]>
Commit | Line | Data |
---|---|---|
1 | --- cacti-0.8.7e/graph_view.php 2009-10-02 10:30:43.000000000 +0300 | |
2 | +++ cacti/graph_view.php 2009-10-07 12:42:04.032959475 +0300 | |
3 | @@ -30,6 +30,7 @@ include_once('./lib/timespan_settings.ph | |
4 | define("MAX_DISPLAY_PAGES", 21); | |
5 | ||
6 | /* ================= input validation ================= */ | |
7 | +input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$"); | |
8 | input_validate_input_number(get_request_var_request('branch_id')); | |
9 | input_validate_input_number(get_request_var_request('hide')); | |
10 | input_validate_input_number(get_request_var_request('tree_id')); | |
11 | @@ -41,6 +42,11 @@ input_validate_input_regex(get_request_v | |
12 | input_validate_input_regex(get_request_var_request('nodeid'), '^([_a-z0-9]+)$'); | |
13 | /* ==================================================== */ | |
14 | ||
15 | +if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) { | |
16 | + // fill $host_id from $host_name. empty result is ok too, we'll list previous view then | |
17 | + $_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'"); | |
18 | +} | |
19 | + | |
20 | /* clean up action string */ | |
21 | if (isset($_REQUEST['action'])) { | |
22 | $_REQUEST['action'] = sanitize_search_string(get_request_var_request('action')); | |
23 | @@ -162,6 +168,7 @@ case 'preview': | |
24 | } | |
25 | ||
26 | /* ================= input validation ================= */ | |
27 | + input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$"); | |
28 | input_validate_input_number(get_request_var_request('host_id')); | |
29 | input_validate_input_number(get_request_var_request('graph_template_id')); | |
30 | input_validate_input_number(get_request_var_request('page')); | |
31 | @@ -600,6 +607,7 @@ case 'list': | |
32 | } | |
33 | ||
34 | /* ================= input validation ================= */ | |
35 | + input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$"); | |
36 | input_validate_input_number(get_request_var_request('host_id')); | |
37 | input_validate_input_number(get_request_var_request('graph_template_id')); | |
38 | input_validate_input_number(get_request_var_request('rows')); |