From 21e94b3e3a799ecd0f9f6717b272aab8ae58bd85 Mon Sep 17 00:00:00 2001 From: f0o Date: Wed, 10 Feb 2016 15:20:32 +0000 Subject: [PATCH 1/6] Sanity! --- alerts.php | 4 ++-- html/ajax_dash.php | 2 +- html/includes/vars.inc.php | 2 ++ html/index.php | 8 -------- includes/alerts.inc.php | 1 + includes/common.php | 13 +++++++++++++ includes/dbFacile.mysql.php | 2 ++ includes/dbFacile.mysqli.php | 2 ++ 8 files changed, 23 insertions(+), 11 deletions(-) diff --git a/alerts.php b/alerts.php index 6d791d213d..1035214c01 100755 --- a/alerts.php +++ b/alerts.php @@ -182,7 +182,7 @@ function RunFollowUp() { } $alert['details'] = json_decode(gzuncompress($alert['details']), true); - $rextra = json_decode($alert['extra'], true); + $rextra = json_decode(htmlspecialchars_decode($alert['extra']), true); if ($rextra['invert']) { continue; } @@ -237,7 +237,7 @@ function RunAlerts() { $noiss = false; $noacc = false; $updet = false; - $rextra = json_decode($alert['extra'], true); + $rextra = json_decode(htmlspecialchars_decode($alert['extra']), true); $chk = dbFetchRow('SELECT alerts.alerted,devices.ignore,devices.disabled FROM alerts,devices WHERE alerts.device_id = ? && devices.device_id = alerts.device_id && alerts.rule_id = ?', array($alert['device_id'], $alert['rule_id'])); if ($chk['alerted'] == $alert['state']) { $noiss = true; diff --git a/html/ajax_dash.php b/html/ajax_dash.php index 0ffc580679..e5622c7328 100644 --- a/html/ajax_dash.php +++ b/html/ajax_dash.php @@ -39,7 +39,7 @@ elseif (is_file('includes/common/'.$type.'.inc.php')) { $title = ucfirst($type); $unique_id = str_replace(array("-","."),"_",uniqid($type,true)); $widget_id = mres($_POST['id']); - $widget_settings = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?',array($widget_id)),true); + $widget_settings = json_decode(htmlspecialchars_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?',array($widget_id))),true); $widget_dimensions = $_POST['dimensions']; if( !empty($_POST['settings']) ) { define('show_settings',true); diff --git a/html/includes/vars.inc.php b/html/includes/vars.inc.php index 369a13a74a..c9008d2178 100644 --- a/html/includes/vars.inc.php +++ b/html/includes/vars.inc.php @@ -43,3 +43,5 @@ foreach ($_GET as $name => $value) { foreach ($_POST as $name => $value) { $vars[$name] = $value; } + +array_walk_recursive($vars,'sanitize_array'); diff --git a/html/index.php b/html/index.php index 46164c663b..494d6c3dea 100644 --- a/html/index.php +++ b/html/index.php @@ -214,14 +214,6 @@ else {
"); - print_r($_GET); - print_r($vars); - echo(""); -} - if ($_SESSION['authenticated']) { // Authenticated. Print a page. if (isset($vars['page']) && !strstr("..", $vars['page']) && is_file("pages/" . $vars['page'] . ".inc.php")) { diff --git a/includes/alerts.inc.php b/includes/alerts.inc.php index 23a56932d4..3747c9f123 100644 --- a/includes/alerts.inc.php +++ b/includes/alerts.inc.php @@ -31,6 +31,7 @@ include_once($config['install_dir'].'/html/includes/authentication/'.