function dispatchImageRequest() { genericAssertion('img', 'string'); global $pageno, $tabno; switch ($_REQUEST['img']) { case 'minirack': // rack security context $pageno = 'rack'; $tabno = 'default'; fixContext(); assertPermission(); dispatchMiniRackThumbRequest(getBypassValue()); break; case 'midirack': // rack security context $pageno = 'rack'; $tabno = 'default'; fixContext(); assertPermission(); genericAssertion('scale', 'uint'); # Scaling implies no caching, there is no special dispatching. header('Content-type: image/png'); printRackThumbImage(getBypassValue(), $_REQUEST['scale']); break; case 'preview': // file security context $pageno = 'file'; $tabno = 'download'; fixContext(); assertPermission(); renderImagePreview(getBypassValue()); break; case 'cactigraph': $pageno = 'object'; $tabno = 'cacti'; fixContext(); assertPermission(); genericAssertion('server_id', 'uint'); genericAssertion('graph_id', 'uint'); if (!array_key_exists($_REQUEST['graph_id'], getCactiGraphsForObject(getBypassValue()))) { throw new InvalidRequestArgException('graph_id', $_REQUEST['graph_id']); } proxyCactiRequest($_REQUEST['server_id'], $_REQUEST['graph_id']); break; case 'muningraph': $pageno = 'object'; $tabno = 'munin'; fixContext(); assertPermission(); genericAssertion('server_id', 'uint'); genericAssertion('graph', 'string'); if (!array_key_exists($_REQUEST['graph'], getMuninGraphsForObject(getBypassValue()))) { throw new InvalidRequestArgException('graph', $_REQUEST['graph']); } proxyMuninRequest($_REQUEST['server_id'], $_REQUEST['graph']); break; default: renderErrorImage(); } }
function dispatchImageRequest() { genericAssertion('img', 'string'); global $pageno, $tabno; switch ($_REQUEST['img']) { case 'minirack': // rack security context $pageno = 'rack'; $tabno = 'default'; fixContext(); assertPermission(); renderRackThumb(getBypassValue()); break; case 'preview': // file security context $pageno = 'file'; $tabno = 'download'; fixContext(); assertPermission(); renderImagePreview(getBypassValue()); break; case 'cactigraph': $pageno = 'object'; $tabno = 'cacti'; fixContext(); assertPermission(); genericAssertion('graph_id', 'uint'); if (!array_key_exists($_REQUEST['graph_id'], getCactiGraphsForObject(getBypassValue()))) { throw new InvalidRequestArgException('graph_id', $_REQUEST['graph_id']); } proxyCactiRequest($_REQUEST['graph_id']); break; default: renderErrorImage(); } }
function updateCableIdAJAX() { global $sic; assertUIntArg('id'); assertStringArg('text', TRUE); $port_info = getPortInfo($sic['id']); fixContext(spotEntity('object', $port_info['object_id'])); assertPermission('object', 'ports', 'editPort'); if (!$port_info['linked']) { throw new RackTablesError('Cant update cable ID: port is not linked'); } if ($port_info['reservation_comment'] !== $sic['text']) { commitUpdatePortLink($sic['id'], $sic['text']); } echo 'OK'; }
function del8021QOrder() { assertUIntArg('object_id'); assertUIntArg('vdom_id'); assertUIntArg('vst_id'); global $sic, $pageno; fixContext(); if ($pageno != 'object') { spreadContext(spotEntity('object', $sic['object_id'])); } if ($pageno != 'vst') { spreadContext(spotEntity('vst', $sic['vst_id'])); } assertPermission(); usePreparedDeleteBlade('VLANSwitch', array('object_id' => $sic['object_id'])); $focus_hints = array('prev_objid' => $_REQUEST['object_id'], 'prev_vstid' => $_REQUEST['vst_id'], 'prev_vdid' => $_REQUEST['vdom_id']); showFuncMessage(__FUNCTION__, 'OK'); return buildRedirectURL(NULL, NULL, $focus_hints); }
