Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/graphs/application/postfix_qstats.inc.php
+++ b/includes/html/graphs/application/postfix_qstats.inc.php
@@ -0,0 +1,48 @@
+<?php
+$name = 'postfix';
+$app_id = $app['app_id'];
+$scale_min     = 0;
+$colours       = 'mixed';
+$unit_text     = '';
+$unitlen       = 10;
+$bigdescrlen   = 9;
+$smalldescrlen = 9;
+$dostack       = 0;
+$printtotal    = 0;
+$addarea       = 1;
+$transparency  = 15;
+
+$rrd_filename = rrd_name($device['hostname'], array('app', $name, $app_id));
+
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    $rrd_list = array(
+        array(
+            'filename' => $rrd_filename,
+            'descr'    => 'Incoming',
+            'ds'       => 'incomingq',
+            'colour'   => '582A72'
+        ),
+        array(
+            'filename' => $rrd_filename,
+            'descr'    => 'Active',
+            'ds'       => 'activeq',
+            'colour'   => '28774F'
+        ),
+        array(
+            'filename' => $rrd_filename,
+            'descr'    => 'Deferred',
+            'ds'       => 'deferredq',
+            'colour'   => '88CC88'
+        ),
+        array(
+            'filename' => $rrd_filename,
+            'descr'    => 'Hold',
+            'ds'       => 'holdq',
+            'colour'   => 'D46A6A'
+        )
+    );
+} else {
+    echo "file missing: $rrd_filename";
+}
+
+require 'includes/html/graphs/generic_multi_line_exact_numbers.inc.php';