mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize data in dashboard add/edit/delete (#9171)

Browse Source 
* sanitize data in dashboard add/edit/delete

* handle access differently
This commit is contained in:
Tony Murray
2018-09-08 08:54:03 -05:00
committed by GitHub
parent 67e883f1a0
commit 3c530d6a4f
3 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
html/includes/forms/edit-dashboard.inc.php
View File

@@ -28,12 +28,17 @@ header('Content-type: application/json');
$status = 'error';
$message = 'unknown error';
if (isset($_REQUEST['dashboard_id']) && isset($_REQUEST['dashboard_name']) && isset($_REQUEST['access'])) {
if (dbUpdate(array('dashboard_name'=>$_REQUEST['dashboard_name'],'access'=>$_REQUEST['access']), 'dashboards', '(user_id = ? || access = 2) && dashboard_id = ?', array(Auth::id(),$_REQUEST['dashboard_id'])) >= 0) {
$dashboard_id = (int)$_REQUEST['dashboard_id'];
$dashboard_name = display($_REQUEST['dashboard_name']);
$access = $_REQUEST['access'] ? 1 : 0;
if (isset($dashboard_id) && isset($dashboard_name) && isset($access)) {
if (dbUpdate(['dashboard_name'=> $dashboard_name,'access'=> $access], 'dashboards', '(user_id = ? || access = 2) && dashboard_id = ?', [Auth::id(), $dashboard_id]) >= 0) {
$status = 'ok';
$message = 'Updated dashboard';
} else {
$message = 'ERROR: Could not update dashboard '.$_REQUEST['dashboard_id'];
$message = 'ERROR: Could not update dashboard '. $dashboard_id;
}
} else {
$message = 'ERROR: Not enough params';