fix(security) remove session id parameter (#8291)

www/include/common/javascript/ajaxMonitoring.js

@@ -523,34 +523,16 @@ var _p = 20201;
 	}
 }*/
 
-function initM(_time_reload,_sid,_o){
+function initM(_time_reload,_o){
 	_form=document.getElementById('fsave');
 	_time=parseInt(_form.time.value);
 	_form.time.value = _time - 1000;
 
-
-	/*if(document.getElementById('debug'))
-	{
-		viewDebugInfo('--RESTART--');
-		viewDebugInfo('');
-	}
-	else{
-		var _divdebug = document.createElement("div");
-		_divdebug.id = 'debug';
-		var _debugtable = document.createElement("table");
-		_debugtable.id = 'debugtable';
-		var _debugtr = document.createElement("tr");
-		_debugtable.appendChild(_debugtr);
-		_divdebug.appendChild(_debugtable);
-		_header = document.getElementById('header');
-		_header.appendChild(_divdebug);
-		viewDebugInfo('--INIT--');
-	}*/
-	goM(_time_reload,_sid,_o);
+	goM(_time_reload,_o);
 }
 
-function goM(_time_reload,_sid,_o){
-	// ici je recupere les couples host_name/service affich�© sur ma page
+function goM(_time_reload,_o){
+	// ici je recupere les couples host_name/service affichées sur ma page
 	viewDebugInfo('entre dans goM');
 	if(_on)
 	{
@@ -671,7 +653,7 @@ function goM(_time_reload,_sid,_o){
 			viewDebugInfo('readyState=' + xhrM.readyState + ' -- status=' + xhrM.status);
 	}
 
-	_timeoutID = cycleVisibilityChange('goM("'+ _time_reload +'","'+ _sid +'","'+_o+'")', _time_reload);
+	_timeoutID = cycleVisibilityChange(function(){goM(_time_reload, _o)}, _time_reload);
 	_time_live = _time_reload;
 	_on = 1;
 }

www/include/common/javascript/centreon/notifier.js

@@ -95,7 +95,6 @@
         var $this = $(this);
 
         var settings = $.extend({
-            sid: "",
             refresh_rate: 15000
         }, options);
         get_new_messages(this, settings);

www/include/core/footer/footer.php

@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2020 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -186,7 +186,6 @@ function exitHandler() {
 function initWholePage() {
     setQuickSearchPosition();
     jQuery().centreon_notify({
-        sid: "<?php echo session_id();?>",
         refresh_rate: <?php echo ($centreon->optGen['AjaxTimeReloadMonitoring'] * 1000);?>
     });
 }

www/include/core/header/htmlHeader.php

@@ -218,7 +218,7 @@
                         if (isset($_GET["acknowledge"])) {
                             $obis .= '_ack_' . $_GET["acknowledge"];
                         }
-                        print "\tsetTimeout('initM($tM, \"$sid\", \"$obis\")', 0);";
+                        print "\tsetTimeout('initM($tM, \"$obis\")', 0);";
                     }
                 } elseif ($topology_js['init']) {
                     echo "if (typeof ".$topology_js['init']." == 'function') {";

www/include/eventLogs/xml/data.php

@@ -278,7 +278,6 @@
  * Print infos..
  */
 $buffer->startElement("infos");
-$buffer->writeElement("sid", $sid);
 $buffer->writeElement("opid", $openid);
 $buffer->writeElement("start", $start);
 $buffer->writeElement("end", $end);

www/include/monitoring/external_cmd/popup/popup.php

@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2020 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under

www/include/monitoring/status/Common/commonJS.php

@@ -1,6 +1,6 @@
 <?php
 /*
- * Copyright 2005-2018 Centreon
+ * Copyright 2005-2020 Centreon
  * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
@@ -57,7 +57,6 @@
 ?>
 // Dynamique
 var _headerId = '<?= ($headerVersion == 1) ? "header" : "header-react"?>';
-var _sid = '<?php echo $sid?>';
 <?php if (isset($search_type_host)) { ?>
 var _search_type_host = '<?php echo $search_type_host?>';
 <?php } ?>
@@ -130,7 +129,7 @@
 /* Reset trim function in order to be compatible with IE */
 if (typeof String.prototype.trim !== 'function') {
     String.prototype.trim = function() {
-        return this.replace(/^\s+|\s+$/g, ''); 
+        return this.replace(/^\s+|\s+$/g, '');
     }
 }
 
