mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Security fix: unauthorized access (#10091)
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
GitHub
65
includes/html/pages/device/graphs.inc.php
Normal file
65
includes/html/pages/device/graphs.inc.php
Normal file
@@ -0,0 +1,65 @@
|
||||
<?php
|
||||
|
||||
// Graphs are printed in the order they exist in $config['graph_types']
|
||||
$link_array = array(
|
||||
'page' => 'device',
|
||||
'device' => $device['device_id'],
|
||||
'tab' => 'graphs',
|
||||
);
|
||||
|
||||
$bg = '#ffffff';
|
||||
|
||||
echo '<div style="clear: both;">';
|
||||
|
||||
print_optionbar_start();
|
||||
|
||||
echo "<span style='font-weight: bold;'>Graphs</span> » ";
|
||||
|
||||
foreach (dbFetchRows('SELECT * FROM device_graphs WHERE device_id = ? ORDER BY graph', array($device['device_id'])) as $graph) {
|
||||
$section = $config['graph_types']['device'][$graph['graph']]['section'];
|
||||
if ($section != '') {
|
||||
$graph_enable[$section][$graph['graph']] = $graph['graph'];
|
||||
}
|
||||
}
|
||||
|
||||
enable_graphs($device, $graph_enable);
|
||||
|
||||
$sep = '';
|
||||
foreach ($graph_enable as $section => $nothing) {
|
||||
if (isset($graph_enable) && is_array($graph_enable[$section])) {
|
||||
$type = strtolower($section);
|
||||
if (!$vars['group']) {
|
||||
$vars['group'] = $type;
|
||||
}
|
||||
|
||||
echo $sep;
|
||||
if ($vars['group'] == $type) {
|
||||
echo '<span class="pagemenu-selected">';
|
||||
}
|
||||
|
||||
echo generate_link(ucwords($type), $link_array, array('group' => $type));
|
||||
if ($vars['group'] == $type) {
|
||||
echo '</span>';
|
||||
}
|
||||
|
||||
$sep = ' | ';
|
||||
}
|
||||
}
|
||||
|
||||
unset($sep);
|
||||
|
||||
print_optionbar_end();
|
||||
|
||||
$graph_enable = $graph_enable[$vars['group']];
|
||||
|
||||
foreach ($graph_enable as $graph => $entry) {
|
||||
$graph_array = array();
|
||||
if ($graph_enable[$graph]) {
|
||||
$graph_title = $config['graph_types']['device'][$graph]['descr'];
|
||||
$graph_array['type'] = 'device_'.$graph;
|
||||
|
||||
include 'includes/html/print-device-graph.php';
|
||||
}
|
||||
}
|
||||
|
||||
$pagetitle[] = 'Graphs';
|
||||
Reference in New Issue
Block a user