Security fix: unauthorized access (#10091)

* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
2024-10-07 16:52:45 +00:00 · 2019-04-11 23:26:42 -05:00
parent b81af32ed2
commit 36431dd296
1301 changed files with 1443 additions and 1439 deletions
--- a/includes/html/print-device-graph.php
+++ b/includes/html/print-device-graph.php
@@ -0,0 +1,25 @@
+<?php
+if (empty($graph_array['type'])) {
+    $graph_array['type'] = $graph_type;
+}
+if (empty($graph_array['device'])) {
+    $graph_array['device'] = $device['device_id'];
+}
+// FIXME not css alternating yet
+if (!is_integer($g_i / 2)) {
+    $row_colour = $config['list_colour']['even'];
+} else {
+    $row_colour = $config['list_colour']['odd'];
+}
+echo '<div class="panel panel-default">
+    <div class="panel-heading">
+        <h3 class="panel-title">'.$graph_title.'</h3>
+    </div>
+    <div class="panel-body">
+';
+echo "<div class='row'>";
+require 'includes/html/print-graphrow.inc.php';
+echo '</div>';
+echo '</div>';
+echo '</div>';
+$g_i++;