Skip to content

Commit

Permalink
webui: Allow full search on devices page (#8364)
Browse files Browse the repository at this point in the history 
* Update devices.inc.php

* Update devices.inc.php

* Replace $_POST with $vars

Better protection for SQL injection attempts; Need to verify other files for same issue.

* Fixed whitespace.

*sigh*

* More search options & sql injection fixes.

+Allow full search on devices page;
+Allow sysName search on alertlog page;
+Allow sysName search on alerts page;
+Allow sysName search on eventlog page;
+Allow sysName search on poll-log page;
+Allow sysName search on ports page;

*Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked).

* Whitespace fix

* Fixed $where & $param

* Add files via upload

* Whitespaces....

Sometimes you want'em, sometimes you hate'em.
  • Loading branch information
@MrMaus13 @laf
MrMaus13 authored and laf committed Mar 25, 2018
1 parent 2044f9b commit 9f5b42b
Show file tree
Hide file tree
Showing 32 changed files with 195 additions and 195 deletions.
28 changes: 14 additions & 14 deletions html/includes/table/address-search.inc.php
View file
Expand Up @@ -10,8 +10,8 @@
$param[] = array($_SESSION['user_id']);
}

list($address,$prefix) = explode('/', $_POST['address']);
if ($_POST['search_type'] == 'ipv4') {
list($address,$prefix) = explode('/', $vars['address']);
if ($vars['search_type'] == 'ipv4') {
$sql = ' FROM `ipv4_addresses` AS A, `ports` AS I, `ipv4_networks` AS N, `devices` AS D';
$sql .= $perms_sql;
$sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id $where ";
Expand All @@ -23,7 +23,7 @@
$sql .= " AND ipv4_prefixlen='?'";
$param[] = array($prefix);
}
} elseif ($_POST['search_type'] == 'ipv6') {
} elseif ($vars['search_type'] == 'ipv6') {
$sql = ' FROM `ipv6_addresses` AS A, `ports` AS I, `ipv6_networks` AS N, `devices` AS D';
$sql .= $perms_sql;
$sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id $where ";
Expand All @@ -34,26 +34,26 @@
if (!empty($prefix)) {
$sql .= " AND ipv6_prefixlen = '$prefix'";
}
} elseif ($_POST['search_type'] == 'mac') {
} elseif ($vars['search_type'] == 'mac') {
$sql = ' FROM `ports` AS I, `devices` AS D';
$sql .= $perms_sql;
$sql .= " WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%".str_replace(array(':', ' ', '-', '.', '0x'), '', mres($_POST['address']))."%' $where ";
$sql .= " WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%".str_replace(array(':', ' ', '-', '.', '0x'), '', mres($vars['address']))."%' $where ";
}//end if
if (is_numeric($_POST['device_id'])) {
if (is_numeric($vars['device_id'])) {
$sql .= ' AND I.device_id = ?';
$param[] = array($_POST['device_id']);
$param[] = array($vars['device_id']);
}

if ($_POST['interface']) {
if ($vars['interface']) {
$sql .= " AND I.ifDescr LIKE '?'";
$param[] = array($_POST['interface']);
$param[] = array($vars['interface']);
}

if ($_POST['search_type'] == 'ipv4') {
if ($vars['search_type'] == 'ipv4') {
$count_sql = "SELECT COUNT(`ipv4_address_id`) $sql";
} elseif ($_POST['search_type'] == 'ipv6') {
} elseif ($vars['search_type'] == 'ipv6') {
$count_sql = "SELECT COUNT(`ipv6_address_id`) $sql";
} elseif ($_POST['search_type'] == 'mac') {
} elseif ($vars['search_type'] == 'mac') {
$count_sql = "SELECT COUNT(`port_id`) $sql";
}

Expand Down Expand Up @@ -83,9 +83,9 @@
$speed = humanspeed($interface['ifSpeed']);
$type = humanmedia($interface['ifType']);

if ($_POST['search_type'] == 'ipv6') {
if ($vars['search_type'] == 'ipv6') {
$address = (string)IP::parse($interface['ipv6_network'], true);
} elseif ($_POST['search_type'] == 'mac') {
} elseif ($vars['search_type'] == 'mac') {
$address = formatMac($interface['ifPhysAddress']);
} else {
$address = (string)IP::parse($interface['ipv4_network'], true);
Expand Down
12 changes: 6 additions & 6 deletions html/includes/table/alertlog.inc.php
View file
Expand Up @@ -9,20 +9,20 @@
* @package LibreNMS
* @subpackage graphs
* @link http://librenms.org
* @copyright 2017 LibreNMS
* @copyright 2018 LibreNMS
* @author LibreNMS Contributors
*/

