diff options
| author | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2002-09-07 09:16:46 +0000 |
|---|---|---|
| committer | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2002-09-07 09:16:46 +0000 |
| commit | 9db4b0aeb0582ea1afa3e54493268348963cbe0f (patch) | |
| tree | e43517c29d15694a81179018dcc069aa6ea9b80d /frontends/php/chart_diff.php | |
| parent | cf2952549223c779ec2fe14eddd6dc70bcae064c (diff) | |
| download | zabbix-9db4b0aeb0582ea1afa3e54493268348963cbe0f.tar.gz zabbix-9db4b0aeb0582ea1afa3e54493268348963cbe0f.tar.xz zabbix-9db4b0aeb0582ea1afa3e54493268348963cbe0f.zip | |
- fixed permission check for all *.php (Alexei)
git-svn-id: svn://svn.zabbix.com/trunk@483 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/chart_diff.php')
| -rw-r--r-- | frontends/php/chart_diff.php | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/frontends/php/chart_diff.php b/frontends/php/chart_diff.php index 6052d4b7..a95bb904 100644 --- a/frontends/php/chart_diff.php +++ b/frontends/php/chart_diff.php @@ -7,15 +7,23 @@ # period # from - if(!isset($period)) + if(!isset($HTTP_GET_VARS["period"])) { $period=0; } + else + { + $period=$HTTP_GET_VARS["period"]; + } - if(!isset($from)) + if(!isset($HTTP_GET_VARS["from"])) { $from=0; } + else + { + $from=$HTTP_GET_VARS["from"]; + } $sizeX=900; $sizeY=200; @@ -30,6 +38,8 @@ Header( "Content-type: image/png"); Header( "Expires: Mon, 17 Aug 1998 12:51:50 GMT"); + check_authorisation(); + $im = imagecreate($sizeX+$shiftX+61,$sizeY+2*$shiftY+10); $red=ImageColorAllocate($im,255,0,0); @@ -49,6 +59,15 @@ ImageFilledRectangle($im,0,0,$sizeX+$shiftX+61,$sizeY+2*$shiftY+10,$white); ImageRectangle($im,0,0,$x-1,$y-1,$black); + if(!check_right("Item","R",$HTTP_GET_VARS["itemid"])) + { +// show_table_header("<font color=\"AA0000\">No permissions !</font>"); +// show_footer(); + ImagePng($im); + ImageDestroy($im); + exit; + } + for($i=0;$i<=$sizeY;$i+=$sizeY/5) { ImageDashedLine($im,$shiftX,$i+$shiftY,$sizeX+$shiftX,$i+$shiftY,$gray); @@ -57,7 +76,7 @@ { ImageDashedLine($im,$i+$shiftX,$shiftY,$i+$shiftX,$sizeY+$shiftY,$gray); } - $item=get_item_by_itemid($itemid); + $item=get_item_by_itemid($HTTP_GET_VARS["itemid"]); $host=get_host_by_hostid($item["hostid"]); $str=$host["host"].":".$item["description"]." (diff)"; @@ -66,7 +85,7 @@ $from_time = time(NULL)-$period-3600*$from; $to_time = time(NULL)-3600*$from; - $result=DBselect("select count(clock),min(clock),max(clock),min(value),max(value) from history where itemid=$itemid and clock>$from_time and clock<$to_time "); + $result=DBselect("select count(clock),min(clock),max(clock),min(value),max(value) from history where itemid=".$HTTP_GET_VARS["itemid"]." and clock>$from_time and clock<$to_time "); $count=DBget_field($result,0,0); if($count>0) { @@ -93,7 +112,7 @@ // echo "MIN/MAX:",$minX," - ",$maxX," - ",$minY," - ",$maxY,"<Br>"; - $result=DBselect("select clock,value from history where itemid=$itemid and clock>$from_time and clock<$to_time order by clock"); + $result=DBselect("select clock,value from history where itemid=".$HTTP_GET_VARS["itemid"]." and clock>$from_time and clock<$to_time order by clock"); if(isset($minX)&&($minX!=$maxX)&&($minY!=$maxY)) { for($i=0;$i<DBnum_rows($result)-3;$i++) |