Merge pull request #169 from kim3-sudo/master

Updated sorting, version number in README ( Fixes #168 )
Update minimum version to PHP5.5
2022-12-20 16:57:07 +01:00 · 2022-12-20 10:30:25 -05:00 · 2022-12-20 10:26:39 -05:00 · 2021-10-03 01:31:50 +02:00 · 2021-09-07 14:53:34 +02:00 · 2021-04-22 09:16:30 +02:00
4 changed files with 32 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -13,7 +13,7 @@ It means the beta that is heavily unstable that is meant for contributors to mak
 #### Public Beta
 ##### This beta has some bugs that are not really noticeable and mostly exist as bugs. Best for trying the new features before updating!
 -->
-Very simple server status page written in PHP that can run on **PHP 5.4+** - even on **shared webhosting** even without shell access. Because why waste your money on another server (or host on a server that you might want to do maintenance on), when you can use cheap webhosting? And as a cherry on top - it works even without javascript!
+Very simple server status page written in PHP that can run on **PHP 5.5+** - even on **shared webhosting** even without shell access. Because why waste your money on another server (or host on a server that you might want to do maintenance on), when you can use cheap webhosting? And as a cherry on top - it works even without javascript!

 ## How do I install this thing?
 Simply put the files on your server and access it from your browser. There will be a simple install dialog waiting for you.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version of server-status is being supported. Older versions won't recieve security updates.
+
+## Reporting a Vulnerability
+
+If you believe that you have have discovered a vulnerability you can report it by emailing the [lead maintainer](https://github.com/Pryx) at vojtech@sajdl.com. 
+
+Please include the keyword VULNERABILITY and the repository name in the subject of the email. 
+
+In the email, please describe your findings, the project versions you tested and were affected by the vulnerability and also include the full steps to reproduce it. 
+We appreciate your efforts to make server-status more secure and will try to do everytihing in our power to get the issues resolved as fast as possible. We will 
+keep you informed of the progress towards a fix.
--- a/api/status.php
+++ b/api/status.php
@ -15,26 +15,25 @@ else{
 	  $array = $constellation->render_status(true, false);
 	  echo json_encode($array);
  }else{
-  	$query = $mysqli->prepare("SELECT name FROM services WHERE id=?");
-  	$query->bind_param("i", $_GET['id']);
-  	$query->execute();
-    $result = $query->get_result()->fetch_assoc();
+    // get id of service, check if service exists
+    $queryId = $mysqli->prepare("SELECT id from services where id = ?;");
+    $queryId->bind_param("i", $_GET['id']);
+    $queryId->execute();
+    $result = $queryId->get_result()->fetch_assoc();
    if (!count($result))
    {
    	die(json_encode(["error" => _("Service does not exist!")]));
    }
-
-  	$sql = $mysqli->prepare("SELECT type FROM services_status INNER JOIN status ON services_status.status_id = status.id WHERE service_id = ? AND `time` <= ? AND (`end_time` >= ? OR `end_time`=0) ORDER BY `time` DESC LIMIT 1");
-
-    $sql->bind_param("iii", $id, $timestamp, $timestamp);
-    $sql->execute();
-    $tmp = $sql->get_result();
-    if ($tmp->num_rows)
-    {
-      $service = new Service($_GET['id'], $result['name'], $tmp->fetch_assoc()['type']);
-    }
-    else{
-      $service = new Service($_GET['id'], $result['name']);
+    // get name, description and status.type (status of service) by id
+  	$query = $mysqli->prepare("select services.id, name, description, status.type from services inner join status on status.id = services.id where services.id = ?;");
+  	$query->bind_param("i", $_GET['id']);
+  	$query->execute();
+    $result = $query->get_result()->fetch_assoc();
+    // if type is a number then return it, else just return the service name/desc
+    if (is_numeric($result["type"])) {
+      $service = new Service($_GET["id"], $result["name"], $result["description"], '', $result["type"]);
+    } else {
+      $service = new Service($_GET["id"], $result["name"], $result["description"]);
    }

    echo json_encode($service);
--- a/classes/constellation.php
+++ b/classes/constellation.php
@ -73,7 +73,7 @@ class Constellation
    global $mysqli;

    //$query = $mysqli->query("SELECT id, name, description FROM services");
-    $query = $mysqli->query("SELECT services.id, services.name, services.description, services_groups.name as group_name FROM services LEFT JOIN services_groups ON services.group_id=services_groups.id ORDER BY services_groups.name ");
+    $query = $mysqli->query("SELECT services.id, services.name, services.description, services_groups.name as group_name FROM services LEFT JOIN services_groups ON services.group_id=services_groups.id ORDER BY services_groups.name ASC, services.name;");
    $array = array();
    if ($query->num_rows){
      $timestamp = time();
Author	SHA1	Message	Date
Vojtěch Sajdl	b2baa5051b	Merge pull request #169 from kim3-sudo/master Updated sorting, version number in README ( Fixes #168 )	2022-12-20 16:57:07 +01:00
Sejin Kim	9951c22d07	Update minimum version to PHP5.5 This version is not compatible with PHP 5.4 due to a constants handling issue. See [GH issue #168](https://github.com/server-status-project/server-status/issues/168)	2022-12-20 10:30:25 -05:00
Sejin Kim	2d65d0f9df	Add sort for services for group then service	2022-12-20 10:26:39 -05:00
Vojtěch Sajdl	c9bcbc241b	Merge pull request #148 from Steffen-MLR/master Fix for status api by correcting sql queries	2021-10-03 01:31:50 +02:00
Vojtěch Sajdl	184f803d6e	Create SECURITY.md	2021-09-07 14:53:34 +02:00
Steffen Mueller	002bb13e10	Fix for status api by correcting sql queries	2021-04-22 09:16:30 +02:00
Steffen Mueller	58b375161d	Big fix for status api with parameter ID	2021-03-15 08:57:14 +01:00