]> git.pld-linux.org Git - packages/cacti.git/blobdiff - sql_injection_template_export.patch
projects / packages / cacti.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- added sql_injection_template_export.patch. Resolves: CVE-2010-1431
[packages/cacti.git] / sql_injection_template_export.patch
diff --git a/sql_injection_template_export.patch b/sql_injection_template_export.patch
new file mode 100644 (file)
index 0000000..397990c
--- /dev/null
+++ b/sql_injection_template_export.patch
@@ -0,0 +1,13 @@
+--- cacti-0.8.7e/templates_export.php  2009-06-28 12:07:11.000000000 -0400
++++ cacti-fixed/templates_export.php   2010-04-17 14:08:42.000000000 -0400
+@@ -49,6 +49,10 @@
+ function form_save() {
+       global $export_types;
++    /* ================= input validation ================= */
++    input_validate_input_number(get_request_var_post("export_item_id"));
++    /* ==================================================== */
++
+       if (isset($_POST["save_component_export"])) {
+               $xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
Cacti is a PHP frontend for rrdtool
This page took 0.02794 seconds and 4 git commands to generate.