$where = 1;

if (is_numeric($_POST['device_id'])) {
if (is_numeric($vars['device_id'])) {
$where .= ' AND E.device_id = ?';
$param[] = $_POST['device_id'];
$param[] = $vars['device_id'];
}

if ($_POST['state'] >= 0) {
if ($vars['state'] >= 0) {
$where .= ' AND `E`.`state` = ?';
$param[] = mres($_POST['state']);
$param[] = mres($vars['state']);
}

if ($_SESSION['userlevel'] >= '5') {
Expand All @@ -33,7 +33,7 @@
}

if (isset($searchPhrase) && !empty($searchPhrase)) {
$sql .= " AND (`D`.`hostname` LIKE '%$searchPhrase%' OR `E`.`time_logged` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%')";
$sql .= " AND (`D`.`hostname` LIKE '%$searchPhrase%' OR `D`.`sysName` LIKE '%$searchPhrase%' OR `E`.`time_logged` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%')";
}

$count_sql = "SELECT COUNT(`E`.`id`) $sql";
Expand Down
34 changes: 17 additions & 17 deletions html/includes/table/alerts.inc.php
View file
Expand Up @@ -9,7 +9,7 @@
* @package LibreNMS
* @subpackage graphs
* @link http://librenms.org
* @copyright 2017 LibreNMS
* @copyright 2018 LibreNMS
* @author LibreNMS Contributors
*/

Expand Down Expand Up @@ -38,44 +38,44 @@

$show_recovered = false;

if (is_numeric($_POST['device_id']) && $_POST['device_id'] > 0) {
$where .= ' AND `alerts`.`device_id`=' . $_POST['device_id'];
if (is_numeric($vars['device_id']) && $vars['device_id'] > 0) {
$where .= ' AND `alerts`.`device_id`=' . $vars['device_id'];
}

if (is_numeric($_POST['acknowledged'])) {
if (is_numeric($vars['acknowledged'])) {
// I assume that if we are searching for acknowleged/not, we aren't interested in recovered
$where .= " AND `alerts`.`state`" . ($_POST['acknowledged'] ? "=" : "!=") . $alert_states['acknowledged'];
$where .= " AND `alerts`.`state`" . ($vars['acknowledged'] ? "=" : "!=") . $alert_states['acknowledged'];
}

if (is_numeric($_POST['state'])) {
$where .= " AND `alerts`.`state`=" . $_POST['state'];
if ($_POST['state'] == $alert_states['recovered']) {
if (is_numeric($vars['state'])) {
$where .= " AND `alerts`.`state`=" . $vars['state'];
if ($vars['state'] == $alert_states['recovered']) {
$show_recovered = true;
}
}

if (isset($_POST['min_severity'])) {
if (is_numeric($_POST['min_severity'])) {
$min_severity_id = $_POST['min_severity'];
} elseif (!empty($_POST['min_severity'])) {
$min_severity_id = $alert_severities[$_POST['min_severity']];
if (isset($vars['min_severity'])) {
if (is_numeric($vars['min_severity'])) {
$min_severity_id = $vars['min_severity'];
} elseif (!empty($vars['min_severity'])) {
$min_severity_id = $alert_severities[$vars['min_severity']];
}
if (isset($min_severity_id)) {
$where .= " AND `alert_rules`.`severity` " . ($min_severity_id > 3 ? "" : ">") . "= " . ($min_severity_id > 3 ? $min_severity_id - 3 : $min_severity_id);
}
}

if (is_numeric($_POST['group'])) {
if (is_numeric($vars['group'])) {
$where .= " AND devices.device_id IN (SELECT `device_id` FROM `device_group_device` WHERE `device_group_id` = ?)";
$param[] = $_POST['group'];
$param[] = $vars['group'];
}

if (!$show_recovered) {
$where .= " AND `alerts`.`state`!=" . $alert_states['recovered'];
}

if (isset($searchPhrase) && !empty($searchPhrase)) {
$where .= " AND (`timestamp` LIKE '%$searchPhrase%' OR `rule` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%' OR `hostname` LIKE '%$searchPhrase%')";
$where .= " AND (`timestamp` LIKE '%$searchPhrase%' OR `rule` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%' OR `hostname` LIKE '%$searchPhrase%' OR `sysName` LIKE '%$searchPhrase%')";
}

