vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

enforced admin privileges on endpoint pages

Browse source
This commit is contained in:
gabryon99 2020-05-13 18:26:01 +02:00
parent ac03865c01
commit 237309fc58
7 changed files with 28 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

15
scripts/lua/edit_endpoint.lua
View file

@ -12,21 +12,10 @@ local notification_endpoints = require("notification_endpoints")
local action = _POST["action"]
local function reportError(msg)
print(json.encode({ message = msg, success = false, }))
end
sendHTTPContentTypeHeader('application/json')
if (not isAdministrator()) then
traceError(TRACE_ERROR, TRACE_CONSOLE, "The user doesn't have the privileges to edit a notification endpoint!")
reportError("The user doesn't have the privileges to edit a notification endpoint!")
end
if (action == nil) then
traceError(TRACE_ERROR, TRACE_CONSOLE, "Missing 'action' parameter. Bad CSRF?")
reportError("Missing 'action' parameter. Bad CSRF?")
return
if not haveAdminPrivileges() then
return
end
local endpoint_conf_name = _POST["endpoint_conf_name"]