mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
592b2ea432f8d66add3d9933a9fdd28eca5de17f
librenms-librenms/includes/html/pages/search/ipv6.inc.php
Tony Murray 36431dd296 Security fix: unauthorized access (#10091) 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
2019-04-11 23:26:42 -05:00

97 lines
3.3 KiB
PHP
Raw Blame History

<div class="panel panel-default panel-condensed">
<div class="panel-heading">
<strong>IPv6 Addresses</strong>
</div>
<table id="ipv6-search" class="table table-hover table-condensed table-striped">
<thead>
<tr>
<th data-column-id="hostname">Device</th>
<th data-column-id="interface">Interface</th>
<th data-column-id="address" data-sortable="false">Address</th>
<th data-column-id="description" data-sortable="false">Description</th>
</tr>
<thead>
</table>
</div>
<script>
var grid = $("#ipv6-search").bootgrid({
ajax: true,
rowCount: [50, 100, 250, -1],
templates: {
header: "<div id=\"{{ctx.id}}\" class=\"{{css.header}}\"><div class=\"row\">"+
"<div class=\"col-sm-9 actionBar\"><span class=\"pull-left\">"+
"<form method=\"post\" action=\"\" class=\"form-inline\" role=\"form\">"+
"<div class=\"form-group\">"+
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
"<option value=\"\">All Devices</option>"+
<?php
use LibreNMS\Authentication\LegacyAuth;
$sql = 'SELECT `devices`.`device_id`,`hostname`, `sysName` FROM `devices`';
if (!LegacyAuth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' WHERE `DP`.`user_id`=?';
$param[] = LegacyAuth::id();
}
$sql .= " $where ORDER BY `hostname`";
foreach (dbFetchRows($sql, $param) as $data) {
echo '"<option value=\"'.$data['device_id'].'\""+';
if ($data['device_id'] == $_POST['device_id']) {
echo '" selected"+';
}
echo '">'.format_hostname($data, $data['hostname']).'</option>"+';
}
?>
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<select name=\"interface\" id=\"interface\" class=\"form-control input-sm\">"+
"<option value=\"\">All Interfaces</option>"+
"<option value=\"Loopback%\""+
<?php
if ($_POST['interface'] == 'Loopback%') {
echo '" selected "+';
}
?>
">Loopbacks</option>"+
"<option value=\"Vlan%\""+
<?php
if ($_POST['interface'] == 'Vlan%') {
echo '" selected "+';
}
?>
">VLANs</option>"+
"</select>"+
"</div>"+
"<div class=\"form-group\">"+
"<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $_POST['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv6 Address\"/>"+
"</div>"+
"<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
"</form></span></div>"+
"<div class=\"col-sm-3 actionBar\"><p class=\"{{css.actions}}\"></p></div></div></div>"
},
post: function ()
{
return {
id: "address-search",
search_type: "ipv6",
device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
interface: '<?php echo mres($_POST['interface']); ?>',
address: '<?php echo mres($_POST['address']); ?>'
};
},
url: "ajax_table.php"
});
</script>
Reference in New Issue View Git Blame Copy Permalink