mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
36431dd296
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
9 lines
245 B
PHP
9 lines
245 B
PHP
<?php
|
|
|
|
// Authorises bill viewing
|
|
if (is_numeric($vars['id']) && ($auth || bill_permitted($vars['id']))) {
|
|
$bill_id = mres($vars['id']);
|
|
$bill = dbFetchRow('SELECT * FROM `bills` WHERE bill_id = ?', array($bill_id));
|
|
$auth = true;
|
|
}
|