Upstream released new version (has security fixes)

2010-05-24 15:56:59 +00:00 · 2010-05-24 15:56:59 +00:00 · 0074e74e21
commit 0074e74e21
parent 65fa7122f4
7 changed files with 7 additions and 471 deletions
--- a/cacti.spec
+++ b/cacti.spec
@ -1,6 +1,6 @@
 Name: cacti
-Version: 0.8.7e
+Version: 0.8.7f
-Release: 4%{?dist}
+Release: 1%{?dist}
 Summary: An rrd based graphing tool
 Group: Applications/System
@ -11,11 +11,6 @@ Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
 Source1: cacti-httpd.conf
 Source2: cacti.logrotate
 Source3: cacti.README.Fedora
 Patch0: cli_add_graph.patch
 Patch1: snmp_invalid_response.patch
 Patch2: template_duplication.patch
 Patch3: cross_site_fix.patch
 Patch4: sql_injection_template_export.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -35,11 +30,6 @@ used to creating traffic graphs with MRTG.
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 echo "#*/5 * * * *	cacti	%{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
@ -115,6 +105,10 @@ fi
 %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
 %changelog
 * Mon May 24 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7f-1
 - Upstream released new version
 - Contains security updates #595289
 * Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
 - Pulling in patches from upstream
 - SQL injection fix
--- a/cli_add_graph.patch
+++ b/cli_add_graph.patch
@ -1,11 +0,0 @@
 --- ../tags/0.8.7e/cli/add_graphs.php	2009-06-28 12:34:31.000000000 -0400
 +++ 0.8.7/cli/add_graphs.php	2009-08-18 20:04:44.000000000 -0400
@@ -570,7 +570,7 @@
 	echo "                    3|Fields = Verify all Fields\n";
 	echo "List Options:\n";
 	echo "    --list-hosts\n";
 -	echo "    --list-graph-templates [--host_template=[ID]]\n";
 +	echo "    --list-graph-templates [--host-template-id=[ID]]\n";
 	echo "    --list-input-fields --graph-template-id=[ID]\n";
 	echo "    --list-snmp-queries\n";
 	echo "    --list-query-types  --snmp-query-id [ID]\n";
--- a/cross_site_fix.patch
+++ b/cross_site_fix.patch
@ -1,175 +0,0 @@
 --- cacti-0.8.7e/graph.php	2009-06-28 12:07:11.000000000 -0400
 +++ cacti-0.8.7e-patched/graph.php	2009-11-21 23:10:16.000000000 -0500
@@ -35,6 +35,8 @@
 /* ================= input validation ================= */
 input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
 input_validate_input_number(get_request_var("local_graph_id"));
 +input_validate_input_number(get_request_var("graph_end"));
 +input_validate_input_number(get_request_var("graph_start"));
 input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
 /* ==================================================== */
 --- cacti-0.8.7e/include/top_graph_header.php	2009-06-28 12:07:11.000000000 -0400
 +++ cacti-0.8.7e-patched/include/top_graph_header.php	2009-11-21 23:15:27.000000000 -0500
@@ -58,7 +58,7 @@
 		if ($_SESSION["custom"]) {
 			print "<meta http-equiv=refresh content='99999'>\r\n";
 		}else{
 -			print "<meta http-equiv=refresh content='" . read_graph_config_option("page_refresh") . "'>\r\n";
 +			print "<meta http-equiv=refresh content='" . htmlspecialchars(read_graph_config_option("page_refresh"),ENT_QUOTES) . "'>\r\n";
 		}
 	}
 	?>
@@ -113,7 +113,7 @@
 	</tr>
 	<tr class="noprint">
 		<td bgcolor="#efefef" colspan="1" height="8" style="background-image: url(images/shadow_gray.gif); background-repeat: repeat-x; border-right: #aaaaaa 1px solid;">
 -			<img src="images/transparent_line.gif" width="<?php print read_graph_config_option("default_dual_pane_width");?>" height="2" border="0"><br>
 +			<img src="images/transparent_line.gif" width="<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>" height="2" border="0"><br>
