cacti/dec06-vulnerability-poller-0.8.6i.patch

diff -ruBbd cacti-0.8.6i/cmd.php cacti-0.8.6i-patch/cmd.php
--- cacti-0.8.6i/cmd.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/cmd.php	2007-01-01 12:27:15.328125000 -0500
@@ -26,7 +26,7 @@
 */
 
 /* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
 
@@ -70,6 +71,10 @@
 	$print_data_to_stdout = false;
 	if ($_SERVER["argc"] == "3") {
 		if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
+			/* address potential exploits */
+			input_validate_input_number($_SERVER["argv"][1]);
+			input_validate_input_number($_SERVER["argv"][2]);
+
 			$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
 					"id >= " .
 					$_SERVER["argv"][1] .
diff -ruBbd cacti-0.8.6i/copy_cacti_user.php cacti-0.8.6i-patch/copy_cacti_user.php
--- cacti-0.8.6i/copy_cacti_user.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/copy_cacti_user.php	2007-01-01 12:27:15.312500000 -0500
@@ -25,9 +25,10 @@
 */
 
 /* do NOT run this script through a web browser */
-if (! isset($_SERVER["argv"][0])) {
-	die("This script is only meant to run at the command line.\n");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+   die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
+
 if (empty($_SERVER["argv"][2])) {
 	die("\nSyntax:\n php copy_cacti_user.php <template user> <new user>\n\n");
 }
diff -ruBbd cacti-0.8.6i/include/html/inc_timespan_settings.php cacti-0.8.6i-patch/include/html/inc_timespan_settings.php
--- cacti-0.8.6i/include/html/inc_timespan_settings.php	2006-10-09 00:05:58.000000000 -0400
+++ cacti-0.8.6i-patch/include/html/inc_timespan_settings.php	2007-01-02 11:55:45.953125000 -0500
@@ -24,6 +24,20 @@
  +-------------------------------------------------------------------------+
 */
 
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("predefined_timespan"));
+/* ==================================================== */
+
+/* clean up date1 string */
+if (isset($_REQUEST["date1"])) {
+	$_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
+}
+
+/* clean up date2 string */
+if (isset($_REQUEST["date2"])) {
+	$_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
+}
+
 /* initialize the timespan array */
 $timespan = array();
 
diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patch/poller.php
--- cacti-0.8.6i/poller.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller.php	2007-01-01 12:27:15.328125000 -0500
@@ -26,7 +26,7 @@
 */
 
 /* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
 
diff -ruBbd cacti-0.8.6i/poller_commands.php cacti-0.8.6i-patch/poller_commands.php
--- cacti-0.8.6i/poller_commands.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_commands.php	2007-01-01 12:27:15.328125000 -0500
@@ -27,7 +27,7 @@
 define("MAX_RECACHE_RUNTIME", 296);
 
 /* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
 
diff -ruBbd cacti-0.8.6i/poller_export.php cacti-0.8.6i-patch/poller_export.php
--- cacti-0.8.6i/poller_export.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_export.php	2007-01-01 12:27:15.328125000 -0500
@@ -25,7 +25,7 @@
 */
 
 /* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
 
diff -ruBbd cacti-0.8.6i/poller_reindex_hosts.php cacti-0.8.6i-patch/poller_reindex_hosts.php
--- cacti-0.8.6i/poller_reindex_hosts.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_reindex_hosts.php	2007-01-01 12:27:15.328125000 -0500
@@ -25,7 +25,7 @@
 */
 
 /* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
 
diff -ruBbd cacti-0.8.6i/rebuild_poller_cache.php cacti-0.8.6i-patch/rebuild_poller_cache.php
--- cacti-0.8.6i/rebuild_poller_cache.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/rebuild_poller_cache.php	2007-01-01 12:27:15.312500000 -0500
@@ -25,7 +25,7 @@
 */
 
 /* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
 }
 
diff -ruBbd cacti-0.8.6i/script_server.php cacti-0.8.6i-patch/script_server.php
--- cacti-0.8.6i/script_server.php	2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/script_server.php	2007-01-01 12:27:15.312500000 -0500
@@ -26,9 +26,8 @@
 $no_http_headers = true;
 
 /* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 	die("<br><strong>This script is only meant to run at the command line.</strong>");
-	exit(-1);
 }
 
 /* define STDOUT/STDIN file descriptors if not running under CLI */