Security fix: unauthorized access (#10091)

* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/

includes/html/graphs/device/netstat_icmp.inc.php

@@ -0,0 +1,34 @@
+<?php
+
+$rrd_filename = rrd_name($device['hostname'], 'netstats-icmp');
+
+$stats = array(
+    'icmpInMsgs'      => '00cc00',
+    'icmpOutMsgs'     => '006600',
+    'icmpInErrors'    => 'cc0000',
+    'icmpOutErrors'   => '660000',
+    'icmpInEchos'     => '0066cc',
+    'icmpOutEchos'    => '003399',
+    'icmpInEchoReps'  => 'cc00cc',
+    'icmpOutEchoReps' => '990099',
+);
+
+$i = 0;
+
+foreach ($stats as $stat => $colour) {
+    $i++;
+    $rrd_list[$i]['filename'] = $rrd_filename;
+    $rrd_list[$i]['descr']    = str_replace('icmp', '', $stat);
+    $rrd_list[$i]['ds']       = $stat;
+    if (strpos($stat, 'Out') !== false) {
+        $rrd_list[$i]['invert'] = true;
+    }
+}
+
+$colours = 'mixed';
+
+$scale_min  = '0';
+$nototal    = 1;
+$simple_rrd = true;
+
+require 'includes/html/graphs/generic_multi_line.inc.php';