fix(ldap): Fix SQL injection on LDAP page (#8008)

When a user is connected he can perform an SQL injection (Time-Based SQL Injection Attacks) on the following page: .../centreon/include/Administration/parameters/ldap/xml/ldap_host.php Fixes # (CVE-2019-15300)
centreon · Oct 28, 2019 · f5e2cd9 · f5e2cd9
1 parent 3cd022b
commit f5e2cd9
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 638 deletions.
diff --git a/www/include/Administration/parameters/ldap/form.php b/www/include/Administration/parameters/ldap/form.php
@@ -1,5 +1,4 @@
 <?php
-
 /*
  * Copyright 2005-2019 Centreon
  * Centreon is developed by : Julien Mathis and Romain Le Merlus under
@@ -83,15 +82,15 @@
     null,
     _("Yes"),
     '1',
-    array('id' => 'ldap_srv_dns_y', 'onclick' => "toggleParams(false, false);")
+    array('id' => 'ldap_srv_dns_y', 'onclick' => "toggleParams(false);")
 );
 $ldapUseDns[] = $form->createElement(
     'radio',
     'ldap_srv_dns',
     null,
     _("No"),
     '0',
-    array('id' => 'ldap_srv_dns_n', 'onclick' => "toggleParams(true, false);")
+    array('id' => 'ldap_srv_dns_n', 'onclick' => "toggleParams(true);")
 );
 $form->addGroup($ldapUseDns, 'ldap_srv_dns', _("Use service DNS"), '&nbsp;');
 

diff --git a/www/include/Administration/parameters/ldap/javascript/ldapJs.php b/www/include/Administration/parameters/ldap/javascript/ldapJs.php
@@ -31,62 +31,20 @@
  *
  * For more information : [email protected]
  *
- * SVN : $URL$
- * SVN : $Id$
- *
  */
 ?>
 <script type="text/javascript">
-    function mk_pagination() {
-    }
-    function mk_paginationFF() {
-    }
-    function set_header_title() {
-    }
-
-    var nextRowId;
-    var counter = '<?php echo $maxHostId;?>';
-    var nbOfInitialRows = '<?php echo $nbOfInitialRows; ?>';
-    var o = '<?php echo $o;?>';
-    var arId = '<?php echo $arId;?>';
-    var templates;
-
-    /*
-     * Transform our div
-     */
-    function transformForm() {
-        var params;
-        var proc;
-        var addrXML;
-        var addrXSL;
+    function mk_pagination() {}
+    function mk_paginationFF() {}
+    function set_header_title() {}
 
-        //var params = '?sid=' + sid;
-
-        if (o == 'w' || o == 'ldap') {
-            params = '?arId=' + arId;
-            proc = new Transformation();
-            addrXML = './include/options/oreon/generalOpt/ldap/xml/ldap_host.php' + params;
-            addrXSL = './include/options/oreon/generalOpt/ldap/xsl/ldap_host.xsl';
-            proc.setXml(addrXML);
-            proc.setXslt(addrXSL);
-            proc.transform("dynamicDiv");
-            o = 0;
-        } else {
-            params = '?id=' + counter + '&nbOfInitialRows=' + nbOfInitialRows;
-            proc = new Transformation();
-            addrXML = './include/options/oreon/generalOpt/ldap/xml/additionalRowXml.php' + params;
-            addrXSL = './include/options/oreon/generalOpt/ldap/xsl/additionalRow.xsl';
-            proc.setXml(addrXML);
-            proc.setXslt(addrXSL);
-            proc.transform(nextRowId);
-        }
-    }
+    let ldapTemplates = [];
 
     /*
      * called when the use _dns is to set at no is clicked
      */
-    function toggleParams(checkValue, isInit) {
-        if (checkValue == true) {
+    function toggleParams(checkValue) {
+        if (checkValue === true) {
             jQuery('#ldap_dns_use_ssl').fadeOut({duration: 0});
             jQuery('#ldap_dns_use_tls').fadeOut({duration: 0});
             jQuery('#ldap_dns_use_domain').fadeOut({duration: 0});
@@ -107,79 +65,20 @@ function toggleParams(checkValue, isInit) {
         }
     }
 
