From 7c4fac489af1e530273519e4ba4c10c1f89abb46 Mon Sep 17 00:00:00 2001
From: Tony Murray <murraytony@gmail.com>
Date: Thu, 29 Nov 2018 13:04:11 -0600
Subject: [PATCH] Fix issues cause by new location and other misc (#9490)

* Fix issues cause by new location and other misc
fix some queries so we return devices with null locations
remove unnecessary query of all ports on ports page lists
make locations menu available to non-admins for the legacy menu
fix a few issues with the old network-map

* fix graphs

* fix oxidized query
---
 html/includes/api_functions.inc.php        |  2 +-
 html/includes/graphs/location/auth.inc.php |  2 +-
 html/includes/print-menubar.php            | 23 +++++++++++-----------
 html/network-map.php                       | 12 +++++------
 html/pages/devices.inc.php                 |  2 +-
 html/pages/ports.inc.php                   | 15 +++++++++-----
 includes/alerts.inc.php                    |  2 +-
 7 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/html/includes/api_functions.inc.php b/html/includes/api_functions.inc.php
index b0281410dd..63be15a7a3 100644
--- a/html/includes/api_functions.inc.php
+++ b/html/includes/api_functions.inc.php
@@ -1296,7 +1296,7 @@ function list_oxidized()
         $params = array($hostname);
     }
 
-    foreach (dbFetchRows("SELECT hostname,sysname,sysDescr,hardware,os,locations.location,ip AS ip FROM `devices` LEFT JOIN devices_attribs AS `DA` ON devices.device_id = DA.device_id LEFT JOIN locations ON devices.location_id = locations.id AND `DA`.attrib_type='override_Oxidized_disable' WHERE `disabled`='0' AND `ignore` = 0 AND (DA.attrib_value = 'false' OR DA.attrib_value IS NULL) AND (`type` NOT IN ($device_types) AND `os` NOT IN ($device_os)) $sql", $params) as $device) {
+    foreach (dbFetchRows("SELECT hostname,sysname,sysDescr,hardware,os,locations.location,ip AS ip FROM `devices` LEFT JOIN locations ON devices.location_id = locations.id LEFT JOIN devices_attribs AS `DA` ON devices.device_id = DA.device_id AND `DA`.attrib_type='override_Oxidized_disable' WHERE `disabled`='0' AND `ignore` = 0 AND (DA.attrib_value = 'false' OR DA.attrib_value IS NULL) AND (`type` NOT IN ($device_types) AND `os` NOT IN ($device_os)) $sql", $params) as $device) {
         // Convert from packed value to human value
         $device['ip'] = inet6_ntop($device['ip']);
 
diff --git a/html/includes/graphs/location/auth.inc.php b/html/includes/graphs/location/auth.inc.php
index 651cc989ef..eac9e843c7 100644
--- a/html/includes/graphs/location/auth.inc.php
+++ b/html/includes/graphs/location/auth.inc.php
@@ -1,7 +1,7 @@
 <?php
 
