* Fix XSS vulnerabilities
* fix XSS vulnerabilities in alerts.inc.php
* fix XSS vulnerability in poller-groups.inc.php
* small fix for the integration
* another fix for the inegration
* another fix for the inegration
* change the sanitizer at sources instead of json_encode sinks
* another change sanitizer at sources instead of json_encode sinks
* another change sanitizer at sources instead of common_output and current_config sinks
* fix path manipulation vulnerability
* Configurable device display name
You can just set the display name in device settings.
It also accepts simple template format with the variables: hostname, sysName, sysName_fallback, ip
Default controlled by device_display_default, (set from old force_hostname_to_sysname and force_ip_to_sysname settings
* remove second argument to format_hostname()
* Style fixes
* Update schema
* update phpstan baseline
* Improved settings strings (and add for translation)
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
Feras Al-Kassar
Tony Murray
Jellyfrog