tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 18:59:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #41 from alorbach/al-update-2020-01

Browse Source 
updates 2020-01
This commit is contained in:
Andre Lorbach 2020-01-17 16:28:30 +01:00 committed by GitHub
commit 8f82ead433
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,4 +1,11 @@
---------------------------------------------------------------------------
Version 4.1.9 (stable), 2020-01-17
- UserDB: Corrrected sourceid type of reports database with database
update (v12) thanks to spacecabbie on github.
- Fixed Links in Helpmenu (thanks to spacecabbie on github).
- Secured redirect code in login form, thanks for reporting to:
Amal Thamban , Kamal Paul
---------------------------------------------------------------------------
Version 4.1.8 (stable), 2019-09-26
- Add new driver for DBMS ClickHouse
- php7.x: fixed multiple compatibility issues.

11
src/include/functions_common.php
View File

@ -65,7 +65,7 @@ $LANG_EN = "en"; // Used for fallback
$LANG = "en"; // Default language
// Default Template vars
$content['BUILDNUMBER'] = "4.1.8";
$content['BUILDNUMBER'] = "4.1.9";
$content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt";
$content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER']; // Default page title
$content['BASEPATH'] = $gl_root_path;
@ -1278,6 +1278,15 @@ function IncludeLanguageFile( $langfile, $failOnError = true )
}
}
function SecureRedirect( $szRedir )
{
// Remove any domains from URI
$szRedir = parse_url($szRedir, PHP_URL_PATH);
if (strlen($szRedir) == 0)
$szRedir = "index.php";
return $szRedir;
}
function RedirectPage( $newpage )
{
header("Location: $newpage");

2
src/include/functions_users.php
View File

@ -464,6 +464,7 @@ function RedirectToUserLogin()
$referer = $_SERVER['PHP_SELF'];
if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 )
$referer .= "?" . $_SERVER['QUERY_STRING'];
$referer = SecureRedirect($referer);
header("Location: " . $content['BASEPATH'] . "login.php?referer=" . urlencode($referer) );
exit;
@ -477,6 +478,7 @@ function RedirectToDatabaseUpgrade()
$referer = $_SERVER['PHP_SELF'];
if ( isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0 )
$referer .= "?" . $_SERVER['QUERY_STRING'];
$referer = SecureRedirect($referer);
header("Location: " . $content['BASEPATH'] . "admin/upgrade.php?referer=" . urlencode($referer) );
exit;

1
src/login.php
View File

@ -63,6 +63,7 @@ else if ( isset($_POST['referer']) )
$szRedir = htmlspecialchars($_POST['referer']);
else
$szRedir = "index.php"; // Default
$szRedir = SecureRedirect($szRedir);
if ( isset($_POST['op']) && $_POST['op'] == "login" )
{

2
src/userchange.php
View File

@ -50,7 +50,7 @@ if ( isset($_SERVER['HTTP_REFERER']) )
$szRedir = $_SERVER['HTTP_REFERER'];
else
$szRedir = "index.php"; // Default
$szRedir = SecureRedirect($szRedir);
if ( isset($_GET['op']) )
{