$config['au * @return string|boolean */ function GenSQL($rule) { + $rule = htmlspecialchars_decode($rule); $rule = RunMacros($rule); if( empty($rule) ) { //Cannot resolve Macros due to recursion. Rule is invalid. diff --git a/includes/common.php b/includes/common.php index 8b59ba774a..feb34b1543 100644 --- a/includes/common.php +++ b/includes/common.php @@ -1255,3 +1255,16 @@ function get_port_id ($ports_mapped, $port, $port_association_mode) { return $port_id; } + +/** + * Sanitize + * @param mixed $item Reference to Item + * @param mixed $key Key + * @return void + */ +function sanitize_array(&$item, $key) { + $tmp = htmlspecialchars($item); + if( !empty($tmp) ){ + $item = $tmp; + } +} diff --git a/includes/dbFacile.mysql.php b/includes/dbFacile.mysql.php index f2bb56c0be..d9372cbb69 100644 --- a/includes/dbFacile.mysql.php +++ b/includes/dbFacile.mysql.php @@ -266,6 +266,7 @@ function dbFetchRows($sql, $parameters=array(), $nocache=false) { if ($config['memcached']['enable'] && $nocache === false) { $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$rows,$config['memcached']['ttl']); } + array_walk_recursive($rows,'sanitize_array'); return $rows; } @@ -333,6 +334,7 @@ function dbFetchRow($sql=null, $parameters=array(), $nocache=false) { if ($config['memcached']['enable'] && $nocache === false) { $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$row,$config['memcached']['ttl']); } + array_walk_recursive($row,'sanitize_array'); return $row; } else { diff --git a/includes/dbFacile.mysqli.php b/includes/dbFacile.mysqli.php index 15a48962cf..70c4651e7c 100644 --- a/includes/dbFacile.mysqli.php +++ b/includes/dbFacile.mysqli.php @@ -267,6 +267,7 @@ function dbFetchRows($sql, $parameters=array(), $nocache=false) { if ($config['memcached']['enable'] && $nocache === false) { $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$rows,$config['memcached']['ttl']); } + array_walk_recursive($rows,'sanitize_array'); return $rows; } @@ -334,6 +335,7 @@ function dbFetchRow($sql=null, $parameters=array(), $nocache=false) { if ($config['memcached']['enable'] && $nocache === false) { $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$row,$config['memcached']['ttl']); } + array_walk_recursive($row,'sanitize_array'); return $row; } else { From 375d7ca4af04c1431a318fab3a1fc9d2164ab447 Mon Sep 17 00:00:00 2001 From: f0o Date: Wed, 10 Feb 2016 15:26:17 +0000 Subject: [PATCH 2/6] Cosmetic fix on Alert-Rules --- html/includes/print-alert-rules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/includes/print-alert-rules.php b/html/includes/print-alert-rules.php index eac1ae6fd8..4a198d9a1b 100644 --- a/html/includes/print-alert-rules.php +++ b/html/includes/print-alert-rules.php @@ -205,7 +205,7 @@ foreach (dbFetchRows($full_query, $param) as $rule) { echo 'Inverted '; } - echo ''.htmlentities($rule['rule']).''; + echo ''.$rule['rule'].''; echo ''.$rule['severity'].''; echo " "; if ($rule_extra['mute'] === true) { From 2e59ada075c6ce8fce5db2f74ce8b8d11fa3a1e5 Mon Sep 17 00:00:00 2001 From: f0o Date: Wed, 10 Feb 2016 15:31:37 +0000 Subject: [PATCH 3/6] Eventlog cosmetic fixes --- html/includes/print-event-short.inc.php | 2 +- html/includes/print-event.inc.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/html/includes/print-event-short.inc.php b/html/includes/print-event-short.inc.php index 42fc757682..2c02b7727e 100644 --- a/html/includes/print-event-short.inc.php +++ b/html/includes/print-event-short.inc.php @@ -25,6 +25,6 @@ if ($entry['type'] == 'interface') { $entry['link'] = ''.generate_port_link(getifbyid($entry['reference'])).''; } - echo $entry['link'].' '.htmlspecialchars($entry['message']).' + echo $entry['link'].' '.$entry['message'].' '; diff --git a/html/includes/print-event.inc.php b/html/includes/print-event.inc.php index d8afd6bfa7..14b6764d82 100644 --- a/html/includes/print-event.inc.php +++ b/html/includes/print-event.inc.php @@ -31,5 +31,5 @@ else { echo ''.