Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/graphs/application/mailscanner_spam.inc.php
+++ b/includes/html/graphs/application/mailscanner_spam.inc.php
@@ -0,0 +1,32 @@
+<?php
+
+require 'includes/html/graphs/common.inc.php';
+
+$scale_min    = 0;
+$nototal      = (($width < 550) ? 1 : 0);
+$unit_text    = 'Messages/sec';
+$rrd_filename = rrd_name($device['hostname'], array('app', 'mailscannerV2', $app['app_id']));
+$array        = array(
+                 'spam'  => array(
+                             'descr'  => 'Spam',
+                             'colour' => 'FF8800',
+                            ),
+                 'virus' => array(
+                             'descr'  => 'Virus',
+                             'colour' => 'FF0000',
+                            ),
+                );
+
+$i = 0;
+
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($array as $ds => $var) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $var['descr'];
+        $rrd_list[$i]['ds']       = $ds;
+        $rrd_list[$i]['colour']   = $var['colour'];
+        $i++;
+    }
+}
+
+require 'includes/html/graphs/generic_multi_simplex_seperated.inc.php';