsp;'.$entry['msg'].'</td>';
}
$syslog_output .= '</tr>';

2
html/includes/reports/alert-log.pdf.inc.php
View File

@@ -66,7 +66,7 @@ foreach (dbFetchRows($full_query, $param) as $alert_entry) {
$data[] = array(
$alert_entry['time_logged'],
$hostname,
htmlspecialchars($alert_entry['name']),
$alert_entry['name'],
$text,
);
}//end if

2
html/includes/table/alertlog.inc.php
View File

@@ -77,7 +77,7 @@ foreach (dbFetchRows($sql, $param) as $alertlog) {
'time_logged' => $alertlog['humandate'],
'details' => '<a class="glyphicon glyphicon-plus incident-toggle" style="display:none" data-toggle="collapse" data-target="#incident'.($rulei).'" data-parent="#alerts"></a>',
'hostname' => '<div class="incident">'.generate_device_link($dev, shorthost($dev['hostname'])).'<div id="incident'.($rulei).'" class="collapse">'.$fault_detail.'</div></div>',
'alert' => htmlspecialchars($alertlog['alert']),
'alert' => $alertlog['alert'],
'status' => "<b><span class='glyphicon glyphicon-".$glyph_icon."' style='color:".$glyph_color."'></span> $text</b>",
);
}//end foreach

2
html/includes/table/eventlog.inc.php
View File

@@ -66,7 +66,7 @@ foreach (dbFetchRows($sql, $param) as $eventlog) {
'datetime' => $eventlog['humandate'],
'hostname' => generate_device_link($dev, shorthost($dev['hostname'])),
'type' => $type,
'message' => htmlspecialchars($eventlog['message']),
'message' => $eventlog['message'],
);
}

2
html/includes/table/syslog.inc.php
View File

@@ -66,7 +66,7 @@ foreach (dbFetchRows($sql, $param) as $syslog) {
'timestamp' => $syslog['date'],
'device_id' => generate_device_link($dev, shorthost($dev['hostname'])),
'program' => $syslog['program'],
'msg' => htmlspecialchars($syslog['msg']),
'msg' => $syslog['msg'],
);
}

3
html/includes/vars.inc.php
View File

@@ -43,3 +43,6 @@ foreach ($_GET as $name => $value) {
foreach ($_POST as $name => $value) {
$vars[$name] = $value;
}
array_walk_recursive($vars,'sanitize_array');
reset($vars);

8
html/index.php
View File

@@ -214,14 +214,6 @@ else {
<div class="col-md-12">
<?php
// To help debug the new URLs :)
if (isset($devel) || isset($vars['devel'])) {
echo("<pre>");
print_r($_GET);
print_r($vars);
echo("</pre>");
}
if ($_SESSION['authenticated']) {
// Authenticated. Print a page.
if (isset($vars['page']) && !strstr("..", $vars['page']) && is_file("pages/" . $vars['page'] . ".inc.php")) {

2
html/pages/adduser.inc.php
View File

@@ -27,7 +27,7 @@ else {
// FIXME: missing email field here on the form
if (adduser($_POST['new_username'], $_POST['new_password'], $_POST['new_level'], $_POST['new_email'], $_POST['new_realname'], $_POST['can_modify_passwd'])) {
echo '<span class=info>User '.$_POST['username'].' added!</span>';
echo '<span class=info>User '.$vars['username'].' added!</span>';
}
}
else {

