mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Security fix: unauthorized access (#10091)
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
This commit is contained in:
Tony Murray
GitHub
82
includes/html/pages/device/routing.inc.php
Normal file
82
includes/html/pages/device/routing.inc.php
Normal file
@@ -0,0 +1,82 @@
|
||||
<?php
|
||||
|
||||
$link_array = array(
|
||||
'page' => 'device',
|
||||
'device' => $device['device_id'],
|
||||
'tab' => 'routing',
|
||||
);
|
||||
|
||||
// $type_text['overview'] = "Overview";
|
||||
$type_text['ipsec_tunnels'] = 'IPSEC Tunnels';
|
||||
|
||||
// Cisco ACE
|
||||
$type_text['loadbalancer_rservers'] = 'Rservers';
|
||||
$type_text['loadbalancer_vservers'] = 'Serverfarms';
|
||||
|
||||
// Citrix Netscaler
|
||||
$type_text['netscaler_vsvr'] = 'VServers';
|
||||
|
||||
$type_text['bgp'] = 'BGP';
|
||||
$type_text['cef'] = 'CEF';
|
||||
$type_text['ospf'] = 'OSPF';
|
||||
$type_text['vrf'] = 'VRFs';
|
||||
$type_text['cisco-otv'] = 'OTV';
|
||||
|
||||
print_optionbar_start();
|
||||
|
||||
$pagetitle[] = 'Routing';
|
||||
|
||||
echo "<span style='font-weight: bold;'>Routing</span> » ";
|
||||
|
||||
unset($sep);
|
||||
foreach ($routing_tabs as $type) {
|
||||
if (!$vars['proto']) {
|
||||
$vars['proto'] = $type;
|
||||
}
|
||||
|
||||
echo $sep;
|
||||
|
||||
if ($vars['proto'] == $type) {
|
||||
echo '<span class="pagemenu-selected">';
|
||||
}
|
||||
|
||||
echo generate_link($type_text[$type].' ('.$device_routing_count[$type].')', $link_array, array('proto' => $type));
|
||||
if ($vars['proto'] == $type) {
|
||||
echo '</span>';
|
||||
}
|
||||
|
||||
$sep = ' | ';
|
||||
}
|
||||
|
||||
print_optionbar_end();
|
||||
|
||||
$protocol = basename($vars['proto']);
|
||||
if (is_file("includes/html/pages/device/routing/$protocol.inc.php")) {
|
||||
include "includes/html/pages/device/routing/$protocol.inc.php";
|
||||
} else {
|
||||
foreach ($routing_tabs as $type) {
|
||||
if ($type != 'overview') {
|
||||
if (is_file("includes/html/pages/device/routing/overview/$type.inc.php")) {
|
||||
$g_i++;
|
||||
if (!is_integer($g_i / 2)) {
|
||||
$row_colour = $config['list_colour']['even'];
|
||||
} else {
|
||||
$row_colour = $config['list_colour']['odd'];
|
||||
}
|
||||
|
||||
echo '<div style="background-color: '.$row_colour.';">';
|
||||
echo '<div style="padding:4px 0px 0px 8px;"><span class=graphhead>'.$type_text[$type].'</span>';
|
||||
|
||||
include "includes/html/pages/device/routing/overview/$type.inc.php";
|
||||
|
||||
echo '</div>';
|
||||
echo '</div>';
|
||||
} else {
|
||||
$graph_title = $type_text[$type];
|
||||
$graph_type = 'device_'.$type;
|
||||
|
||||
include 'includes/html/print-device-graph.php';
|
||||
}//end if
|
||||
}//end if
|
||||
}//end foreach
|
||||
}//end if
|
||||
Reference in New Issue
Block a user