mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security fix: unauthorized access (#10091)

Browse Source 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
2019-04-11 23:26:42 -05:00
committed by GitHub
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
includes/html/pages/device/edit/misc.inc.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
echo '
<form class="form-horizontal">
<div class="form-group">
<label for="icmp" class="col-sm-4 control-label">Disable ICMP Test?</label>
<div class="col-sm-8">
'.dynamic_override_config('checkbox', 'override_icmp_disable', $device).'
</div>
</div>
<div class="form-group">
<label for="oxidized" class="col-sm-4 control-label">Exclude from Oxidized?</label>
<div class="col-sm-8">
'.dynamic_override_config('checkbox', 'override_Oxidized_disable', $device).'
</div>
</div>
<div class="form-group">
<label for="unixagent" class="col-sm-4 control-label">Unix agent port</label>
<div class="col-sm-8">
'.dynamic_override_config('text', 'override_Unixagent_port', $device).'
</div>
</div>
<div class="form-group">
<label for="unixagent" class="col-sm-4 control-label">Enable RRD Tune for all ports?</label>
<div class="col-sm-8">
'.dynamic_override_config('checkbox', 'override_rrdtool_tune', $device).'
</div>
</div>
<div class="form-group">
<label for="selected_ports" class="col-sm-4 control-label">Enable selected port polling?</label>
<div class="col-sm-8">
'.dynamic_override_config('checkbox', 'selected_ports', $device).'
</div>
</div>
</form>
';