tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Chart generator bypass security if server request

This commit is contained in:
Calvo 2023-10-11 12:44:41 +02:00
parent 44fa1c5cdc
commit d3a6edc9cf
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pandora_console/include/chart_generator.php
View File

@ -66,13 +66,14 @@ global $config;
// Care whit this!!! check_login not working if you remove this.
$config['id_user'] = $id_user;
$_SESSION['id_usuario'] = $id_user;
if (!isset($config[$slicebar])) {
$config[$slicebar] = $slicebar_value;
}
// Try to initialize session using existing php session id.
$user = new PandoraFMS\User(['phpsessionid' => $session_id]);
if (check_login(false) === false) {
if (check_login(false) === false && $config['server_unique_identifier'] == ! $_SESSION['id_usuario']) {
// Error handler.
?>
<!DOCTYPE html>