mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

webui: Allow full search on devices page (#8364)

Browse Source 
* Update devices.inc.php

* Update devices.inc.php

* Replace $_POST with $vars

Better protection for SQL injection attempts; Need to verify other files for same issue.

* Fixed whitespace.

*sigh*

* More search options & sql injection fixes.

+Allow full search on devices page;
+Allow sysName search on alertlog page;
+Allow sysName search on alerts page;
+Allow sysName search on eventlog page;
+Allow sysName search on poll-log page;
+Allow sysName search on ports page;

*Replaced all occurrences of $_POST with $vars in librenms/html/includes/table. ($vars are sanity-checked).

* Whitespace fix

* Fixed $where & $param

* Add files via upload

* Whitespaces....

Sometimes you want'em, sometimes you hate'em.
This commit is contained in:
Maurice den Braber
2018-03-25 22:50:09 +02:00
committed by Neil Lathwood
parent 2044f9bd14
commit 9f5b42b028
32 changed files with 195 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
html/pages/devices.inc.php
View File

@@ -431,7 +431,7 @@ if ($format == "graph") {
return {
id: "devices",
format: ' <?php echo mres($vars['format']); ?>',
hostname: '<?php echo htmlspecialchars($vars['hostname']); ?>',
searchquery: '<?php echo htmlspecialchars($vars['searchquery']); ?>',
os: '<?php echo mres($vars['os']); ?>',
version: '<?php echo mres($vars['version']); ?>',
hardware: '<?php echo mres($vars['hardware']); ?>',
@@ -454,7 +454,7 @@ if ($format == "graph") {
"<div class='pull-left'>" +
"<form method='post' action='' class='form-inline devices-search-header' role='form'>" +
"<div class='form-group'>" +
"<input type='text' name='hostname' id='hostname' value=''<?php echo $vars['hostname']; ?>'' class='form-control input-sm' placeholder='Hostname'>" +
"<input type='text' name='searchquery' id='searchquery' value=''<?php echo $vars['searchquery']; ?>'' class='form-control input-sm' placeholder='Search'>" +
"</div>" +
"<div class='form-group'><?php echo $os_options; ?></div>" +
"<div class='form-group'><?php echo $ver_options; ?></div>" +