mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix some security issues

Browse Source
This commit is contained in:
laf
2016-10-17 17:11:33 +00:00
parent 74fb7f4e3f
commit 6b07d6d99d
5 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
html/ajax_dash.php
+2 -2
View File
@@ -36,7 +36,7 @@ if ($type == 'placeholder') {
$results_limit = 10;
$typeahead_limit = $config['webui']['global_search_result_limit'];
$no_form = true;
$title = ucfirst($type);
$title = ucfirst(display($type));
$unique_id = str_replace(array("-","."), "_", uniqid($type, true));
$widget_id = mres($_POST['id']);
$widget_settings = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?', array($widget_id)), true);
@@ -47,7 +47,7 @@ if ($type == 'placeholder') {
include 'includes/common/'.$type.'.inc.php';
$output = implode('', $common_output);
$status = 'ok';
$title = $widget_settings['title'] ?: $title;
$title = display($widget_settings['title']) ?: $title;
}
$response = array(
html/includes/authenticate.inc.php
+3 -3
View File
@@ -37,10 +37,10 @@ if ($vars['page'] == 'logout' && $_SESSION['authenticated']) {
// We are only interested in login details passed via POST.
if (isset($_POST['username']) && isset($_POST['password'])) {
$_SESSION['username'] = mres($_POST['username']);
$_SESSION['username'] = clean($_POST['username']);
$_SESSION['password'] = $_POST['password'];
} elseif (isset($_GET['username']) && isset($_GET['password'])) {
$_SESSION['username'] = mres($_GET['username']);
$_SESSION['username'] = clean($_GET['username']);
$_SESSION['password'] = $_GET['password'];
}
@@ -58,7 +58,7 @@ if (file_exists('includes/authentication/'.$config['auth_mechanism'].'.inc.php')
$auth_success = 0;
if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token']))) {
if (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']) || authenticate($_SESSION['username'], $_SESSION['password'])) {
if (reauthenticate(clean($_COOKIE['sess_id']), clean($_COOKIE['token'])) || authenticate($_SESSION['username'], $_SESSION['password'])) {
$_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
$_SESSION['user_id'] = get_userid($_SESSION['username']);
if (!$_SESSION['authenticated']) {
html/includes/common/notes.inc.php
+1 -1
View File
@@ -33,5 +33,5 @@ if (defined('SHOW_SETTINGS') || empty($widget_settings)) {
</div>
</form>';
} else {
$common_output[] = stripslashes(nl2br($widget_settings['notes']));
$common_output[] = stripslashes(nl2br(htmlentities($widget_settings['notes'])));
}
html/netcmd.php
+2 -2
View File
@@ -34,8 +34,8 @@ if (!$_SESSION['authenticated']) {
$output = '';
if ($_GET['query'] && $_GET['cmd']) {
$host = $_GET['query'];
if (Net_IPv6::checkIPv6($host) || Net_IPv4::validateip($host) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
$host = clean($_GET['query']);
if (filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
switch ($_GET['cmd']) {
case 'whois':
$cmd = $config['whois']." $host | grep -v \%";
includes/rewrites.php
+2
View File
@@ -66,6 +66,8 @@ function ifLabel($interface, $device = null)
{
global $config;
$interface['ifAlias'] = display($interface['ifAlias']);
if (!$device) {
$device = device_by_id_cache($interface['device_id']);
}