diff --git a/app/admin/import-export/import-verify.php b/app/admin/import-export/import-verify.php index ef330e06061e6cc42e682f970aa2bb368db66ea9..4f357863cc8df7af9fb2a8160d5ea0b300c78a3e 100644 --- a/app/admin/import-export/import-verify.php +++ b/app/admin/import-export/import-verify.php @@ -14,6 +14,9 @@ if (!isset($Tools)) { $Tools = new Tools ($Database); } # verify that user is logged in, to guard against direct access of page and possible exploits $User->check_user_session(); +# Don't corrupt output with php errors! +disable_php_errors(); + /* get extension */ $filename = $_FILES['file']['name']; $expfields = pf_explode("|",$_POST['expfields']); diff --git a/app/admin/settings/logo/import-verify.php b/app/admin/settings/logo/import-verify.php index 38ada6c3ef229223fa929fcbe9235949dc910a01..b5fe139c28c07e07e09d3e85c7266c90460b9ed3 100644 --- a/app/admin/settings/logo/import-verify.php +++ b/app/admin/settings/logo/import-verify.php @@ -1,5 +1,18 @@ <?php -include(dirname(__FILE__)."/../../../../functions/functions.php"); +# include required scripts +require_once( dirname(__FILE__) . '/../../../../functions/functions.php' ); + +# initialize user object, if not already set +if (!isset($Database)) { $Database = new Database_PDO; } +if (!isset($User)) { $User = new User ($Database); } +if (!isset($Tools)) { $Tools = new Tools ($Database); } + +# verify that user is logged in, to guard against direct access of page and possible exploits +$User->check_user_session(); + +# Don't corrupt output with php errors! +disable_php_errors(); + /* * CSV import verify + parse data *************************************************/ @@ -9,9 +22,6 @@ $filename = $_FILES['file']['name']; $filename = pf_explode(".", $filename); $filename = end($filename); -# Don't corrupt output with php errors! -disable_php_errors(); - /* list of permitted file extensions */ $allowed = array('png'); diff --git a/app/admin/vaults/import-certificate-file-verify.php b/app/admin/vaults/import-certificate-file-verify.php index 93d9d49bd784c71029dedae29f7c267efdb8ab21..f9e3bab4c5190bed3337731e79319572478a04ed 100644 --- a/app/admin/vaults/import-certificate-file-verify.php +++ b/app/admin/vaults/import-certificate-file-verify.php @@ -1,5 +1,17 @@ <?php -include(dirname(__FILE__)."/../../../functions/functions.php"); +# include required scripts +require_once( dirname(__FILE__) . '/../../../functions/functions.php' ); + +# initialize user object, if not already set +if (!isset($Database)) { $Database = new Database_PDO; } +if (!isset($User)) { $User = new User ($Database); } +if (!isset($Tools)) { $Tools = new Tools ($Database); } + +# verify that user is logged in, to guard against direct access of page and possible exploits +$User->check_user_session(); + +# Don't corrupt output with php errors! +disable_php_errors(); /* * CSV import verify + parse data @@ -10,9 +22,6 @@ $filename = $_FILES['file']['name']; $filename = pf_explode(".", $filename); $filename = end($filename); -# Don't corrupt output with php errors! -disable_php_errors(); - /* list of permitted file extensions */ $allowed = array('cer', 'pem', 'crt', 'p12', 'pfx'); diff --git a/app/subnets/import-subnet/import-verify.php b/app/subnets/import-subnet/import-verify.php index 5705bf902fa8289a0894cf22fa9a152e939eecc3..c880c6e3187bf0fa6a9f2ca1951405c3b852fc0f 100755 --- a/app/subnets/import-subnet/import-verify.php +++ b/app/subnets/import-subnet/import-verify.php @@ -1,4 +1,18 @@ <?php +# include required scripts +require_once( dirname(__FILE__) . '/../../../functions/functions.php' ); + +# initialize user object, if not already set +if (!isset($Database)) { $Database = new Database_PDO; } +if (!isset($User)) { $User = new User ($Database); } +if (!isset($Tools)) { $Tools = new Tools ($Database); } + +# verify that user is logged in, to guard against direct access of page and possible exploits +$User->check_user_session(); + +# Don't corrupt output with php errors! +disable_php_errors(); + /* * CSV import verify + parse data *************************************************/ diff --git a/app/subnets/import-subnet/index.php b/app/subnets/import-subnet/index.php index d6a9d5c4628406a9c68536c9a6995beef9d67c9c..61848170a564fdb60cd1ab239b17aa1f20689387 100755 --- a/app/subnets/import-subnet/index.php +++ b/app/subnets/import-subnet/index.php @@ -14,22 +14,25 @@ $Tools = new Tools ($Database); $Addresses = new Addresses ($Database); $Subnets = new Subnets ($Database); $Result = new Result; +$Params = new Params($_POST); # verify that user is logged in $User->check_user_session(); # permissions -$permission = $Subnets->check_permission ($User->user, $_POST['subnetId']); +$permission = $Subnets->check_permission ($User->user, $Params->subnetId); # die if write not permitted if($permission < 2) { $Result->show("danger", _('You cannot write to this subnet'), true); } # fetch subnet details -$subnet = $Subnets->fetch_subnet (null, $_POST['subnetId']); -$subnet!