6
html/pages/alert-log.inc.php
View File

@@ -51,7 +51,7 @@ foreach (get_all_devices() as $hostname) {
$device_id = getidbyname($hostname);
if (device_permitted($device_id)) {
echo '"<option value=\"'.$device_id.'\""+';
if (getidbyname($hostname) == $_POST['device_id']) {
if (getidbyname($hostname) == $vars['device_id']) {
echo '" selected "+';
}
@@ -69,7 +69,7 @@ foreach (get_all_devices() as $hostname) {
{
return {
id: "alertlog",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>'
device_id: '<?php echo $vars['device_id']; ?>'
};
},
url: "ajax_table.php"
@@ -81,7 +81,7 @@ foreach (get_all_devices() as $hostname) {
max = high - low;
search = $('.search-field').val();
$(".pdf-export").html("<a href='pdf.php?report=alert-log&device_id=<?php echo $_POST['device_id']; ?>&string="+search+"&results="+max+"&start="+low+"'><img src='images/16/pdf.png' width='16' height='16' alt='Export to pdf'> Export to pdf</a>");
$(".pdf-export").html("<a href='pdf.php?report=alert-log&device_id=<?php echo $vars['device_id']; ?>&string="+search+"&results="+max+"&start="+low+"'><img src='images/16/pdf.png' width='16' height='16' alt='Export to pdf'> Export to pdf</a>");
grid.find(".incident-toggle").each( function() {
$(this).parent().addClass('incident-toggle-td');

8
html/pages/api-access.inc.php
View File

@@ -13,8 +13,8 @@
*/
if ($_SESSION['userlevel'] >= '10') {
if (empty($_POST['token'])) {
$_POST['token'] = bin2hex(openssl_random_pseudo_bytes(16));
if (empty($vars['token'])) {
$vars['token'] = bin2hex(openssl_random_pseudo_bytes(16));
}
?>
@@ -65,7 +65,7 @@ foreach (dbFetchRows("SELECT user_id,username FROM `users` WHERE `level` >= '10'
<div class="form-group">
<label for="token" class="col-sm-2 control-label">Token: </label>
<div class="col-sm-8">
<input type="text" class="form-control" id="token" name="token" value="<?php echo $_POST['token']; ?>" readonly>
<input type="text" class="form-control" id="token" name="token" value="<?php echo $vars['token']; ?>" readonly>
</div>
<div class="col-sm-2">
</div>
@@ -73,7 +73,7 @@ foreach (dbFetchRows("SELECT user_id,username FROM `users` WHERE `level` >= '10'
<div class="form-group">
<label for="description" class="col-sm-2 control-label">Descr: </label>
<div class="col-sm-10">
<input type="text" class="form-control" id="description" name="description" value="<?php echo $_POST['description']; ?>">
<input type="text" class="form-control" id="description" name="description" value="<?php echo $vars['description']; ?>">
</div>
</div>
</div>

2
html/pages/bills/search.inc.php
View File

@@ -9,7 +9,7 @@
Bills
</div>
<div class="form-group">
<input type="text" name="hostname" id="hostname" class="form-control input-sm" value="<?php echo $_POST['hostname']; ?>" />
<input type="text" name="hostname" id="hostname" class="form-control input-sm" value="<?php echo $vars['hostname']; ?>" />
</div>
<div class="form-group">
<select name='os' id='os' class="form-control input-sm">

12
html/pages/delhost.inc.php
View File

@@ -12,16 +12,16 @@ if ($_SESSION['userlevel'] == 11) {
}
else {
if (is_numeric($_REQUEST['id'])) {
if (is_numeric($vars['id'])) {
echo('
<div class="row">
<div class="col-sm-offset-2 col-sm-7">
');
if ($_REQUEST['confirm']) {
print_message(nl2br(delete_device(mres($_REQUEST['id'])))."\n");
if ($vars['confirm']) {
print_message(nl2br(delete_device(mres($vars['id'])))."\n");
}
else {
$device = device_by_id_cache($_REQUEST['id']);
$device = device_by_id_cache($vars['id']);
print_error("Are you sure you want to delete device " . $device['hostname'] . "?");
?>
<br />
@@ -30,9 +30,9 @@ else {
<br>
<form name="form1" method="post" action="" class="form-horizontal" role="form">
<div class="form-group">
<input type="hidden" name="id" value="<?php echo $_REQUEST['id'] ?>" />
<input type="hidden" name="id" value="<?php echo $vars['id'] ?>" />
<input type="hidden" name="confirm" value="1" />
<!--<input type="hidden" name="remove_rrd" value="<?php echo $_POST['remove_rrd']; ?>">-->
<!--<input type="hidden" name="remove_rrd" value="<?php echo $vars['remove_rrd']; ?>">-->
<button type="submit" class="btn btn-danger">Confirm host deletion</button>
</div>
</form>

