예제 #1
0
function PrintPcapDownload($db, $id)
{
    if (is_array($db->DB->MetaColumnNames('data')) && (!in_array("pcap_header", $db->DB->MetaColumnNames('data')) || !in_array("data_header", $db->DB->MetaColumnNames('data')))) {
        $type = 3;
    } else {
        $type = 2;
    }
    $query = CleanVariable($_SERVER["QUERY_STRING"], VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER);
    if (isset($_GET['asciiclean']) && $_GET['asciiclean'] == 1 || isset($_COOKIE['asciiclean']) && $_COOKIE["asciiclean"] == "clean" && !isset($_GET['asciiclean'])) {
        $url = '<a href="base_payload.php?' . Util::htmlentities($query);
        $url .= '&amp;download=' . urlencode($type) . '&amp;id=' . urlencode($id) . '&amp;asciiclean=1&amp;minimal_view=' . urlencode($_GET['minimal_view']) . '">&nbsp;[' . _("Download in pcap format") . ']</a>';
    } else {
        $url = '<a href="base_payload.php?' . Util::htmlentities($query);
        $url .= '&amp;download=' . urlencode($type) . '&amp;id=' . urlencode($id) . '&amp;asciiclean=0&amp;minimal_view=' . urlencode($_GET['minimal_view']) . '">&nbsp;[' . _("Download in pcap format") . ']</a>';
    }
    return $url;
}
예제 #2
0
function GetQueryResultID($submit, &$seq, &$sid, &$cid)
{
    /* extract the sid and cid from the $submit variable of the form
       #XX-(XX-XX)
       |   |  |
       |   |  |--- cid
       |   |------ sid
       |---------- sequence number of DB lookup
       */
    $submit = strstr($submit, "#");
    $submit = str_replace("#", "", $submit);
    $submit = str_replace("(", "", $submit);
    $submit = str_replace(")", "", $submit);
    $tmp = explode("-", $submit);
    /* Since the submit variable is not cleaned do so here: */
    $seq = CleanVariable($tmp[0], VAR_DIGIT);
    $sid = CleanVariable($tmp[1], VAR_DIGIT);
    $cid = CleanVariable($tmp[2], VAR_DIGIT);
}
예제 #3
0
function DateTimeRows2sql($field, $cnt, &$s_sql)
{
    global $db;
    $tmp2 = "";
    $allempty = FALSE;
    $time_field = array("mysqli" => ":", "mysql" => ":", "mssql" => ":");
    $minsec = array(">=" => "00", "<=" => "59");
    //print_r($field)."<br><br>";
    if ($cnt >= 1 && count($field) == 0) {
        return 0;
    }
    for ($i = 0; $i < $cnt; $i++) {
        $tmp = "";
        if (isset($field[$i]) && $field[$i][1] != " " && $field[$i][1] != "") {
            //echo "entrando $i\n";
            $op = $field[$i][1];
            $t = "";
            /* Build the SQL string when >, >=, <, <= operator is used */
            if ($op != "=") {
                /* date */
                if ($field[$i][4] != " ") {
                    /* create the date string */
                    $t = $field[$i][4];
                    /* year */
                    if ($field[$i][2] != " ") {
                        $t = $t . "-" . $field[$i][2];
                        /* month */
                        //echo "<!-- \n\n\n\n\n\n\n dia: -" . $field[$i][3] . "- -->\n\n\n\n\n\n";
                        if ($field[$i][3] != "") {
                            $t = $t . "-" . FormatTimeDigit($field[$i][3]);
                        } else {
                            $t = $i == 0 ? $t . "-01" : ($t = $t . "-31");
                        }
                    } else {
                        $t = $t . "-01-01";
                    }
                }
                /* time */
                // For MSSQL, you must have colons in the time fields.
