Users were able to submit changes to fields they should not have access to change by bypassing the frontend validation. Correct backend validation to prevent that.
* fix VRP not cleaning BGP peers properly
* fix missing field in BgpPeer model
* Update includes/discovery/bgp-peers/vrp.inc.php
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Eloquent for 2 requests
* Eloquent for 1 request
* a few in Dell
* Model
* and more with timos
* and more with timos
* and firebrick
* firebrick
* one query instead of many
* Should use collection get
* Update timos.inc.php
* Update dell-os10.inc.php
* avoid changing timos as it breaks something
* new try with timos
* deps for BGP
* revert deps for BGP
* style
* style
* deps for BGP, 2nd try
* typo
* revert aos7
* fix create
* firebricktests
* firebrick
* firebrick
* cipsec-fix
* cipsec
* timos fix 100th time :)
* ./scripts/save-test-data.php -m os,ports,processors,mempools,vrf,sensors,bgp-peers,mpls,ospf -o timos -v 7705
* remove timos from this PR
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Fix up version and git helpers
Improve method names
Move all git calls into the git helper
Allow runtime and external cache of results where appropriate
Consolidate version headers for discovery, poller, and validate
* Style fixes
* improve consistency in git calls
* fix style
* don't send name inconsistently
* Improve database versions
* No need to cache Version it is not used more than once currently.
* Disable plugins that have errors
Disable plugin if a hook throws an error and set a notification
Move notification code to class, so we can access it
Clear notification when plugin is attempted to be enabled again
* fix style and lint fixes
* another lint fix and handle if property is missing
* Fix oxidized web requests not closing connections or responding fast enough
* Update showconfig.inc.php
* Add method to get the text content of an oxidized page
* Use Oxidized getContent method instead of file_get_content
* Too much brackets with copy paste
* Fix carriage return errors because of copy paste
* Fix copy paste error again
* Fix indent
* PHPStan is waiting for a return even outside of the if loop
* Single quotes
* Variabilize timeout in baseapi
* Set Oxidized Api class timeout var to 90 because oxidized is slow and to be sure not to break half the installs here
* fix typo
* Variabilize timeout
* Variabilize timeout
* Variabilize timeout
* Variabilize timeout
* Variabilize timeout
* Spacing
* Remove timeout type because of this error
Unexpected 'int' (T_STRING), expecting function (T_FUNCTION) or const (T_CONST) in app/ApiClients/BaseApi.php on line 34
* Lint needs type finally
* Use contruct instead of setting variable
* Type hinting instead for php7.3
* Type hinting fix
* Set property value instead of calling parent constructor
* Typo
* Remove unneededconstructors
* Remove unneeded constructors
* Remove unneeded constructors
* Remove unneeded constructors
* Remove unneeded constructors
* Remove unneeded constructors
* Typing not casting
* Typing not casting
* Cannot type variables outside of a class
Co-authored-by: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com>
* Defer loading option values
Otherwise it causes a cli command to be run every single application boot.
* style and lint
* Just return whatever we have it isn't callable
* Cleanup and optimize the availability widget
Default sort is display name
Sort applies to services too (services always last)
May need to refresh the page to get new css
* style
* We don't need request (lint fix)
* Wrong service field name
* Fix IPv6 in service check host (#13939)
* Add hostName cleaning to Clean
* Apply RFC 5952 formatting to Clean::hostName output
* Use more liberal cleaning for hostnames
* Remove unwanted whitespace
* Apply Clean::hostName() to all relevant fields
* Fix docstring
* Use IP::isValid inline
* Update Clean.php
* Update services.inc.php
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add sorting support for additional columns + dual column
Additional columns are Display Name (display) and System Name (sysName)
Dual column means that first is sorted after status, then within
each status group another sort is done (every columns from single column
sorting is possible).
* Change code for styleCI
* Expand availability map sorting menu
Also change sysName to System Name – there is no real reason for
that short form.
* Add german translation for avail. map sorting/display options
* Adjust sorting behaviour in Availability Map
The dropdown now presents two options:
- Display Text: Sort by the selected value of the dropdown 'Display Text'
- Status: Sort by status, then by selected value of dropdown 'Display Text'
As the field 'display' (The display name) may contain template functions
etc., sorting is not done by SQL means; instead custom sorting is done
within the controller.