2
html/pages/device/edit.inc.php
View File

@@ -58,7 +58,7 @@ else {
echo(generate_link($text,$link_array,array('section'=>$type)));
# echo("<a href='device/".$device['device_id']."/edit/" . $type . ($_GET['optd'] ? "/" . $_GET['optd'] : ''). "/'> " . $text ."</a>");
# echo("<a href='device/".$device['device_id']."/edit/" . $type . ($vars['optd'] ? "/" . $vars['optd'] : ''). "/'> " . $text ."</a>");
if ($vars['section'] == $type) {
echo("</span>");
}

2
html/pages/device/logs/eventlog.inc.php
View File

@@ -2,7 +2,7 @@
<form method="post" action="">
<div class="row">
<div class="col-md-4">
<input type="text" name="string" placeholder="Search" class="form-control" id="string" value="<?php echo $_POST['string']; ?>" required/>
<input type="text" name="string" placeholder="Search" class="form-control" id="string" value="<?php echo $vars['string']; ?>" required/>
</div>
<div class="col-md-4">
<select name="type" class="form-control" id="type">

2
html/pages/device/logs/syslog.inc.php
View File

@@ -3,7 +3,7 @@
<form method="post" action="">
<label><strong>Search</strong>
<input type="text" name="string" id="string" value="<?php echo $_POST['string']; ?>" />
<input type="text" name="string" id="string" value="<?php echo $vars['string']; ?>" />
</label>
<label>
<strong>Program</strong>

2
html/pages/devices.inc.php
View File

@@ -466,7 +466,7 @@ var grid = $("#devices").bootgrid({
return {
id: "devices",
format: '<?php echo mres($vars['format']); ?>',
hostname: '<?php echo htmlspecialchars($vars['hostname']); ?>',
hostname: '<?php echo mres($vars['hostname']); ?>',
os: '<?php echo mres($vars['os']); ?>',
version: '<?php echo mres($vars['version']); ?>',
hardware: '<?php echo mres($vars['hardware']); ?>',

16
html/pages/inventory.inc.php
View File

@@ -29,7 +29,7 @@ var grid = $("#inventory").bootgrid({
header: "<div id=\"{{ctx.id}}\" class=\"{{css.header}}\"><div class=\"row\">"+
"<div class=\"col-sm-9 actionBar\"><span class=\"pull-left\"><form method=\"post\" action=\"\" class=\"form-inline\" role=\"form\">"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"string\" id=\"string\" value=\"<?php echo $_POST['string']; ?>\" placeholder=\"Description\" class=\"form-control input-sm\" />"+
"<input type=\"text\" name=\"string\" id=\"string\" value=\"<?php echo $vars['string']; ?>\" placeholder=\"Description\" class=\"form-control input-sm\" />"+
"</div>"+
"<div class=\"form-group\">"+
"<strong>&nbsp;Part No&nbsp;</strong>"+
@@ -48,7 +48,7 @@ foreach (dbFetchRows('SELECT `entPhysicalModelName` FROM `entPhysical` GROUP BY
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"serial\" id=\"serial\" value=\"<?php echo $_POST['serial']; ?>\" placeholder=\"Serial\" class=\"form-control input-sm\"/>"+
"<input type=\"text\" name=\"serial\" id=\"serial\" value=\"<?php echo $vars['serial']; ?>\" placeholder=\"Serial\" class=\"form-control input-sm\"/>"+
"</div>"+
"<div class=\"form-group\">"+
"<strong>&nbsp;Device&nbsp;</strong>"+
@@ -72,7 +72,7 @@ foreach (dbFetchRows('SELECT * FROM `devices` ORDER BY `hostname`') as $data) {
"<input type=\"text\" size=24 name=\"device_string\" id=\"device_string\" value=\""+
<?php
if ($_POST['device_string']) {
echo $_POST['device_string'];
echo $vars['device_string'];
};
?>
"\" placeholder=\"Description\" class=\"form-control input-sm\"/>"+
@@ -85,11 +85,11 @@ foreach (dbFetchRows('SELECT * FROM `devices` ORDER BY `hostname`') as $data) {
{
return {
id: "inventory",
device: '<?php echo htmlspecialchars($_POST['device']); ?>',
string: '<?php echo mres($_POST['string']); ?>',
device_string: '<?php echo mres($_POST['device_string']); ?>',
part: '<?php echo mres($_POST['part']); ?>',
serial: '<?php echo mres($_POST['serial']); ?>'
device: '<?php echo $vars['device']; ?>',
string: '<?php echo $vars['string']; ?>',
device_string: '<?php echo $vars['device_string']; ?>',
part: '<?php echo $vars['part']; ?>',
serial: '<?php echo $vars['serial']; ?>'
};
},
url: "ajax_table.php"

