mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security fix: unauthorized access (#10091)

Browse Source 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
2019-04-11 23:26:42 -05:00
committed by GitHub
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
includes/html/application/proxmox.inc.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
/*
* Copyright (C) 2015 Mark Schouten <mark@tuxis.nl>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; version 2 dated June,
* 1991.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* See http://www.gnu.org/licenses/gpl.txt for the full license
*/
/**
* Fetch all VM's in a Proxmox Cluster
* @param string $c Clustername
* @return array An array with all the VM's on this cluster
*/
function proxmox_cluster_vms($c)
{
return dbFetchRows("SELECT * FROM proxmox WHERE cluster = ? ORDER BY vmid", array($c));
}
/**
* Fetch all VM's on a Proxmox node
* @param integer $n device_id
* @return array An array with all the VM's on this node
*/
function proxmox_node_vms($n)
{
return dbFetchRows("SELECT * FROM proxmox WHERE device_id = ? ORDER BY vmid", array($n));
}
/**
* Fetch all info about a Proxmox VM
* @param integer $vmid Proxmox VM ID
* @param string $c Clustername
* @return array An array with all info of this VM on this cluster, including ports
*/
function proxmox_vm_info($vmid, $c)
{
$vm = dbFetchRow("SELECT pm.*, d.hostname AS host, d.device_id FROM proxmox pm, devices d WHERE pm.device_id = d.device_id AND pm.vmid = ? AND pm.cluster = ?", array($vmid, $c));
$appid = dbFetchRow("SELECT app_id FROM applications WHERE device_id = ? AND app_type = ?", array($vm['device_id'], 'proxmox'));
$vm['ports'] = dbFetchRows("SELECT * FROM proxmox_ports WHERE vm_id = ?", array($vm['id']));
$vm['app_id'] = $appid['app_id'];
return $vm;
}