librenms-librenms/html/includes/vars.inc.php

<?php

use LibreNMS\Config;

foreach ($_GET as $key => $get_var) {
    if (strstr($key, 'opt')) {
        list($name, $value) = explode('|', $get_var);
        if (!isset($value)) {
            $value = 'yes';
        }

        $vars[$name] = clean($value);
    }
}

$base_url = parse_url(Config::get('base_url'));
// don't parse the subdirectory, if there is one in the path
if (isset($base_url['path']) && strlen($base_url['path']) > 1) {
    $segments = explode('/', trim(str_replace($base_url["path"], "", $_SERVER['REQUEST_URI']), '/'));
} else {
    $segments = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
}

foreach ($segments as $pos => $segment) {
    $segment = urldecode($segment);
    if ($pos == '0') {
        $vars['page'] = $segment;
    } else {
        list($name, $value) = explode('=', $segment);
        if ($value == '' || !isset($value)) {
            $vars[$name] = 'yes';
        } else {
            $vars[$name] = $value;
        }
    }
}

foreach ($_GET as $name => $value) {
    $vars[$name] = clean($value);
}

foreach ($_POST as $name => $value) {
    $vars[$name] = ($value);
}

// don't leak login data
unset($vars['username'], $vars['password']);
CSV Exports 2015-04-16 10:08:19 +00:00			`<?php`

Fix errors in vars.inc.php (#8913) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-07-17 03:19:29 -05:00			`use LibreNMS\Config;`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($_GET as $key => $get_var) {`
			`if (strstr($key, 'opt')) {`
			`list($name, $value) = explode('\|', $get_var);`
			`if (!isset($value)) {`
			`$value = 'yes';`
			`}`

security: Fix some reported security issues (#4807) 2016-10-15 20:45:18 +01:00			`$vars[$name] = clean($value);`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`

Fix errors in vars.inc.php (#8913) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-07-17 03:19:29 -05:00			`$base_url = parse_url(Config::get('base_url'));`
check for sites where there is no subdirectory 2015-08-11 14:22:20 -07:00			`// don't parse the subdirectory, if there is one in the path`
Fix errors in vars.inc.php (#8913) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-07-17 03:19:29 -05:00			`if (isset($base_url['path']) && strlen($base_url['path']) > 1) {`
check for sites where there is no subdirectory 2015-08-11 14:22:20 -07:00			`$segments = explode('/', trim(str_replace($base_url["path"], "", $_SERVER['REQUEST_URI']), '/'));`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
check for sites where there is no subdirectory 2015-08-11 14:22:20 -07:00			`$segments = explode('/', trim($_SERVER['REQUEST_URI'], '/'));`
			`}`
CSV Exports 2015-04-16 10:08:19 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($segments as $pos => $segment) {`
			`$segment = urldecode($segment);`
			`if ($pos == '0') {`
Remove redundant calls 2016-02-10 13:54:22 +00:00			`$vars['page'] = $segment;`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`list($name, $value) = explode('=', $segment);`
			`if ($value == '' \|\| !isset($value)) {`
Fix: Use of undefined constant yes - assumed 'yes' 2016-08-07 15:39:03 +02:00			`$vars[$name] = 'yes';`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Remove redundant calls 2016-02-10 13:54:22 +00:00			`$vars[$name] = $value;`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`
			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($_GET as $name => $value) {`
security: Fix some reported security issues (#4807) 2016-10-15 20:45:18 +01:00			`$vars[$name] = clean($value);`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($_POST as $name => $value) {`
fix: Remove escape characters for services form / display #4891 2016-11-01 11:20:12 -06:00			`$vars[$name] = ($value);`
CSV Exports 2015-04-16 10:08:19 +00:00			`}`
Don't leak passwords deep linking to a graph and logging in on Apache httpd (#8761) * Don't leak passwords when users update urls to include all variables after login * Less aggressive 2018-05-24 11:29:12 -05:00
			`// don't leak login data`
			`unset($vars['username'], $vars['password']);`