 		</td>
 		<td bgcolor="#ffffff" colspan="1" height="8" style="background-image: url(images/shadow.gif); background-repeat: repeat-x;">
@@ -144,7 +144,7 @@
 	<tr>
 		<?php if ((read_graph_config_option("default_tree_view_mode") == "2") && (($_REQUEST["action"] == "tree") || ((isset($_REQUEST["view_type"]) ? $_REQUEST["view_type"] : "") == "tree"))) { ?>
 -		<td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print read_graph_config_option("default_dual_pane_width");?>' class='noprint'>
 +		<td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>' class='noprint'>
 			<table border=0 cellpadding=0 cellspacing=0><tr><td><font size=-2><a style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank></a></font></td></tr></table>
 			<?php grow_dhtml_trees(); ?>
 			<script type="text/javascript">initializeDocument();</script>
 --- cacti-0.8.7e/lib/html_form.php	2009-06-28 12:07:11.000000000 -0400
 +++ cacti-0.8.7e-patched/lib/html_form.php	2009-11-21 23:15:40.000000000 -0500
@@ -235,13 +235,21 @@
 		if (sizeof($items) > 0) {
 		foreach ($items as $item) {
 -			print $item["name"] . "<br>";
 +			print htmlspecialchars($item["name"],ENT_QUOTES) . "<br>";
 		}
 		}
 		break;
 +	case 'font':
 +		form_font_box($field_name, $field_array["value"],
 +			((isset($field_array["default"])) ? $field_array["default"] : ""),
 +			$field_array["max_length"],
 +			((isset($field_array["size"])) ? $field_array["size"] : "40"), "text",
 +			((isset($field_array["form_id"])) ? $field_array["form_id"] : ""));
 +
 +		break;
 	default:
 -		print "<em>" . $field_array["value"] . "</em>";
 +		print "<em>" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "</em>";
 		form_hidden_box($field_name, $field_array["value"], "");
@@ -384,7 +392,7 @@
 		$form_previous_value = $form_default_value;
 	}
 -	print "<input type='hidden' id='$form_name' name='$form_name' value='$form_previous_value'>\n";
 +	print "<input type='hidden' id='$form_name' name='$form_name' value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>\n";
 }
 /* form_dropdown - draws a standard html dropdown box
@@ -568,7 +576,7 @@
 			}
 		}
 -		print ">". $array_display[$id];
 +		print ">". htmlspecialchars($array_display[$id],ENT_QUOTES);
 		print "</option>\n";
 	}
@@ -627,6 +635,65 @@
 	print "</select>\n";
 }
 +/* form_font_box - draws a standard html textbox and provides status of a fonts existence
 +   @arg $form_name - the name of this form element
 +   @arg $form_previous_value - the current value of this form element
 +   @arg $form_default_value - the value of this form element to use if there is
 +     no current value available
 +   @arg $form_max_length - the maximum number of characters that can be entered
 +     into this textbox
 +   @arg $form_size - the size (width) of the textbox
 +   @arg $type - the type of textbox, either 'text' or 'password'
 +   @arg $current_id - used to determine if a current value for this form element
 +     exists or not. a $current_id of '0' indicates that no current value exists,
 +     a non-zero value indicates that a current value does exist */
 +function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) {
 +	if (($form_previous_value == "") && (empty($current_id))) {
 +		$form_previous_value = $form_default_value;
 +	}
 +
 +	print "<input type='$type'";
 +
 +	if (isset($_SESSION["sess_error_fields"])) {
 +		if (!empty($_SESSION["sess_error_fields"][$form_name])) {
 +			print "class='txtErrorTextBox'";
 +			unset($_SESSION["sess_error_fields"][$form_name]);
 +		}
 +	}
 +
 +	if (isset($_SESSION["sess_field_values"])) {