62
html/pages/routing/vrf.inc.php
View File

@@ -1,84 +1,84 @@
<?php
if ($_SESSION['userlevel'] >= '5') {
if (!isset($_GET['optb'])) {
$_GET['optb'] = 'all';
if (!isset($vars['optb'])) {
$vars['optb'] = 'all';
}
if (!isset($_GET['optc'])) {
$_GET['optc'] = 'basic';
if (!isset($vars['optc'])) {
$vars['optc'] = 'basic';
}
print_optionbar_start();
echo '<span style="font-weight: bold;">VRF</span> &#187; ';
if ($_GET['opta'] == 'vrf' && $_GET['optb'] == 'all') {
if ($vars['opta'] == 'vrf' && $vars['optb'] == 'all') {
echo "<span class='pagemenu-selected'>";
}
echo '<a href="routing/vrf/all/'.$_GET['optc'].'/">All</a>';
if ($_GET['opta'] == 'vrf' && $_GET['optb'] == 'all') {
echo '<a href="routing/vrf/all/'.$vars['optc'].'/">All</a>';
if ($vars['opta'] == 'vrf' && $vars['optb'] == 'all') {
echo '</span>';
}
echo ' | ';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'basic') {
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'basic') {
echo "<span class='pagemenu-selected'>";
}
echo '<a href="routing/vrf/'.$_GET['optb'].'/basic/">Basic</a>';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'basic') {
echo '<a href="routing/vrf/'.$vars['optb'].'/basic/">Basic</a>';
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'basic') {
echo '</span>';
}
echo ' | ';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'details') {
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'details') {
echo "<span class='pagemenu-selected'>";
}
echo '<a href="routing/vrf/'.$_GET['optb'].'/details/">Details</a>';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'details') {
echo '<a href="routing/vrf/'.$vars['optb'].'/details/">Details</a>';
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'details') {
echo '</span>';
}
echo ' | Graphs: ( ';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'bits') {
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'bits') {
echo "<span class='pagemenu-selected'>";
}
echo '<a href="routing/vrf/'.$_GET['optb'].'/bits/">Bits</a>';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'bits') {
echo '<a href="routing/vrf/'.$vars['optb'].'/bits/">Bits</a>';
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'bits') {
echo '</span>';
}
echo ' | ';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'upkts') {
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'upkts') {
echo "<span class='pagemenu-selected'>";
}
echo '<a href="routing/vrf/'.$_GET['optb'].'/upkts/">Packets</a>';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'upkts') {
echo '<a href="routing/vrf/'.$vars['optb'].'/upkts/">Packets</a>';
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'upkts') {
echo '</span>';
}
echo ' | ';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'nupkts') {
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'nupkts') {
echo "<span class='pagemenu-selected'>";
}
echo '<a href="routing/vrf/'.$_GET['optb'].'/nupkts/">NU Packets</a>';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'nupkts') {
echo '<a href="routing/vrf/'.$vars['optb'].'/nupkts/">NU Packets</a>';
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'nupkts') {
echo '</span>';
}