@@ -185,7 +184,7 @@ function resetSelectedCheckboxes()
                 }
             }
         });
-        
+
         $$('input[type="checkbox"]').each(function(el) {
         if (typeof(_selectedElem) != "undefined" && _selectedElem[encodeURIComponent(el.id)]) {
             el.checked = true;
@@ -267,7 +266,7 @@ function construct_selecteList_ndo_instance(id){
     /** *************************************
      * Get instance listing
      */
-    
+
 if ($centreon->user->admin || !count($pollerArray)) {
     $instanceQuery = "SELECT instance_id, name FROM `instances` WHERE running = 1 AND deleted = 0 ORDER BY name";
 } else {
@@ -839,7 +838,7 @@ function set_limit(limit)   {
     var xhrM = getXhrC();
     xhrM.open("POST","./include/monitoring/status/Common/setHistory.php",true);
     xhrM.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
-    _var = "sid=<?php echo $sid; ?>&limit="+limit+"&url=<?php echo $url; ?>";
+    _var = "limit="+limit+"&url=<?php echo $url; ?>";
     xhrM.send(_var);
         jQuery('input[name=limit]').val(limit);
 }
@@ -848,31 +847,31 @@ function set_search(search) {
     var xhrM = getXhrC();
     xhrM.open("POST","./include/monitoring/status/Common/setHistory.php",true);
     xhrM.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
-    _var = "sid=<?php echo $sid; ?>&search="+search+"&url=<?php echo $url; ?>";
+    _var = "search="+search+"&url=<?php echo $url; ?>";
     xhrM.send(_var);
 }
 
 function set_search_host(search_host) {
     var xhrM = getXhrC();
     xhrM.open("POST","./include/monitoring/status/Common/setHistory.php",true);
     xhrM.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
-    _var = "sid=<?php echo $sid; ?>&search_host="+search_host+"&url=<?php echo $url; ?>";
+    _var = "search_host="+search_host+"&url=<?php echo $url; ?>";
     xhrM.send(_var);
 }
 
 function set_search_output(search_output) {
     var xhrM = getXhrC();
     xhrM.open("POST","./include/monitoring/status/Common/setHistory.php",true);
     xhrM.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
-    _var = "sid=<?php echo $sid; ?>&search_output="+search_output+"&url=<?php echo $url; ?>";
+    _var = "search_output="+search_output+"&url=<?php echo $url; ?>";
     xhrM.send(_var);
 }
 
 function set_page(page) {
     var xhrM = getXhrC();
     xhrM.open("POST","./include/monitoring/status/Common/setHistory.php",true);
     xhrM.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
-    _var = "sid=<?php echo $sid; ?>&page="+page+"&url=<?php echo $url; ?>";
+    _var = "page="+page+"&url=<?php echo $url; ?>";
     xhrM.send(_var);
 }
 
@@ -884,7 +883,7 @@ function set_page(page) {
     jQuery('.img_volante').css('left', event.pageX + 20);
     jQuery('.img_volante').css('top', (jQuery(window).height() / 2) - (jQuery('.img_volante').height() / 2));
     jQuery('.img_volante').show();
-        
+
     var chartElem = jQuery('<div></div>')
         .addClass('chart')
         .data('graphType', 'service')
@@ -995,7 +994,7 @@ function monitoring_play()  {
     if (typeof(_o) == "undefined") {
         _o = "<?= $o ?>";
     }
-    initM(<?php echo $tM?>, "<?php echo $sid?>", _o);
+    initM(<?php echo $tM?>, _o)
 }
 
 function monitoring_pause() {
@@ -1013,12 +1012,12 @@ function monitoring_refresh()   {
     _on = 1;
 
     window.clearTimeout(_timeoutID);
-    initM(<?php echo $tM?>,"<?php echo $sid?>",_o);
+    initM(<?php echo $tM?>,_o);
     _on = _tmp_on;
     viewDebugInfo('refresh');
 }
 
-function initM(_time_reload, _sid, _o) {
+function initM(_time_reload, _o) {
     construct_selecteList_ndo_instance('instance_selected');
     if (_hostgroup_enable == 1) {
         construct_HostGroupSelectList('hostgroups_selected');
@@ -1035,7 +1034,7 @@ function initM(_time_reload, _sid, _o) {
     _time=<?php echo $time?>;
 
     if (_on) {
-        goM(_time_reload,_sid,_o);
+        goM(_time_reload, _o);
     }
 }
 

www/include/monitoring/status/HostGroups/hostGroupJS.php

@@ -88,7 +88,7 @@ function set_header_title(){
     }
 }
 
-function goM(_time_reload, _sid ,_o) {
+function goM(_time_reload ,_o) {
     _lock = 1;
     var proc = new Transformation();
     var _search = jQuery('input[name="searchHG"]').val();
@@ -99,7 +99,7 @@ function goM(_time_reload, _sid ,_o) {
         proc.transform("forAjax");
     }
     _lock = 0;
-    _timeoutID = cycleVisibilityChange('goM("'+ _time_reload +'","'+ _sid +'","'+_o+'")', _time_reload);
+    _timeoutID = cycleVisibilityChange('goM("'+ _time_reload +'","'+_o+'")', _time_reload);
     _time_live = _time_reload;
     _on = 1;
     set_header_title();

