mirror of
				https://github.com/librenms/librenms.git
				synced 2024-10-07 16:52:45 +00:00 
			
		
		
		
	* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
		
			
				
	
	
		
			61 lines
		
	
	
		
			1.6 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			61 lines
		
	
	
		
			1.6 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| /**
 | |
|  * groups.inc.php
 | |
|  *
 | |
|  * List groups
 | |
|  *
 | |
|  * This program is free software: you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU General Public License as published by
 | |
|  * the Free Software Foundation, either version 3 of the License, or
 | |
|  * (at your option) any later version.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
 | |
|  * GNU General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 | |
|  *
 | |
|  * @package    LibreNMS
 | |
|  * @link       http://librenms.org
 | |
|  * @copyright  2018 Tony Murray
 | |
|  * @author     Tony Murray <murraytony@gmail.com>
 | |
|  */
 | |
| 
 | |
| use LibreNMS\Authentication\LegacyAuth;
 | |
| 
 | |
| if (!LegacyAuth::user()->hasGlobalRead()) {
 | |
|     return [];
 | |
| }
 | |
| 
 | |
| $query = '';
 | |
| $params = [];
 | |
| 
 | |
| if (!empty($_REQUEST['search'])) {
 | |
|     $query .= ' WHERE `name` LIKE ?';
 | |
|     $params[] = '%' . mres($_REQUEST['search']) . '%';
 | |
| }
 | |
| 
 | |
| 
 | |
| $total = dbFetchCell("SELECT COUNT(*) FROM `device_groups` $query", $params);
 | |
| $more = false;
 | |
| 
 | |
| if (!empty($_REQUEST['limit'])) {
 | |
|     $limit = (int) $_REQUEST['limit'];
 | |
|     $page = isset($_REQUEST['page']) ? (int) $_REQUEST['page'] : 1;
 | |
|     $offset = ($page - 1) * $limit;
 | |
| 
 | |
|     $query .= " LIMIT $offset, $limit";
 | |
| } else {
 | |
|     $offset = 0;
 | |
| }
 | |
| 
 | |
| 
 | |
| $sql = "SELECT `id`, `name` AS `text` FROM `device_groups` $query";
 | |
| $groups = dbFetchRows($sql, $params);
 | |
| 
 | |
| $more = ($offset + count($groups)) < $total;
 | |
| 
 | |
| return [$groups, $more];
 |