Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/graphs/application/powerdns_packetcache.inc.php
+++ b/includes/html/graphs/application/powerdns_packetcache.inc.php
@@ -0,0 +1,39 @@
+<?php
+
+require 'includes/html/graphs/common.inc.php';
+
+$scale_min    = 0;
+$colours      = 'blue';
+$nototal      = (($width < 224) ? 1 : 0);
+$unit_text    = 'Packets/sec';
+$rrd_filename = rrd_name($device['hostname'], array('app', 'powerdns', $app['app_id']));
+$array        = array(
+                 'pc_hit'  => array(
+                               'descr'  => 'Hits',
+                               'colour' => '008800FF',
+                              ),
+                 'pc_miss' => array(
+                               'descr'  => 'Misses',
+                               'colour' => '880000FF',
+                              ),
+                 'pc_size' => array(
+                               'descr'  => 'Size',
+                               'colour' => '006699FF',
+                              ),
+                );
+
+$i = 0;
+
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($array as $ds => $var) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $var['descr'];
+        $rrd_list[$i]['ds']       = $ds;
+        $rrd_list[$i]['colour']   = $var['colour'];
+        $i++;
+    }
+} else {
+    echo "file missing: $file";
+}
+
+require 'includes/html/graphs/generic_multi_simplex_seperated.inc.php';