cacti/cacti-fix-xss.patch

From 3381cba6a9e36b01ed0ab0acfd41b00487966cb5 Mon Sep 17 00:00:00 2001
From: cigamit <jimmy@sqmail.org>
Date: Wed, 5 Jul 2017 06:45:03 -0500
Subject: [PATCH] Resolving Issue #838

Cross-site Scripting (XSS) issue with link.php
---
 docs/CHANGELOG        | 3 +++
 lib/html_validate.php | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/html_validate.php b/lib/html_validate.php
index 3d5e97fad..d5cb6168f 100644
--- a/lib/html_validate.php
+++ b/lib/html_validate.php
@@ -48,16 +48,16 @@ function die_html_input_error($variable = '', $value = '', $message = '') {
 	global $config;
 
 	?>
-	<table style="width:100%;text-align:center;">
+	<table style='width:100%;text-align:center;'>
 		<tr>
 			<td>
-				Validation error<?php print ($variable != '' ? ' for variable ' . $variable . ', with value of "' . $value . '"' . ($message != '' ? ', and error:' . $message : '') : '');?>.  See backtrace below for more details.
+				<?php print __('Validation error for variable %s with a value of %s.  See backtrace below for more details.', $variable, htmlspecialchars($value));?>
 			</td>
 		</tr>
 	</table>
 	<?php
 
-	cacti_debug_backtrace('Validation Error' . ($variable != '' ? ", Variable:$variable":"") . ($value != '' ? ", Value:$value":""), true);
+	cacti_debug_backtrace('Validation Error' . ($variable != '' ? ", Variable:$variable":'') . ($value != '' ? ", Value:$value":''), true);
 
 	bottom_footer();
 	exit;
Fix Cross-site Scripting (XSS) issue with link.php 2017-07-06 12:11:38 +00:00			`From 3381cba6a9e36b01ed0ab0acfd41b00487966cb5 Mon Sep 17 00:00:00 2001`
			`From: cigamit <jimmy@sqmail.org>`
			`Date: Wed, 5 Jul 2017 06:45:03 -0500`
			`Subject: [PATCH] Resolving Issue #838`

			`Cross-site Scripting (XSS) issue with link.php`
			`---`
			`docs/CHANGELOG \| 3 +++`
			`lib/html_validate.php \| 6 +++---`
			`2 files changed, 6 insertions(+), 3 deletions(-)`

			`diff --git a/lib/html_validate.php b/lib/html_validate.php`
			`index 3d5e97fad..d5cb6168f 100644`
			`--- a/lib/html_validate.php`
			`+++ b/lib/html_validate.php`
			`@@ -48,16 +48,16 @@ function die_html_input_error($variable = '', $value = '', $message = '') {`
			`global $config;`

			`?>`
			`- <table style="width:100%;text-align:center;">`
			`+ <table style='width:100%;text-align:center;'>`
			`<tr>`
			`<td>`
			`- Validation error<?php print ($variable != '' ? ' for variable ' . $variable . ', with value of "' . $value . '"' . ($message != '' ? ', and error:' . $message : '') : '');?>. See backtrace below for more details.`
			`+ <?php print __('Validation error for variable %s with a value of %s. See backtrace below for more details.', $variable, htmlspecialchars($value));?>`
			`</td>`
			`</tr>`
			`</table>`
			`<?php`

			`- cacti_debug_backtrace('Validation Error' . ($variable != '' ? ", Variable:$variable":"") . ($value != '' ? ", Value:$value":""), true);`
			`+ cacti_debug_backtrace('Validation Error' . ($variable != '' ? ", Variable:$variable":'') . ($value != '' ? ", Value:$value":''), true);`

			`bottom_footer();`
			`exit;`