Skip to content
Permalink
Browse files

Fix vulnerabilities

  • Loading branch information...
jeanphilippelevy committed Oct 27, 2016
1 parent 517589e commit 196729cc045ef93ceeddd1de505a1de8f9cdf74d
@@ -37,6 +37,8 @@
10 => "EON - Name Error",
11 => "EON - GED");
$array_modules = array ("glpi","ocsinventory-reports");
$array_tools = array (
"snmpwalk" => "tools/snmpwalk.php",
"show interface" => "tools/interface.php",
@@ -60,6 +62,8 @@
"duplicate" => "duplicate",
"back-up file" => "backup");
$array_ged_queues = array("active","sync","history");
$array_ged_types = array(
0 => "label.all",
1 => "services",
@@ -63,7 +63,7 @@ function message($id, $text, $type){
}
// Connect to Database
function sqlrequest($database,$sql,$id=false){
function sqlrequest($database,$sql,$id=false,$prepare=false){
// Get the global value
global $database_host;
@@ -83,8 +83,22 @@ function sqlrequest($database,$sql,$id=false){
// Force UTF-8
mysqli_query($connexion, "SET NAMES 'utf8'");
}
$result=mysqli_query($connexion, "$sql");
if(is_array($prepare)) {
$stmt = mysqli_prepare($connexion,$sql);
if(isset($prepare[0]) && isset($prepare[1])) {
$ref = new ReflectionClass('mysqli_stmt');
$method = $ref->getMethod("bind_param");
$method->invokeArgs($stmt,$prepare);
}
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
} else {
$result=mysqli_query($connexion, "$sql");
}
if($id==true)
$result=mysqli_insert_id($connexion);
@@ -1,20 +1,24 @@
<?php
// Mot tapé par l'utilisateur
$q = $_GET['query'];
$table_name = $_GET['table_name'];
try {
$bdd = new PDO('mysql:host=localhost;dbname=lilac', 'root', 'root66');
} catch(Exception $e) {
echo "Connection failed: " . $e->getMessage();
exit('Impossible de se connecter à la base de données.');
}
include("../../../include/config.php");
// Requête SQL
$requete = "SELECT name FROM " . $table_name . " WHERE name LIKE '". $q ."%' LIMIT 0, 10";
// Mot tapé par l'utilisateur
$q = $_GET['query'];
$table_name = $_GET['table_name'];
try {
$bdd = new PDO('mysql:host=localhost;dbname='.$database_lilac, $database_username, $database_password);
} catch(Exception $e) {
echo "Connection failed: " . $e->getMessage();
exit('Impossible de se connecter à la base de données.');
}
// Requête SQL
$requete = "SELECT name FROM " . $table_name . " WHERE name LIKE '". $q ."%' LIMIT 0, 10";
foreach ($bdd->query($requete) as $row) {
$suggestions['suggestions'][] = $row['name'];
}
echo json_encode($suggestions);
foreach ($bdd->query($requete) as $row) {
$suggestions['suggestions'][] = $row['name'];
}
echo json_encode($suggestions);
?>
@@ -1,5 +1,7 @@
<?php
include("../../../include/config.php");
$action = isset($_GET['action']) ? $_GET['action'] : false;
$bp_name = isset($_GET['bp_name']) ? $_GET['bp_name'] : false;
$host_name = isset($_GET['host_name']) ? $_GET['host_name'] : false;
@@ -16,7 +18,7 @@
$min_value = isset($_GET['min_value']) ? $_GET['min_value'] : false;
try {
$bdd = new PDO('mysql:host=localhost;dbname=nagiosbp', 'root', 'root66');
$bdd = new PDO('mysql:host=localhost;dbname='.$database_nagios, $database_username, $database_password);
} catch(Exception $e) {
echo "Connection failed: " . $e->getMessage();
exit('Impossible de se connecter à la base de données.');
@@ -73,17 +75,21 @@ function verify_services($bp,$host,$bdd){
}
function delete_bp($bp,$bdd){
$sql = "delete from bp where name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "delete from bp where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
$sql = "delete from bp_services where bp_name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "delete from bp_services where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
$sql = "delete from bp_links where bp_name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "delete from bp_links where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
$sql = "delete from bp_links where bp_link = '" . $bp . "'";
$bdd->exec($sql);
$sql = "delete from bp_links where bp_link = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
}
function list_services($host_name){
@@ -112,8 +118,9 @@ function list_services($host_name){
}
function list_process($bp,$display,$bdd){
$sql = "select name from bp where is_define = 1 and name!='".$bp."' and priority = '" . $display . "'";
$req = $bdd->query($sql);
$sql = "select name from bp where is_define = 1 and name!=? and priority = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp,$display));
