mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize report name in pdf.php (#10270)

Browse Source 
Authentication users could include arbitrary file.
This commit is contained in:
Tony Murray
2019-05-29 09:39:17 -05:00
committed by GitHub
parent f14b90a1ef
commit 54e4d0910a
5 changed files with 95 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
html/pdf.php
View File

@@ -12,12 +12,12 @@
* the source code distribution for details.
*/
use LibreNMS\Authentication\LegacyAuth;
use LibreNMS\Config;
$init_modules = array('web', 'auth');
$init_modules = ['web', 'auth'];
require realpath(__DIR__ . '/..') . '/includes/init.php';
if (!LegacyAuth::check()) {
if (!Auth::check()) {
die('Unauthorized');
}
@@ -25,11 +25,13 @@ set_debug(strpos($_SERVER['PATH_INFO'], 'debug'));
$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);
$pdf->SetCreator($config['project_name']);
$pdf->SetAuthor($config['project_name']);
$pdf->setFooterData(array(0, 64, 0), array(0, 64, 128));
$pdf->setHeaderFont(array(PDF_FONT_NAME_MAIN, '', PDF_FONT_SIZE_MAIN));
$pdf->setFooterFont(array(PDF_FONT_NAME_DATA, '', PDF_FONT_SIZE_DATA));
$project_name = Config::get('project_name');
$pdf->SetCreator($project_name);
$pdf->SetAuthor($project_name);
$pdf->setFooterData([0, 64, 0], [0, 64, 128]);
$pdf->setHeaderFont([PDF_FONT_NAME_MAIN, '', PDF_FONT_SIZE_MAIN]);
$pdf->setFooterFont([PDF_FONT_NAME_DATA, '', PDF_FONT_SIZE_DATA]);
$pdf->SetDefaultMonospacedFont(PDF_FONT_MONOSPACED);
$pdf->SetMargins(PDF_MARGIN_LEFT, PDF_MARGIN_TOP, PDF_MARGIN_RIGHT);
$pdf->SetHeaderMargin(PDF_MARGIN_HEADER);
@@ -38,11 +40,12 @@ $pdf->SetAutoPageBreak(true, PDF_MARGIN_BOTTOM);
$pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);
$pdf->setFontSubsetting(true);
$pdf->SetFont('helvetica', '', 14, '', true);
$pdf->setTextShadow(array('enabled' => false, 'depth_w' => 0.2, 'depth_h' => 0.2, 'color' => array(196, 196, 196), 'opacity' => 1, 'blend_mode' => 'Normal'));
$pdf->setTextShadow(['enabled' => false, 'depth_w' => 0.2, 'depth_h' => 0.2, 'color' => [196, 196, 196], 'opacity' => 1, 'blend_mode' => 'Normal']);
if (isset($_GET['report']) && !empty($_GET['report'])) {
$report = mres($_GET['report']);
$pdf->SetHeaderData('../../../../../html/'.$config['title_image'], 40, ucfirst($report), $config['project_name'], array(0, 0, 0), array(0, 64, 128));
if (!empty($_GET['report'])) {
$report = \LibreNMS\Util\Clean::fileName($_GET['report']);
$image = base_path('html/' . Config::get('title_image'));
$pdf->SetHeaderData($image, 40, ucfirst($report), $project_name, [0, 0, 0], [0, 64, 128]);
include_once "includes/html/reports/$report.pdf.inc.php";
} else {
$report = 'report';