 foreach (dbFetchRows('SELECT * FROM `devices`,`locations` WHERE location_id = ? && devices.location_id = locations.id', [$vars['id']]) as $device) {
-    if ($auth || device_permitted($device_id)) {
+    if ($auth || device_permitted($device['device_id'])) {
         $devices[] = $device;
         $title     = $device['location'];
         $auth      = true;
diff --git a/html/includes/print-menubar.php b/html/includes/print-menubar.php
index 94a9d4bb24..fdc58f59b3 100644
--- a/html/includes/print-menubar.php
+++ b/html/includes/print-menubar.php
@@ -179,28 +179,29 @@ if (count($devices_groups) > 0) {
     unset($group);
     echo '</ul></li>';
 }
-if (Auth::user()->hasGlobalAdmin()) {
-    if ($config['show_locations']) {
-        if ($config['show_locations_dropdown']) {
-            $locations = getlocations();
-            if (count($locations) > 0) {
-                echo('
+if ($config['show_locations']) {
+    if ($config['show_locations_dropdown']) {
+        $locations = getlocations();
+        if (count($locations) > 0) {
+            echo('
                     <li role="presentation" class="divider"></li>
                     <li class="dropdown-submenu">
                     <a href="#"><i class="fa fa-map-marker fa-fw fa-lg" aria-hidden="true"></i> Geo Locations</a>
                     <ul class="dropdown-menu scrollable-menu">
                     <li><a href="locations"><i class="fa fa-map-marker fa-fw fa-lg" aria-hidden="true"></i> All Locations</a></li>
                 ');
-                foreach ($locations as $location) {
-                    echo('            <li><a href="devices/location=' . $location['id'] . '/"><i class="fa fa-building fa-fw fa-lg" aria-hidden="true"></i> ' . htmlentities($location['location']) . ' </a></li>');
-                }
-                echo('
+            foreach ($locations as $location) {
+                echo('            <li><a href="devices/location=' . $location['id'] . '/"><i class="fa fa-building fa-fw fa-lg" aria-hidden="true"></i> ' . htmlentities($location['location']) . ' </a></li>');
+            }
+            echo('
                     </ul>
                     </li>
                 ');
-            }
         }
     }
+}
+
+if (Auth::user()->hasGlobalAdmin()) {
     echo '
             <li role="presentation" class="divider"></li>';
     if (is_module_enabled('poller', 'mib')) {
diff --git a/html/network-map.php b/html/network-map.php
index c663d98c4b..c853a0e00b 100644
--- a/html/network-map.php
+++ b/html/network-map.php
@@ -38,11 +38,10 @@ if (isset($config['branding']) && is_array($config['branding'])) {
 
 $where = '';
 $param = [];
-if (is_numeric($_GET['device']) && isset($_GET['device'])) {
+if (isset($_GET['device']) && is_numeric($_GET['device'])) {
     $where = '&& device_id = ?';
     $param[] = $_GET['device'];
 }
-
 // FIXME this shit probably needs tidied up.
 
 if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format'])) {
@@ -57,8 +56,7 @@ if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format'])) {
         $map .= "\"Not authenticated\" [fontsize=20 fillcolor=\"lightblue\", URL=\"/\" shape=box3d]\n";
     } else {
         $loc_count = 1;
-
-        foreach (dbFetch("SELECT *, locations.location from devices,locations WHERE devices.location_id = locations.id ".$where, $param) as $device) {
+        foreach (dbFetch("SELECT *, locations.location FROM devices LEFT JOIN locations ON devices.location_id = locations.id WHERE 1 ".$where, $param) as $device) {
             if ($device) {
                 $links = dbFetch("SELECT * from ports AS I, links AS L WHERE I.device_id = ? AND L.local_port_id = I.port_id ORDER BY L.remote_hostname", array($device['device_id']));
                 if (count($links)) {
@@ -71,7 +69,7 @@ if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format'])) {
                     }
                     $loc_id = $locations[$device['location']];
 
-                    $map .= "\"".$device['hostname']."\" [fontsize=20, fillcolor=\"lightblue\", group=".$loc_id." URL=\"{$config['base_url']}/device/device=".$device['device_id']."/tab=map/\" shape=box3d]\n";
+                    $map .= "\"".$device['hostname']."\" [fontsize=20, fillcolor=\"lightblue\", group=".$loc_id." URL=\"{$config['base_url']}/device/device=".$device['device_id']."/tab=neighbours/selection=map/\" shape=box3d]\n";
                 }
 
                 foreach ($links as $link) {
@@ -139,7 +137,7 @@ if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format'])) {
                             }
 
