mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security fix: unauthorized access (#10091)

Browse Source 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
2019-04-11 23:26:42 -05:00
committed by GitHub
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
includes/html/pages/apps/proxmox/vm.inc.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
$vm = proxmox_vm_info(var_get('vmid'), var_get('instance'));
$graphs = array(
'proxmox_traffic' => 'Traffic',
);
foreach ($vm['ports'] as $port) {
foreach ($graphs as $key => $text) {
$graph_type = 'proxmox_traffic';
$graph_array['height'] = '100';
$graph_array['width'] = '215';
$graph_array['to'] = $config['time']['now'];
$graph_array['id'] = $vm['app_id'];
$graph_array['device_id'] = $vm['device_id'];
$graph_array['type'] = 'application_'.$key;
$graph_array['port'] = $port['port'];
$graph_array['vmid'] = $vm['vmid'];
$graph_array['cluster'] = $vm['cluster'];
$graph_array['hostname'] = $vm['description'];
echo '<h3>'.$text.' '.$port['port'].'@'.$vm['description'].'</h3>';
echo "<tr bgcolor='$row_colour'><td colspan=5>";
include 'includes/html/print-graphrow.inc.php';
echo '</td></tr>';
}
}