Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/pages/device/apps/freeswitch.inc.php
+++ b/includes/html/pages/device/apps/freeswitch.inc.php
@@ -0,0 +1,30 @@
+<?php
+
+global $config;
+
+$graphs = array(
+        'freeswitch_peak' => 'Freeswitch - Peak Calls',
+        'freeswitch_calls' => 'Freeswitch - Calls',
+        'freeswitch_channels' => 'Freeswitch - Channels',
+        'freeswitch_callsIn' => 'Freeswitch - Inbound Calls',
+        'freeswitch_callsOut' => 'Freeswitch - Outbound Calls'
+    );
+foreach ($graphs as $key => $text) {
+    $graph_type            = $key;
+    $graph_array['height'] = '100';
+    $graph_array['width']  = '215';
+    $graph_array['to']     = $config['time']['now'];
+    $graph_array['id']     = $app['app_id'];
+    $graph_array['type']   = 'application_'.$key;
+
+    echo '<div class="panel panel-default">
+    <div class="panel-heading">
+        <h3 class="panel-title">'.$text.'</h3>
+    </div>
+    <div class="panel-body">
+    <div class="row">';
+    include 'includes/html/print-graphrow.inc.php';
+    echo '</div>';
+    echo '</div>';
+    echo '</div>';
+}