Users were able to submit changes to fields they should not have access to change by bypassing the frontend validation. Correct backend validation to prevent that.
* Fix up version and git helpers
Improve method names
Move all git calls into the git helper
Allow runtime and external cache of results where appropriate
Consolidate version headers for discovery, poller, and validate
* Style fixes
* improve consistency in git calls
* fix style
* don't send name inconsistently
* Improve database versions
* No need to cache Version it is not used more than once currently.
* Disable plugins that have errors
Disable plugin if a hook throws an error and set a notification
Move notification code to class, so we can access it
Clear notification when plugin is attempted to be enabled again
* fix style and lint fixes
* another lint fix and handle if property is missing
* Cleanup and optimize the availability widget
Default sort is display name
Sort applies to services too (services always last)
May need to refresh the page to get new css
* style
* We don't need request (lint fix)
* Wrong service field name
* Fix IPv6 in service check host (#13939)
* Add hostName cleaning to Clean
* Apply RFC 5952 formatting to Clean::hostName output
* Use more liberal cleaning for hostnames
* Remove unwanted whitespace
* Apply Clean::hostName() to all relevant fields
* Fix docstring
* Use IP::isValid inline
* Update Clean.php
* Update services.inc.php
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add sorting support for additional columns + dual column
Additional columns are Display Name (display) and System Name (sysName)
Dual column means that first is sorted after status, then within
each status group another sort is done (every columns from single column
sorting is possible).
* Change code for styleCI
* Expand availability map sorting menu
Also change sysName to System Name – there is no real reason for
that short form.
* Add german translation for avail. map sorting/display options
* Adjust sorting behaviour in Availability Map
The dropdown now presents two options:
- Display Text: Sort by the selected value of the dropdown 'Display Text'
- Status: Sort by status, then by selected value of dropdown 'Display Text'
As the field 'display' (The display name) may contain template functions
etc., sorting is not done by SQL means; instead custom sorting is done
within the controller.
* Apply fix for styleCI
* Apply fix for styleCI, part 2
* Update availability-map.blade.php
* Update availability-map.blade.php
* Update availability-map.blade.php
* Update de.json
* Update AvailabilityMapController.php
* Update AvailabilityMapController.php
* Update availability-map.blade.php
* Update de.json
Co-authored-by: Sander Steffann <sander@steffann.nl>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Return GraphImage to include more metadata
Allows things like including title.
Implements __toString for backwards compatability
getImageData to allow controlling the output through flags
* Style and Lint
* Email embed graphs
* Allow attachment for non-html
Add setting to webui
Correct $auth setting
* Cleanups, throw RrdGraphException instead of returning an error image.
Generate the error image later, giving more control.
Reduce code duplication a little
* Style and lint fixes
Change to flags
* Add baseline for lint errors I don't know how to resolve
* oopsie, changed the code after generating the baseline
* Tiny cleanups. Make set DeviceCache primary, it is free.
* Docs.
* email_html note
* Allow control of graph embed at the email transport level to override the global config.
* Allow control of graph embed at the email transport level to override the global config.
* Add INLINE_BASE64 to make it easier to create inline image tags
* Discord ability to attach graph images
Must use @signedGraphTag()
Needs more work on the graph side of things still: issues with CORs and other.
* Fixes
* alert data is an array for transports
* No need to decode, that was a bug before
* More secure external graph access
Add @signedGraphTag() and @signedGraphUrl() blade directives
Takes either an array of graph variables or a url to a graph
Uses a signed url that is accessible without user login, embeds signature in url to authenticate access
See Laravel Signed Url for more details.
Adds Laravel route to graphs (does not change links to use it yet)
@graphImage requires the other PR
Also APP_URL is required in .env
* missing files from rebase
* Fix url parsing with a get string
* allow width and height to be omitted
* Documentation
* Add to, otherwise it will always be now
* Doc note for to and from relative security
* fix vars.inc.php (Laravel has a dummy url here)
* Fix removing all port groups
* Make backend work in the situation where this endpoint is used for more than just this setting change
change event is called multiple times when select2 is cleared (once for each item)
prevent duplicate backend calls
Remove no default Port Group item
* Add group case
Add group case for portgroup URL query
* Add PortGroups to MenuComposer
* Add PortGroups to Menu blade
Adds to menu blade, using a similar behavior as Locations.
* Make PortCount into link
Make port count into like similar to DeviceGroups device count.