echo ' | ';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'errors') {
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'errors') {
echo "<span class='pagemenu-selected'>";
}
echo '<a href="routing/vrf/'.$_GET['optb'].'/errors/">Errors</a>';
if ($_GET['opta'] == 'vrf' && $_GET['optc'] == 'errors') {
echo '<a href="routing/vrf/'.$vars['optb'].'/errors/">Errors</a>';
if ($vars['opta'] == 'vrf' && $vars['optc'] == 'errors') {
echo '</span>';
}
@@ -86,7 +86,7 @@ if ($_SESSION['userlevel'] >= '5') {
print_optionbar_end();
if ($_GET['optb'] == 'all') {
if ($vars['optb'] == 'all') {
// Pre-Cache in arrays
// That's heavier on RAM, but much faster on CPU (1:40)
// Specifying the fields reduces a lot the RAM used (1:4) .
@@ -123,7 +123,7 @@ if ($_SESSION['userlevel'] >= '5') {
}
echo "<tr valign=top bgcolor='$bg_colour'>";
echo "<td width=240><a class=list-large href='routing/vrf/".$vrf['mplsVpnVrfRouteDistinguisher'].'/'.$_GET['optc']."/'>".$vrf['vrf_name'].'</a><br /><span class=box-desc>'.$vrf['mplsVpnVrfDescription'].'</span></td>';
echo "<td width=240><a class=list-large href='routing/vrf/".$vrf['mplsVpnVrfRouteDistinguisher'].'/'.$vars['optc']."/'>".$vrf['vrf_name'].'</a><br /><span class=box-desc>'.$vrf['mplsVpnVrfDescription'].'</span></td>';
echo '<td width=100 class=box-desc>'.$vrf['mplsVpnVrfRouteDistinguisher'].'</td>';
// echo("<td width=200 class=box-desc>" . $vrf['mplsVpnVrfDescription'] . "</td>");
echo '<td><table border=0 cellspacing=0 cellpadding=5 width=100%>';
@@ -158,7 +158,7 @@ if ($_SESSION['userlevel'] >= '5') {
foreach ($ports[$device['vrf_id']][$device['device_id']] as $port) {
$port = array_merge($device, $port);
switch ($_GET['optc']) {
switch ($vars['optc']) {
case 'bits':
case 'upkts':
case 'nupkts':
@@ -168,7 +168,7 @@ if ($_SESSION['userlevel'] >= '5') {
$port['from'] = $config['time']['day'];
$port['to'] = $config['time']['now'];
$port['bg'] = '#'.$bg;
$port['graph_type'] = 'port_'.$_GET['optc'];
$port['graph_type'] = 'port_'.$vars['optc'];
echo "<div style='display: block; padding: 3px; margin: 3px; min-width: 135px; max-width:135px; min-height:75px; max-height:75px;
text-align: center; float: left; background-color: ".$list_colour_b_b.";'>
<div style='font-weight: bold;'>".makeshortif($port['ifDescr']).'</div>';
@@ -196,9 +196,9 @@ if ($_SESSION['userlevel'] >= '5') {
}
else {
echo "<div style='background: $list_colour_a; padding: 10px;'><table border=0 cellspacing=0 cellpadding=5 width=100%>";
$vrf = dbFetchRow('SELECT * FROM `vrfs` WHERE mplsVpnVrfRouteDistinguisher = ?', array($_GET['optb']));
$vrf = dbFetchRow('SELECT * FROM `vrfs` WHERE mplsVpnVrfRouteDistinguisher = ?', array($vars['optb']));
echo "<tr valign=top bgcolor='$bg_colour'>";
echo "<td width=200 class=list-large><a href='routing/vrf/".$vrf['mplsVpnVrfRouteDistinguisher'].'/'.$_GET['optc']."/'>".$vrf['vrf_name'].'</a></td>';
echo "<td width=200 class=list-large><a href='routing/vrf/".$vrf['mplsVpnVrfRouteDistinguisher'].'/'.$vars['optc']."/'>".$vrf['vrf_name'].'</a></td>';
echo '<td width=100 class=box-desc>'.$vrf['mplsVpnVrfRouteDistinguisher'].'</td>';
echo '<td width=200 class=box-desc>'.$vrf['mplsVpnVrfDescription'].'</td>';
echo '</table></div>';