* Apply fix for styleCI
* Apply fix for styleCI, part 2
* Update availability-map.blade.php
* Update availability-map.blade.php
* Update availability-map.blade.php
* Update de.json
* Update AvailabilityMapController.php
* Update AvailabilityMapController.php
* Update availability-map.blade.php
* Update de.json
Co-authored-by: Sander Steffann <sander@steffann.nl>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* use component to discover if xDSL polling is needed
use component to discover if xDSL polling is needed
* Components OK, Polling in correct files, no DB for VDSL
* GUI
GUI_suite
* per port as well
* rename
* interface listing
* draytek_snmpsim
* fix arraymerge
fix names and max value
* schema
schema
style
* remove one dbFetchRows
remove 2x dbFetchCell
style
style
remove Legacy dbFetchRow
tests
tests
eloquent
more eloquent
more eloquent
one more gone
* fix properties access
eloquent_insert_update
style
tests
tests
tests
tests
* tests
tests
tests
* adslLineCoding
* Models
* fix not nullable cols in DB from code
default values
typo
rename
typo
schema
fix
fix
vdsl fix now
typo
typo
fix size
fix size
* Power values for VDSL
Power values for VDSL
Power values for VDSL
DB
* cleanup
* Rrd::checkRrdExists
* always enable DSL discovery
style
* xdsl module
* cleanup and move to Module
cleanup and move to Module
cleanup and move to Module
cleanup and move to Module
* Fix display
* fix polling and tenth
* remove legacy poller
* Style and Cosmetics
Cosmetics
Cleanup
* Translations
Translations
* exists
exists
* add test support for xdsl
* remove last component call
unused
* translations
* remove non standard onclick event on xdsl line
* Update Discovery Support.md
Update Poller Support.md
toner_gone
* Notification for removal of lnms config:set enable_ports_adsl true
* enable on devices with potential DSL interfaces
* tests are working now
fix teldat tests
* os_schema
* teldat
* move to new module structure
* move to new module structure
* wrong dump function
* wrong dump function
* laravel_through_key hidden
* Update notifications.rss
* Update notifications.rss
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Return GraphImage to include more metadata
Allows things like including title.
Implements __toString for backwards compatability
getImageData to allow controlling the output through flags
* Style and Lint
* Email embed graphs
* Allow attachment for non-html
Add setting to webui
Correct $auth setting
* Cleanups, throw RrdGraphException instead of returning an error image.
Generate the error image later, giving more control.
Reduce code duplication a little
* Style and lint fixes
Change to flags
* Add baseline for lint errors I don't know how to resolve
* oopsie, changed the code after generating the baseline
* Tiny cleanups. Make set DeviceCache primary, it is free.
* Docs.
* email_html note
* Allow control of graph embed at the email transport level to override the global config.
* Allow control of graph embed at the email transport level to override the global config.
* Add INLINE_BASE64 to make it easier to create inline image tags
* Discord ability to attach graph images
Must use @signedGraphTag()
Needs more work on the graph side of things still: issues with CORs and other.
* Fixes
* alert data is an array for transports
* No need to decode, that was a bug before
* More secure external graph access
Add @signedGraphTag() and @signedGraphUrl() blade directives
Takes either an array of graph variables or a url to a graph
Uses a signed url that is accessible without user login, embeds signature in url to authenticate access
See Laravel Signed Url for more details.
Adds Laravel route to graphs (does not change links to use it yet)
@graphImage requires the other PR
Also APP_URL is required in .env
* missing files from rebase
* Fix url parsing with a get string
* allow width and height to be omitted
* Documentation
* Add to, otherwise it will always be now
* Doc note for to and from relative security
* fix vars.inc.php (Laravel has a dummy url here)
* Fix removing all port groups
* Make backend work in the situation where this endpoint is used for more than just this setting change
change event is called multiple times when select2 is cleared (once for each item)
prevent duplicate backend calls
Remove no default Port Group item
* Error reporting
* Move code to ErrorReportingProvider
Enable reporting of error (and warning) messages.
report module exceptions
* Restore flare key
Not needed to set late anymore. We set up filtering before it is initialized.
* Remove unnecessary and maybe double Flare report
* lint
* Cannot use typed properties yet, use phpdoc
* fix handleError return type
* Filter both exceptions and reports (so we don't miss any)
Consolidate the check if reporting should be enabled
* Cache reportingEnabled check for the runtime
* Split out middleware to improve readability
Logging of why reporting is disabled
Fix reportingEnabled cache
* Style
* Return some user data
* Change to class based middleware, it looks nicer
* Fix error page error id report, add url.
* also rewrite intended url
* remove link
* Move ignition to production and update flare-client
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Correct logic for recurring alert rules that span UTC days. Evaluate the day of week in local time.
* Enable previously broken test cases
* Update TestScheduledMaintenance.php
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add group case
Add group case for portgroup URL query
* Add PortGroups to MenuComposer
* Add PortGroups to Menu blade
Adds to menu blade, using a similar behavior as Locations.
* Make PortCount into link
Make port count into like similar to DeviceGroups device count.
* Update MenuComposer.php
Make StyleCI happy
* Update MenuComposer.php
Make StyleCI happy
* Update ports.inc.php
Make StyleCI happy
* Update menu.blade.php
Menu fix.
