* add a new notes field to the rule editor. use a bigger text field for sql queries to avoid mistakes...
* add api doc
* allow notes field from the collection
* add a sample notes to the collection
* lint and db schema
* unmix some schema changes from a nother PR
* unmix schema update No°2
* unmix schema update No°3 - silly me
* add strip_tags, minor optimisation, db default value
* apply linting
* db_schema empty '' as default
* update db_schema.yaml
* default value changed as 'BLOB, TEXT, GEOMETRY or JSON column 'notes' can't have a default value'
* better keep the migration in 2023...
* Update 2023_12_12_171400_alert_rule_note.php
* Update create-alert-item.inc.php
---------
Co-authored-by: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com>
* XSS in alert template creation
* XSS in alert rule name
* XSS in service name & desc
* style
* strip_tags in alert_notes
* strip_tags in create_alert_item
* strip_tags in addsrv page
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)
Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input
* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