$entry['link'].''; -echo ''.htmlspecialchars($entry['message']).' +echo ''.$entry['message'].' '; From f60636930957e1ae65020422da7951824c1fb90e Mon Sep 17 00:00:00 2001 From: f0o Date: Wed, 10 Feb 2016 15:40:50 +0000 Subject: [PATCH 4/6] Bulk cosmetic fixes --- html/includes/dev-overview-data.inc.php | 4 ++-- html/includes/print-alerts.inc.php | 2 +- html/includes/print-syslog.inc.php | 4 ++-- html/includes/reports/alert-log.pdf.inc.php | 2 +- html/includes/table/alertlog.inc.php | 2 +- html/includes/table/eventlog.inc.php | 2 +- html/includes/table/syslog.inc.php | 2 +- html/pages/devices.inc.php | 2 +- html/pages/syslog.inc.php | 8 ++++---- 9 files changed, 14 insertions(+), 14 deletions(-) diff --git a/html/includes/dev-overview-data.inc.php b/html/includes/dev-overview-data.inc.php index 04c4de3ddb..defeb6d44a 100644 --- a/html/includes/dev-overview-data.inc.php +++ b/html/includes/dev-overview-data.inc.php @@ -68,14 +68,14 @@ if ($device['sysContact']) { Contact'; if (get_dev_attrib($device, 'override_sysContact_bool')) { echo ' - '.htmlspecialchars(get_dev_attrib($device, 'override_sysContact_string')).' + '.get_dev_attrib($device, 'override_sysContact_string').' SNMP Contact'; } echo ' - '.htmlspecialchars($device['sysContact']).' + '.$device['sysContact'].' '; } diff --git a/html/includes/print-alerts.inc.php b/html/includes/print-alerts.inc.php index d9758a0f38..ac75278fbb 100644 --- a/html/includes/print-alerts.inc.php +++ b/html/includes/print-alerts.inc.php @@ -15,7 +15,7 @@ if (!isset($alert_entry['device'])) { '; } -echo ''.htmlspecialchars($alert_entry['name']).''; +echo ''.$alert_entry['name'].''; if ($alert_state != '') { if ($alert_state == '0') { diff --git a/html/includes/print-syslog.inc.php b/html/includes/print-syslog.inc.php index 0f1c1c6698..26a0d5b626 100644 --- a/html/includes/print-syslog.inc.php +++ b/html/includes/print-syslog.inc.php @@ -8,10 +8,10 @@ if (device_permitted($entry['device_id'])) { if ($vars['page'] != 'device') { $syslog_output .= ''.$entry['date'].' '.generate_device_link($entry).' - '.$entry['program'].' : '.htmlspecialchars($entry['msg']).''; + '.$entry['program'].' : '.$entry['msg'].''; } else { - $syslog_output .= ''.$entry['date'].'   '.$entry['program'].'   '.htmlspecialchars($entry['msg']).''; + $syslog_output .= ''.$entry['date'].'   '.$entry['program'].'   '.$entry['msg'].''; } $syslog_output .= ''; diff --git a/html/includes/reports/alert-log.pdf.inc.php b/html/includes/reports/alert-log.pdf.inc.php index d293b474b9..13b13526df 100644 --- a/html/includes/reports/alert-log.pdf.inc.php +++ b/html/includes/reports/alert-log.pdf.inc.php @@ -66,7 +66,7 @@ foreach (dbFetchRows($full_query, $param) as $alert_entry) { $data[] = array( $alert_entry['time_logged'], $hostname, - htmlspecialchars($alert_entry['name']), + $alert_entry['name'], $text, ); }//end if diff --git a/html/includes/table/alertlog.inc.php b/html/includes/table/alertlog.inc.php index 8b4d94d3e2..3c41acb784 100644 --- a/html/includes/table/alertlog.inc.php +++ b/html/includes/table/alertlog.inc.php @@ -77,7 +77,7 @@ foreach (dbFetchRows($sql, $param) as $alertlog) { 'time_logged' => $alertlog['humandate'], 'details' => '', 'hostname' => '
'.generate_device_link($dev, shorthost($dev['hostname'])).'
'.$fault_detail.'
