Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
fix #3842 - fix security problem in eventlog page when use do not che…
Browse files Browse the repository at this point in the history 
…ck status options for alerts (up, down, warning, etc...) -> all logs are available for all user even if they have ACL
  • Loading branch information
@julienmathis
julienmathis committed Oct 21, 2015
1 parent 36a1ad3 commit 5951f1a
Showing 1 changed file with 8 additions and 12 deletions.
20 changes: 8 additions & 12 deletions www/include/eventLogs/GetXmlLog.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -506,18 +506,15 @@
if ($str_unitH != "" && $str_unitSVC != "") {
$str_unitSVC = " OR " . $str_unitSVC;
}
}
if ($str_unitH != "" || $str_unitSVC != "") {
$req .= " AND (".$str_unitH.$str_unitSVC.")";
}

if ($str_unitH != "" || $str_unitSVC != "") {
$req .= " AND (".$str_unitH.$str_unitSVC.")";
}
} else {
$req .= "AND 0 ";
}
$req .= $host_search_sql . $service_search_sql;

}
//if ($str_unitH == "" && $str_unitSVC == "") {
// $req = "";
//}


/*
* calculate size before limit for pagination
Expand All @@ -529,10 +526,9 @@
*/
$req .= $suffix_order;

if ($num < 0)
if ($num < 0) {
$num = 0;

// print $req;
}

if (isset($csv_flag) && ($csv_flag == 1)) {
$DBRESULT = $pearDBO->query($req . " LIMIT 0,64000"); //limit a little less than 2^16 which is excel maximum number of lines
Expand Down

1 comment on commit 5951f1a

@Sims24
Copy link

@Sims24 Sims24 commented on 5951f1a Oct 21, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

\o/ Works as expected ! Thanks for quick fix ;)

Please sign in to comment.