mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
36431dd296
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
51 lines
1.5 KiB
PHP
51 lines
1.5 KiB
PHP
<?php
|
|
|
|
/*
|
|
* LibreNMS
|
|
*
|
|
* Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation, either version 3 of the License, or (at your
|
|
* option) any later version. Please see LICENSE.txt at the top level of
|
|
* the source code distribution for details.
|
|
*/
|
|
|
|
use LibreNMS\Authentication\LegacyAuth;
|
|
|
|
header('Content-type: text/plain');
|
|
|
|
if (!LegacyAuth::user()->hasGlobalAdmin()) {
|
|
die('ERROR: You need to be admin');
|
|
}
|
|
|
|
$ok = '';
|
|
$error = '';
|
|
$group_id = $_POST['group_id'];
|
|
$group_name = mres($_POST['group_name']);
|
|
$descr = mres($_POST['descr']);
|
|
if (!empty($group_name)) {
|
|
if (is_numeric($group_id)) {
|
|
if (dbUpdate(array('group_name' => $group_name, 'descr' => $descr), 'poller_groups', 'id = ?', array($group_id)) >= 0) {
|
|
$ok = 'Updated poller group';
|
|
} else {
|
|
$error = 'Failed to update the poller group';
|
|
}
|
|
} else {
|
|
if (dbInsert(array('group_name' => $group_name, 'descr' => $descr), 'poller_groups') >= 0) {
|
|
$ok = 'Added new poller group';
|
|
} else {
|
|
$error = 'Failed to create new poller group';
|
|
}
|
|
}
|
|
} else {
|
|
$error = "You haven't given your poller group a name, it feels sad :( - $group_name";
|
|
}
|
|
|
|
if (!empty($ok)) {
|
|
die("$ok");
|
|
} else {
|
|
die("ERROR: $error");
|
|
}
|