$sql = ' FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id`';
Expand Down Expand Up @@ -112,7 +112,7 @@
$sql = "SELECT `alerts`.*, `devices`.`hostname`, `devices`.`sysName`, `devices`.`hardware`, `devices`.`location`, `alert_rules`.`rule`, `alert_rules`.`name`, `alert_rules`.`severity` $sql";

$rulei = 0;
$format = $_POST['format'];
$format = $vars['format'];
foreach (dbFetchRows($sql, $param) as $alert) {
$log = dbFetchCell('SELECT details FROM alert_log WHERE rule_id = ? AND device_id = ? ORDER BY id DESC LIMIT 1', array($alert['rule_id'], $alert['device_id']));
$fault_detail = alert_details($log);
Expand Down
18 changes: 9 additions & 9 deletions html/includes/table/app_ntp.inc.php
View file
Expand Up @@ -6,8 +6,8 @@
$options['type'] = 'ntp';
$components = $component->getComponents(null, $options);

$first = $_POST['current']-1; // Which record do we start on.
$last = $first + $_POST['rowCount']; // Which record do we end on.
$first = $vars['current']-1; // Which record do we start on.
$last = $first + $vars['rowCount']; // Which record do we end on.
$count = 0;
// Loop through each device in the component array
foreach ($components as $devid => $comp) {
Expand All @@ -16,7 +16,7 @@
// Loop through each component
foreach ($comp as $compid => $array) {
$display = true;
if ($_POST['view'] == 'error') {
if ($vars['view'] == 'error') {
// Only display peers with errors
if ($array['status'] != 2) {
$display = false;
Expand All @@ -29,11 +29,11 @@
}

// Let's process some searching..
if (($display === true) && ($_POST['searchPhrase'] != "")) {
if (($display === true) && ($vars['searchPhrase'] != "")) {
$searchfound = false;
$searchdata = array($device['hostname'],$array['peer'],$array['stratum'],$array['error']);
foreach ($searchdata as $value) {
if (strstr($value, $_POST['searchPhrase'])) {
if (strstr($value, $vars['searchPhrase'])) {
$searchfound = true;
}
}
Expand All @@ -57,13 +57,13 @@
$graph_array['height'] = 20;

// Which graph type do we want?
if ($_POST['graph'] == "stratum") {
if ($vars['graph'] == "stratum") {
$graph_array['type'] = 'device_ntp_stratum';
} elseif ($_POST['graph'] == "offset") {
} elseif ($vars['graph'] == "offset") {
$graph_array['type'] = 'device_ntp_offset';
} elseif ($_POST['graph'] == "delay") {
} elseif ($vars['graph'] == "delay") {
$graph_array['type'] = 'device_ntp_delay';
} elseif ($_POST['graph'] == "dispersion") {
} elseif ($vars['graph'] == "dispersion") {
$graph_array['type'] = 'device_ntp_dispersion';
} else {
// No Graph
Expand Down
18 changes: 9 additions & 9 deletions html/includes/table/arp-search.inc.php
View file
Expand Up @@ -12,24 +12,24 @@

$sql .= " WHERE M.port_id = P.port_id AND P.device_id = D.device_id $where ";

if (is_numeric($_POST['device_id'])) {
if (is_numeric($vars['device_id'])) {
$sql .= ' AND P.device_id = ?';
$param[] = $_POST['device_id'];
$param[] = $vars['device_id'];
}

if (is_numeric($_POST['port_id'])) {
if (is_numeric($vars['port_id'])) {
$sql .= ' AND P.port_id = ?';
$param[] = $_POST['port_id'];
$param[] = $vars['port_id'];
}

