--- cacti-0.8.7e/lib/html_form.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/lib/html_form.php 2009-11-21 23:15:40.000000000 -0500
@@ -235,13 +235,21 @@
if (sizeof($items) > 0) {
foreach ($items as $item) {
- print $item["name"] . " ";
+ print htmlspecialchars($item["name"],ENT_QUOTES) . " ";
}
}
break;
+ case 'font':
+ form_font_box($field_name, $field_array["value"],
+ ((isset($field_array["default"])) ? $field_array["default"] : ""),
+ $field_array["max_length"],
+ ((isset($field_array["size"])) ? $field_array["size"] : "40"), "text",
+ ((isset($field_array["form_id"])) ? $field_array["form_id"] : ""));
+
+ break;
default:
- print "" . $field_array["value"] . "";
+ print "" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "";
form_hidden_box($field_name, $field_array["value"], "");
@@ -384,7 +392,7 @@
$form_previous_value = $form_default_value;
}
- print "\n";
+ print "\n";
}
/* form_dropdown - draws a standard html dropdown box
@@ -568,7 +576,7 @@
}
}
- print ">". $array_display[$id];
+ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES);
print "\n";
}
@@ -627,6 +635,65 @@
print "\n";
}
+/* form_font_box - draws a standard html textbox and provides status of a fonts existence
+ @arg $form_name - the name of this form element
+ @arg $form_previous_value - the current value of this form element
+ @arg $form_default_value - the value of this form element to use if there is
+ no current value available
+ @arg $form_max_length - the maximum number of characters that can be entered
+ into this textbox
+ @arg $form_size - the size (width) of the textbox
+ @arg $type - the type of textbox, either 'text' or 'password'
+ @arg $current_id - used to determine if a current value for this form element
+ exists or not. a $current_id of '0' indicates that no current value exists,
+ a non-zero value indicates that a current value does exist */
+function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) {
+ if (($form_previous_value == "") && (empty($current_id))) {
+ $form_previous_value = $form_default_value;
+ }
+
+ print " [" . "ERROR: FONT NOT FOUND" . "]";
+ } else {
+ $extra_data = " [" . "OK: FONT FOUND" . "]";
+ }
+ } elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" ||
+ read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files
+ if (is_file($form_previous_value)) {
+ $extra_data = " [" . "OK: FILE FOUND" . "]";
+ }else if (is_dir($form_previous_value)) {
+ $extra_data = " [" . "ERROR: IS DIR" . "]";
+ }else{
+ $extra_data = " [" . "ERROR: FILE NOT FOUND" . "]";
+ }
+ } # will be used for future versions of rrdtool
+ }
+
+ print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data;
+}
+
/* form_confirm - draws a table presenting the user with some choice and allowing
them to either proceed (delete) or cancel
@arg $body_text - the text to prompt the user with on this form
--- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/lib/timespan_settings.php 2009-11-21 23:15:49.000000000 -0500
@@ -125,9 +125,9 @@
if (isset($_POST["date1"])) {
/* the dates have changed, therefore, I am now custom */
if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) {
- $timespan["current_value_date1"] = $_POST["date1"];
+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
$timespan["begin_now"] =strtotime($timespan["current_value_date1"]);
- $timespan["current_value_date2"] = $_POST["date2"];
+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
$timespan["end_now"]=strtotime($timespan["current_value_date2"]);
$_SESSION["sess_current_timespan"] = GT_CUSTOM;
$_SESSION["custom"] = 1;
@@ -135,8 +135,8 @@
}else {
/* the default button wasn't pushed */
if (!isset($_POST["button_clear_x"])) {
- $timespan["current_value_date1"] = $_POST["date1"];
- $timespan["current_value_date2"] = $_POST["date2"];
+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
$timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"];
$timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];