function createIPv6Prefix($range = '', $name = '', $is_connected = FALSE, $taglist = array(), $vlan_ck = NULL) { // $range is in aaa0:b::c:d/x format, split into ip/mask vars $rangeArray = explode('/', $range); if (count($rangeArray) != 2) { throw new InvalidRequestArgException('range', $range, 'Invalid IPv6 prefix'); } $ip = $rangeArray[0]; $mask = $rangeArray[1]; $net = constructIPRange(ip6_parse($ip), $mask); usePreparedInsertBlade('IPv6Network', array('ip' => $net['ip_bin'], 'last_ip' => ip_last($net), 'mask' => $mask, 'name' => $name)); $network_id = lastInsertID(); # RFC3513 2.6.1 - Subnet-Router anycast if ($is_connected) { updateV6Address($net['ip_bin'], 'Subnet-Router anycast', 'yes'); } produceTagsForNewRecord('ipv6net', $taglist, $network_id); if ($vlan_ck != NULL) { $ctx = getContext(); fixContext(spotEntity('ipv6net', $network_id)); if (permitted('ipv6net', '8021q', 'bind')) { commitSupplementVLANIPv6($vlan_ck, $network_id); } restoreContext($ctx); } return $network_id; }
function renderPopupHTML() { global $pageno, $tabno; header('Content-Type: text/html; charset=UTF-8'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" style="height: 100%;"> <?php assertStringArg('helper'); $text = ''; switch ($_REQUEST['helper']) { case 'objlist': $pageno = 'object'; $tabno = 'default'; fixContext(); assertPermission(); $text .= getOutputOf('renderPopupObjectSelector'); break; case 'portlist': $pageno = 'depot'; $tabno = 'default'; fixContext(); assertPermission(); $text .= '<div style="background-color: #f0f0f0; border: 1px solid #3c78b5; padding: 10px; height: 100%; text-align: center; margin: 5px;">'; if (isset($_REQUEST['do_link'])) { $text .= getOutputOf('callHook', 'handlePopupPortLink'); } else { $text .= getOutputOf('callHook', 'renderPopupPortSelector'); } $text .= '</div>'; break; case 'inet4list': $pageno = 'ipv4space'; $tabno = 'default'; fixContext(); assertPermission(); $text .= getOutputOf('renderPopupIPv4Selector'); break; default: throw new InvalidRequestArgException('helper', $_REQUEST['helper']); } echo '<head><title>RackTables pop-up</title>'; printPageHeaders(); echo '</head>'; echo '<body style="height: 100%;">' . $text . '</body>'; ?> </html> <?php }
require_once 'inc/ophandlers.php'; // snmp.php is an exception, it is treated by a special hack if (isset($_REQUEST['op']) and $_REQUEST['op'] == 'querySNMPData') { require_once 'inc/snmp.php'; } require_once 'inc/init.php'; try { genericAssertion('op', 'string'); $op = $_REQUEST['op']; prepareNavigation(); $location = buildRedirectURL(); // FIXME: find a better way to handle this error if ($op == 'addFile' && !isset($_FILES['file']['error'])) { throw new RackTablesError('File upload error, check upload_max_filesize in php.ini', RackTablesError::MISCONFIGURED); } fixContext(); if (!isset($ophandler[$pageno][$tabno][$op]) or !is_callable($ophandler[$pageno][$tabno][$op])) { throw new RackTablesError("Invalid navigation data for '{$pageno}-{$tabno}-{$op}'", RackTablesError::INTERNAL); } // We have a chance to handle an error before starting HTTP header. if (!isset($delayauth["{$pageno}-{$tabno}-{$op}"])) { assertPermission(); } # Call below does the job of bypass argument assertion, if such is required, # so the ophandler function doesn't have to re-assert this portion of its # arguments. And it would be even better to pass returned value to ophandler, # so it is not necessary to remember the name of bypass in it. getBypassValue(); if (strlen($redirect_to = call_user_func($ophandler[$pageno][$tabno][$op]))) { $location = $redirect_to; }
function isolatedPermission($p, $t, $cell) { // This function is called from both "file" page and a number of other pages, // which have already fixed security context and authorized the user for it. // OTOH, it is necessary here to authorize against the current file, which // means saving the current context and building a new one. global $expl_tags, $impl_tags, $target_given_tags, $auto_tags; // push current context $orig_expl_tags = $expl_tags; $orig_impl_tags = $impl_tags; $orig_target_given_tags = $target_given_tags; $orig_auto_tags = $auto_tags; // retarget fixContext($cell); // remember decision $ret = permitted($p, $t); // pop context $expl_tags = $orig_expl_tags; $impl_tags = $orig_impl_tags; $target_given_tags = $orig_target_given_tags; $auto_tags = $orig_auto_tags; return $ret; }