librenms-librenms/includes/html/vars.inc.php

<?php

use LibreNMS\Config;

foreach ($_GET as $key => $get_var) {
    if (strstr($key, 'opt')) {
        [$name, $value] = explode('|', $get_var);
        if (! isset($value)) {
            $value = 'yes';
        }

        $vars[$name] = strip_tags($value);
    }
}

$base_url = parse_url(Config::get('base_url'));
$uri = explode('?', $_SERVER['REQUEST_URI'], 2)[0] ?? ''; // remove query, that is handled below with $_GET

// don't parse the subdirectory, if there is one in the path
if (isset($base_url['path']) && strlen($base_url['path']) > 1) {
    $segments = explode('/', trim(str_replace($base_url['path'], '', $uri), '/'));
} else {
    $segments = explode('/', trim($uri, '/'));
}

foreach ($segments as $pos => $segment) {
    $segment = urldecode($segment);
    if ($pos === 0) {
        $vars['page'] = $segment;
    } else {
        [$name, $value] = explode('=', $segment);
        if ($value == '' || ! isset($value)) {
            if ($vars['page'] == 'device' && $pos < 3) {
                // translate laravel device routes properly
                $vars[$pos === 1 ? 'device' : 'tab'] = $name;
            } else {
                $vars[$name] = 'yes';
            }
        } else {
            $vars[$name] = $value;
        }
    }
}

foreach ($_GET as $name => $value) {
    $vars[$name] = strip_tags($value);
}

foreach ($_POST as $name => $value) {
    $vars[$name] = ($value);
}

// don't leak login data
unset($vars['username'], $vars['password'], $uri, $base_url);
CSV Exports 2015-04-16 10:08:19 +00:00			`<?php`

Fix errors in vars.inc.php (#8913) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-07-17 03:19:29 -05:00			`use LibreNMS\Config;`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($_GET as $key => $get_var) {`
			`if (strstr($key, 'opt')) {`
Apply fixes from StyleCI (#12120) 2020-09-21 15:40:17 +02:00			`[$name, $value] = explode('\|', $get_var);`
			`if (! isset($value)) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$value = 'yes';`
			`}`

Remove legacy function calls (#12651) * massive inlines * fix style and wtf * remove rrdtool.inc.php include * fix CommonFunctions namespace issues * looking for missing class space, fix undefined class issues * style fixes 2021-03-28 17:25:30 -05:00			`$vars[$name] = strip_tags($value);`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`

Fix errors in vars.inc.php (#8913) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-07-17 03:19:29 -05:00			`$base_url = parse_url(Config::get('base_url'));`
Don't add %3F=yes to the url (#13041) * Don't add %3F=yes to the url... * introduce variable 2021-07-14 09:26:33 -05:00			`$uri = explode('?', $_SERVER['REQUEST_URI'], 2)[0] ?? ''; // remove query, that is handled below with $_GET`

check for sites where there is no subdirectory 2015-08-11 14:22:20 -07:00			`// don't parse the subdirectory, if there is one in the path`
Fix errors in vars.inc.php (#8913) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-07-17 03:19:29 -05:00			`if (isset($base_url['path']) && strlen($base_url['path']) > 1) {`
Don't add %3F=yes to the url (#13041) * Don't add %3F=yes to the url... * introduce variable 2021-07-14 09:26:33 -05:00			`$segments = explode('/', trim(str_replace($base_url['path'], '', $uri), '/'));`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Don't add %3F=yes to the url (#13041) * Don't add %3F=yes to the url... * introduce variable 2021-07-14 09:26:33 -05:00			`$segments = explode('/', trim($uri, '/'));`
check for sites where there is no subdirectory 2015-08-11 14:22:20 -07:00			`}`
CSV Exports 2015-04-16 10:08:19 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($segments as $pos => $segment) {`
			`$segment = urldecode($segment);`
Device page dropdown hero button, Performance -> Latency (#11328) * Throw some shit together, rough outline. * Reorganize tabs, use tab controllers * Implement performance (into the latency tab) * Update resources/views/device/header.blade.php Co-Authored-By: Jellyfrog <Jellyfrog@users.noreply.github.com> * Add more tabs * All controllers created * Implement routes * Implement smokeping * routing and auth * fix smokeping check * Implement device dropdown menu * Update deviceUrl to new style * Use Gates * Fix style * use more appropriate gates * add show-config gate remove Laravel helper * Only show vlan tab if VLANs exist for the device :D * Fix rancid file check will return false * revert over-zealous file name changes * don't need to request the location parameter, just cast to string to avoid bugs when not found * Move latency tab (ping/performance) to the position of performance instead of ping. Co-authored-by: Jellyfrog <Jellyfrog@users.noreply.github.com> 2020-04-29 07:25:13 -05:00			`if ($pos === 0) {`
Remove redundant calls 2016-02-10 13:54:22 +00:00			`$vars['page'] = $segment;`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Apply fixes from StyleCI (#12120) 2020-09-21 15:40:17 +02:00			`[$name, $value] = explode('=', $segment);`
			`if ($value == '' \|\| ! isset($value)) {`
Device page dropdown hero button, Performance -> Latency (#11328) * Throw some shit together, rough outline. * Reorganize tabs, use tab controllers * Implement performance (into the latency tab) * Update resources/views/device/header.blade.php Co-Authored-By: Jellyfrog <Jellyfrog@users.noreply.github.com> * Add more tabs * All controllers created * Implement routes * Implement smokeping * routing and auth * fix smokeping check * Implement device dropdown menu * Update deviceUrl to new style * Use Gates * Fix style * use more appropriate gates * add show-config gate remove Laravel helper * Only show vlan tab if VLANs exist for the device :D * Fix rancid file check will return false * revert over-zealous file name changes * don't need to request the location parameter, just cast to string to avoid bugs when not found * Move latency tab (ping/performance) to the position of performance instead of ping. Co-authored-by: Jellyfrog <Jellyfrog@users.noreply.github.com> 2020-04-29 07:25:13 -05:00			`if ($vars['page'] == 'device' && $pos < 3) {`
			`// translate laravel device routes properly`
			`$vars[$pos === 1 ? 'device' : 'tab'] = $name;`
			`} else {`
			`$vars[$name] = 'yes';`
			`}`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Remove redundant calls 2016-02-10 13:54:22 +00:00			`$vars[$name] = $value;`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`
			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($_GET as $name => $value) {`
Remove legacy function calls (#12651) * massive inlines * fix style and wtf * remove rrdtool.inc.php include * fix CommonFunctions namespace issues * looking for missing class space, fix undefined class issues * style fixes 2021-03-28 17:25:30 -05:00			`$vars[$name] = strip_tags($value);`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($_POST as $name => $value) {`
fix: Remove escape characters for services form / display #4891 2016-11-01 11:20:12 -06:00			`$vars[$name] = ($value);`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`
Don't leak passwords deep linking to a graph and logging in on Apache httpd (#8761) * Don't leak passwords when users update urls to include all variables after login * Less aggressive 2018-05-24 11:29:12 -05:00
			`// don't leak login data`
Don't add %3F=yes to the url (#13041) * Don't add %3F=yes to the url... * introduce variable 2021-07-14 09:26:33 -05:00			`unset($vars['username'], $vars['password'], $uri, $base_url);`