2
html/pages/search.inc.php
View File

@@ -28,7 +28,7 @@ foreach ($sections as $type => $texttype) {
echo "<span class='pagemenu-selected'>";
}
// echo('<a href="search/' . $type . ($_GET['optb'] ? '/' . $_GET['optb'] : ''). '/">' . $texttype .'</a>');
// echo('<a href="search/' . $type . ($vars['optb'] ? '/' . $vars['optb'] : ''). '/">' . $texttype .'</a>');
echo generate_link($texttype, array('page' => 'search', 'search' => $type));
if ($vars['search'] == $type) {

8
html/pages/search/arp.inc.php
View File

@@ -73,7 +73,7 @@ if ($_POST['searchby'] == 'ip') {
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"searchPhrase\" id=\"address\" value=\""+
<?php
echo '"'.$_POST['searchPhrase'].'"+';
echo '"'.$vars['searchPhrase'].'"+';
?>
"\" class=\"form-control input-sm\" placeholder=\"Address\" />"+
@@ -86,9 +86,9 @@ echo '"'.$_POST['searchPhrase'].'"+';
{
return {
id: "arp-search",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
searchby: '<?php echo mres($_POST['searchby']); ?>',
searchPhrase: '<?php echo mres($_POST['searchPhrase']); ?>'
device_id: '<?php echo $vars['device_id']; ?>',
searchby: '<?php echo $vars['searchby']; ?>',
searchPhrase: '<?php echo $vars['searchPhrase']; ?>'
};
},
url: "ajax_table.php"

8
html/pages/search/ipv4.inc.php
View File

@@ -70,7 +70,7 @@ if ($_POST['interface'] == 'Vlan%') {
"</select>"+
"</div>&nbsp;"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $_POST['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv4 Address\"/>"+
"<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $vars['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv4 Address\"/>"+
"</div>&nbsp;"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
@@ -81,9 +81,9 @@ if ($_POST['interface'] == 'Vlan%') {
return {
id: "address-search",
search_type: "ipv4",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
interface: '<?php echo mres($_POST['interface']); ?>',
address: '<?php echo mres($_POST['address']); ?>'
device_id: '<?php echo $vars['device_id']; ?>',
interface: '<?php echo $vars['interface']; ?>',
address: '<?php echo $vars['address']; ?>'
};
},
url: "ajax_table.php"

8
html/pages/search/ipv6.inc.php
View File

@@ -71,7 +71,7 @@ if ($_POST['interface'] == 'Vlan%') {
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $_POST['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv6 Address\"/>"+
"<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $vars['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv6 Address\"/>"+
"</div>"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
@@ -82,9 +82,9 @@ if ($_POST['interface'] == 'Vlan%') {
return {
id: "address-search",
search_type: "ipv6",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
interface: '<?php echo mres($_POST['interface']); ?>',
address: '<?php echo mres($_POST['address']); ?>'
device_id: '<?php echo $vars['device_id']; ?>',
interface: '<?php echo $vars['interface']; ?>',
address: '<?php echo $vars['address']; ?>'
};
},
url: "ajax_table.php"

8
html/pages/search/mac.inc.php
View File

@@ -69,7 +69,7 @@ if ($_POST['interface'] == 'Vlan%') {
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"address\" id=\"address\" value=\""+
<?php
echo '"'.$_POST['address'].'"+';
echo '"'.$vars['address'].'"+';
?>
"\" class=\"form-control input-sm\" placeholder=\"Mac Address\"/>"+
@@ -83,9 +83,9 @@ echo '"'.$_POST['address'].'"+';
return {
id: "address-search",
search_type: "mac",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
interface: '<?php echo mres($_POST['interface']); ?>',
address: '<?php echo mres($_POST['address']); ?>'
device_id: '<?php echo $vars['device_id']; ?>',
interface: '<?php echo $vars['interface']; ?>',
address: '<?php echo $vars['address']; ?>'
};
},
url: "ajax_table.php"

