[packages/cacti.git] / cacti-0.8.7g-sqli-xss.patch

diff -ur cacti-0.8.7g.orig/data_input.php cacti-0.8.7g/data_input.php
--- cacti-0.8.7g.orig/data_input.php	2010-07-10 00:33:46.000000000 +0200
+++ cacti-0.8.7g/data_input.php	2011-04-14 21:10:24.658500117 +0200
@@ -386,7 +386,7 @@
 	html_end_box();
 
 	if (!empty($_GET["id"])) {
-		html_start_box("<strong>Input Fields</strong>", "100%", $colors["header"], "3", "center", "data_input.php?action=field_edit&type=in&data_input_id=" . $_GET["id"]);
+		html_start_box("<strong>Input Fields</strong>", "100%", $colors["header"], "3", "center", "data_input.php?action=field_edit&type=in&data_input_id=" . htmlspecialchars(get_request_var("id")));
 		print "<tr bgcolor='#" . $colors["header_panel"] . "'>";
 			DrawMatrixHeaderItem("Name",$colors["header_text"],1);
 			DrawMatrixHeaderItem("Field Order",$colors["header_text"],1);
diff -ur cacti-0.8.7g.orig/graphs.php cacti-0.8.7g/graphs.php
--- cacti-0.8.7g.orig/graphs.php	2010-07-10 00:33:46.000000000 +0200
+++ cacti-0.8.7g/graphs.php	2011-04-14 21:13:55.043000147 +0200
@@ -1118,7 +1118,7 @@
 	</script>
 	<?php
 
-	html_start_box("<strong>Graph Management</strong>", "100%", $colors["header"], "3", "center", "graphs.php?action=graph_edit&host_id=" . get_request_var_request("host_id"));
+	html_start_box("<strong>Graph Management</strong>", "100%", $colors["header"], "3", "center", "graphs.php?action=graph_edit&host_id=" . htmlspecialchars(get_request_var_request("host_id")));
 
 	?>
 	<tr bgcolor="#<?php print $colors["panel"];?>">
diff -ur cacti-0.8.7g.orig/graph_templates.php cacti-0.8.7g/graph_templates.php
--- cacti-0.8.7g.orig/graph_templates.php	2010-07-10 00:33:46.000000000 +0200
+++ cacti-0.8.7g/graph_templates.php	2011-04-14 21:12:45.854000138 +0200
@@ -302,12 +302,12 @@
 
 		$header_label = "[edit: " . db_fetch_cell("select name from graph_templates where id=" . $_GET["id"]) . "]";
 	}
-
-	html_start_box("<strong>Graph Template Items</strong> " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", "graph_templates_items.php?action=item_edit&graph_template_id=" . $_GET["id"]);
+	
+	html_start_box("<strong>Graph Template Items</strong> " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", "graph_templates_items.php?action=item_edit&graph_template_id=" . htmlspecialchars(get_request_var("id")));
 	draw_graph_items_list($template_item_list, "graph_templates_items.php", "graph_template_id=" . $_GET["id"], false);
 	html_end_box();
 
-	html_start_box("<strong>Graph Item Inputs</strong>", "100%", $colors["header"], "3", "center", "graph_templates_inputs.php?action=input_edit&graph_template_id=" . $_GET["id"]);
+	html_start_box("<strong>Graph Item Inputs</strong>", "100%", $colors["header"], "3", "center", "graph_templates_inputs.php?action=input_edit&graph_template_id=" . htmlspecialchars(get_request_var("id")));
 
 	print "<tr bgcolor='#" . $colors["header_panel"] . "'>";
 		DrawMatrixHeaderItem("Name",$colors["header_text"],2);
diff -ur cacti-0.8.7g.orig/host.php cacti-0.8.7g/host.php
--- cacti-0.8.7g.orig/host.php	2010-07-10 00:33:46.000000000 +0200
+++ cacti-0.8.7g/host.php	2011-04-14 21:07:38.703500166 +0200
@@ -333,7 +333,7 @@
 	/* add a list of tree names to the actions dropdown */
 	add_tree_names_to_actions_array();
 
-	html_start_box("<strong>" . $device_actions{$_POST["drp_action"]} . "</strong>", "60%", $colors["header_panel"], "3", "center", "");
+	html_start_box("<strong>" . $device_actions[get_request_var_post("drp_action")] . "</strong>", "60%", $colors["header_panel"], "3", "center", "");
 
 	print "<form action='host.php' autocomplete='off' method='post'>\n";
 
