From b9f80d32bdc96e7a97c75bcfd914a79ef0c5341d Mon Sep 17 00:00:00 2001
From: Tony Murray <murraytony@gmail.com>
Date: Tue, 30 Jun 2020 09:25:01 -0500
Subject: [PATCH] Fix unauthenticated graphs (#11879)

broken with security fix
---
 html/graph.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/html/graph.php b/html/graph.php
index dedad80c7c..2741b630f6 100644
--- a/html/graph.php
+++ b/html/graph.php
@@ -17,8 +17,12 @@ $start = microtime(true);
 $init_modules = array('web', 'graphs', 'auth');
 require realpath(__DIR__ . '/..') . '/includes/init.php';
 
-if (!(Auth::check() || is_client_authorized($_SERVER['REMOTE_ADDR']))) {
-    die('Unauthorized');
+if (!Auth::check()) {
+    // check for unauthenticated graphs and set auth
+    $auth = is_client_authorized($_SERVER['REMOTE_ADDR']);
+    if (!$auth) {
+        die('Unauthorized');
+    }
 }
 
 set_debug(isset($_GET['debug']));