mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
36431dd296
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
39 lines
1.3 KiB
PHP
39 lines
1.3 KiB
PHP
<?php
|
|
|
|
if (is_numeric($vars['id'])) {
|
|
$acc = dbFetchRow('SELECT * FROM `mac_accounting` AS M, `ports` AS I, `devices` AS D WHERE M.ma_id = ? AND I.port_id = M.port_id AND I.device_id = D.device_id', array($vars['id']));
|
|
|
|
if ($debug) {
|
|
echo '<pre>';
|
|
print_r($acc);
|
|
echo '</pre>';
|
|
}
|
|
|
|
if (is_array($acc)) {
|
|
if ($auth || port_permitted($acc['port_id'])) {
|
|
$filename = rrd_name($acc['hostname'], array('cip', $acc['ifIndex'], $acc['mac']));
|
|
d_echo($filename);
|
|
|
|
if (is_file($filename)) {
|
|
d_echo('exists');
|
|
|
|
$rrd_filename = $filename;
|
|
$port = cleanPort(get_port_by_id($acc['port_id']));
|
|
$device = device_by_id_cache($port['device_id']);
|
|
$title = generate_device_link($device);
|
|
$title .= ' :: Port '.generate_port_link($port);
|
|
$title .= ' :: '.formatMac($acc['mac']);
|
|
$auth = true;
|
|
} else {
|
|
graph_error('file not found');
|
|
}
|
|
} else {
|
|
graph_error('unauthenticated');
|
|
}
|
|
} else {
|
|
graph_error('entry not found');
|
|
}
|
|
} else {
|
|
graph_error('invalid id');
|
|
}
|