Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit e900d3a9 authored by Gary Allan's avatar Gary Allan
Browse files

Bugfix: Adding a device without a rack fails #3971

parent 7091033a
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
app/admin/devices/edit-result.php
+ 13
11
View file @ e900d3a9
......@@ -14,11 +14,12 @@ $Admin = new Admin ($Database, false);
$Tools = new Tools ($Database);
$Racks = new phpipam_rack ($Database);
$Result = new Result ();
$Params = new Params ($User->strip_input_tags ($_POST));
# verify that user is logged in
$User->check_user_session();
# perm check popup
if($_POST['action']=="edit") {
if($Params->action=="edit") {
$User->check_module_permissions ("devices", User::ACCESS_RW, true, false);
}
else {
......@@ -29,13 +30,12 @@ else {
$User->check_maintaneance_mode ();
# validate csrf cookie
$User->Crypto->csrf_cookie ("validate", "device", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
$User->Crypto->csrf_cookie ("validate", "device", $Params->csrf_cookie) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# get modified details
$device = $Admin->strip_input_tags($_POST);
$device = (array) $Params;
# ID must be numeric
if($_POST['action']!="add" && !is_numeric($_POST['switchid'])) { $Result->show("danger", _("Invalid ID"), true); }
if($Params->action!="add" && !is_numeric($Params->switchid)) { $Result->show("danger", _("Invalid ID"), true); }
# available devices set
foreach($device as $key=>$line) {
......@@ -64,7 +64,9 @@ if (!is_blank(@$device['rack']) && $User->get_module_permissions ("racks")>=User
if (!is_numeric($device['rack_size'])) { $Result->show("danger", _('Invalid rack size').'!', true); }
# validate rack
$rack = $Racks->fetch_rack_details($device['rack']);
if ($rack===false) { $Result->show("danger", _('Rack does not exist').'!', true); }
if (!is_numeric($device['rack']) || ($rack > 0 && !is_object($rack))) {
$Result->show("danger", _('Rack does not exist') . '!', true);
}
}
}
......@@ -93,7 +95,7 @@ if(sizeof($custom) > 0) {
# set update values
$values = array(
"id" =>$device['switchid'],
"id" =>isset($device['switchid']) ? $device['switchid'] : null,
"hostname" =>$device['hostname'],
"ip_addr" =>$device['ip_addr'],
"type" =>$device['type'],
......@@ -117,10 +119,10 @@ if ($User->get_module_permissions ("locations")==User::ACCESS_NONE) {
}
# update device
if(!$Admin->object_modify("devices", $_POST['action'], "id", $values)) {}
if(!$Admin->object_modify("devices", $Params->action, "id", $values)) {}
else { $Result->show("success", _("Device")." ".$device["action"]." "._("successful").'!', false); }
if($_POST['action']=="delete"){
if($Params->action=="delete"){
# remove all references from subnets and ip addresses
$Admin->remove_object_references ("subnets", "device", $values["id"]);
$Admin->remove_object_references ("nat", "device", $values["id"]);
......
app/admin/devices/edit.php
+ 13
12
View file @ e900d3a9
......@@ -13,11 +13,12 @@ $User = new User ($Database);
$Admin = new Admin ($Database, false);
$Tools = new Tools ($Database);
$Result = new Result ();
$Params = new Params ($User->strip_input_tags ($_POST));
# verify that user is logged in
$User->check_user_session();
# perm check popup
if($_POST['action']=="edit") {
if($Params->action=="edit") {
$User->check_module_permissions ("devices", User::ACCESS_RW, true, true);
}
else {
......@@ -27,21 +28,19 @@ else {
# create csrf token
$csrf = $User->Crypto->csrf_cookie ("create", "device");
# strip tags - XSS
$_POST = $User->strip_input_tags ($_POST);
# validate action
$Admin->validate_action ($_POST['action'], true);
$Admin->validate_action ($Params->action, true);
# fetch custom fields
$custom = $Tools->fetch_custom_fields('devices');
# ID must be numeric
if($_POST['action']!="add" && !is_numeric($_POST['switchid'])) { $Result->show("danger", _("Invalid ID"), true, true); }
if($Params->action!="add" && !is_numeric($Params->switchid)) { $Result->show("danger", _("Invalid ID"), true, true); }
# fetch device details
if( ($_POST['action'] == "edit") || ($_POST['action'] == "delete") ) {
$device = (array) $Admin->fetch_object("devices", "id", $_POST['switchid']);
if( ($Params->action == "edit") || ($Params->action == "delete") ) {
$device = (array) $Admin->fetch_object("devices", "id", $Params->switchid);
// false
if ($device===false) { $Result->show("danger", _("Invalid ID"), true, true); }
}
......@@ -51,10 +50,12 @@ else {
$device['type'] = 9;
$device['rack_start'] = 1;
$device['rack_size'] = 1;
$device['location'] = null;
$device['rack'] = null;
}
# set readonly flag
$readonly = $_POST['action']=="delete" ? "readonly" : "";
$readonly = $Params->action=="delete" ? "readonly" : "";
# all locations
......@@ -193,10 +194,10 @@ $('#switchManagementEdit select[name=rack]').change(function() {
<td>
<textarea name="description" class="form-control input-sm" placeholder="<?php print _('Description'); ?>" <?php print $readonly; ?>><?php if(isset($device['description'])) print $device['description']; ?></textarea>
<?php
if( ($_POST['action'] == "edit") || ($_POST['action'] == "delete") ) {
print '<input type="hidden" name="switchid" value="'. $_POST['switchid'] .'">'. "\n";
if( ($Params->action == "edit") || ($Params->action == "delete") ) {
print '<input type="hidden" name="switchid" value="'. $Params->switchid .'">'. "\n";
} ?>
<input type="hidden" name="action" value="<?php print escape_input($_POST['action']); ?>">
<input type="hidden" name="action" value="<?php print escape_input($Params->action); ?>">
<input type="hidden" name="csrf_cookie" value="<?php print $csrf; ?>">
</td>
</tr>
......@@ -265,7 +266,7 @@ $('#switchManagementEdit select[name=rack]').change(function() {
<div class="pFooter">
<div class="btn-group">
<button class="btn btn-sm btn-default hidePopups"><?php print _('Cancel'); ?></button>
<button class="btn btn-sm btn-default <?php if($_POST['action']=="delete") { print "btn-danger"; } else { print "btn-success"; } ?>" id="editSwitchsubmit"><i class="fa <?php if($_POST['action']=="add") { print "fa-plus"; } else if ($_POST['action']=="delete") { print "fa-trash-o"; } else { print "fa-check"; } ?>"></i> <?php print escape_input(ucwords(_($_POST['action']))); ?></button>
<button class="btn btn-sm btn-default <?php if($Params->action=="delete") { print "btn-danger"; } else { print "btn-success"; } ?>" id="editSwitchsubmit"><i class="fa <?php if($Params->action=="add") { print "fa-plus"; } else if ($Params->action=="delete") { print "fa-trash-o"; } else { print "fa-check"; } ?>"></i> <?php print escape_input(ucwords(_($Params->action))); ?></button>
</div>
<!-- result -->
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)