mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
8bbc69a878e3e96a7465652d407c1e5550ab5a89
librenms-librenms/includes/html/pages/ripenccapi.inc.php
Tony Murray 36431dd296 Security fix: unauthorized access (#10091) 
* Security fix: unauthorized access
Affects nginx users:
Moved php files outside of public html directory (Apache was protected by .htaccess)

Affects all users:
Some files did not check for authentication and could disclose some info.
Better checks before including files from user input

* git mv html/includes/ includes/html
git mv html/pages/ includes/html/
2019-04-11 23:26:42 -05:00

81 lines
2.9 KiB
PHP
Raw Blame History

<?php
/*
* LibreNMS
*
* Copyright (c) 2015 Søren Friis Rosiak <sorenrosiak@gmail.com>
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version. Please see LICENSE.txt at the top level of
* the source code distribution for details.
*/
$pagetitle[] = 'RIPE NCC - API Tools';
$no_refresh = true;
?>
<h3> RIPE NCC API Tools </h3>
<hr>
<form class="form-horizontal" action="" method="post">
<div class="radio">
<label><input type="radio" name="data_radio" value="abuse-contact-finder">Abuse Contact Finder</label>
</div>
<div class="radio">
<label><input type="radio" name="data_radio" value="whois">Whois</label>
</div>
<br />
<div class="input-group">
<input type="text" class="form-control" id="input-parameter" placeholder="IP, ASN etc.">
<span class="input-group-btn">
<button type="submit" name="btn-query" id="btn-query" class="btn btn-primary">Query</button>
</span>
</div>
</form>
<br />
<div class="alert alert-success" style="display: none;">
<pre id="ripe-output"></pre>
</div>
<br />
<script>
$("[name='btn-query']").on('click', function(event) {
event.preventDefault();
var data_param = $('input[name=data_radio]:checked').val();
var query_param = $("#input-parameter").val();
$.ajax({
type: 'POST',
url: 'ajax/ripe/raw',
data: {
data_param: data_param,
query_param: query_param
},
dataType: "json",
success: function(data) {
var output = $('#ripe-output');
output.empty();
output.parent().show();
if (data.output.data.records)
$.each(data.output.data.records[0], function(row, value) {
$('#ripe-output').append(value['key'] + ' = ' + value['value'] + '<br />');
});
else if (data.output.data.anti_abuse_contacts.abuse_c)
$.each(data.output.data.anti_abuse_contacts.abuse_c, function(row, value) {
$('#ripe-output').append(value['description'] + ' = ' + value['email'] + '<br />');
});
},
error: function(data) {
if (data.status === 422) {
var json = data.responseJSON;
var errors = [];
for (var attrib in json) {
errors.push(json[attrib]);
}
toastr.error('Error: ' + errors.join("<br />"));
} else {
toastr.error(data.responseJSON.message);
}
}
});
});
</script>
Reference in New Issue View Git Blame Copy Permalink