mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

security fixes to non-global users

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@455 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Adam Amstrong
2009-08-12 15:20:20 +00:00
parent 9a16c803e6
commit a0153126f1
6 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
html/pages/adduser.php
View File

@@ -2,7 +2,9 @@
echo("<div style='margin: 10px;'>");
if($_SESSION['userlevel'] != '10') { echo("<span class=alert>You do not have then necessary permission to view this page!</alert>"); } else {
if($_SESSION['userlevel'] != '10') {
include("includes/error-no-perm.inc.php");
} else {
echo("<h3>Add User</h3>");

2
html/pages/deluser.php
View File

@@ -2,7 +2,7 @@
echo("<div style='margin: 10px;'>");
if($_SESSION['userlevel'] != '10') { echo("<span class=alert>You do not have then necessary permission to view this page!</span>"); } else {
if($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else {
echo("<h3>Delete User</h3>");

2
html/pages/device.php
View File

@@ -216,6 +216,6 @@ echo("</div>
");
}
} else { echo("<span class=alert>You do not have the necessary access permissions to view this device.</span>"); }
} else { include("includes/error-no-perm-dev.inc.php"); }
?>

2
html/pages/edituser.php
View File

@@ -30,7 +30,7 @@ function createInterfaces(index)
echo("<div style='margin: 10px;'>");
if($_SESSION['userlevel'] != '10') { echo("<div class=error>You do not have then necessary permission to view this page!</div>"); } else {
if($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else {
if($_GET['user_id']) {
$user_data = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE user_id = '" . $_GET['user_id'] . "'"));

7
html/pages/inventory.php
View File

@@ -82,7 +82,12 @@ if($_POST['device']) {
$where .= " AND D.device_id = '".$_POST['device']."'";
}
$sql = "SELECT * from entPhysical AS E, devices AS D WHERE E.device_id = D.device_id $where ORDER BY D.hostname";
if($_SESSION['userlevel'] >= '5') {
$sql = "SELECT * from entPhysical AS E, devices AS D WHERE E.device_id = D.device_id $where ORDER BY D.hostname";
} else {
$sql = "SELECT * from entPhysical AS E, devices AS D, devices_perms AS P
WHERE E.device_id = D.device_id AND D.device_id = P.device_id $where ORDER BY D.hostname";
}
$query = mysql_query($sql);
echo("<table cellspacing=0 cellpadding=2 width=100%>");

9
html/pages/syslog.php
View File

@@ -70,7 +70,14 @@ if($_POST['device']) {
$where .= " AND D.device_id = '".$_POST['device']."'";
}
$sql = "SELECT *, DATE_FORMAT(datetime, '%D %b %T') AS date from syslog AS S, devices AS D WHERE S.device_id = D.device_id $where ORDER BY datetime DESC LIMIT 1000";
if($_SESSION['userlevel'] >= '5') {
$sql = "SELECT *, DATE_FORMAT(datetime, '%D %b %T') AS date from syslog AS S, devices AS D
WHERE S.device_id = D.device_id $where ORDER BY datetime DESC LIMIT 1000";
} else {
$sql = "SELECT *, DATE_FORMAT(datetime, '%D %b %T') AS date from syslog AS S, devices AS D, devices_perms AS P
WHERE S.device_id = P.device_id AND P.user_id = " . $_SESSION['user_id'] . " AND S.device_id = D.device_id $where ORDER BY datetime DESC LIMIT 1000";
}
$query = mysql_query($sql);
echo("<table cellspacing=0 cellpadding=2 width=100%>");
while($entry = mysql_fetch_array($query)) { include("includes/print-syslog.inc"); }