Fix Cross-site Scripting (XSS) issue with link.php
This commit is contained in:
parent
859512b5bb
commit
d6653ab510
35
cacti-fix-xss.patch
Normal file
35
cacti-fix-xss.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 3381cba6a9e36b01ed0ab0acfd41b00487966cb5 Mon Sep 17 00:00:00 2001
|
||||
From: cigamit <jimmy@sqmail.org>
|
||||
Date: Wed, 5 Jul 2017 06:45:03 -0500
|
||||
Subject: [PATCH] Resolving Issue #838
|
||||
|
||||
Cross-site Scripting (XSS) issue with link.php
|
||||
---
|
||||
docs/CHANGELOG | 3 +++
|
||||
lib/html_validate.php | 6 +++---
|
||||
2 files changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/html_validate.php b/lib/html_validate.php
|
||||
index 3d5e97fad..d5cb6168f 100644
|
||||
--- a/lib/html_validate.php
|
||||
+++ b/lib/html_validate.php
|
||||
@@ -48,16 +48,16 @@ function die_html_input_error($variable = '', $value = '', $message = '') {
|
||||
global $config;
|
||||
|
||||
?>
|
||||
- <table style="width:100%;text-align:center;">
|
||||
+ <table style='width:100%;text-align:center;'>
|
||||
<tr>
|
||||
<td>
|
||||
- Validation error<?php print ($variable != '' ? ' for variable ' . $variable . ', with value of "' . $value . '"' . ($message != '' ? ', and error:' . $message : '') : '');?>. See backtrace below for more details.
|
||||
+ <?php print __('Validation error for variable %s with a value of %s. See backtrace below for more details.', $variable, htmlspecialchars($value));?>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<?php
|
||||
|
||||
- cacti_debug_backtrace('Validation Error' . ($variable != '' ? ", Variable:$variable":"") . ($value != '' ? ", Value:$value":""), true);
|
||||
+ cacti_debug_backtrace('Validation Error' . ($variable != '' ? ", Variable:$variable":'') . ($value != '' ? ", Value:$value":''), true);
|
||||
|
||||
bottom_footer();
|
||||
exit;
|
@ -1,6 +1,6 @@
|
||||
Name: cacti
|
||||
Version: 1.1.12
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: An rrd based graphing tool
|
||||
License: GPLv2+
|
||||
URL: http://www.cacti.net/
|
||||
@ -9,6 +9,7 @@ Source1: cacti-httpd.conf
|
||||
Source2: cacti.logrotate
|
||||
Source3: cacti.README.fedora
|
||||
Source4: %{name}.cron
|
||||
Patch0: cacti-fix-xss.patch
|
||||
|
||||
# Requires PHP 5.3+
|
||||
Requires: php(language) >= 5.3
|
||||
@ -69,6 +70,7 @@ driven.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
# cacti's build is a noop
|
||||
@ -166,6 +168,9 @@ restorecon -Rv '/var/log/cacti' &> /dev/null || :
|
||||
%attr(-,root,root) %{_localstatedir}/lib/%{name}/lib
|
||||
|
||||
%changelog
|
||||
* Thu Jul 06 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.12-2
|
||||
- Fix Cross-site Scripting (XSS) issue with link.php
|
||||
|
||||
* Wed Jul 05 2017 Morten Stevens <mstevens@fedoraproject.org> - 1.1.12-1
|
||||
- Update to 1.1.12
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user