* Add a configuration directive general_sessionclear_bin
* Add a session disconnect button in the 'clear open sessions' page
* Also clear sessions from the sql extra servers in the 'clear open sessions' page
+* In bin/snmpfinger also accept @,. in the username
+* If we are stripping realms, then if needed strip them from the data returned by snmpfinger in
+ user_finger.php3
Ver 1.75:
* A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to
be accessed by normal users (not administrators).
$nas_type = 'cisco';
$users=exec("$config[general_snmpfinger_bin] $name_data $community_data $nas_type");
- if (strlen($users))
+ if (strlen($users)){
$extra = "AND username IN ($users)";
+ if ($config[general_strip_realms] == 'yes'){
+ if ($config[general_realm_format] == 'prefix')
+ $match = "'[^']+" . $config[general_realm_delimiter];
+ else
+ $match = $config[general_realm_delimiter] . "[^']+'";
+ $extra = preg_replace("/$match/","'",$extra);
+ }
+ }
}
$search = @da_sql_query($link,$config,
"SELECT DISTINCT username,acctstarttime,framedipaddress,callingstationid