mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
9f5b42b028
* Update devices.inc.php * Update devices.inc.php * Replace $_POST with $vars Better protection for SQL injection attempts; Need to verify other files for same issue. * Fixed whitespace. *sigh* * More search options & sql injection fixes. +Allow full search on devices page; +Allow sysName search on alertlog page; +Allow sysName search on alerts page; +Allow sysName search on eventlog page; +Allow sysName search on poll-log page; +Allow sysName search on ports page; *Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked). * Whitespace fix * Fixed $where & $param * Add files via upload * Whitespaces.... Sometimes you want'em, sometimes you hate'em.
101 lines
2.6 KiB
PHP
101 lines
2.6 KiB
PHP
<?php
|
|
/*
|
|
* This program is free software: you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation, either version 3 of the License, or (at your
|
|
* option) any later version. Please see LICENSE.txt at the top level of
|
|
* the source code distribution for details.
|
|
*
|
|
* @package LibreNMS
|
|
* @subpackage webui
|
|
* @link http://librenms.org
|
|
* @copyright 2018 LibreNMS
|
|
* @author LibreNMS Contributors
|
|
*/
|
|
|
|
$where = '1';
|
|
$param = array();
|
|
|
|
if (!empty($vars['searchPhrase'])) {
|
|
$where .= ' AND S.msg LIKE "%'.mres($vars['searchPhrase']).'%"';
|
|
}
|
|
|
|
if ($vars['program']) {
|
|
$where .= ' AND S.program = ?';
|
|
$param[] = $vars['program'];
|
|
}
|
|
|
|
if (is_numeric($vars['device'])) {
|
|
$where .= ' AND S.device_id = ?';
|
|
$param[] = $vars['device'];
|
|
}
|
|
|
|
if ($vars['priority']) {
|
|
$where .= ' AND S.priority = ?';
|
|
$param[] = $vars['priority'];
|
|
}
|
|
|
|
if (!empty($vars['from'])) {
|
|
$where .= ' AND timestamp >= ?';
|
|
$param[] = $vars['from'];
|
|
}
|
|
|
|
if (!empty($vars['to'])) {
|
|
$where .= ' AND timestamp <= ?';
|
|
$param[] = $vars['to'];
|
|
}
|
|
|
|
if ($_SESSION['userlevel'] >= '5') {
|
|
$sql = 'FROM syslog AS S';
|
|
$sql .= ' WHERE '.$where;
|
|
} else {
|
|
$sql = 'FROM syslog AS S, devices_perms AS P ';
|
|
$sql .= 'WHERE S.device_id = P.device_id AND P.user_id = ? AND ';
|
|
$sql .= $where;
|
|
$param = array_merge(array($_SESSION['user_id']), $param);
|
|
}
|
|
|
|
$count_sql = "SELECT COUNT(*) $sql";
|
|
$total = dbFetchCell($count_sql, $param);
|
|
if (empty($total)) {
|
|
$total = 0;
|
|
}
|
|
|
|
if (!isset($sort) || empty($sort)) {
|
|
$sort = 'timestamp DESC';
|
|
}
|
|
|
|
$sql .= " ORDER BY $sort";
|
|
|
|
if (isset($current)) {
|
|
$limit_low = (($current * $rowCount) - ($rowCount));
|
|
$limit_high = $rowCount;
|
|
}
|
|
|
|
if ($rowCount != -1) {
|
|
$sql .= " LIMIT $limit_low,$limit_high";
|
|
}
|
|
|
|
$sql = "SELECT S.*, DATE_FORMAT(timestamp, '".$config['dateformat']['mysql']['compact']."') AS date $sql";
|
|
|
|
foreach (dbFetchRows($sql, $param) as $syslog) {
|
|
$dev = device_by_id_cache($syslog['device_id']);
|
|
$response[] = array(
|
|
'label' => generate_priority_label($syslog['priority']),
|
|
'timestamp' => $syslog['date'],
|
|
'level' => $syslog['priority'],
|
|
'device_id' => generate_device_link($dev, shorthost($dev['hostname'])),
|
|
'program' => $syslog['program'],
|
|
'msg' => display($syslog['msg']),
|
|
'priority' => generate_priority_status($syslog['priority']),
|
|
);
|
|
}
|
|
|
|
$output = array(
|
|
'current' => $current,
|
|
'rowCount' => $rowCount,
|
|
'rows' => $response,
|
|
'total' => $total,
|
|
);
|
|
echo _json_encode($output);
|