Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.4, 2.1.0
    • Fix Version/s: 2.0.4rc1, 2.1.0
    • Component/s: Frontend (F)
    • Labels:
      None

      Description

      It is possible to open many pages with incorrect ID and see undefined indexes or no data. Instead correct error message must be showen. Code must be similar with:
      $myIds = get_request('myid');
      if (empty($myIds))

      { access_deny(); }

      Affected pages:
      Administration->General->Icon mapping
      Administration->General->Images
      Administration->General->Value mapping
      Administration->General->Regular expressions
      Administration->MediaTypes
      .. and others

        Issue Links

          Activity

          Hide
          Oleg Egorov added a comment - - edited

          Fixed error after deleting image:
          Undefined index: name [adm.images.php:114]
          If refresh page after delete.

          Show
          Oleg Egorov added a comment - - edited Fixed error after deleting image: Undefined index: name [adm.images.php:114] If refresh page after delete.
          Hide
          Oleg Egorov added a comment - - edited

          Affected pages:
          ...
          Administration->General->Users
          Administration->General->Users groups
          Administration->General->Media types
          Administration->General->DM
          Administration->Configuration->Discovery
          Administration->Configuration->Slide shows
          Administration->Configuration->Web
          Administration->Configuration->Maintenance
          Administration->Configuration->Host->Applications

          Oleg Egorov RESOLVED IN svn://svn.zabbix.com/branches/dev/ZBX-5700 r30942

          Show
          Oleg Egorov added a comment - - edited Affected pages: ... Administration->General->Users Administration->General->Users groups Administration->General->Media types Administration->General->DM Administration->Configuration->Discovery Administration->Configuration->Slide shows Administration->Configuration->Web Administration->Configuration->Maintenance Administration->Configuration->Host->Applications Oleg Egorov RESOLVED IN svn://svn.zabbix.com/branches/dev/ZBX-5700 r30942
          Hide
          Eduards Samersovs added a comment - - edited

          (1) Require put id validation also on delete. For example in slide shows if we with hands open url "slideconf.php?delete=1&form=update&slideshowid=2000000&sid=45b2c4a742fe312a" with incorrect slideshowid nothing happens, but must be access_deny() error.

          Oleg Egorov RESOLVED

          Show
          Eduards Samersovs added a comment - - edited (1) Require put id validation also on delete. For example in slide shows if we with hands open url "slideconf.php?delete=1&form=update&slideshowid=2000000&sid=45b2c4a742fe312a" with incorrect slideshowid nothing happens, but must be access_deny() error. Oleg Egorov RESOLVED
          Hide
          Eduards Samersovs added a comment - - edited

          (2) Please move permission checks on top of php script (after input params validation).

          Oleg Egorov RESOLVED IN svn://svn.zabbix.com/branches/dev/ZBX-5700 r31013

          Show
          Eduards Samersovs added a comment - - edited (2) Please move permission checks on top of php script (after input params validation). Oleg Egorov RESOLVED IN svn://svn.zabbix.com/branches/dev/ZBX-5700 r31013
          Hide
          Oleg Egorov added a comment -

          Fixed duplicates in audit log after deleting

          Show
          Oleg Egorov added a comment - Fixed duplicates in audit log after deleting
          Hide
          Oleg Egorov added a comment -

          Fixed problem with spaces in audit log

          Show
          Oleg Egorov added a comment - Fixed problem with spaces in audit log
          Hide
          Eduards Samersovs added a comment - - edited

          (3) Please use get_slideshow_by_slideshowid() in slideconf.php line 66

          Oleg Egorov RESOLVED
          Eduards Samersovs CLOSED

          Show
          Eduards Samersovs added a comment - - edited (3) Please use get_slideshow_by_slideshowid() in slideconf.php line 66 Oleg Egorov RESOLVED Eduards Samersovs CLOSED
          Hide
          Eduards Samersovs added a comment - - edited

