* Fix XSS vulnerabilities
* fix XSS vulnerabilities in alerts.inc.php
* fix XSS vulnerability in poller-groups.inc.php
* small fix for the integration
* another fix for the inegration
* another fix for the inegration
* change the sanitizer at sources instead of json_encode sinks
* another change sanitizer at sources instead of json_encode sinks
* another change sanitizer at sources instead of common_output and current_config sinks
* fix path manipulation vulnerability
* Remove $_SESSION usage, except install
Fixes issue with device debug capture
Removes secure_cookies setting, use the .env variable SESSION_SECURE_COOKIE instead. Reminder secure cookies requires cookies are transported over https, if everything is already transported via https, the setting won't make a difference.
* Fix availability map controls
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