                // Otherwise, the DATEDIFF function will return Arithmetic Overflow
                if ($field[$i][5] != "") {
                    $t = $t . " " . FormatTimeDigit($field[$i][5]);
                    /* hour */
                    if ($field[$i][6] != "") {
                        $t = $t . $time_field[$db->DB_type] . FormatTimeDigit($field[$i][6]);
                        /* minute */
                        if ($field[$i][7] != "") {
                            $t = $t . $time_field[$db->DB_type] . FormatTimeDigit($field[$i][7]);
                        } else {
                            $t = $t . $time_field[$db->DB_type] . $minsec[$op];
                        }
                    } else {
                        $t = $t . $time_field[$db->DB_type] . $minsec[$op] . $time_field[$db->DB_type] . $minsec[$op];
                    }
                } else {
                    if ($op == ">" && $field[$i][4] != " ") {
                        $t = $t . " 23:59:59";
                    } else {
                        if ($op == "<=" && $field[$i][4] != " ") {
                            $t = $t . " 23:59:59";
                        }
                    }
                }
                /* neither date or time */
                if ($field[$i][4] == " " && $field[$i][5] == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An operator of") . " '" . $field[$i][1] . "' " . gettext("was selected indicating that some date/time criteria should be matched, but no value was specified."));
                } else {
                    if ($field[$i][4] != " " && $field[$i][5] != "" || $field[$i][4] != " ") {
                        if ($db->DB_type == "oci8") {
                            $tmp = $field[$i][0] . " timestamp " . $op . "to_date( '{$t}', 'YYYY-MM-DD HH24MISS' )" . $field[$i][8] . ' ' . $field[$i][9];
                        } else {
                            if (count($field) > 1) {
                                // Better fix for bug #1199128
                                // Number of values in each criteria line
                                //print_r($field[$i]);
                                $count = array_count_values_multidim($field[$i]);
                                // Number of empty values
                                $empty = $count[""];
                                // Total number of values in the criteria line (empty or filled)
                                $array_count = count($count);
                                // Check to see if any fields were left empty
                                //if(isset($count[""]))
                                // If the number of empty fields is greater than (impossible) or equal to (possible) the number of values in the array, then they must all be empty
                                //if ($empty >= $array_count)
                                //$allempty = TRUE;
                                // Trim off white space
                                $field[$i][9] = trim($field[$i][9]);
                                // And if the certain line was empty, then we dont care to process it
                                if ($allempty) {
                                    // So move on
                                    continue;
                                } else {
                                    // Otherwise process it
                                    if ($i < $cnt - 1) {
                                        $tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8] . ' ' . CleanVariable($field[$i][9], VAR_ALPHA);
                                    } else {
                                        $tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8];
                                    }
                                }
                            } else {
                                // If we just have one criteria line, then do with it what we must
                                if ($i < $cnt - 1) {
                                    $tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8] . ' ' . CleanVariable($field[$i][9], VAR_ALPHA);
                                } else {
                                    $tmp = $field[$i][0] . " timestamp " . $op . "'{$t}'" . $field[$i][8];
                                }
                            }
                        }
                    } else {
                        if ($field[$i][5] != " " && $field[$i][5] != "") {
                            ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("(Invalid Hour) No date criteria were entered with the specified time."));
                        }
                    }
                }
            } else {
                $query_str = "";
                $query_str = $field[$i][4] . "-";
                $query_str .= $field[$i][2] . "-";
                $query_str .= $field[$i][3] . " ";
                $query_str .= $field[$i][5] . ":";
                $query_str .= $field[$i][6] . ":";
                $query_str .= $field[$i][7] . "";
                $query_str = preg_replace("/\\s*\\:+\\s*\$/", "", $query_str);
                addSQLItem($tmp, "timestamp like \"{$query_str}%\"");
                /* neither date or time */
