mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Tony Murray
36431dd296
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
15 lines
576 B
PHP
15 lines
576 B
PHP
<?php
|
|
|
|
require 'includes/html/graphs/device/auth.inc.php';
|
|
|
|
if ($auth && is_numeric($_GET['mod']) && is_numeric($_GET['chan'])) {
|
|
$entity = dbFetchRow('SELECT * FROM entPhysical WHERE device_id = ? AND entPhysicalIndex = ?', array($device['device_id'], $_GET['mod']));
|
|
|
|
$title .= ' :: '.$entity['entPhysicalName'];
|
|
$title .= ' :: Fabric '.$_GET['chan'];
|
|
|
|
$graph_title = shorthost($device['hostname']).'::'.$entity['entPhysicalName'].'::Fabric'.$_GET['chan'];
|
|
|
|
$rrd_filename = rrd_name($device['hostname'], array('c6kxbar', $_GET['mod'], $_GET['chan']));
|
|
}
|