mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
4313cbfd3174aa6ac0c31b739c82155923adad04
librenms-librenms/includes/html/graphs/device/nfsen_common.inc.php
Tony Murray 36431dd296 Security fix: unauthorized access (#10091) 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
2019-04-11 23:26:42 -05:00

60 lines
1.8 KiB
PHP
Raw Blame History

<?php
$simple_rrd = true;
if (!is_array($config['nfsen_rrds'])) {
$config['nfsen_rrds'] = array($config['nfsen_rrds']);
}
foreach ($config['nfsen_rrds'] as $nfsenrrds) {
if ($nfsenrrds[(strlen($nfsenrrds) - 1)] != '/') {
$nfsenrrds .= '/';
}
// convert dots in filename to underscores
$nfsensuffix = '';
if ($config['nfsen_suffix']) {
$nfsensuffix = $config['nfsen_suffix'];
}
if (isset($config['nfsen_split_char']) && !empty($config['nfsen_split_char'])) {
$basefilename_underscored = preg_replace('/\./', $config['nfsen_split_char'], $device['hostname']);
} else {
$basefilename_underscored = $device['hostname'];
}
$nfsen_filename = preg_replace('/'.$nfsensuffix.'/', '', $basefilename_underscored);
if (is_file($nfsenrrds.$nfsen_filename.'.rrd')) {
$rrd_filename = $nfsenrrds.$nfsen_filename.'.rrd';
$flowtypes = array('tcp', 'udp', 'icmp', 'other');
$rrd_list = array();
$nfsen_iter = 1;
foreach ($flowtypes as $flowtype) {
$rrd_list[$nfsen_iter]['filename'] = $rrd_filename;
$rrd_list[$nfsen_iter]['descr'] = $flowtype;
$rrd_list[$nfsen_iter]['ds'] = $dsprefix.$flowtype;
// set a multiplier which in turn will create a CDEF if this var is set
if ($dsprefix == 'traffic_') {
$multiplier = '8';
}
$colours = 'blues';
$nototal = 0;
$units = '';
$unit_text = $dsdescr;
$scale_min = '0';
if ($_GET['debug']) {
print_r($rrd_list);
}
$nfsen_iter++;
}
}
}
require 'includes/html/graphs/generic_multi_simplex_seperated.inc.php';
Reference in New Issue View Git Blame Copy Permalink