@@ -1189,7 +1189,7 @@
 	</script>
 	<?php
 
-	html_start_box("<strong>Devices</strong>", "100%", $colors["header"], "3", "center", "host.php?action=edit&host_template_id=" . get_request_var_request("host_template_id") . "&host_status=" . get_request_var_request("host_status"));
+	html_start_box("<strong>Devices</strong>", "100%", $colors["header"], "3", "center", "host.php?action=edit&host_template_id=" . htmlspecialchars(get_request_var_request("host_template_id")) . "&host_status=" . htmlspecialchars(get_request_var_request("host_status")));
 
 	?>
 	<tr bgcolor="#<?php print $colors["panel"];?>">
diff -ur cacti-0.8.7g.orig/templates_export.php cacti-0.8.7g/templates_export.php
--- cacti-0.8.7g.orig/templates_export.php	2010-07-10 00:33:46.000000000 +0200
+++ cacti-0.8.7g/templates_export.php	2011-04-14 21:15:29.790000150 +0200
@@ -93,7 +93,7 @@
 				<select name="cbo_graph_id" onChange="window.location=document.form_graph_id.cbo_graph_id.options[document.form_graph_id.cbo_graph_id.selectedIndex].value">
 					<?php
 					while (list($key, $array) = each($export_types)) {
-						print "<option value='templates_export.php?export_type=$key'"; if ($_REQUEST["export_type"] == $key) { print " selected"; } print ">" . $array["name"] . "</option>\n";
+						print "<option value='templates_export.php?export_type=" . htmlspecialchars($key) . "'"; if ($_REQUEST["export_type"] == $key) { print " selected"; } print ">" . $array["name"] . "</option>\n";
 					}
 					?>
 				</select>
diff -ur cacti-0.8.7g.orig/tree.php cacti-0.8.7g/tree.php
--- cacti-0.8.7g.orig/tree.php	2010-07-10 00:33:46.000000000 +0200
+++ cacti-0.8.7g/tree.php	2011-04-14 21:18:53.174500150 +0200
@@ -141,7 +141,7 @@
 	/* ==================================================== */
 
 	if (!empty($_GET["id"])) {
-		$tree_item = db_fetch_row("select * from graph_tree_items where id=" . $_GET["id"]);
+		$tree_item = db_fetch_row("select * from graph_tree_items where id=" . get_request_var("id"));
 
 		if ($tree_item["local_graph_id"] > 0) { $db_type = TREE_ITEM_TYPE_GRAPH; }
 		if ($tree_item["title"] != "") { $db_type = TREE_ITEM_TYPE_HEADER; }
@@ -156,7 +156,7 @@
 		$current_type = TREE_ITEM_TYPE_HEADER;
 	}
 
-	$tree_sort_type = db_fetch_cell("select sort_type from graph_tree where id='" . $_GET["tree_id"] . "'");
+	$tree_sort_type = db_fetch_cell("select sort_type from graph_tree where id='" . get_request_var("tree_id") . "'");
 
 	print "<form method='post' action='tree.php' name='form_tree'>\n";
 
@@ -429,13 +429,13 @@
 	html_end_box();
 
 	if (!empty($_GET["id"])) {
-		html_start_box("<strong>Tree Items</strong>", "100%", $colors["header"], "3", "center", "tree.php?action=item_edit&tree_id=" . $tree["id"] . "&parent_id=0");
+		html_start_box("<strong>Tree Items</strong>", "100%", $colors["header"], "3", "center", "tree.php?action=item_edit&tree_id=" . htmlspecialchars($tree["id"]) . "&parent_id=0");
 
 		?>
 		<td>
-		<input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print $_GET["id"];?>&subaction=expand_all"' value='Expand All' title='Expand All Trees'>
-		<input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print $_GET["id"];?>&subaction=collapse_all"' value='Collapse All' title='Collapse All Trees'></a>
-		</td>
+		<input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print htmlspecialchars(get_request_var("id"));?>&subaction=expand_all"' value='Expand All' title='Expand All Trees'>
+		<input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print htmlspecialchars(get_request_var("id"));?>&subaction=collapse_all"' value='Collapse All' title='Collapse All Trees'></a>		
+		</td>	
 		<?php
 
