Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/graphs/application/mysql_innodb_io_pending.inc.php
+++ b/includes/html/graphs/application/mysql_innodb_io_pending.inc.php
@@ -0,0 +1,38 @@
+<?php
+
+require 'includes/html/graphs/common.inc.php';
+
+$rrd_filename = rrd_name($device['hostname'], array('app', 'mysql', $app['app_id']));
+
+$array = array(
+          'IBILog' => 'AIO Log',
+          'IBISc'  => 'AIO Sync',
+          'IBIFLg' => 'Buf Pool Flush',
+          'IBFBl'  => 'Log Flushes',
+          'IBIIAo' => 'Insert Buf AIO Read',
+          'IBIAd'  => 'Normal AIO Read',
+          'IBIAe'  => 'Normal AIO Writes',
+         );
+
+$i = 0;
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($array as $ds => $var) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        if (is_array($var)) {
+            $rrd_list[$i]['descr'] = $var['descr'];
+        } else {
+            $rrd_list[$i]['descr'] = $var;
+        }
+
+        $rrd_list[$i]['ds'] = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $file";
+}
+
+$colours   = 'mixed';
+$nototal   = 1;
+$unit_text = '';
+
+require 'includes/html/graphs/generic_multi_simplex_seperated.inc.php';