if (isset($_POST['searchPhrase']) && !empty($_POST['searchPhrase'])) {
$ip_search = '%'.mres(trim($_POST['searchPhrase'])).'%';
$mac_search = '%'.str_replace(array(':', ' ', '-', '.', '0x'), '', mres($_POST['searchPhrase'])).'%';
if (isset($vars['searchPhrase']) && !empty($vars['searchPhrase'])) {
$ip_search = '%'.mres(trim($vars['searchPhrase'])).'%';
$mac_search = '%'.str_replace(array(':', ' ', '-', '.', '0x'), '', mres($vars['searchPhrase'])).'%';

if (isset($_POST['searchby']) && $_POST['searchby'] == 'ip') {
if (isset($vars['searchby']) && $vars['searchby'] == 'ip') {
$sql .= ' AND `ipv4_address` LIKE ?';
$param[] = $ip_search;
} elseif (isset($_POST['searchby']) && $_POST['searchby'] == 'mac') {
} elseif (isset($vars['searchby']) && $vars['searchby'] == 'mac') {
$sql .= ' AND `mac_address` LIKE ?';
$param[] = $mac_search;
} else {
Expand Down
12 changes: 6 additions & 6 deletions html/includes/table/bills.inc.php
View file
@@ -1,29 +1,29 @@
<?php

// Calculate filters
$prev = !empty($_POST['period']) && ($_POST['period'] == 'prev');
$prev = !empty($vars['period']) && ($vars['period'] == 'prev');
$wheres = array();
$param = array();
if (isset($searchPhrase) && !empty($searchPhrase)) {
$wheres[] = 'bills.bill_name LIKE ?';
$param[] = "%$searchPhrase%";
}
if (!empty($_POST['bill_type'])) {
if (!empty($vars['bill_type'])) {
if ($prev) {
$wheres[] = 'bill_history.bill_type = ?';
} else {
$wheres[] = 'bill_type = ?';
}
$param[] = $_POST['bill_type'];
$param[] = $vars['bill_type'];
}
if (!empty($_POST['state'])) {
if ($_POST['state'] === 'under') {
if (!empty($vars['state'])) {
if ($vars['state'] === 'under') {
if ($prev) {
$wheres[] = "((bill_history.bill_type = 'cdr' AND bill_history.rate_95th <= bill_history.bill_allowed) OR (bill_history.bill_type = 'quota' AND bill_history.traf_total <= bill_history.bill_allowed))";
} else {
$wheres[] = "((bill_type = 'cdr' AND rate_95th <= bill_cdr) OR (bill_type = 'quota' AND total_data <= bill_quota))";
}
} elseif ($_POST['state'] === 'over') {
} elseif ($vars['state'] === 'over') {
if ($prev) {
$wheres[] = "((bill_history.bill_type = 'cdr' AND bill_history.rate_95th > bill_history.bill_allowed) OR (bill_history.bill_type = 'quota' AND bill_history.traf_total > bill_allowed))";
} else {
Expand Down
2 changes: 1 addition & 1 deletion html/includes/table/component.inc.php
View file
Expand Up @@ -2,7 +2,7 @@

$row = 1;

$device_id = $_POST['device_id'];
$device_id = $vars['device_id'];

$OBJCOMP = new LibreNMS\Component();

Expand Down
6 changes: 3 additions & 3 deletions html/includes/table/device_mibs.inc.php
View file
Expand Up @@ -22,11 +22,11 @@
'last_modified',
);

if (isset($_POST['device_id'])) {
if (isset($vars['device_id'])) {
// device_id supplied - get details for a single device
// used by device MIB page
$params = array(
$_POST['device_id'],
$vars['device_id'],
);
$sql = 'SELECT * FROM `device_mibs`';
$wheresql = ' WHERE `device_id` = ?';
Expand Down Expand Up @@ -78,7 +78,7 @@
foreach ($columns as $col) {
$mibrow[$col] = $mib[$col];
}
if (!isset($_POST['device_id'])) {
if (!isset($vars['device_id'])) {
$device = device_by_id_cache($mib['device_id']);
$mibrow['hostname'] = generate_device_link(
$device,
Expand Down
2 changes: 1 addition & 1 deletion html/includes/table/device_oids.inc.php
View file
Expand Up @@ -27,7 +27,7 @@


$params = array(
$_POST['device_id'],
$vars['device_id'],
);

// start of sql definition
Expand Down

0 comments on commit 9f5b42b

Please sign in to comment.