1 --- cacti-0.8.7e/graph_view.php 2009-10-02 10:30:43.000000000 +0300
2 +++ cacti/graph_view.php 2009-10-07 12:42:04.032959475 +0300
3 @@ -30,6 +30,7 @@ include_once('./lib/timespan_settings.ph
4 define("MAX_DISPLAY_PAGES", 21);
6 /* ================= input validation ================= */
7 +input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
8 input_validate_input_number(get_request_var_request('branch_id'));
9 input_validate_input_number(get_request_var_request('hide'));
10 input_validate_input_number(get_request_var_request('tree_id'));
11 @@ -41,6 +42,11 @@ input_validate_input_regex(get_request_v
12 input_validate_input_regex(get_request_var_request('nodeid'), '^([_a-z0-9]+)$');
13 /* ==================================================== */
15 +if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
16 + // fill $host_id from $host_name. empty result is ok too, we'll list previous view then
17 + $_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
20 /* clean up action string */
21 if (isset($_REQUEST['action'])) {
22 $_REQUEST['action'] = sanitize_search_string(get_request_var_request('action'));
23 @@ -162,6 +168,7 @@ case 'preview':
26 /* ================= input validation ================= */
27 + input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
28 input_validate_input_number(get_request_var_request('host_id'));
29 input_validate_input_number(get_request_var_request('graph_template_id'));
30 input_validate_input_number(get_request_var_request('page'));
31 @@ -600,6 +607,7 @@ case 'list':
34 /* ================= input validation ================= */
35 + input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
36 input_validate_input_number(get_request_var_request('host_id'));
37 input_validate_input_number(get_request_var_request('graph_template_id'));
38 input_validate_input_number(get_request_var_request('rows'));