Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/pages/apps/default.inc.php
+++ b/includes/html/pages/apps/default.inc.php
@@ -0,0 +1,43 @@
+<?php
+
+$graph_array['height']      = '100';
+$graph_array['width']       = '220';
+$graph_array['to']          = $config['time']['now'];
+$graph_array['from']        = $config['time']['day'];
+$graph_array_zoom           = $graph_array;
+$graph_array_zoom['height'] = '150';
+$graph_array_zoom['width']  = '400';
+$graph_array['legend']      = 'no';
+
+$app_devices = dbFetchRows('SELECT * FROM `devices` AS D, `applications` AS A WHERE D.device_id = A.device_id AND A.app_type = ? ORDER BY hostname', array($vars['app']));
+
+foreach ($app_devices as $app_device) {
+    echo '<div class="panel panel-default">
+        <div class="panel-heading">
+        <h3 class="panel-title">
+        '.generate_device_link($app_device, shorthost($app_device['hostname']), array('tab' => 'apps', 'app' => $vars['app'])).'
+        <div class="pull-right"><small class="muted">'.$app_device['app_instance'].' '.$app_device['app_status'].'</small></div>
+        </h3>
+        </div>
+        <div class="panel-body">
+        <div class="row">';
+
+    foreach ($graphs[$vars['app']] as $graph_type) {
+        $graph_array['type']      = empty($graph_type) ? 'application_'.$vars['app'] : 'application_'.$vars['app'].'_'.$graph_type;
+        $graph_array['id']        = $app_device['app_id'];
+        $graph_array_zoom['type'] = 'application_'.$vars['app'].'_'.$graph_type;
+        $graph_array_zoom['id']   = $app_device['app_id'];
+
+        $link = generate_url(array('page' => 'device', 'device' => $app_device['device_id'], 'tab' => 'apps', 'app' => $vars['app']));
+
+        echo '<div class="pull-left">';
+        echo overlib_link($link, generate_lazy_graph_tag($graph_array), generate_graph_tag($graph_array_zoom), null);
+        echo '</div>';
+    }
+
+    echo '</div>';
+    echo '</div>';
+    echo '</div>';
+}//end foreach
+
+echo '</table>';