mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Security fix: unauthorized access (#10091)
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
GitHub
14
includes/html/graphs/device/diskio_common.inc.php
Normal file
14
includes/html/graphs/device/diskio_common.inc.php
Normal file
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
$i = 1;
|
||||
|
||||
foreach (dbFetchRows('SELECT * FROM `ucd_diskio` AS U, `devices` AS D WHERE D.device_id = ? AND U.device_id = D.device_id', array($device['device_id'])) as $disk) {
|
||||
$rrd_filename = rrd_name($disk['hostname'], array('ucd_diskio', $disk['diskio_descr']));
|
||||
if (rrdtool_check_rrd_exists($rrd_filename)) {
|
||||
$rrd_list[$i]['filename'] = $rrd_filename;
|
||||
$rrd_list[$i]['descr'] = $disk['diskio_descr'];
|
||||
$rrd_list[$i]['ds_in'] = $ds_in;
|
||||
$rrd_list[$i]['ds_out'] = $ds_out;
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user