cacti/cacti-0.8.8b-html-injection.patch

------------------------------------------------------------------------
r7443 | rony | 2014-03-30 18:43:28 -0500 (Sun, 30 Mar 2014) | 2 lines

bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability 

------------------------------------------------------------------------
Index: branches/0.8.8/cdef.php
===================================================================
--- branches/0.8.8/cdef.php	(revision 7442)
+++ branches/0.8.8/cdef.php	(revision 7443)
@@ -431,7 +431,7 @@
 						<a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a>
 					</td>
 					<td>
-						<em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong>
+						<em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong>
 					</td>
 					<td>
 						<a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a>
patchs for CVEs - Patch for CVE-2014-2708 SQL injection issues in graph_xport.php (RHBZ #1084258) - Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php (RHBZ #1084258) - Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122) - Patch for CVE-2014-2327 missing CSRF token (RHBZ #1082122) - Patch for CVE-2014-2328 use of exec-like function calls without safety checks allow arbitrary command execution (RHBZ #1082122) 2014-04-07 23:58:57 +00:00			`------------------------------------------------------------------------`
			`r7443 \| rony \| 2014-03-30 18:43:28 -0500 (Sun, 30 Mar 2014) \| 2 lines`

			`bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability`

			`------------------------------------------------------------------------`
			`Index: branches/0.8.8/cdef.php`
			`===================================================================`
			`--- branches/0.8.8/cdef.php (revision 7442)`
			`+++ branches/0.8.8/cdef.php (revision 7443)`
			`@@ -431,7 +431,7 @@`
			`<a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a>`
			`</td>`
			`<td>`
			`- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong>`
			`+ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong>`
			`</td>`
			`<td>`
			`<a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a>`