 		print "<tr bgcolor='#" . $colors["header_panel"] . "'>";
Commit	Line	Data
580a2346	1	diff -ur cacti-0.8.7g.orig/data_input.php cacti-0.8.7g/data_input.php
	2	--- cacti-0.8.7g.orig/data_input.php 2010-07-10 00:33:46.000000000 +0200
	3	+++ cacti-0.8.7g/data_input.php 2011-04-14 21:10:24.658500117 +0200
	4	@@ -386,7 +386,7 @@
	5	html_end_box();
	6
	7	if (!empty($_GET["id"])) {
	8	- html_start_box("<strong>Input Fields</strong>", "100%", $colors["header"], "3", "center", "data_input.php?action=field_edit&type=in&data_input_id=" . $_GET["id"]);
	9	+ html_start_box("<strong>Input Fields</strong>", "100%", $colors["header"], "3", "center", "data_input.php?action=field_edit&type=in&data_input_id=" . htmlspecialchars(get_request_var("id")));
	10	print "<tr bgcolor='#" . $colors["header_panel"] . "'>";
	11	DrawMatrixHeaderItem("Name",$colors["header_text"],1);
	12	DrawMatrixHeaderItem("Field Order",$colors["header_text"],1);
	13	diff -ur cacti-0.8.7g.orig/graphs.php cacti-0.8.7g/graphs.php
	14	--- cacti-0.8.7g.orig/graphs.php 2010-07-10 00:33:46.000000000 +0200
	15	+++ cacti-0.8.7g/graphs.php 2011-04-14 21:13:55.043000147 +0200
	16	@@ -1118,7 +1118,7 @@
	17	</script>
	18	<?php
	19
	20	- html_start_box("<strong>Graph Management</strong>", "100%", $colors["header"], "3", "center", "graphs.php?action=graph_edit&host_id=" . get_request_var_request("host_id"));
	21	+ html_start_box("<strong>Graph Management</strong>", "100%", $colors["header"], "3", "center", "graphs.php?action=graph_edit&host_id=" . htmlspecialchars(get_request_var_request("host_id")));
	22
	23	?>
	24	<tr bgcolor="#<?php print $colors["panel"];?>">
	25	diff -ur cacti-0.8.7g.orig/graph_templates.php cacti-0.8.7g/graph_templates.php
	26	--- cacti-0.8.7g.orig/graph_templates.php 2010-07-10 00:33:46.000000000 +0200
	27	+++ cacti-0.8.7g/graph_templates.php 2011-04-14 21:12:45.854000138 +0200
	28	@@ -302,12 +302,12 @@
	29
	30	$header_label = "[edit: " . db_fetch_cell("select name from graph_templates where id=" . $_GET["id"]) . "]";
	31	}
	32	-
	33	- html_start_box("<strong>Graph Template Items</strong> " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", "graph_templates_items.php?action=item_edit&graph_template_id=" . $_GET["id"]);
	34	+
	35	+ html_start_box("<strong>Graph Template Items</strong> " . htmlspecialchars($header_label), "100%", $colors["header"], "3", "center", "graph_templates_items.php?action=item_edit&graph_template_id=" . htmlspecialchars(get_request_var("id")));
	36	draw_graph_items_list($template_item_list, "graph_templates_items.php", "graph_template_id=" . $_GET["id"], false);
	37	html_end_box();
	38
	39	- html_start_box("<strong>Graph Item Inputs</strong>", "100%", $colors["header"], "3", "center", "graph_templates_inputs.php?action=input_edit&graph_template_id=" . $_GET["id"]);
	40	+ html_start_box("<strong>Graph Item Inputs</strong>", "100%", $colors["header"], "3", "center", "graph_templates_inputs.php?action=input_edit&graph_template_id=" . htmlspecialchars(get_request_var("id")));
	41
	42	print "<tr bgcolor='#" . $colors["header_panel"] . "'>";
	43	DrawMatrixHeaderItem("Name",$colors["header_text"],2);
	44	diff -ur cacti-0.8.7g.orig/host.php cacti-0.8.7g/host.php
	45	--- cacti-0.8.7g.orig/host.php 2010-07-10 00:33:46.000000000 +0200
	46	+++ cacti-0.8.7g/host.php 2011-04-14 21:07:38.703500166 +0200
	47	@@ -333,7 +333,7 @@
	48	/* add a list of tree names to the actions dropdown */
	49	add_tree_names_to_actions_array();
	50
	51	- html_start_box("<strong>" . $device_actions{$_POST["drp_action"]} . "</strong>", "60%", $colors["header_panel"], "3", "center", "");
	52	+ html_start_box("<strong>" . $device_actions[get_request_var_post("drp_action")] . "</strong>", "60%", $colors["header_panel"], "3", "center", "");
	53
	54	print "<form action='host.php' autocomplete='off' method='post'>\n";
