cacti/sql_injection_template_export.patch

--- cacti-0.8.7e/templates_export.php	2009-06-28 12:07:11.000000000 -0400
+++ cacti-fixed/templates_export.php	2010-04-17 14:08:42.000000000 -0400
@@ -49,6 +49,10 @@
 function form_save() {
 	global $export_types;
 
+    /* ================= input validation ================= */
+    input_validate_input_number(get_request_var_post("export_item_id"));
+    /* ==================================================== */
+
 	if (isset($_POST["save_component_export"])) {
 		$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
Adding official patch to fix sql vulnerability 2010-04-23 13:43:21 +00:00			`--- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400`
			`+++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400`
			`@@ -49,6 +49,10 @@`
			`function form_save() {`
			`global $export_types;`

			`+ /* ================= input validation ================= */`
			`+ input_validate_input_number(get_request_var_post("export_item_id"));`
			`+ /* ==================================================== */`
			`+`
			`if (isset($_POST["save_component_export"])) {`
			`$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));`