fixing sql injection issues - 585207

This commit is contained in:
Mike McGrath 2010-04-23 13:54:04 +00:00
parent 3707562a8a
commit 65fa7122f4
2 changed files with 21 additions and 1 deletions

View File

@ -1,6 +1,6 @@
Name: cacti
Version: 0.8.7e
Release: 3%{?dist}
Release: 4%{?dist}
Summary: An rrd based graphing tool
Group: Applications/System
@ -15,6 +15,7 @@ Patch0: cli_add_graph.patch
Patch1: snmp_invalid_response.patch
Patch2: template_duplication.patch
Patch3: cross_site_fix.patch
Patch4: sql_injection_template_export.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -38,6 +39,7 @@ used to creating traffic graphs with MRTG.
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
@ -113,6 +115,11 @@ fi
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
%changelog
* Fri Apr 23 2010 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-4
- Pulling in patches from upstream
- SQL injection fix
- BZ #541279
* Tue Dec 1 2009 Mike McGrath <mmcgrath@redhat.com> - 0.8.7e-3
- Pulling in some official patches
- #541279

View File

@ -0,0 +1,13 @@
--- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400
@@ -49,6 +49,10 @@
function form_save() {
global $export_types;
+ /* ================= input validation ================= */
+ input_validate_input_number(get_request_var_post("export_item_id"));
+ /* ==================================================== */
+
if (isset($_POST["save_component_export"])) {
$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));