- rel 11
Changed files:
cacti.spec -> 1.123
sql_injection_template_export.patch -> 1.1
Summary(pl.UTF-8): Cacti - frontend w PHP do rrdtoola
Name: cacti
Version: 0.8.7e
-Release: 10
+Release: 11
License: GPL
Group: Applications/WWW
Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
Patch102: http://www.cacti.net/downloads/patches/0.8.7e/template_duplication.patch
Patch103: http://www.cacti.net/downloads/patches/0.8.7e/fix_icmp_on_windows_iis_servers.patch
Patch104: http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
+Patch105: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
# http://cactiusers.org/wiki/PluginArchitectureInstall
# http://mirror.cactiusers.org/downloads/plugins/cacti-plugin-0.8.7e-PA-v2.6.zip
Patch0: %{name}-PA.patch
%patch102 -p1
%patch103 -p1
%patch104 -p1
+%patch105 -p1
%patch0 -p1
%patch1 -p1
%patch2 -p1
--- /dev/null
+--- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400
++++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400
+@@ -49,6 +49,10 @@
+ function form_save() {
+ global $export_types;
+
++ /* ================= input validation ================= */
++ input_validate_input_number(get_request_var_post("export_item_id"));
++ /* ==================================================== */
++
+ if (isset($_POST["save_component_export"])) {
+ $xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
+