Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/forms/wireless-sensor-alert-update.inc.php
+++ b/includes/html/forms/wireless-sensor-alert-update.inc.php
@@ -0,0 +1,74 @@
+<?php
+
+/*
+ * LibreNMS
+ *
+ * Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk>
+ * Copyright (c) 2017 Tony Murray <https://github.com/murrant>
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.  Please see LICENSE.txt at the top level of
+ * the source code distribution for details.
+ */
+
+use LibreNMS\Authentication\LegacyAuth;
+
+header('Content-type: application/json');
+
+// FUA
+
+if (!LegacyAuth::user()->hasGlobalAdmin()) {
+    die(json_encode([
+        'status' => 'error',
+        'message' => 'You need to be admin'
+    ]));
+}
+
+if (isset($_POST['sub_type']) && $_POST['sub_type'] == 'remove-custom') {
+    if (dbUpdate(['sensor_custom' => 'No'], 'wireless_sensors', '`sensor_id` = ?', array($_POST['sensor_id']))) {
+        die(json_encode([
+            'status' => 'ok',
+            'message' => 'Custom limit removed'
+        ]));
+    }
+
+    die(json_encode([
+        'status' => 'error',
+        'message' => 'Could not remove custom. Check librenms.log'
+    ]));
+} else {
+    if (!is_numeric($_POST['device_id']) || !is_numeric($_POST['sensor_id'])) {
+        die(json_encode([
+            'status' => 'error',
+            'message' => 'Invalid values given'
+        ]));
+    } else {
+        if ($_POST['state'] == 'true') {
+            $state = 1;
+        } elseif ($_POST['state'] == 'false') {
+            $state = 0;
+        } else {
+            $state = 0;
+        }
+
+        $update = dbUpdate(
+            ['sensor_alert' => $state],
+            'wireless_sensors',
+            '`sensor_id` = ? AND `device_id` = ?',
+            [$_POST['sensor_id'], $_POST['device_id']]
+        );
+        if (!empty($update) || $update == '0') {
+            die(json_encode([
+                'status' => 'ok',
+                'message' => 'Updated sensor value'
+            ]));
+        } else {
+            die(json_encode([
+                'status' => 'error',
+                'message' => 'Failed to update sensor value'
+            ]));
+        }
+    }
+}