 +		if (!empty($_SESSION["sess_field_values"][$form_name])) {
 +			$form_previous_value = $_SESSION["sess_field_values"][$form_name];
 +		}
 +	}
 +
 +	if (strlen($form_previous_value) == 0) { # no data: defaults are used; everythings fine
 +			$extra_data = "";
 +	} else {
 +		if (read_config_option("rrdtool_version") == "rrd-1.3.x") {	# rrdtool 1.3 uses fontconfig
 +			$font = '"' . $form_previous_value . '"';
 +			$out_array = array();
 +			exec('fc-list ' . $font, $out_array);
 +			if (sizeof($out_array) == 0) {
 +				$extra_data = "<span style='color:red'><br>[" . "ERROR: FONT NOT FOUND" . "]</span>";
 +			} else {
 +				$extra_data = "<span style='color:green'><br>[" . "OK: FONT FOUND" . "]</span>";
 +			}
 +		} elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" ||
 +				  read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files
 +			if (is_file($form_previous_value)) {
 +				$extra_data = "<span style='color:green'><br>[" . "OK: FILE FOUND" . "]</span>";
 +			}else if (is_dir($form_previous_value)) {
 +				$extra_data = "<span style='color:red'><br>[" . "ERROR: IS DIR" . "]</span>";
 +			}else{
 +				$extra_data = "<span style='color:red'><br>[" . "ERROR: FILE NOT FOUND" . "]</span>";
 +			}
 +		} # will be used for future versions of rrdtool
 +	}
 +
 +	print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data;
 +}
 +
 /* form_confirm - draws a table presenting the user with some choice and allowing
      them to either proceed (delete) or cancel
    @arg $body_text - the text to prompt the user with on this form
 --- cacti-0.8.7e/lib/timespan_settings.php	2009-06-28 12:07:11.000000000 -0400
 +++ cacti-0.8.7e-patched/lib/timespan_settings.php	2009-11-21 23:15:49.000000000 -0500
@@ -125,9 +125,9 @@
 	if (isset($_POST["date1"])) {
 		/* the dates have changed, therefore, I am now custom */
 		if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) {
 -			$timespan["current_value_date1"] = $_POST["date1"];
 +			$timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
 			$timespan["begin_now"] =strtotime($timespan["current_value_date1"]);
 -			$timespan["current_value_date2"] = $_POST["date2"];
 +			$timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
 			$timespan["end_now"]=strtotime($timespan["current_value_date2"]);
 			$_SESSION["sess_current_timespan"] = GT_CUSTOM;
 			$_SESSION["custom"] = 1;
@@ -135,8 +135,8 @@
 		}else {
 			/* the default button wasn't pushed */
 			if (!isset($_POST["button_clear_x"])) {
 -				$timespan["current_value_date1"] = $_POST["date1"];
 -				$timespan["current_value_date2"] = $_POST["date2"];
 +				$timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
 +				$timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
 				$timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"];
 				$timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];
--- a/snmp_invalid_response.patch
+++ b/snmp_invalid_response.patch
@ -1,25 +0,0 @@
 --- ../tags/0.8.7e/include/global_arrays.php	2009-06-28 12:34:31.000000000 -0400
 +++ 0.8.7/include/global_arrays.php	2009-08-18 20:04:44.000000000 -0400
@@ -174,6 +174,10 @@
 	"DES" => "DES (default)",
 	"AES128" => "AES");
 +$banned_snmp_strings = array(
 +	"End of MIB",
 +	"No Such");
 +
 $logfile_options = array(1 =>
 	"Logfile Only",
 	"Logfile and Syslog/Eventlog",
 --- ../tags/0.8.7e/lib/snmp.php	2009-06-28 12:34:30.000000000 -0400
 +++ 0.8.7/lib/snmp.php	2009-08-18 20:04:44.000000000 -0400
@@ -27,9 +27,6 @@
 define("SNMP_METHOD_PHP", 1);
 define("SNMP_METHOD_BINARY", 2);
 -/* declare once, use many times */