', - 'alert' => htmlspecialchars($alertlog['alert']), + 'alert' => $alertlog['alert'], 'status' => " $text", ); }//end foreach diff --git a/html/includes/table/eventlog.inc.php b/html/includes/table/eventlog.inc.php index 62edbbefd3..6390b0d0f9 100644 --- a/html/includes/table/eventlog.inc.php +++ b/html/includes/table/eventlog.inc.php @@ -66,7 +66,7 @@ foreach (dbFetchRows($sql, $param) as $eventlog) { 'datetime' => $eventlog['humandate'], 'hostname' => generate_device_link($dev, shorthost($dev['hostname'])), 'type' => $type, - 'message' => htmlspecialchars($eventlog['message']), + 'message' => $eventlog['message'], ); } diff --git a/html/includes/table/syslog.inc.php b/html/includes/table/syslog.inc.php index 987aac65a1..bd80e7b5f8 100644 --- a/html/includes/table/syslog.inc.php +++ b/html/includes/table/syslog.inc.php @@ -66,7 +66,7 @@ foreach (dbFetchRows($sql, $param) as $syslog) { 'timestamp' => $syslog['date'], 'device_id' => generate_device_link($dev, shorthost($dev['hostname'])), 'program' => $syslog['program'], - 'msg' => htmlspecialchars($syslog['msg']), + 'msg' => $syslog['msg'], ); } diff --git a/html/pages/devices.inc.php b/html/pages/devices.inc.php index 6d446d5c1d..eb98e18efe 100644 --- a/html/pages/devices.inc.php +++ b/html/pages/devices.inc.php @@ -466,7 +466,7 @@ var grid = $("#devices").bootgrid({ return { id: "devices", format: '', - hostname: '', + hostname: '', os: '', version: '', hardware: '', diff --git a/html/pages/syslog.inc.php b/html/pages/syslog.inc.php index bd708c175e..d0a8f905d9 100644 --- a/html/pages/syslog.inc.php +++ b/html/pages/syslog.inc.php @@ -81,10 +81,10 @@ var grid = $("#syslog").bootgrid({ { return { id: "syslog", - device: '', - program: '', - to: '', - from: '', + device: '', + program: '', + to: '', + from: '', }; }, url: "ajax_table.php" From c767a26732f4c9245397cb5c565f794f09ba5277 Mon Sep 17 00:00:00 2001 From: f0o Date: Wed, 10 Feb 2016 16:02:13 +0000 Subject: [PATCH 5/6] more bulk sanity --- html/pages/adduser.inc.php | 2 +- html/pages/alert-log.inc.php | 6 +-- html/pages/api-access.inc.php | 8 ++-- html/pages/bills/search.inc.php | 2 +- html/pages/delhost.inc.php | 12 ++--- html/pages/device/edit.inc.php | 2 +- html/pages/device/logs/eventlog.inc.php | 2 +- html/pages/device/logs/syslog.inc.php | 2 +- html/pages/inventory.inc.php | 16 +++---- html/pages/routing/vrf.inc.php | 62 ++++++++++++------------- html/pages/search.inc.php | 2 +- html/pages/search/arp.inc.php | 8 ++-- html/pages/search/ipv4.inc.php | 8 ++-- html/pages/search/ipv6.inc.php | 8 ++-- html/pages/search/mac.inc.php | 8 ++-- html/pages/search/packages.inc.php | 30 ++++++------ 16 files changed, 89 insertions(+), 89 deletions(-) diff --git a/html/pages/adduser.inc.php b/html/pages/adduser.inc.php index 791d4d03de..7bb5c48385 100644 --- a/html/pages/adduser.inc.php +++ b/html/pages/adduser.inc.php @@ -27,7 +27,7 @@ else { // FIXME: missing email field here on the form if (adduser($_POST['new_username'], $_POST['new_password'], $_POST['new_level'], $_POST['new_email'], $_POST['new_realname'], $_POST['can_modify_passwd'])) { - echo 'User '.$_POST['username'].' added!'; + echo 'User '.$vars['username'].' added!'; } } else { diff --git a/html/pages/alert-log.inc.php b/html/pages/alert-log.inc.php index 752be46cef..4042b2e3dd 100644 --- a/html/pages/alert-log.inc.php +++ b/html/pages/alert-log.inc.php @@ -51,7 +51,7 @@ foreach (get_all_devices() as $hostname) { $device_id = getidbyname($hostname); if (device_permitted($device_id)) { echo '"
- +
+ - +
diff --git a/html/pages/device/edit.inc.php b/html/pages/device/edit.inc.php index e866e4504b..62cd2a4c54 100644 --- a/html/pages/device/edit.inc.php +++ b/html/pages/device/edit.inc.php @@ -58,7 +58,7 @@ else { echo(generate_link($text,$link_array,array('section'=>$type))); -# echo(" " . $text .""); +# echo(" " . $text .""); if ($vars['section'] == $type) { echo(""); } diff --git a/html/pages/device/logs/eventlog.inc.php b/html/pages/device/logs/eventlog.inc.php index a5c60de86f..f5f0444b60 100644 --- a/html/pages/device/logs/eventlog.inc.php +++ b/html/pages/device/logs/eventlog.inc.php @@ -2,7 +2,7 @@
- +
+