* Update MenuComposer.php
Make StyleCI happy
* Update MenuComposer.php
Make StyleCI happy
* Update ports.inc.php
Make StyleCI happy
* Update menu.blade.php
Menu fix.
* Update Menu so Manage Groups always displays.
* Adding Group function
* Add group to filterFields
* Trying suggested change
* Subquery
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add devicegroup filterFields
* add Devicegroup to post function
* StyleCI
* Add GUI Element
* Less wordy
Dropped "View" from the link. Made it too wordy for such a small GUI insertion.
* Moved DeviceGroup Ports link to a separate column
I realized how it could be confusing to have links to two different items in the same column, so I separated the Ports out.
* Automatic fixes for validations
* webui
* lint fixes
* Fix an install issue with ConfigSeeder requesting cli input in web page.
* Do not use c_echo in validate.php print_fail()
* Dashboard Cleanup
Remove static widgets table, list of available widgets should not be in the database.
Remove legacy ajax scripts
Cleanup and reorganize controllers
* reorganize code to put all dashboard things into it's controller
better url scheme while supporting the original
* lint clean ups
* properly formatted language file
* style fixes
* update schema
* show all Device Types in Location Overview
* .
* .
* .
* get device types from config_definition
* reduce column to present device types
* .
* fixes
* .
* show/hide columns, even device types which are not present
* only show top n used device groups
* .
* .
* .
* Device Type Widget
* .
* .
* linter fix
* Update DeviceTypeController.php
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Improve the efficiency of some queries
Mostly by switching from whereIn to whereIntegerInRaw.
This inserts integers directly into the query instead of using placeholders (also escapes them)
also remove extra json_encode/json_decode in PingCheck
* Fix return types
Probably will result in some missing baseline exceptions.
* Update PingCheck.php
* whitespace
* Move Config loading to a service provider
That way other service providers can depend on it
Move various random listener registrations into the EventServiceProvider
Various startup cleanup
* Config::persist Set live variable before persisting incase db update fail
* Disable strict mode for legacy code (init.php)
* Disable debug after os test data is gathered
* remove Eloquent::boot it is never used
* remove Eloquent::version
* lint fixes
* style fixes
* there is no c_echo here
* Revamp validate web page
to load page then validate, instead of validate then load page
* style fixes
* lint cleanups
* fixes
* translations and a couple fixes
* style fixes
* move result serialization into the class.
* Implement OAuth and SAML2 support via Socialite
* Add socialite docs
* fixes
* Additional information added
* wip
* 22.3.0 targeted version
* Allow mysql auth as long as there is a password saved
Co-authored-by: laf <gh+n@laf.io>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* STP module rewrite WIP
* Finish rewrite
* Ignore disabled and log root/topology changes
* Remove interfaces for now
* fix style
* Lint fixes
* Document ResolvesPortIds and hide map functions
* whitespace fixes
* Revert to stpInstances in case someone writes mstp support
* missed one
* phpstan fixes
* Handle table and oids separately
* forgot to register observer
* Test data and correct non-table handling in SnmpResponse->table()
* update test
* test data
* revert aos7 silly things
* minimal polling
* Update test data
* order ports_ntp and rename new field to port_index
* forgot the db_schema
* revert ciena-sds port things
* MSTP support, maybe
* Adding test data
* Filter bad lines instead of discarding the entire snmp response
and capture fixes and test data
* fresh data
* add os data
* update data, ignore unfound ports, obviously bad device implementation.
* fixes
* Ignore context files in os detection test
* Remove empty table data
* add ciena-sds vlan
* designatedCost column is too small
* Update stp webui
* Refactor code to interfaces, to allow vendor mibs
* update schema
* fix issues added by abstraction
* STP fixes
* Default to no context for vlan 1
* never store vlan 1
* Update test data
* remove eltex brokenness
* fix style
* fix stan
* Fix Rewrite MAC to Hex padding with floats
* fix sqlite migration
Health is always referred to with the fa-heartbeat icon.
Instead, in the device list, the link pointing to device's Health is the fa-dashboard.
In order to make the device-list page more visually consistent, I propose to change the icon from fa-dashboard to fa-heartbeat in the device lists.
Regards
GG
* Global search: search device display
Add display field to search (also port_desc_descr, portName, and bgpPeerDescr)
Rewrite backend
update typeahead bundle
update devices and ports indexes
reduce some port field sizes so we can index them
* Style fixes
* remove nonsense
