vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 07:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Security fix - prevents non-admins to delete alerts via REST

Browse source
This commit is contained in:
Simone Mainardi 2021-07-02 18:48:54 +02:00
parent a767ad1e26
commit 8f52f33e13
8 changed files with 41 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/lua/rest/v1/delete/user/alerts.lua
View file

@ -22,6 +22,11 @@ local user_alert_store = require "user_alert_store".new()
local rc = rest_utils.consts.success.ok
local res = {}
if not isAdministrator() then
rest_utils.answer(rest_utils.consts.err.not_granted)
return
end
interface.select(getSystemInterfaceId())
-- Add filters