-    /**
-     * Display or hide custom options
-     */
-    function toggleCustom(select) {
-        if (typeof(select) == 'undefined' || typeof(select.selectedIndex) == 'undefined') {
-            return null;
-        }
-        value = select.options[select.selectedIndex].value;
-        if (value == 0) {
-            jQuery('#ldap_user_filter').fadeIn({duration: 0});
-            jQuery('#ldap_user_uid_attr').fadeIn({duration: 0});
-            jQuery('#ldap_user_group').fadeIn({duration: 0});
-            jQuery('#ldap_user_name').fadeIn({duration: 0});
-            jQuery('#ldap_user_firstname').fadeIn({duration: 0});
-            jQuery('#ldap_user_lastname').fadeIn({duration: 0});
-            jQuery('#ldap_user_email').fadeIn({duration: 0});
-            jQuery('#ldap_user_pager').fadeIn({duration: 0});
-            jQuery('#ldap_group_filter').fadeIn({duration: 0});
-            jQuery('#ldap_group_gid_attr').fadeIn({duration: 0});
-            jQuery('#ldap_group_member').fadeIn({duration: 0});
-        } else {
-            jQuery('#ldap_user_filter').fadeOut({duration: 0});
-            jQuery('#ldap_user_uid_attr').fadeOut({duration: 0});
-            jQuery('#ldap_user_group').fadeOut({duration: 0});
-            jQuery('#ldap_user_name').fadeOut({duration: 0});
-            jQuery('#ldap_user_firstname').fadeOut({duration: 0});
-            jQuery('#ldap_user_lastname').fadeOut({duration: 0});
-            jQuery('#ldap_user_email').fadeOut({duration: 0});
-            jQuery('#ldap_user_pager').fadeOut({duration: 0});
-            jQuery('#ldap_group_filter').fadeOut({duration: 0});
-            jQuery('#ldap_group_gid_attr').fadeOut({duration: 0});
-            jQuery('#ldap_group_member').fadeOut({duration: 0});
-        }
-    }
-
     /*
      * Initialises advanced parameters
      */
     function initParams() {
         initTemplates();
+        let noDns = false;
         if (document.getElementById('ldap_srv_dns_n')) {
-            var noDns = false;
-            if (document.getElementById('ldap_srv_dns_n').type == 'radio') {
+            if (document.getElementById('ldap_srv_dns_n').type === 'radio') {
                 if (document.getElementById('ldap_srv_dns_n').checked) {
                     noDns = true;
                 }
             }
         }
-        toggleParams(noDns, true);
-    }
-
-    /*
-     * Function is called when the '+' button is pressed
-     */
-    function addNewHost() {
-        nbOfInitialRows++;
-        nextRowId = 'additionalRow_' + nbOfInitialRows;
-        transformForm();
-        counter++;
-    }
-
-    /*
-     * function that is called when the 'x' button is pressed
-     */
-    function removeTr(trId) {
-        if (document.getElementById(trId)) {
-            if (navigator.appName == "Microsoft Internet Explorer") {
-                document.getElementById(trId).innerText = "";
-            } else {
-                document.getElementById(trId).innerHTML = "";
-            }
-            jQuery('#'+trId).fadeOut({duration: 0});
-        }
+        toggleParams(noDns);
     }
 
     /*
@@ -223,10 +122,9 @@ function initTemplates() {
     function applyTemplate(templateValue) {
 
         jQuery('input[type^=text]').each(function (index, el) {
-            key = el.getAttribute('name');
-            var attr = key;
-            if (typeof(ldapTemplates[templateValue]) != 'undefined') {
-                if (typeof(ldapTemplates[templateValue][attr]) != 'undefined') {
+            let attr = el.getAttribute('name');
+            if (typeof(ldapTemplates[templateValue]) !== 'undefined') {
+                if (typeof(ldapTemplates[templateValue][attr]) !== 'undefined') {
                     el.value = ldapTemplates[templateValue][attr];
                 }
             }

diff --git a/www/include/Administration/parameters/ldap/xml/additionalRowXml.php b/www/include/Administration/parameters/ldap/xml/additionalRowXml.php