                             if ($dst_host) {
-                                $map .= "\"$dst\" [URL=\"{$config['base_url']}/device/device=$dst_host/tab=map/\", fontsize=20, shape=box3d]\n";
+                                $map .= "\"$dst\" [URL=\"{$config['base_url']}/device/device=$dst_host/tab=neighbours/selection=map/\", fontsize=20, shape=box3d]\n";
                             } else {
                                 $map .= "\"$dst\" [ fontsize=20 shape=box3d]\n";
                             }
@@ -226,7 +224,7 @@ if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format'])) {
     if (LegacyAuth::check()) {
         // FIXME level 10 only?
         echo '<center>
-                  <object width=1200 height=1000 data="'. $config['base_url'] . '/map.php?format=svg" type="image/svg+xml"></object>
+                  <object width=1200 height=1000 data="'. $config['base_url'] . '/network-map.php?format=svg" type="image/svg+xml"></object>
               </center>
         ';
     }
diff --git a/html/pages/devices.inc.php b/html/pages/devices.inc.php
index 30aade04cf..e877d65f77 100644
--- a/html/pages/devices.inc.php
+++ b/html/pages/devices.inc.php
@@ -328,7 +328,7 @@ if ($format == "graph") {
     foreach (getlocations() as $location_row) {
         $location = clean_bootgrid($location_row['location']);
         $location_id = $location_row['id'];
-        if ($location == $vars['location'] || $location_id == $vars['location']) {
+        if (isset($vars['location']) && ($location_id == $vars['location'] || $location == $vars['location'])) {
             $location_selected = 'selected';
         } else {
             $location_selected = '';
diff --git a/html/pages/ports.inc.php b/html/pages/ports.inc.php
index 0f74d030cc..82c067f43d 100644
--- a/html/pages/ports.inc.php
+++ b/html/pages/ports.inc.php
@@ -320,8 +320,13 @@ foreach ($vars as $var => $value) {
                 $param[] = "%" . $value . "%";
                 break;
             case 'location':
-                $where .= " AND L.location LIKE ?";
-                $param[] = "%" . $value . "%";
+                if (is_int($value)) {
+                    $where .= " AND L.id = ?";
+                    $param[] = $value;
+                } else {
+                    $where .= " AND L.location LIKE ?";
+                    $param[] = "%" . $value . "%";
+                }
                 break;
             case 'device_id':
                 $where .= " AND D.device_id = ?";
@@ -404,13 +409,13 @@ if ($ignore_filter == 0 && $disabled_filter == 0) {
     $where .= " AND `I`.`ignore` = 0 AND `I`.`disabled` = 0 AND `I`.`deleted` = 0";
 }
 
-$query = "SELECT * FROM `ports` AS I, `devices` AS D, `locations` AS L WHERE I.device_id = D.device_id D.location_id = L.id" . $where . " " . $query_sort;
-
+$query = "SELECT * FROM `ports` AS I, `devices` AS D LEFT JOIN `locations` AS L ON D.location_id = L.id WHERE I.device_id = D.device_id" . $where . " " . $query_sort;
 $row = 1;
 
 list($format, $subformat) = explode("_", $vars['format']);
 
-$ports = dbFetchRows($query, $param);
+// only grab list of ports for graph pages, table uses ajax
+$ports = $format == 'graph' ? dbFetchRows($query, $param) : [];
 
 switch ($vars['sort']) {
     case 'traffic':
diff --git a/includes/alerts.inc.php b/includes/alerts.inc.php
index dfb45d0752..0893a2d1d5 100644
--- a/includes/alerts.inc.php
+++ b/includes/alerts.inc.php
@@ -415,7 +415,7 @@ function DescribeAlert($alert)
 {
     $obj         = array();
     $i           = 0;
-    $device      = dbFetchRow('SELECT hostname, sysName, sysDescr, sysContact, os, type, ip, hardware, version, purpose, notes, uptime, status, status_reason, locations.location FROM devices, locations WHERE locations.id = location_id && device_id = ?', array($alert['device_id']));
+    $device      = dbFetchRow('SELECT hostname, sysName, sysDescr, sysContact, os, type, ip, hardware, version, purpose, notes, uptime, status, status_reason, locations.location FROM devices LEFT JOIN locations ON locations.id = devices.location_id WHERE device_id = ?', array($alert['device_id']));
     $attribs     = get_dev_attribs($alert['device_id']);
 
     $obj['hostname']      = $device['hostname'];