 -$banned_snmp_strings = array("End of MIB", "No Such");
 -
 /* we must use an apostrophe to escape community names under Unix in case the user uses
 characters that the shell might interpret. the ucd-snmp binaries on Windows flip out when
 you do this, but are perfectly happy with a quotation mark. */
--- a/2
+++ b/2
@ -1 +1 @@
-7563a58a57d2c6cc0da28cc341a30969  cacti-0.8.7e.tar.gz
+c50a49e3b439dba1fd44ddc34276d4df  cacti-0.8.7f.tar.gz
--- a/sql_injection_template_export.patch
+++ b/sql_injection_template_export.patch
@ -1,13 +0,0 @@
 --- cacti-0.8.7e/templates_export.php	2009-06-28 12:07:11.000000000 -0400
 +++ cacti-fixed/templates_export.php	2010-04-17 14:08:42.000000000 -0400
@@ -49,6 +49,10 @@
 function form_save() {
 	global $export_types;
 +    /* ================= input validation ================= */
 +    input_validate_input_number(get_request_var_post("export_item_id"));
 +    /* ==================================================== */
 +
 	if (isset($_POST["save_component_export"])) {
 		$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
--- a/template_duplication.patch
+++ b/template_duplication.patch
@ -1,234 +0,0 @@
 diff -ruBbd 0.8.7e/cli/repair_templates.php 0.8.7/cli/repair_templates.php
 --- 0.8.7e/cli/repair_templates.php	2009-08-18 22:03:22.000000000 -0400
 +++ 0.8.7/cli/repair_templates.php	2009-08-20 07:43:54.000000000 -0400
@@ -0,0 +1,135 @@
 +<?php
 +/*
 + +-------------------------------------------------------------------------+
 + | Copyright (C) 2004-2009 The Cacti Group                                 |
 + |                                                                         |
 + | This program is free software; you can redistribute it and/or           |
 + | modify it under the terms of the GNU General Public License             |
 + | as published by the Free Software Foundation; either version 2          |
 + | of the License, or (at your option) any later version.                  |
 + |                                                                         |
 + | This program is distributed in the hope that it will be useful,         |
 + | but WITHOUT ANY WARRANTY; without even the implied warranty of          |
 + | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           |
 + | GNU General Public License for more details.                            |
 + +-------------------------------------------------------------------------+
 + | Cacti: The Complete RRDTool-based Graphing Solution                     |
 + +-------------------------------------------------------------------------+
 + | This code is designed, written, and maintained by the Cacti Group. See  |
 + | about.php and/or the AUTHORS file for specific developer information.   |
 + +-------------------------------------------------------------------------+
 + | http://www.cacti.net/                                                   |
 + +-------------------------------------------------------------------------+
 +*/
 +
 +/* do NOT run this script through a web browser */
 +if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 +	die("<br><strong>This script is only meant to run at the command line.</strong>");
 +}
 +
 +$no_http_headers = true;
 +
 +include(dirname(__FILE__) . "/../include/global.php");
 +include_once("../lib/utility.php");
 +include_once("../lib/template.php");
 +
 +/* process calling arguments */
 +$parms = $_SERVER["argv"];
 +array_shift($parms);
 +
 +$execute = FALSE;
 +
 +foreach($parms as $parameter) {
 +	@list($arg, $value) = @explode("=", $parameter);
 +
 +	switch ($arg) {
 +	case "--execute":
 +		$execute = TRUE;
 +		break;