                if ($tmp == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An operator of") . " '" . $field[$i][1] . "' " . gettext("was selected indicating that some date/time criteria should be matched, but no value was specified."));
                } else {
                    if ($i < $cnt - 1) {
                        $tmp = $field[$i][0] . $tmp . ') ' . $field[$i][8] . CleanVariable($field[$i][9], VAR_ALPHA);
                    } else {
                        $tmp = $field[$i][0] . $tmp . ') ' . $field[$i][8];
                    }
                }
            }
        } else {
            if (isset($field[$i])) {
                if (($field[$i][2] != "" || $field[$i][3] != "" || $field[$i][4] != "") && $field[$i][1] == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A date/time value of") . " '" . $field[$i][2] . "-" . $field[$i][3] . "-" . $field[$i][4] . " " . $field[$i][5] . ":" . $field[6] . ":" . $field[7] . "' " . gettext("was entered but no operator was selected."));
                }
            }
        }
        if ($i > 0 && $field[$i - 1][9] == ' ' && $field[$i - 1][4] != " ") {
            ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple Date/Time criteria entered without a boolean operator (e.g. AND, OR) between them."));
        }
        $tmp2 = preg_match("/\\s+(AND|OR)\\s*\$/", $tmp2) || $i == 0 ? $tmp2 . $tmp : $tmp2 . " AND " . $tmp;
    }
    $tmp2 = trim(preg_replace("/(\\s*(AND|OR)\\s*)+\$/", "", $tmp2));
    if ($tmp2 != "" && $tmp2 != "AND" && $tmp2 != "OR") {
        BalanceBrackets($tmp2);
        $s_sql = $s_sql . " AND ( " . $tmp2 . " ) ";
        return 1;
    }
    BalanceBrackets($s_sql);
    return 0;
}
예제 #4
0
function GetNewResultID($submit, &$seq, &$id)
{
    /* extract the sid and cid from the $submit variable of the form
       #XX-XX
       |   |
       |   |------ hex id
       |---------- sequence number of DB lookup
       */
    preg_match("/.*#(\\d+)-(.*)/", $submit, $tmp);
    /* Since the submit variable is not cleaned do so here: */
    $seq = CleanVariable($tmp[1], VAR_DIGIT);
    $id = CleanVariable($tmp[2], VAR_DIGIT | VAR_LETTER);
}
예제 #5
0
 function SanitizeElement()
 {
     $this->criteria = CleanVariable($this->criteria, VAR_DIGIT);
 }
예제 #6
0
function PushHistory()
{
    if ($GLOBALS['debug_mode'] > 1) {
        ErrorMessage("Saving state (into " . $_SESSION['back_list_cnt'] . ")");
    }
    /* save the current session without the $back_list into the history
     *   - make a temporary copy of the $back_list
     *   - NULL-out the $back_list in $_SESSION (so that
     *       the current session is serialized without these variables)
     *   - serialize the current session
     *   - fix-up the QUERY_STRING
     *       - make a new QUERY_STRING that includes the temporary QueryState variables
     *       - remove &back=1 from any QUERY_STRING
     *   - add the current session into the $back_list (history)
     */
    if (isset($_SESSION['back_list'])) {
        $tmp_back_list = $_SESSION['back_list'];
    } else {
        $tmp_back_list = '';
    }
    if (isset($_SESSION['back_list_cnt'])) {
        $tmp_back_list_cnt = $_SESSION['back_list_cnt'];
    } else {
        $tmp_back_list_cnt = '';
    }
    $_SESSION['back_list'] = NULL;
    $_SESSION['back_list_cnt'] = -1;
    $full_session = session_encode();
    $_SESSION['back_list'] = $tmp_back_list;
    $_SESSION['back_list_cnt'] = $tmp_back_list_cnt;
    $query_string = CleanVariable($_SERVER["QUERY_STRING"], VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER);
    if (isset($_POST['caller'])) {
        $query_string .= "&amp;caller=" . $_POST['caller'];
    }
    if (isset($_POST['num_result_rows'])) {
        $query_string .= "&amp;num_result_rows=" . $_POST['num_result_rows'];
    }
    if (isset($_POST['sort_order'])) {
        $query_string .= "&amp;sort_order=" . $_POST['sort_order'];
    }
    if (isset($_POST['current_view'])) {
        $query_string .= "&amp;current_view=" . $_POST['current_view'];
    }
    if (isset($_POST['submit'])) {
        $query_string .= "&amp;submit=" . $_POST['submit'];
    }
    //$query_string .= "&amp;time_range=".$_GET['time_range'];
    $query_string = ereg_replace("back=1&", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
    ++$_SESSION['back_list_cnt'];
    $_SESSION['back_list'][$_SESSION['back_list_cnt']] = array("SCRIPT_NAME" => $_SERVER["SCRIPT_NAME"], "QUERY_STRING" => $query_string, "session" => $full_session);
    if ($GLOBALS['debug_mode'] > 1) {
        ErrorMessage("Insert session into slot #" . $_SESSION['back_list_cnt']);
        echo "Back List (Cnt = " . $_SESSION['back_list_cnt'] . ") <PRE style='font-size:9px'>";
        print_r($_SESSION);
        echo "</PRE>";
    }
}
예제 #7
0
function ImportHTTPVar($var_name, $valid_data = "", $exception = "")
{
    $tmp = "";
    if (isset($_POST[$var_name])) {
        //if ( $debug_mode > 0 )  echo "importing POST var '$var_name'<BR>";
        $tmp = $_POST[$var_name];
    } else {
        if (isset($_GET[$var_name])) {
            //if ( $debug_mode > 0 )  echo "importing GET var '$var_name'<BR>";
            $tmp = $_GET[$var_name];
        } else {
            $tmp = "";
        }
    }
    return CleanVariable($tmp, $valid_data, $exception);
}