	55
	56	@@ -1189,7 +1189,7 @@
	57	</script>
	58	<?php
	59
	60	- html_start_box("<strong>Devices</strong>", "100%", $colors["header"], "3", "center", "host.php?action=edit&host_template_id=" . get_request_var_request("host_template_id") . "&host_status=" . get_request_var_request("host_status"));
	61	+ html_start_box("<strong>Devices</strong>", "100%", $colors["header"], "3", "center", "host.php?action=edit&host_template_id=" . htmlspecialchars(get_request_var_request("host_template_id")) . "&host_status=" . htmlspecialchars(get_request_var_request("host_status")));
	62
	63	?>
	64	<tr bgcolor="#<?php print $colors["panel"];?>">
65	diff -ur cacti-0.8.7g.orig/templates_export.php cacti-0.8.7g/templates_export.php
66	--- cacti-0.8.7g.orig/templates_export.php 2010-07-10 00:33:46.000000000 +0200
67	+++ cacti-0.8.7g/templates_export.php 2011-04-14 21:15:29.790000150 +0200
68	@@ -93,7 +93,7 @@
69	<select name="cbo_graph_id" onChange="window.location=document.form_graph_id.cbo_graph_id.options[document.form_graph_id.cbo_graph_id.selectedIndex].value">
70	<?php
71	while (list($key, $array) = each($export_types)) {
72	- print "<option value='templates_export.php?export_type=$key'"; if ($_REQUEST["export_type"] == $key) { print " selected"; } print ">" . $array["name"] . "</option>\n";
73	+ print "<option value='templates_export.php?export_type=" . htmlspecialchars($key) . "'"; if ($_REQUEST["export_type"] == $key) { print " selected"; } print ">" . $array["name"] . "</option>\n";
74	}
75	?>
76	</select>
77	diff -ur cacti-0.8.7g.orig/tree.php cacti-0.8.7g/tree.php
78	--- cacti-0.8.7g.orig/tree.php 2010-07-10 00:33:46.000000000 +0200
79	+++ cacti-0.8.7g/tree.php 2011-04-14 21:18:53.174500150 +0200
80	@@ -141,7 +141,7 @@
81	/* ==================================================== */
82
83	if (!empty($_GET["id"])) {
84	- $tree_item = db_fetch_row("select * from graph_tree_items where id=" . $_GET["id"]);
85	+ $tree_item = db_fetch_row("select * from graph_tree_items where id=" . get_request_var("id"));
86
87	if ($tree_item["local_graph_id"] > 0) { $db_type = TREE_ITEM_TYPE_GRAPH; }
88	if ($tree_item["title"] != "") { $db_type = TREE_ITEM_TYPE_HEADER; }
89	@@ -156,7 +156,7 @@
90	$current_type = TREE_ITEM_TYPE_HEADER;
91	}
92
93	- $tree_sort_type = db_fetch_cell("select sort_type from graph_tree where id='" . $_GET["tree_id"] . "'");
94	+ $tree_sort_type = db_fetch_cell("select sort_type from graph_tree where id='" . get_request_var("tree_id") . "'");
95
96	print "<form method='post' action='tree.php' name='form_tree'>\n";
97
98	@@ -429,13 +429,13 @@
99	html_end_box();
100
101	if (!empty($_GET["id"])) {
102	- html_start_box("<strong>Tree Items</strong>", "100%", $colors["header"], "3", "center", "tree.php?action=item_edit&tree_id=" . $tree["id"] . "&parent_id=0");
103	+ html_start_box("<strong>Tree Items</strong>", "100%", $colors["header"], "3", "center", "tree.php?action=item_edit&tree_id=" . htmlspecialchars($tree["id"]) . "&parent_id=0");
104
105	?>
106	<td>
107	- <input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print $_GET["id"];?>&subaction=expand_all"' value='Expand All' title='Expand All Trees'>
108	- <input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print $_GET["id"];?>&subaction=collapse_all"' value='Collapse All' title='Collapse All Trees'></a>
109	- </td>
110	+ <input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print htmlspecialchars(get_request_var("id"));?>&subaction=expand_all"' value='Expand All' title='Expand All Trees'>
111	+ <input type='button' onClick='return document.location="tree.php?action=edit&id=<?php print htmlspecialchars(get_request_var("id"));?>&subaction=collapse_all"' value='Collapse All' title='Collapse All Trees'></a>
112	+ </td>
113	<?php
114
115	print "<tr bgcolor='#" . $colors["header_panel"] . "'>";