$process = $req->fetchall();
echo json_encode($process);
@@ -130,20 +137,20 @@ function add_services($bp,$services,$bdd){
$list_services[] = $service;
}
}
$sql = "select service,host from bp_services where bp_name = '" . $bp . "'";
$req = $bdd->query($sql);
$sql = "delete from bp_services where bp_name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "delete from bp_services where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
if(count($services) > 0){
$sql = "update bp set is_define = 1 where name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "update bp set is_define = 1 where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
}
else{
$sql = "update bp set is_define = 0 where name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "update bp set is_define = 0 where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
}
if(is_array($services)) {
@@ -152,37 +159,43 @@ function add_services($bp,$services,$bdd){
$host = $value[0];
$service = $value[1];
echo $service;
$sql = "insert into bp_services (bp_name,host,service) values('" . trim($bp) . "','" . $host . "','" . $service . "')";
$bdd->exec($sql);
$sql = "insert into bp_services (bp_name,host,service) values(?,?,?)";
$req = $bdd->prepare($sql);
$req->execute(array(trim($bp),$host,$service));
}
}
}
function add_process($bp,$process,$bdd){
$sql = "delete from bp_links where bp_name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "update bp set is_define = 0 where name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "delete from bp_links where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
$sql = "update bp set is_define = 0 where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
if(count($process) > 0 and is_array($process)){
$sql = "update bp set is_define = 1 where name = '" . $bp . "'";
$bdd->exec($sql);
$sql = "update bp set is_define = 1 where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp));
foreach($process as $values){
$value = explode("::", $values);
$bp_link = $value[1];
$sql = "insert into bp_links (bp_name,bp_link) values('" . $bp . "','" . $bp_link . "')";
$sql = "insert into bp_links (bp_name,bp_link) values(?,?)";
$bdd->exec($sql);
$req = $bdd->prepare($sql);
$req->execute(array($bp,$bp_link));
}
}
}
function check_app_exists($uniq_name, $bdd)
{
$sql = "select count(*) from bp where name = '" . $uniq_name . "';";
$req = $bdd->query($sql);
$sql = "select count(*) from bp where name = ?;";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name));
$bp_exist = $req->fetch(PDO::FETCH_NUM);
if($bp_exist[0] == 1){
@@ -196,34 +209,41 @@ function add_application($uniq_name_orig,$uniq_name,$process_name,$display,$url,
if($type != 'MIN'){
$min_value = "";
}
$sql = "select count(*) from bp where name = '" . $uniq_name . "';";
$req = $bdd->query($sql);
$sql = "select count(*) from bp where name = ?;";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name));
$bp_exist = $req->fetch();
// add
if($bp_exist[0] == 0 and empty($uniq_name_orig)){
$sql = "insert into bp (name,description,priority,type,command,url,min_value) values('" . $uniq_name ."','" . $process_name ."','" . $display . "','" . $type . "','" . $command . "','" . $url . "','" . $min_value . "')";
$bdd->exec($sql);
$sql = "insert into bp (name,description,priority,type,command,url,min_value) values(?,?,?,?,?,?,?)";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name,$process_name,$display,$type,$command,$url,$min_value));
}
// uniq name modification
elseif($uniq_name_orig != $uniq_name) {
if($bp_exist[0] != 0){
// TODO QUENTIN
} else {
$sql = "update bp set name = '" . $uniq_name . "',description = '" . $process_name . "',priority = '" . $display . "',type = '" . $type . "',command = '" . $command . "',url = '" . $url . "',min_value = '" . $min_value . "' where name = '" . $uniq_name_orig . "'";
$bdd->exec($sql);
$sql = "update bp_links set bp_name = '" . $uniq_name . "' where bp_name = '" . $uniq_name_orig . "'";
$bdd->exec($sql);
$sql = "update bp_links set bp_link = '" . $uniq_name . "' where bp_link = '" . $uniq_name_orig . "'";
$bdd->exec($sql);
$sql = "update bp_services set bp_name = '" . $uniq_name . "' where bp_name = '" . $uniq_name_orig . "'";
$bdd->exec($sql);
$sql = "update bp set name = ?,description = ?,priority = ?,type = ?,command = ?,url = ?,min_value = ? where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name,$process_name,$display,$type,$command,$url,$min_value,$uniq_name_orig));