 +	case "-h":
 +	case "-v":
 +	case "-V":
 +	case "--version":
 +	case "--help":
 +		display_help();
 +		exit;
 +	default:
 +		print "ERROR: Invalid Parameter " . $parameter . "\n\n";
 +		display_help();
 +		exit;
 +	}
 +}
 +
 +if ($execute) {
 +	echo "NOTE: Repairing All Duplicated Templates\n";
 +} else {
 +	echo "NOTE: Performing Check of Templates\n";
 +}
 +
 +/* repair data templates first */
 +if ($execute) {
 +	echo "NOTE: Repairing Data Templates\n";
 +} else {
 +	echo "NOTE: Performing Check of Data Templates\n";
 +}
 +
 +$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT data_template_id FROM data_template_rrd WHERE hash='' AND local_data_id=0");
 +if (sizeof($damaged_template_ids)) {
 +	foreach($damaged_template_ids as $id) {
		$template_name = db_fetch_cell("SELECT name FROM data_template WHERE id=" . $id["data_template_id"]);
 +		echo "NOTE: Data Template '$template_name' is Damaged and can be repaired\n";
 +	}
 +
 +	$damaged_templates = db_fetch_assoc("SELECT * FROM data_template_rrd WHERE hash='' AND local_data_id=0");
 +	if (sizeof($damaged_templates)) {
 +		echo "NOTE: -- Damaged Data Templates Objects Found is '" . sizeof($damaged_templates) . "'\n";
 +		if ($execute) {
 +			foreach($damaged_templates as $template) {
 +				$hash = get_hash_data_template($template["local_data_template_rrd_id"], "data_template_item");
 +				db_execute("UPDATE data_template_rrd SET hash='$hash' WHERE id=" . $template["id"]);
 +			}
 +		}
 +	}
 +} else {
 +	echo "NOTE: No Damaged Data Templates Found\n";
 +}
 +
 +/* reset the array */
 +$damaged_templates = array();
 +
 +/* repair graph templates */
 +if ($execute) {
 +	echo "NOTE: Repairing Graph Templates\n";
 +} else {
 +	echo "NOTE: Performing Check of Graph Templates\n";
 +}
 +
 +$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT graph_template_id FROM graph_template_input WHERE hash=''");
 +if (sizeof($damaged_template_ids)) {
 +	foreach($damaged_template_ids as $id) {
 +		$template_name = db_fetch_cell("SELECT name FROM graph_templates WHERE id=" . $id["graph_template_id"]);
 +		echo "NOTE: Graph Template '$template_name' is Damaged and can be repaired\n";
 +	}
 +
 +	$damaged_templates = db_fetch_assoc("SELECT * FROM graph_template_input WHERE hash=''");
 +	if (sizeof($damaged_templates)) {
 +		echo "NOTE: -- Damaged Graph Templates Objects Found is '" . sizeof($damaged_templates) . "'\n";
 +		if ($execute) {
 +			foreach($damaged_templates as $template) {
 +				$hash = get_hash_graph_template(0, "graph_template_input");
 +				db_execute("UPDATE graph_template_input SET hash='$hash' WHERE id=" . $template["id"]);
 +			}
 +		}
 +	}
 +} else {
 +	echo "NOTE: No Damaged Graph Templates Found\n";
 +}
 +
 +
 +/* display_help - displays the usage of the function */
 +function display_help () {
 +	print "Cacti Database Template Repair Tool v1.0, Copyright 2004-2009 - The Cacti Group\n\n";
 +	print "usage: repair_templates.php --execute [--help]\n\n";
 +	print "--execute        - Perform the repair\n";
 +	print "--help           - display this help message\n";
 +}
 +?>
 diff -ruBbd 0.8.7e/docs/README 0.8.7/docs/README
 --- 0.8.7e/docs/README	2009-08-18 21:57:30.000000000 -0400
 +++ 0.8.7/docs/README	2009-08-18 21:58:09.000000000 -0400
@@ -90,6 +90,9 @@
                             table
   poller_reindex_hosts.php - Cause data query reindex on hosts
   rebuild_poller_cache.php - Rebuilds the poller cache
 +  repair_templates.php     - Certain templates, when created using the "duplicate"
 +      function in Cacti, do not import/export well.  This utility repairs 
 +      those templates.