30
html/pages/search/packages.inc.php
View File

@@ -28,23 +28,23 @@ print_optionbar_start(28);
<form method="post" action="" class="form-inline" role="form">
<div class="form-group">
<label for="package">Package</label>
<input type="text" name="package" id="package" size=20 value="<?php echo($_POST['package']); ?>" class="form-control input-sm" placeholder="Any" />
<input type="text" name="package" id="package" size=20 value="<?php echo($vars['package']); ?>" class="form-control input-sm" placeholder="Any" />
</div>
<div class="form-group">
<label for="version">Version</label>
<input type="text" name="version" id="version" size=20 value="<?php echo($_POST['version']); ?>" class="form-control input-sm" placeholder="Any" />
<input type="text" name="version" id="version" size=20 value="<?php echo($vars['version']); ?>" class="form-control input-sm" placeholder="Any" />
</div>
<div class="form-group">
<label for="version">Arch</label>
<input type="text" name="arch" id="arch" size=20 value="<?php echo($_POST['arch']); ?>" class="form-control input-sm" placeholder="Any" />
<input type="text" name="arch" id="arch" size=20 value="<?php echo($vars['arch']); ?>" class="form-control input-sm" placeholder="Any" />
</div>
<button type="submit" class="btn btn-default input-sm">Search</button>
</form>
<?php
print_optionbar_end();
if(isset($_POST['results_amount']) && $_POST['results_amount'] > 0) {
$results = $_POST['results'];
if(isset($vars['results_amount']) && $vars['results_amount'] > 0) {
$results = $vars['results'];
}
else {
$results = 50;
@@ -81,15 +81,15 @@ if (is_admin() === FALSE && is_read() === FALSE) {
$param[] = $_SESSION['user_id'];
}
$query .= " WHERE packages.device_id = devices.device_id AND packages.name LIKE '%".mres($_POST['package'])."%' $sql_where GROUP BY packages.name";
$query .= " WHERE packages.device_id = devices.device_id AND packages.name LIKE '%".mres($vars['package'])."%' $sql_where GROUP BY packages.name";
$where = '';
$ver = "";
$opt = "";
if( !empty($_POST['arch']) ) {
if( !empty($vars['arch']) ) {
$where .= ' AND packages.arch = ?';
$param[] = mres($_POST['arch']);
$param[] = mres($vars['arch']);
}
if( is_numeric($_REQUEST['device_id']) ) {
@@ -102,11 +102,11 @@ $count_query .= $query." ) sub";
$query .= $where." ORDER BY packages.name, packages.arch, packages.version";
$count = dbFetchCell($count_query,$param);
if( !isset($_POST['page_number']) && $_POST['page_number'] < 1 ) {
if( !isset($vars['page_number']) && $vars['page_number'] < 1 ) {
$page_number = 1;
}
else {
$page_number = $_POST['page_number'];
$page_number = $vars['page_number'];
}
$start = ($page_number - 1) * $results;
@@ -134,8 +134,8 @@ foreach( dbFetchRows($full_query, $param) as $entry ) {
}
}
if( !empty($_POST['version']) ) {
list($opt, $ver) = explode(" ",$_POST['version']);
if( !empty($vars['version']) ) {
list($opt, $ver) = explode(" ",$vars['version']);
}
foreach( $ordered as $name=>$entry ) {
@@ -178,9 +178,9 @@ if( (int) ($count / $results) > 0 && $count != $results ) {
</table>
<input type="hidden" name="page_number" id="page_number" value="<?php echo $page_number; ?>">
<input type="hidden" name="results_amount" id="results_amount" value="<?php echo $results; ?>">
<input type="hidden" name="package" id="results_packages" value="<?php echo $_POST['package']; ?>">
<input type="hidden" name="version" id="results_version" value="<?php echo $_POST['version']; ?>">
<input type="hidden" name="arch" id="results_arch" value="<?php echo $_POST['arch']; ?>">
<input type="hidden" name="package" id="results_packages" value="<?php echo $vars['package']; ?>">
<input type="hidden" name="version" id="results_version" value="<?php echo $vars['version']; ?>">
<input type="hidden" name="arch" id="results_arch" value="<?php echo $vars['arch']; ?>">
</form>
<script type="text/javascript">
function updateResults(results) {

