[packages/cacti.git] / sec_sql_injection-0.8.6j.patch

diff -ruBbdN cacti-0.8.6j/include/top_graph_header.php cacti-0.8.6j-patched/include/top_graph_header.php
--- cacti-0.8.6j/include/top_graph_header.php	2007-01-17 19:23:10.000000000 -0500
+++ cacti-0.8.6j-patched/include/top_graph_header.php	2007-11-03 12:53:46.000000000 -0400
@@ -27,6 +27,10 @@
 $using_guest_account = false;
 $show_console_tab = true;
 
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("local_graph_id"));
+/* ==================================================== */
+
 if (read_config_option("global_auth") == "on") {
 	/* at this point this user is good to go... so get some setting about this
 	user and put them into variables to save excess SQL in the future */
Commit	Line	Data
ba607528 GS	1	diff -ruBbdN cacti-0.8.6j/include/top_graph_header.php cacti-0.8.6j-patched/include/top_graph_header.php
	2	--- cacti-0.8.6j/include/top_graph_header.php 2007-01-17 19:23:10.000000000 -0500
	3	+++ cacti-0.8.6j-patched/include/top_graph_header.php 2007-11-03 12:53:46.000000000 -0400
	4	@@ -27,6 +27,10 @@
	5	$using_guest_account = false;
	6	$show_console_tab = true;
	7
	8	+/* ================= input validation ================= */
	9	+input_validate_input_number(get_request_var_request("local_graph_id"));
	10	+/* ==================================================== */
	11	+
	12	if (read_config_option("global_auth") == "on") {
	13	/* at this point this user is good to go... so get some setting about this
	14	user and put them into variables to save excess SQL in the future */