 diff -ruBbd 0.8.7e/lib/export.php 0.8.7/lib/export.php
 --- 0.8.7e/lib/export.php	2009-08-18 21:56:47.000000000 -0400
 +++ 0.8.7/lib/export.php	2009-08-18 21:57:50.000000000 -0400
@@ -811,7 +811,9 @@
 }
 function xml_character_encode($text) {
 -
 +	if (function_exists("htmlspecialchars")) {
 +		return htmlspecialchars($text, ENT_QUOTES, "UTF-8");
 +	} else {
 	$text = str_replace("&", "&amp;", $text);
 	$text = str_replace(">", "&gt;", $text);
 	$text = str_replace("<", "&lt;", $text);
@@ -819,6 +821,7 @@
 	$text = str_replace("\'", "&apos;", $text);
 	return $text;
 +	}
 }
 ?>
 diff -ruBbd 0.8.7e/lib/import.php 0.8.7/lib/import.php
 --- 0.8.7e/lib/import.php	2009-08-18 21:56:59.000000000 -0400
 +++ 0.8.7/lib/import.php	2009-08-18 21:57:55.000000000 -0400
@@ -36,10 +36,6 @@
 		return $info_array;
 	}
 -	if (isset($xml_array["name"])) {
 -		$xml_array["name"] = htmlspecialchars($xml_array["name"]);
 -	}
 -
 	while (list($hash, $hash_array) = each($xml_array)) {
 		/* parse information from the hash */
 		$parsed_hash = parse_xml_hash($hash);
@@ -115,7 +111,7 @@
 	$_graph_template_id = db_fetch_cell("select id from graph_templates where hash='$hash'");
 	$save["id"] = (empty($_graph_template_id) ? "0" : $_graph_template_id);
 	$save["hash"] = $hash;
 -	$save["name"] = htmlspecialchars($xml_array["name"]);
 +	$save["name"] = $xml_array["name"];
 	$graph_template_id = sql_save($save, "graph_templates");
 	$hash_cache["graph_template"][$hash] = $graph_template_id;
@@ -914,9 +910,13 @@
 }
 function xml_character_decode($text) {
 +	if (function_exists("html_entity_decode")) {
 +		return html_entity_decode($text, ENT_QUOTES, "UTF-8");
 +	} else {
 	$trans_tbl = get_html_translation_table(HTML_ENTITIES);
 	$trans_tbl = array_flip($trans_tbl);
 	return strtr($text, $trans_tbl);
 +	}
 }
 ?>
 diff -ruBbd 0.8.7e/lib/utility.php 0.8.7/lib/utility.php
 --- 0.8.7e/lib/utility.php	2009-08-18 21:57:08.000000000 -0400
 +++ 0.8.7/lib/utility.php	2009-08-18 21:58:00.000000000 -0400
@@ -346,6 +346,7 @@
 			$save["name"] = $graph_template_input["name"];
 			$save["description"] = $graph_template_input["description"];
 			$save["column_name"] = $graph_template_input["column_name"];
 +			$save["hash"]              = get_hash_graph_template(0, "graph_template_input");
 			$graph_template_input_id = sql_save($save, "graph_template_input");
@@ -436,6 +437,11 @@
 		$save["local_data_id"] = (isset($local_data_id) ? $local_data_id : 0);
 		$save["local_data_template_rrd_id"] = (isset($data_template_rrd["local_data_template_rrd_id"]) ? $data_template_rrd["local_data_template_rrd_id"] : 0);
 		$save["data_template_id"] = (!empty($_local_data_id) ? $data_template_rrd["data_template_id"] : $data_template_id);
 +		if ($save["local_data_id"] == 0) {
 +			$save["hash"]                   = get_hash_data_template($data_template_rrd["local_data_template_rrd_id"], "data_template_item");
 +		} else {
 +			$save["hash"] = '';
 +		}
 		while (list($field, $array) = each($struct_data_source_item)) {
 			$save{$field} = $data_template_rrd{$field};
`@ -1 +1 @@`
	`7563a58a57d2c6cc0da28cc341a30969 cacti-0.8.7e.tar.gz`	`c50a49e3b439dba1fd44ddc34276d4df cacti-0.8.7f.tar.gz`