* Update Menu so Manage Groups always displays.
* Adding Group function
* Add group to filterFields
* Trying suggested change
* Subquery
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add devicegroup filterFields
* add Devicegroup to post function
* StyleCI
* Add GUI Element
* Less wordy
Dropped "View" from the link. Made it too wordy for such a small GUI insertion.
* Moved DeviceGroup Ports link to a separate column
I realized how it could be confusing to have links to two different items in the same column, so I separated the Ports out.
* New Poller validations
Seperated poller and distributed poller validations to make poller validations generally available
One auto fixer added
Translatable strings
* lint and style fixes
* and style
* and style
* Update LibreNMS/Validations/Poller/CheckLocking.php
Co-authored-by: Jellyfrog <Jellyfrog@users.noreply.github.com>
* Update CheckPythonWrapper.php
* Try to check if cron is even installed before warning about not being able to read the cron files.
Likely most systems they won't be readable, but also, it is very unlikely we hit the cron check and it is meaningfully different than the first Poller::exists() check.
* Work on poller validation
Remove errors/warnings when at least one poller of the other type is active.
* style fixes
Co-authored-by: Jellyfrog <Jellyfrog@users.noreply.github.com>
* lnms device:poll better feedback
Feedback when 0 devices are found to poll or 0 devices are polled.
Make devices polled summary string translatable.
* additional note on what the wildcard is
* Fix style
* initial work on add the ability to save/fetch app data
* update to use get_app_data for ZFS
* update the poller for the new app_data stuff
* ZFS now logs changes to pools
* add schema update for app_data stuff
* small formatting fix
* add a missing \
* now adds a column
* sql-schema is no longer used, so remove the file that was added here
* misc cleanups
* rename the method in database/migrations/2022_07_03_1947_add_app_data.php
* hopefully fix the migration bit
* add the column to misc/db_schema.yaml
* more misc small DB fixes
* update the test as the json column uses collat of utf8mb4_bin
* revert the last change and try manually setting it to what is expected
* remove a extra ;
* update suricata as well
* correct the instance -> instances in one location to prevent the old instance list from being stomped
* remove a extra ;
* update fail2ban to use it as well
* remove two unused functions as suricata and fail2ban no longer use components
* style cleanup
* postgres poller updated to use it
* update html side of the postgres bits
* chronyd now uses app data bits now as well
* portactivity now uses it as well
* style fix
* sort the returned arrays from app_data
* correct log message for port activity
* collocation change
* try re-ordering it
* add in the new data column to the tests
* remove a extra ,
* hmm... ->collate('utf8mb4_unicode_ci') is not usable as apparently collate does not exist
* change the column type from json to longtext
* mv chronyd stuff while I sort out the rest of the tests... damn thing is always buggy
* hmm... fix a missing line then likely move stuff back
* style fix
* add fillable
* add the expexcted data for fail2ban json
* escape a " I missed
* add data for portactivity
* add suricata app data
* add app data to zfs legacy test
* put the moved tests back into place and update zfs-v1 test
* add app data for chronyd test
* add app data for fail2ban legacy test
* update zfs v1 app data
* add some notes on application dev work
* add Developing/Application-Notes.md to mkdocs.yml
* add data column to it
* added various suggestions from bennet-esyoil
* convert from isset to sizeof
* type fix
* fully remove the old save app data function and move it into a helper function... the other still needs cleaned up prior to removal
* update docs
* get_app_data is fully removed now as well
* a few style fixes
* add $casts
* update chronyd test
* attempt to fix the data
* more doc cleanup and try changing the cast
* style fix
* revert the changes to the chronyd test
* apply a few of murrant's suggestions
* document working with ->data as json and non-josn
* remove two no-longer used in this PR exceptions
* ->data now operates transparently
* style fix
* update data tests
* fix json
* test fix
* update the app notes to reflect how app data now works
* app test fix
* app data fix for linux_lsi
* json fix
* minor doc cleanup
* remove duplicate querty and use json_decode instead
* style fix
* modelize the app poller
* use a anon func instead of foreach
* test update
* style cleanup
* style cleanup
* another test cleanup
* more test cleanup
* reverse the test changes and add in some more glue code
* revert one of the test changes
* another small test fix
* Make things use models
Left some array access, but those will still work just fine.
* missed chronyd and portactivity
* rename poll to avoid make it any confusion
* Remove extra save and fix timestamp
* save any changes made to app->data
* nope, that was not it
* What are magic methods and how do they work?
* fix two typos
* update linux_lsi test
* change quote type
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Prevent duplicate plugin table entries
Some sort of race condition.
Add a unique index, this will cause the create query to fail when it tries to add a new entry for an existing plugin.
* Add index