refactor: Don't access $_SESSION directly for Auth (#8513)

* Don't access $_SESSION directly for Auth * fix style * add property annotations
2024-10-07 16:52:45 +00:00 · 2018-04-07 15:55:28 -05:00
parent 2ece84495d
commit 7250376104
193 changed files with 949 additions and 510 deletions
--- a/html/includes/forms/edit-dashboard.inc.php
+++ b/html/includes/forms/edit-dashboard.inc.php
@@ -4,12 +4,12 @@
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
- * 
+ *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
 * GNU General Public License for more details.
- * 
+ *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>. */

@@ -21,12 +21,15 @@
 * @package LibreNMS
 * @subpackage Dashboards
 */
+
+use LibreNMS\Authentication\Auth;
+
 header('Content-type: application/json');

 $status    = 'error';
 $message   = 'unknown error';
 if (isset($_REQUEST['dashboard_id']) && isset($_REQUEST['dashboard_name']) && isset($_REQUEST['access'])) {
-    if (dbUpdate(array('dashboard_name'=>$_REQUEST['dashboard_name'],'access'=>$_REQUEST['access']), 'dashboards', '(user_id = ? || access = 2) && dashboard_id = ?', array($_SESSION['user_id'],$_REQUEST['dashboard_id'])) >= 0) {
+    if (dbUpdate(array('dashboard_name'=>$_REQUEST['dashboard_name'],'access'=>$_REQUEST['access']), 'dashboards', '(user_id = ? || access = 2) && dashboard_id = ?', array(Auth::id(),$_REQUEST['dashboard_id'])) >= 0) {
        $status  = 'ok';
        $message = 'Updated dashboard';
    } else {