sec_sql_injection-0.8.6j.patch

   1 diff -ruBbdN cacti-0.8.6j/include/top_graph_header.php cacti-0.8.6j-patched/include/top_graph_header.php
   2 --- cacti-0.8.6j/include/top_graph_header.php   2007-01-17 19:23:10.000000000 -0500
   3 +++ cacti-0.8.6j-patched/include/top_graph_header.php   2007-11-03 12:53:46.000000000 -0400
   4 @@ -27,6 +27,10 @@
   5  $using_guest_account = false;
   6  $show_console_tab = true;
   7
   8 +/* ================= input validation ================= */
   9 +input_validate_input_number(get_request_var_request("local_graph_id"));
  10 +/* ==================================================== */
  11 +
  12  if (read_config_option("global_auth") == "on") {
  13         /* at this point this user is good to go... so get some setting about this
  14         user and put them into variables to save excess SQL in the future */