From 08a6b46d15e443dbfd04e1f190bdab2edf879cec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Fri, 21 Oct 2022 21:52:42 +0200
Subject: [PATCH 1/2] Require auth for more API endpoints
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 api_FTL.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api_FTL.php b/api_FTL.php
index 158ee08b..f25c514d 100644
--- a/api_FTL.php
+++ b/api_FTL.php
@@ -19,7 +19,7 @@ if (isset($_GET['version'])) {
     $data['version'] = 3;
 }
 
-if (isset($_GET['status'])) {
+if (isset($_GET['status']) && $auth) {
     $return = callFTLAPI('stats');
     if (array_key_exists('FTLnotrunning', $return)) {
         $data = array('FTLnotrunning' => true);
@@ -32,7 +32,7 @@ if (isset($_GET['status'])) {
     }
 }
 
-if (isset($_GET['summary']) || isset($_GET['summaryRaw']) || !count($_GET)) {
+if (isset($_GET['summary']) || isset($_GET['summaryRaw']) || !count($_GET) && $auth) {
     require_once 'scripts/pi-hole/php/gravity.php';
 
     $return = callFTLAPI('stats');
@@ -77,7 +77,7 @@ if (isset($_GET['getMaxlogage']) && $auth) {
     }
 }
 
-if (isset($_GET['overTimeData10mins'])) {
+if (isset($_GET['overTimeData10mins']) && $auth) {
     $return = callFTLAPI('overTime');
     if (array_key_exists('FTLnotrunning', $return)) {
         $data = array('FTLnotrunning' => true);

From 97200b8462c93dd26de1e6b6946cbad351a0de6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Thu, 3 Nov 2022 22:37:39 +0100
Subject: [PATCH 2/2] Add missing Parentheses
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 api_FTL.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api_FTL.php b/api_FTL.php
index f25c514d..7e7fb1fa 100644
--- a/api_FTL.php
+++ b/api_FTL.php
@@ -32,7 +32,7 @@ if (isset($_GET['status']) && $auth) {
     }
 }
 
-if (isset($_GET['summary']) || isset($_GET['summaryRaw']) || !count($_GET) && $auth) {
+if ((isset($_GET['summary']) || isset($_GET['summaryRaw']) || !count($_GET)) && $auth) {
     require_once 'scripts/pi-hole/php/gravity.php';
 
     $return = callFTLAPI('stats');