mirror of
https://github.com/librenms/librenms.git
synced 2024-09-22 02:48:37 +00:00
36431dd296
* Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/
17 lines
641 B
PHP
17 lines
641 B
PHP
<?php
|
|
|
|
if (is_numeric($vars['id'])) {
|
|
// $auth= TRUE;
|
|
$vserver = dbFetchRow('SELECT * FROM `loadbalancer_vservers` AS I, `devices` AS D WHERE I.classmap_id = ? AND I.device_id = D.device_id', array($vars['id']));
|
|
|
|
if (is_numeric($vserver['device_id']) && ($auth || device_permitted($vserver['device_id']))) {
|
|
$device = device_by_id_cache($vserver['device_id']);
|
|
|
|
$rrd_filename = rrd_name($device['hostname'], array('vserver', $vserver['classmap_id']));
|
|
|
|
$title = generate_device_link($device);
|
|
$title .= ' :: Serverfarm :: '.htmlentities($vserver['classmap_id']);
|
|
$auth = true;
|
|
}
|
|
}
|