mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
1f19eb214668035c8f4c4d094b4cbd33ca8847c6
librenms-librenms/includes/html/print-date-selector.inc.php
Tony Murray 36431dd296 Security fix: unauthorized access (#10091) 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
2019-04-11 23:26:42 -05:00

45 lines
2.3 KiB
PHP
Raw Blame History

<?php
use LibreNMS\Config;
$request_uri = rtrim(Config::get('base_url', ''), '/') . $_SERVER['REQUEST_URI'];
echo "<div style='text-align: center;'>
<form class='form-inline' id='customrange'>
<input type=hidden id='selfaction' value='$request_uri'>
";
echo '
<div class="form-group">
<label for="dtpickerfrom">From</label>
<input type="text" class="form-control" id="dtpickerfrom" maxlength="16" value="' . $graph_array['from'] . '" data-date-format="YYYY-MM-DD HH:mm">
</div>
<div class="form-group">
<label for="dtpickerto">To</label>
<input type="text" class="form-control" id="dtpickerto" maxlength=16 value="' . $graph_array['to'] . '" data-date-format="YYYY-MM-DD HH:mm">
</div>
<input type="submit" class="btn btn-default" id="submit" value="Update" onclick="javascript:submitCustomRange(this.form);">
</form>
<script type="text/javascript">
$(function () {
var strfrom = new Date($("#dtpickerfrom").val()*1000);
$("#dtpickerfrom").val(strfrom.getFullYear()+"-"+
("0"+(strfrom.getMonth()+1)).slice(-2)+"-"+
("0"+strfrom.getDate()).slice(-2)+" "+
("0"+strfrom.getHours()).slice(-2)+":"+
("0"+strfrom.getMinutes()).slice(-2)
);
var strto = new Date($("#dtpickerto").val()*1000);
$("#dtpickerto").val(strto.getFullYear()+"-"+
("0"+(strto.getMonth()+1)).slice(-2)+"-"+
("0"+strto.getDate()).slice(-2)+" "+
("0"+strto.getHours()).slice(-2)+":"+
("0"+strto.getMinutes()).slice(-2)
);
$("#dtpickerfrom").datetimepicker({useCurrent: true, sideBySide: true, useStrict: false, icons: {time: "fa fa-clock-o", date: "fa fa-calendar", up: "fa fa-chevron-up", down: "fa fa-chevron-down", previous: "fa fa-chevron-left", next: "fa fa-chevron-right", today: "fa fa-calendar-check-o", clear: "fa fa-trash-o", close: "fa fa-close"}});
$("#dtpickerto").datetimepicker({useCurrent: true, sideBySide: true, useStrict: false, icons: {time: "fa fa-clock-o", date: "fa fa-calendar", up: "fa fa-chevron-up", down: "fa fa-chevron-down", previous: "fa fa-chevron-left", next: "fa fa-chevron-right", today: "fa fa-calendar-check-o", clear: "fa fa-trash-o", close: "fa fa-close"}});
});
</script>
</div>
';
Reference in New Issue View Git Blame Copy Permalink