* Fix XSS vulnerabilities
* fix XSS vulnerabilities in alerts.inc.php
* fix XSS vulnerability in poller-groups.inc.php
* small fix for the integration
* another fix for the inegration
* another fix for the inegration
* change the sanitizer at sources instead of json_encode sinks
* another change sanitizer at sources instead of json_encode sinks
* another change sanitizer at sources instead of common_output and current_config sinks
* fix path manipulation vulnerability
* first draft
refresh time
refresh time
* return codes
style
style
* presentation
* Exception details
more
fix
fix
* add tooltips
fixes for dns display
* create WebUI config option
languages
* refresh data every 7 to 11 days, keep it 15 days max
* 'Ports' and 'Port' ARP table
* Stp page support
style
style
* fix dnsname column finding when vendor is added/removed
fix dnsname column finding when vendor is added/removed
* nac vendor column
nac
* filter fields to reduce size of AJAX reply
filter fields to reduce size of AJAX reply
* fix typo on dns column detection
* default enabled
* Device group based access
* Use Permissions class to resolve permissions
Also give port access based on device access
* Convert more pages to use Permissions class
* shorten config setting name
use Eloquent relationships in several places
alphabetize config_definitions.json
* Change Models and Permissions
* Clean up ajax_search LIMIT sql
* Convert more pages to use Permissions class
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