$sql = "update bp_links set bp_name = ? where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name,$uniq_name_orig));
$sql = "update bp_links set bp_link = ? where bp_link = ?";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name,$uniq_name_orig));
$sql = "update bp_services set bp_name = ? where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name,$uniq_name_orig));
}
}
// modification
else{
$sql = "update bp set name = '" . $uniq_name . "',description = '" . $process_name . "',priority = '" . $display . "',type = '" . $type . "',command = '" . $command . "',url = '" . $url . "',min_value = '" . $min_value . "' where name = '" . $uniq_name . "'";
$bdd->exec($sql);
$sql = "update bp set name = ?,description = ?,priority = ?,type = ?,command = ?,url = ?,min_value = ? where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($uniq_name,$process_name,$display,$type,$command,$url,$min_value,$uniq_name));
}
}
@@ -252,16 +272,18 @@ function build_file($bdd){
function build_file_recursive($bdd,$bp_file,$bp_informations,$bp_sons){
$sql = "SELECT bp_link FROM bp_links where bp_name='".$bp_informations['name']."'";
$req = $bdd->query($sql);
$sql = "SELECT bp_link FROM bp_links where bp_name=?";
$req = $bdd->prepare($sql);
$req->execute(array($bp_informations['name']));
if($req->rowCount() == 0) {
$bp_sons[]=$bp_informations['name'];
build_file_bp($bdd,$bp_file, $bp_informations);
} else {
$bp_links = $req->fetchall();
foreach($bp_links as $bp_link){
$sql = "SELECT * FROM bp where is_define ='1' and name='".$bp_link["bp_link"]."'";
$req = $bdd->query($sql);
$sql = "SELECT * FROM bp where is_define ='1' and name=?";
$req = $bdd->prepare($sql);
$req->execute(array($bp_link["bp_link"]));
$bps_sons_informations = $req->fetchall();
foreach($bps_sons_informations as $bp_sons_informations){
if(!in_array($bp_sons_informations['name'],$bp_sons,true)) {
@@ -287,8 +309,9 @@ function build_file_bp($bdd,$bp_file, $bp_informations){
$type = "+";
fputs($bp_file, $bp_informations['min_value'] . " of: ");
}
$sql = "select host,service from bp_services where bp_name = '" . $bp_informations['name'] . "'";
$req = $bdd->query($sql);
$sql = "select host,service from bp_services where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp_informations['name']));
$host_services = $req->fetchall();
$counter1 = count($host_services);
@@ -303,8 +326,9 @@ function build_file_bp($bdd,$bp_file, $bp_informations){
}
}
$sql = "select bp_link from bp_links where bp_name = '" .$bp_informations['name'] . "'";
$req = $bdd->query($sql);
$sql = "select bp_link from bp_links where bp_name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp_informations['name']));
$link_informations = $req->fetchall();
$counter1 = count($link_informations);
@@ -333,8 +357,9 @@ function build_file_bp($bdd,$bp_file, $bp_informations){
}
function info_application($bp_name, $bdd){
$sql = "select * from bp where name = '" . $bp_name . "'";
$req = $bdd->query($sql);
$sql = "select * from bp where name = ?";
$req = $bdd->prepare($sql);
$req->execute(array($bp_name));
$info = $req->fetch();
echo json_encode($info);
}
@@ -25,7 +25,8 @@
// Search function for Jquery an exit
if(isset($_GET['term']) && isset($_GET['request']) && $_GET['request'] == "search_user") {
$result=sqlrequest($database_eonweb,"select * from ldap_users_extended where (user LIKE '%".$_GET['term']."%') OR (login LIKE '%".$_GET['term']."%') order by user");
$sql="select * from ldap_users_extended where (user LIKE ?) OR (login LIKE ?) order by user";
$result=sqlrequest($database_eonweb,$sql,false,array("ss","%".$_GET['term']."%","%".$_GET['term']."%"));
$array = array();
while ($line = mysqli_fetch_array($result)){
@@ -23,10 +23,14 @@
# Check optionnal module to load
if(isset($_GET["module"]) && isset($_GET["link"])) {
$module=exec("rpm -q ".$_GET["module"]." |grep '.eon' |wc -l");
include("../include/config.php");
include("../include/arrays.php");
# Redirect to module page if rpm installed
if($module!=0) { header('Location: '.$_GET["link"].''); }
if(in_array($_GET["module"],$array_modules)) {
$module=exec("rpm -q ".$_GET["module"]." |grep '.eon' |wc -l");
# Redirect to module page if rpm installed
if($module!=0) { header('Location: '.$_GET["link"].''); }
}
}

0 comments on commit 196729c

Please sign in to comment.
You can’t perform that action at this time.