mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
2dc05ee5013cc6cbdd93ffc1d3367b59dfb9b2b4
librenms-librenms/includes/html/pages/device/nfsen.inc.php
Tony Murray 36431dd296 Security fix: unauthorized access (#10091) 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
2019-04-11 23:26:42 -05:00

48 lines
1.3 KiB
PHP
Raw Blame History

<?php
print_optionbar_start();
$link_array = array(
'page' => 'device',
'device' => $device['device_id'],
'tab' => 'nfsen',
);
echo generate_link('General', $link_array, array('nfsen' => 'general'));
$printedChannel=false;
$nfsenHostname=str_replace('.', $config['nfsen_split_char'], $device['hostname']);
foreach ($config['nfsen_rrds'] as $nfsenDir) {
$hostDir=$nfsenDir.'/'.$nfsenHostname.'/';
if (is_dir($hostDir)) {
$nfsenRRDchannelGlob=$hostDir.'*.rrd';
foreach (glob($nfsenRRDchannelGlob) as $nfsenRRD) {
$channel = str_replace(array($hostDir, '.rrd'), '', $nfsenRRD);
if (!$printedChannel) {
echo '|Channels:';
$printedChannel=true;
} else {
echo ',';
}
if ($vars['channel'] == $channel) {
$channelFilter=$hostDir.$channel.'-filter.txt';
}
echo generate_link($channel, $link_array, array('nfsen' => 'channel', 'channel' => $channel));
}
}
}
print_optionbar_end();
$nfsen_type = basename($vars['nfsen'] ?? 'general');
if (is_file("includes/html/pages/device/nfsen/$nfsen_type.inc.php")) {
include "includes/html/pages/device/nfsen/$nfsen_type.inc.php";
} else {
include 'includes/html/pages/device/nfsen/general.inc.php';
}
$pagetitle[] = 'Netflow';
Reference in New Issue View Git Blame Copy Permalink