diff options
| author | Andrejs Verza <andrejs.verza@zabbix.com> | 2022-03-07 11:54:46 +0300 |
|---|---|---|
| committer | Andrejs Verza <andrejs.verza@zabbix.com> | 2022-03-07 11:54:46 +0300 |
| commit | 174a3675152407530b9b88963247a7695ddf68f5 (patch) | |
| tree | ad45e9f48e3eb2cb56e13978c3ad3a00f381020e /ui | |
| parent | d587622809837ab08a0cc01e74b4080a3fd9173f (diff) | |
..F....... [ZBX-19583] fixed undefined index errors in forged requests
Diffstat (limited to 'ui')
| -rw-r--r-- | ui/app/controllers/CControllerSlaReportList.php | 2 | ||||
| -rw-r--r-- | ui/app/controllers/CControllerTokenCreate.php | 32 | ||||
| -rw-r--r-- | ui/app/controllers/CControllerTokenUpdate.php | 32 |
3 files changed, 64 insertions, 2 deletions
diff --git a/ui/app/controllers/CControllerSlaReportList.php b/ui/app/controllers/CControllerSlaReportList.php index 9ec25d1006a..2945a98d5ab 100644 --- a/ui/app/controllers/CControllerSlaReportList.php +++ b/ui/app/controllers/CControllerSlaReportList.php @@ -45,6 +45,8 @@ class CControllerSlaReportList extends CController { $ret = $this->validateInput($fields); if ($ret) { + $fields = []; + if ($this->getInput('filter_date_from', '') !== '') { $fields['filter_date_from'] = 'abs_date'; } diff --git a/ui/app/controllers/CControllerTokenCreate.php b/ui/app/controllers/CControllerTokenCreate.php index b0925ae9e94..d0639431c43 100644 --- a/ui/app/controllers/CControllerTokenCreate.php +++ b/ui/app/controllers/CControllerTokenCreate.php @@ -33,10 +33,40 @@ class CControllerTokenCreate extends CController { 'action_dst' => 'fatal|required|in token.view,user.token.view' ]; + $validation_result = self::VALIDATION_OK; + $ret = $this->validateInput($fields); + if ($ret) { + $fields = []; + + if ($this->getInput('expires_state') == 1) { + $fields['expires_at'] = 'required'; + } + + if ($fields) { + $validator = new CNewValidator($this->getInputAll(), $fields); + + foreach ($validator->getAllErrors() as $error) { + info($error); + } + + if ($validator->isErrorFatal()) { + $validation_result = $validator->isErrorFatal(); + } + elseif ($validator->isError()) { + $validation_result = self::VALIDATION_ERROR; + } + + $ret = $validation_result == self::VALIDATION_OK; + } + } + else { + $validation_result = $this->getValidationError(); + } + if (!$ret) { - switch ($this->getValidationError()) { + switch ($validation_result) { case self::VALIDATION_ERROR: $location = (new CUrl('zabbix.php'))->setArgument('action', $this->getInput('action_src')); $response = new CControllerResponseRedirect($location); diff --git a/ui/app/controllers/CControllerTokenUpdate.php b/ui/app/controllers/CControllerTokenUpdate.php index c155cbc4390..68c2fcd6138 100644 --- a/ui/app/controllers/CControllerTokenUpdate.php +++ b/ui/app/controllers/CControllerTokenUpdate.php @@ -34,10 +34,40 @@ class CControllerTokenUpdate extends CController { 'regenerate' => 'in 1' ]; + $validation_result = self::VALIDATION_OK; + $ret = $this->validateInput($fields); + if ($ret) { + $fields = []; + + if ($this->getInput('expires_state') == 1) { + $fields['expires_at'] = 'required'; + } + + if ($fields) { + $validator = new CNewValidator($this->getInputAll(), $fields); + + foreach ($validator->getAllErrors() as $error) { + info($error); + } + + if ($validator->isErrorFatal()) { + $validation_result = $validator->isErrorFatal(); + } + elseif ($validator->isError()) { + $validation_result = self::VALIDATION_ERROR; + } + + $ret = $validation_result == self::VALIDATION_OK; + } + } + else { + $validation_result = $this->getValidationError(); + } + if (!$ret) { - switch ($this->getValidationError()) { + switch ($validation_result) { case self::VALIDATION_ERROR: $location = (new CUrl('zabbix.php')) ->setArgument('tokenid', $this->getInput('tokenid')) |