          (4) It's still possible to call page with incorrect IDs through GO methods, for example in slide shows: slideconf.php?shows=1000000&go=delete&sid=45b2c4a742fe312a

          Oleg Egorov RESOLVED
          Eduards Samersovs CLOSED

          Show
          Eduards Samersovs added a comment - - edited (4) It's still possible to call page with incorrect IDs through GO methods, for example in slide shows: slideconf.php?shows=1000000&go=delete&sid=45b2c4a742fe312a Oleg Egorov RESOLVED Eduards Samersovs CLOSED
          Hide
          Eduards Samersovs added a comment - - edited

          (5) Please rename variable $db_proxy (in proxies.php) to $dbProxies. Because we use "Java style" for variables and "s" because it's return multiple rows. Same for over pages to..

          Oleg Egorov RESOLVED
          Eduards Samersovs CLOSED, perfect!

          Show
          Eduards Samersovs added a comment - - edited (5) Please rename variable $db_proxy (in proxies.php) to $dbProxies. Because we use "Java style" for variables and "s" because it's return multiple rows. Same for over pages to.. Oleg Egorov RESOLVED Eduards Samersovs CLOSED, perfect!
          Hide
          Eduards Samersovs added a comment - - edited

          (6) If you see old unformatted code be happy to fix it, for example in adm.images.php line:46
          incorrect:
          $db_image = DBfetch(DBselect('SELECT i.imagetype,i.name FROM images i WHERE i.imageid = '.get_request('imageid')));
          correct:
          $dbImage = DBfetch(DBselect('SELECT i.imagetype,i.name FROM images i WHERE i.imageid='.get_request('imageid')));

          Oleg Egorov RESOLVED
          Eduards Samersovs CLOSED

          Show
          Eduards Samersovs added a comment - - edited (6) If you see old unformatted code be happy to fix it, for example in adm.images.php line:46 incorrect: $db_image = DBfetch(DBselect('SELECT i.imagetype,i.name FROM images i WHERE i.imageid = '.get_request('imageid'))); correct: $dbImage = DBfetch(DBselect('SELECT i.imagetype,i.name FROM images i WHERE i.imageid='.get_request('imageid'))); Oleg Egorov RESOLVED Eduards Samersovs CLOSED
          Hide
          Eduards Samersovs added a comment - - edited

          This issue must fix also ZBX-4185 and ZBX-4186. Need to be re-tested.

          Oleg Egorov RESOLVED IN svn://svn.zabbix.com/branches/dev/ZBX-5700 r31070
          Eduards Samersovs CLOSED

          Show
          Eduards Samersovs added a comment - - edited This issue must fix also ZBX-4185 and ZBX-4186 . Need to be re-tested. Oleg Egorov RESOLVED IN svn://svn.zabbix.com/branches/dev/ZBX-5700 r31070 Eduards Samersovs CLOSED
          Hide
          Eduards Samersovs added a comment - - edited

          (7) Suggest do optimization for permissions check on GO, as we discussed.

          Oleg Egorov RESOLVED IN r31080
          Eduards Samersovs CLOSED, Perfect!

          Show
          Eduards Samersovs added a comment - - edited (7) Suggest do optimization for permissions check on GO, as we discussed. Oleg Egorov RESOLVED IN r31080 Eduards Samersovs CLOSED, Perfect!
          Hide
          Eduards Samersovs added a comment -

          Tested!

          Show
          Eduards Samersovs added a comment - Tested!
          Hide
          Oleg Egorov added a comment -

          FIXED IN 2.0.4rc1 r31084, 2.1.0(trunk) r31085
          CLOSED

          Show
          Oleg Egorov added a comment - FIXED IN 2.0.4rc1 r31084, 2.1.0(trunk) r31085 CLOSED

            People

            • Assignee:
              Oleg Egorov
              Reporter:
              Eduards Samersovs
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: