diff --git a/app/admin/import-export/generate-hosts.php b/app/admin/import-export/generate-hosts.php index 524138f05..b8d565d90 100644 --- a/app/admin/import-export/generate-hosts.php +++ b/app/admin/import-export/generate-hosts.php @@ -15,6 +15,7 @@ $Subnets = new Subnets ($Database); $Addresses = new Addresses ($Database); $Tools = new Tools ($Database); +$Admin = new Admin ($Database); $Result = new Result (); # verify that user is logged in diff --git a/app/admin/import-export/generate-mysql.php b/app/admin/import-export/generate-mysql.php index 9b963c7cc..1175af71b 100644 --- a/app/admin/import-export/generate-mysql.php +++ b/app/admin/import-export/generate-mysql.php @@ -10,6 +10,7 @@ # initialize user object $Database = new Database_PDO; $User = new User ($Database); +$Admin = new Admin ($Database); # verify that user is logged in $User->check_user_session(); diff --git a/app/admin/import-export/generate-xls.php b/app/admin/import-export/generate-xls.php index e0a8ee426..963eb2854 100644 --- a/app/admin/import-export/generate-xls.php +++ b/app/admin/import-export/generate-xls.php @@ -16,6 +16,7 @@ $Subnets = new Subnets ($Database); $Addresses = new Addresses ($Database); $Tools = new Tools ($Database); +$Admin = new Admin ($Database); $Result = new Result (); # verify that user is logged in diff --git a/app/dashboard/widgets/access_logs.php b/app/dashboard/widgets/access_logs.php index 0aaf0b1fc..bc5399c0a 100755 --- a/app/dashboard/widgets/access_logs.php +++ b/app/dashboard/widgets/access_logs.php @@ -8,6 +8,7 @@ $User = new User ($Database); $Tools = new Tools ($Database); $Log = new Logging ($Database); + $Admin = new Admin ($Database); $Result = new Result (); } diff --git a/app/dashboard/widgets/error_logs.php b/app/dashboard/widgets/error_logs.php index d57b07750..deb11448e 100755 --- a/app/dashboard/widgets/error_logs.php +++ b/app/dashboard/widgets/error_logs.php @@ -8,6 +8,7 @@ $User = new User ($Database); $Tools = new Tools ($Database); $Log = new Logging ($Database); + $Admin = new Admin ($Database); $Result = new Result (); } diff --git a/app/subnets/addresses/export-subnet.php b/app/subnets/addresses/export-subnet.php index cb7e8bee0..d14861ed9 100755 --- a/app/subnets/addresses/export-subnet.php +++ b/app/subnets/addresses/export-subnet.php @@ -25,10 +25,15 @@ error_reporting(E_ALL ^ E_NOTICE ^ E_STRICT); # fetch subnet details -$subnet = (array) $Tools->fetch_object ("subnets", "id", $_GET['subnetId']); +$subnet = $Tools->fetch_object("subnets", "id", $_GET['subnetId']); +if (!is_object($subnet) || $Subnets->check_permission($User->user, $_GET['subnetId'], $subnet) == User::ACCESS_NONE) { + $Result->fatal_http_error(404, _("Subnet not found")); +} +$subnet = (array) $subnet; + # fetch all IP addresses in subnet -$addresses = $Addresses->fetch_subnet_addresses ($_GET['subnetId'], "ip_addr", "asc"); -if (!is_array($addresses)) { $addresses = array(); } +$addresses = $Addresses->fetch_subnet_addresses ($_GET['subnetId'], "ip_addr", "asc") ? : []; + # get all custom fields $custom_fields = $Tools->fetch_custom_fields ('ipaddresses'); diff --git a/app/tools/logs/show-logs.php b/app/tools/logs/show-logs.php index a33405946..f848da04f 100755 --- a/app/tools/logs/show-logs.php +++ b/app/tools/logs/show-logs.php @@ -25,6 +25,7 @@ $Database = new Database_PDO; $User = new User ($Database); $Tools = new Tools ($Database); + $Admin = new Admin ($Database); $Result = new Result (); $Log = new Logging ($Database); diff --git a/functions/classes/class.Admin.php b/functions/classes/class.Admin.php index 133df1c4f..b5f671987 100644 --- a/functions/classes/class.Admin.php +++ b/functions/classes/class.Admin.php @@ -107,17 +107,15 @@ public function set_admin_required ($bool) { */ public function is_admin () { // user not required for cli - if (php_sapi_name()!="cli") { + if (php_sapi_name() != "cli") { # initialize user class - $this->User = new User ($this->Database); - # save settings - $this->settings = $this->User->settings; - # if required die ! - if($this->User->is_admin(false)!==true && $this->admin_required===true) { - // popup ? - if(@$_SERVER['HTTP_X_REQUESTED_WITH'] == "XMLHttpRequest") { $this->Result->show("danger", _("Administrative privileges required"),true, true); } - else { $this->Result->show("danger", _("Administrative privileges required"),true); } - } + $this->User = new User($this->Database); + # save settings + $this->settings = $this->User->settings; + # if required die ! + if ($this->User->is_admin(false) !== true && $this->admin_required === true) { + $this->Result->fatal_http_error(403, _("Administrative privileges required")); + } } } diff --git a/functions/classes/class.Result.php b/functions/classes/class.Result.php index 00e03a615..9fb2fe487 100644 --- a/functions/classes/class.Result.php +++ b/functions/classes/class.Result.php @@ -71,6 +71,22 @@ public function show($class="muted", $text="No value provided", $die=false, $pop } } + /** + * Return HTTP status code and message. eg 404 not found/permission denied error + * + * @param int $code + * @param string $message + * @return void + */ + public function fatal_http_error($code, $message = "") { + http_response_code($code); + if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == "XMLHttpRequest") { + $this->show("danger", $message, true, true); + } else { + $this->show("danger", $message, true); + } + } + /** * Alias for show method for backwards compatibility * diff --git a/misc/CHANGELOG b/misc/CHANGELOG index 14c4f856a..270465d69 100755 --- a/misc/CHANGELOG +++ b/misc/CHANGELOG @@ -1,5 +1,9 @@ == 1.4.6 + Security Fixes: + ---------------------------- + + Incorrect privilege assignments (#3506); + Bugfixes: ---------------------------- + Require unique subnets not working as intended (#3529);