==false ? : $Result->show("danger", _("Invalid ID"), true, true); +$subnet = $Subnets->fetch_subnet (null, $Params->subnetId); +if (!is_object($subnet)) { + $Result->show("danger", _("Invalid ID"), true, true); +} # full -if ($_POST['type']!="update-icmp" && $subnet->isFull==1) { $Result->show("warning", _("Cannot scan as subnet is market as used"), true, true); } +if ($Params->type!="update-icmp" && $subnet->isFull==1) { $Result->show("warning", _("Cannot scan as subnet is market as used"), true, true); } # get custom fields $custom_address_fields = $Tools->fetch_custom_fields('ipaddresses'); diff --git a/functions/classes/class.Addresses.php b/functions/classes/class.Addresses.php index 607f492fc6fe66ec53eb3e8ddbf13af0e9e3850c..832c534c53d0198c45c110545f32f97dd02bd585 100644 --- a/functions/classes/class.Addresses.php +++ b/functions/classes/class.Addresses.php @@ -464,7 +464,7 @@ class Addresses extends Common_functions { $this->address_within_subnetId($address['ip_addr'], $subnetId, true); # set primary key for update - if($address['type']=="series") { + if(isset($address['type']) && $address['type']=="series") { $id1 = "subnetId"; $id2 = "ip_addr"; unset($address['id']); @@ -474,7 +474,7 @@ class Addresses extends Common_functions { } # remove gateway - if($address['is_gateway']==1) { $this->remove_gateway ($address['subnetId']); } + if(isset($address['is_gateway']) && $address['is_gateway']==1) { $this->remove_gateway ($address['subnetId']); } # execute try { $this->Database->updateObject("ipaddresses", $address, $id1, $id2); } @@ -781,7 +781,7 @@ class Addresses extends Common_functions { } # result if ($cnt===true) { return $count->cnt==0 ? false : true; } - else { return is_null($count->id) ? false : $count->id; } + else { return is_null($count) ? false : $count->id; } } /** diff --git a/functions/classes/class.Log.php b/functions/classes/class.Log.php index f563248aeaaef6d5ddebe06fad2f6c543c61b3de..33d7f9bc7d6700af5753fb3d1803e1732eb42773 100644 --- a/functions/classes/class.Log.php +++ b/functions/classes/class.Log.php @@ -1222,7 +1222,7 @@ class Logging extends Common_functions { */ private function changelog_format_device_diff ($k, $v) { // old none - if($this->object_old[$k] == 0) { + if(is_null($this->object_old) || !isset($this->object_old[$k]) || $this->object_old[$k] == 0) { $this->object_old[$k] = _("None"); } elseif($this->object_old[$k] != "NULL") { @@ -1253,7 +1253,7 @@ class Logging extends Common_functions { */ private function changelog_format_vlan_diff ($k, $v) { //old none - if($this->object_old[$k] == 0) { + if(is_null($this->object_old) || !isset($this->object_old[$k]) || $this->object_old[$k] == 0) { $this->object_old[$k] = _("None"); } elseif($this->object_old[$k] != "NULL") { @@ -1284,7 +1284,7 @@ class Logging extends Common_functions { */ private function changelog_format_vrf_diff ($k, $v) { //old none - if($this->object_old[$k] == 0) { + if(is_null($this->object_old) || !isset($this->object_old[$k]) || $this->object_old[$k] == 0) { $this->object_old[$k] = _("None"); } elseif($this->object_old[$k] != "NULL") { @@ -1315,7 +1315,7 @@ class Logging extends Common_functions { */ private function changelog_format_ns_diff ($k, $v) { //old none - if($this->object_old[$k] == 0) { + if(is_null($this->object_old) || !isset($this->object_old[$k]) || $this->object_old[$k] == 0) { $this->object_old[$k] = _("None"); } elseif($this->object_old[$k] != "NULL") { @@ -1346,7 +1346,7 @@ class Logging extends Common_functions { */ private function changelog_format_location_diff ($k, $v) { //old none - if($this->object_old[$k] == 0) { + if(is_null($this->object_old) || !isset($this->object_old[$k]) || $this->object_old[$k] == 0) { $this->object_old[$k] = _("None"); } elseif($this->object_old[$k] != "NULL") { @@ -1377,7 +1377,7 @@ class Logging extends Common_functions { */ private function changelog_format_master_section_diff ($k, $v) { // old root - if($this->object_old[$k]==0) { + if(is_null($this->object_old) || !isset($this->object_old[$k]) || $this->object_old[$k]==0) { $this->object_old[$k] = _("Root"); } else {