www/include/monitoring/status/Hosts/host.php

@@ -1,6 +1,6 @@
 <?php
 /*
- * Copyright 2005-2019 Centreon
+ * Copyright 2005-2020 Centreon
  * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
@@ -387,20 +387,20 @@ function setO(_i) {
     tabSortPb['ordre'] = '<?php echo $problem_sort_order;?>';
 
     var tabSortAll = [];
-    tabSortAll['champ'] = '<?php echo $global_sort_type;?>'; 
+    tabSortAll['champ'] = '<?php echo $global_sort_type;?>';
     tabSortAll['ordre'] = '<?php echo $global_sort_order;?>';
-   
+
     var up = '<?php echo _("Up");?>';
     var down = '<?php echo _("Down");?>';
     var unreachable = '<?php echo _("Unreachable");?>';
     var pending = '<?php echo _("Pending");?>';
-    
+
     var _keyPrefix;
-    
+
     jQuery('#statusHost').change(function() {
         updateSelect();
     });
-    
+
     function updateSelect()
     {
         var oldStatus = jQuery('#statusFilter').val();
@@ -432,12 +432,11 @@ function updateSelect()
     function preInit()
     {
         _keyPrefix = '<?php echo $keyPrefix; ?>';
-        _sid = '<?php echo $sid ?>';
         _tm = <?php echo $tM ?>;
         _o = '<?php echo $o; ?>';
         _sDefaultOrder = '<?php echo $sDefaultOrder; ?>';
         sSetOrderInMemory = '<?php echo $sSetOrderInMemory; ?>';
-        
+
         if (_sDefaultOrder == "0") {
             if (_o == 'h') {
                 jQuery("#statusHost option[value='h']").prop('selected', true);
@@ -474,17 +473,17 @@ function filterStatus(value, isInit)
             _o = _keyPrefix;
         }
         window.clearTimeout(_timeoutID);
-        initM(_tm, _sid, _o);
+        initM(_tm, _o);
     }
 
     function filterCrit(value) {
         window.clearTimeout(_timeoutID);
-        initM(_tm, _sid, _o);
+        initM(_tm, _o);
     }
     function statusHosts(value, isInit)
     {
         _o = value;
         window.clearTimeout(_timeoutID);
-        initM(_tm, _sid, _o);
+        initM(_tm, _o);
     }
 </script>

www/include/monitoring/status/Hosts/hostJS.php

@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2020 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -183,7 +183,7 @@ function mainLoopHost() {
     setTimeout("mainLoopHost()", 250);
 }
 
-function initM(_time_reload, _sid, _o ){
+    function initM(_time_reload, _o) {
 
     // INIT Select objects
     construct_selecteList_ndo_instance('instance_selected');
@@ -206,13 +206,13 @@ function initM(_time_reload, _sid, _o ){
         _first = 0;
     }
 
-    _time=<?php echo $time; ?>;
-    if (_on) {
-        goM(_time_reload,_sid,_o);
+        _time =<?php echo $time; ?>;
+        if (_on) {
+            goM(_time_reload, _o);
+        }
     }
-}
 
-function goM(_time_reload, _sid, _o) {
+function goM(_time_reload, _o) {
 
     _lock = 1;
     var proc = new Transformation();
@@ -234,7 +234,7 @@ function goM(_time_reload, _sid, _o) {
     }
 
     _lock = 0;
-    _timeoutID = cycleVisibilityChange('goM("'+ _time_reload +'","'+ _sid +'","'+_o+'")', _time_reload);
+    _timeoutID = cycleVisibilityChange('goM("'+ _time_reload +'","'+_o+'")', _time_reload);
     _time_live = _time_reload;
     _on = 1;
 
@@ -270,7 +270,7 @@ function cmdCallback(cmd) {
             }
         }
 
-        var url = './include/monitoring/external_cmd/popup/popup.php?sid='+ _sid + '&o=' + _o + '&p='+ _p +'&cmd='+ cmd + _getVar;
+        var url = './include/monitoring/external_cmd/popup/popup.php?o=' + _o + '&p='+ _p +'&cmd='+ cmd + _getVar;
 
         var popin = jQuery('<div>');
         popin.centreonPopin({open:true,url:url});

www/include/monitoring/status/Services/service.php

@@ -491,7 +491,6 @@ function updateSelect()
     function preInit()
     {
         _keyPrefix = '<?php echo $keyPrefix; ?>';
-        _sid = '<?php echo $sid ?>';
         _tm = <?php echo $tM ?>;
         _o = '<?php echo $o; ?>';
         _sDefaultOrder = '<?php echo $sDefaultOrder; ?>';
@@ -533,12 +532,12 @@ function filterStatus(value, isInit)
             _o = _keyPrefix;
         }
         window.clearTimeout(_timeoutID);
-        initM(_tm, _sid, _o);
+        initM(_tm, _o);
     }
 
     function filterCrit(value) {
         window.clearTimeout(_timeoutID);
-        initM(_tm, _sid, _o);
+        initM(_tm, _o);
     }
     function statusServices(value, isInit)
     {