mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security fix: unauthorized access (#10091)

Browse Source 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
2019-04-11 23:26:42 -05:00
committed by GitHub
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
includes/html/modal/new_bill.inc.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
/*
* LibreNMS
*
* Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version. Please see LICENSE.txt at the top level of
* the source code distribution for details.
*/
use LibreNMS\Authentication\LegacyAuth;
if (LegacyAuth::user()->hasGlobalAdmin()) {
require 'includes/html/javascript-interfacepicker.inc.php';
$port_device_id = -1;
if (is_numeric($vars['port'])) {
$port = dbFetchRow('SELECT * FROM `ports` AS P, `devices` AS D WHERE `port_id` = ? AND D.device_id = P.device_id', array($vars['port']));
$bill_data['bill_name'] = $port['port_descr_descr'];
$bill_data['bill_ref'] = $port['port_descr_circuit'];
$bill_data['bill_notes'] = $port['port_descr_speed'];
$port_device_id = $port['device_id'];
}
?>
<div class="modal fade bs-example-modal-sm" id="create-bill" tabindex="-1" role="dialog" aria-labelledby="Create" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title" id="Create">Add Traffic Bill</h4>
</div>
<div class="modal-body">
<form method="post" role="form" action="bills/" class="form-horizontal alerts-form">
<input type="hidden" name="addbill" value="yes" />
<div class="form-group">
<label class="col-sm-4 control-label" for="device">Device</label>
<div class="col-sm-8">
<select class="form-control input-sm" id="device" name="device" onchange="getInterfaceList(this)">
<option value=''>Select a device</option>
<?php
$devices = dbFetchRows('SELECT * FROM `devices` ORDER BY hostname');
foreach ($devices as $device) {
$selected = $device['device_id'] == $port_device_id ? " selected" : "";
echo "<option value='${device['device_id']}' $selected>${device['hostname']}</option>\n";
}
?>
</select>
</div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label" for="port_id">Port</label>
<div class="col-sm-8">
<select class="form-control input-sm" id="port_id" name="port_id">
<?php
if (is_array($port)) {
// Need to pre-populate port as we've got a port pre-selected
foreach (dbFetch('SELECT * FROM ports WHERE device_id = ?', array($port_device_id)) as $interface) {
$interface = cleanPort($interface);
$string = $interface['label'].' - '.display($interface['ifAlias']);
$selected = $interface['port_id'] === $port['port_id'] ? " selected" : "";
echo "<option value='${interface['port_id']}' $selected>$string</option>\n";
}
}
?>
</select>
</div>
</div>
<?php
$bill_data['bill_type'] = 'cdr';
$quota = array('select_gb' => ' selected');
$cdr = array('select_mbps' => ' selected');
include 'includes/html/pages/bill/addoreditbill.inc.php';
?>
<div class="form-group">
<div class="col-sm-offset-4 col-sm-4">
<button type="submit" class="btn btn-primary"><i class="fa fa-check"></i> Add Bill</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<?php
}