fixing sql injection issues - 585207
This commit is contained in:
parent
3707562a8a
commit
65fa7122f4
@ -1,6 +1,6 @@
|
|||||||
Name: cacti
|
Name: cacti
|
||||||
Version: 0.8.7e
|
Version: 0.8.7e
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Summary: An rrd based graphing tool
|
Summary: An rrd based graphing tool
|
||||||
|
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
@ -15,6 +15,7 @@ Patch0: cli_add_graph.patch
|
|||||||
Patch1: snmp_invalid_response.patch
|
Patch1: snmp_invalid_response.patch
|
||||||
Patch2: template_duplication.patch
|
Patch2: template_duplication.patch
|
||||||
Patch3: cross_site_fix.patch
|
Patch3: cross_site_fix.patch
|
||||||
|
Patch4: sql_injection_template_export.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
@ -38,6 +39,7 @@ used to creating traffic graphs with MRTG.
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
|
echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
|
||||||
|
|
||||||
@ -113,6 +115,11 @@ fi
|
|||||||
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
|
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
|
||||||
|
- Pulling in patches from upstream
|
||||||
|
- SQL injection fix
|
||||||
|
- BZ #541279
|
||||||
|
|
||||||
* Tue Dec 1 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-3
|
* Tue Dec 1 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-3
|
||||||
- Pulling in some official patches
|
- Pulling in some official patches
|
||||||
- #541279
|
- #541279
|
||||||
|
13
sql_injection_template_export.patch
Normal file
13
sql_injection_template_export.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
--- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400
|
||||||
|
+++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400
|
||||||
|
@@ -49,6 +49,10 @@
|
||||||
|
function form_save() {
|
||||||
|
global $export_types;
|
||||||
|
|
||||||
|
+ /* ================= input validation ================= */
|
||||||
|
+ input_validate_input_number(get_request_var_post("export_item_id"));
|
||||||
|
+ /* ==================================================== */
|
||||||
|
+
|
||||||
|
if (isset($_POST["save_component_export"])) {
|
||||||
|
$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
|
||||||
|
|
Loading…
Reference in New Issue
Block a user