8
html/pages/syslog.inc.php
View File

@@ -81,10 +81,10 @@ var grid = $("#syslog").bootgrid({
{
return {
id: "syslog",
device: '<?php echo htmlspecialchars($vars['device']); ?>',
program: '<?php echo htmlspecialchars($vars['program']); ?>',
to: '<?php echo htmlspecialchars($vars['to']); ?>',
from: '<?php echo htmlspecialchars($vars['from']); ?>',
device: '<?php echo $vars['device']; ?>',
program: '<?php echo $vars['program']; ?>',
to: '<?php echo $vars['to']; ?>',
from: '<?php echo $vars['from']; ?>',
};
},
url: "ajax_table.php"

1
includes/alerts.inc.php
View File

@@ -31,6 +31,7 @@ include_once($config['install_dir'].'/html/includes/authentication/'.$config['au
* @return string|boolean
*/
function GenSQL($rule) {
$rule = htmlspecialchars_decode($rule);
$rule = RunMacros($rule);
if( empty($rule) ) {
//Cannot resolve Macros due to recursion. Rule is invalid.

13
includes/common.php
View File

@@ -1265,3 +1265,16 @@ function get_port_id ($ports_mapped, $port, $port_association_mode) {
return $port_id;
}
/**
* Sanitize
* @param mixed $item Reference to Item
* @param mixed $key Key
* @return void
*/
function sanitize_array(&$item, $key) {
$tmp = htmlspecialchars($item);
if( !empty($tmp) ){
$item = $tmp;
}
}

4
includes/dbFacile.mysql.php
View File

@@ -266,6 +266,8 @@ function dbFetchRows($sql, $parameters=array(), $nocache=false) {
if ($config['memcached']['enable'] && $nocache === false) {
$config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$rows,$config['memcached']['ttl']);
}
array_walk_recursive($rows,'sanitize_array');
reset($rows);
return $rows;
}
@@ -333,6 +335,8 @@ function dbFetchRow($sql=null, $parameters=array(), $nocache=false) {
if ($config['memcached']['enable'] && $nocache === false) {
$config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$row,$config['memcached']['ttl']);
}
array_walk_recursive($row,'sanitize_array');
reset($row);
return $row;
}
else {

4
includes/dbFacile.mysqli.php
View File

@@ -267,6 +267,8 @@ function dbFetchRows($sql, $parameters=array(), $nocache=false) {
if ($config['memcached']['enable'] && $nocache === false) {
$config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$rows,$config['memcached']['ttl']);
}
array_walk_recursive($rows,'sanitize_array');
reset($rows);
return $rows;
}
@@ -334,6 +336,8 @@ function dbFetchRow($sql=null, $parameters=array(), $nocache=false) {
if ($config['memcached']['enable'] && $nocache === false) {
$config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$row,$config['memcached']['ttl']);
}
array_walk_recursive($row,'sanitize_array');
reset($row);
return $row;
}
else {

1
includes/object-cache.inc.php
View File

@@ -97,6 +97,7 @@ class ObjCache implements ArrayAccess {
else {
$GLOBALS['_ObjCache'][$this->obj][$obj]['value'] = dbFetchRows($this->data[$obj]['query'], $this->data[$obj]['params']);
if (sizeof($GLOBALS['_ObjCache'][$this->obj][$obj]['value']) == 1 && sizeof($GLOBALS['_ObjCache'][$this->obj][$obj]['value'][0]) == 1) {
reset($GLOBALS['_ObjCache'][$this->obj][$obj]['value'][0]);
$GLOBALS['_ObjCache'][$this->obj][$obj]['value'] = current($GLOBALS['_ObjCache'][$this->obj][$obj]['value'][0]);
}
return $GLOBALS['_ObjCache'][$this->obj][$obj]['value'];