176 lines
8.5 KiB
Diff
176 lines
8.5 KiB
Diff
--- cacti-0.8.7e/graph.php 2009-06-28 12:07:11.000000000 -0400
|
|
+++ cacti-0.8.7e-patched/graph.php 2009-11-21 23:10:16.000000000 -0500
|
|
@@ -35,6 +35,8 @@
|
|
/* ================= input validation ================= */
|
|
input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
|
|
input_validate_input_number(get_request_var("local_graph_id"));
|
|
+input_validate_input_number(get_request_var("graph_end"));
|
|
+input_validate_input_number(get_request_var("graph_start"));
|
|
input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
|
|
/* ==================================================== */
|
|
|
|
--- cacti-0.8.7e/include/top_graph_header.php 2009-06-28 12:07:11.000000000 -0400
|
|
+++ cacti-0.8.7e-patched/include/top_graph_header.php 2009-11-21 23:15:27.000000000 -0500
|
|
@@ -58,7 +58,7 @@
|
|
if ($_SESSION["custom"]) {
|
|
print "<meta http-equiv=refresh content='99999'>\r\n";
|
|
}else{
|
|
- print "<meta http-equiv=refresh content='" . read_graph_config_option("page_refresh") . "'>\r\n";
|
|
+ print "<meta http-equiv=refresh content='" . htmlspecialchars(read_graph_config_option("page_refresh"),ENT_QUOTES) . "'>\r\n";
|
|
}
|
|
}
|
|
?>
|
|
@@ -113,7 +113,7 @@
|
|
</tr>
|
|
<tr class="noprint">
|
|
<td bgcolor="#efefef" colspan="1" height="8" style="background-image: url(images/shadow_gray.gif); background-repeat: repeat-x; border-right: #aaaaaa 1px solid;">
|
|
- <img src="images/transparent_line.gif" width="<?php print read_graph_config_option("default_dual_pane_width");?>" height="2" border="0"><br>
|
|
+ <img src="images/transparent_line.gif" width="<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>" height="2" border="0"><br>
|
|
</td>
|
|
<td bgcolor="#ffffff" colspan="1" height="8" style="background-image: url(images/shadow.gif); background-repeat: repeat-x;">
|
|
|
|
@@ -144,7 +144,7 @@
|
|
|
|
<tr>
|
|
<?php if ((read_graph_config_option("default_tree_view_mode") == "2") && (($_REQUEST["action"] == "tree") || ((isset($_REQUEST["view_type"]) ? $_REQUEST["view_type"] : "") == "tree"))) { ?>
|
|
- <td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print read_graph_config_option("default_dual_pane_width");?>' class='noprint'>
|
|
+ <td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>' class='noprint'>
|
|
<table border=0 cellpadding=0 cellspacing=0><tr><td><font size=-2><a style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank></a></font></td></tr></table>
|
|
<?php grow_dhtml_trees(); ?>
|
|
<script type="text/javascript">initializeDocument();</script>
|
|
--- cacti-0.8.7e/lib/html_form.php 2009-06-28 12:07:11.000000000 -0400
|
|
+++ cacti-0.8.7e-patched/lib/html_form.php 2009-11-21 23:15:40.000000000 -0500
|
|
@@ -235,13 +235,21 @@
|
|
|
|
if (sizeof($items) > 0) {
|
|
foreach ($items as $item) {
|
|
- print $item["name"] . "<br>";
|
|
+ print htmlspecialchars($item["name"],ENT_QUOTES) . "<br>";
|
|
}
|
|
}
|
|
|
|
break;
|
|
+ case 'font':
|
|
+ form_font_box($field_name, $field_array["value"],
|
|
+ ((isset($field_array["default"])) ? $field_array["default"] : ""),
|
|
+ $field_array["max_length"],
|
|
+ ((isset($field_array["size"])) ? $field_array["size"] : "40"), "text",
|
|
+ ((isset($field_array["form_id"])) ? $field_array["form_id"] : ""));
|
|
+
|
|
+ break;
|
|
default:
|
|
- print "<em>" . $field_array["value"] . "</em>";
|
|
+ print "<em>" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "</em>";
|
|
|
|
form_hidden_box($field_name, $field_array["value"], "");
|
|
|
|
@@ -384,7 +392,7 @@
|
|
$form_previous_value = $form_default_value;
|
|
}
|
|
|
|
- print "<input type='hidden' id='$form_name' name='$form_name' value='$form_previous_value'>\n";
|
|
+ print "<input type='hidden' id='$form_name' name='$form_name' value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>\n";
|
|
}
|
|
|
|
/* form_dropdown - draws a standard html dropdown box
|
|
@@ -568,7 +576,7 @@
|
|
}
|
|
}
|
|
|
|
- print ">". $array_display[$id];
|
|
+ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES);
|
|
print "</option>\n";
|
|
}
|
|
|
|
@@ -627,6 +635,65 @@
|
|
print "</select>\n";
|
|
}
|
|
|
|
+/* form_font_box - draws a standard html textbox and provides status of a fonts existence
|
|
+ @arg $form_name - the name of this form element
|
|
+ @arg $form_previous_value - the current value of this form element
|
|
+ @arg $form_default_value - the value of this form element to use if there is
|
|
+ no current value available
|
|
+ @arg $form_max_length - the maximum number of characters that can be entered
|
|
+ into this textbox
|
|
+ @arg $form_size - the size (width) of the textbox
|
|
+ @arg $type - the type of textbox, either 'text' or 'password'
|
|
+ @arg $current_id - used to determine if a current value for this form element
|
|
+ exists or not. a $current_id of '0' indicates that no current value exists,
|
|
+ a non-zero value indicates that a current value does exist */
|
|
+function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) {
|
|
+ if (($form_previous_value == "") && (empty($current_id))) {
|
|
+ $form_previous_value = $form_default_value;
|
|
+ }
|
|
+
|
|
+ print "<input type='$type'";
|
|
+
|
|
+ if (isset($_SESSION["sess_error_fields"])) {
|
|
+ if (!empty($_SESSION["sess_error_fields"][$form_name])) {
|
|
+ print "class='txtErrorTextBox'";
|
|
+ unset($_SESSION["sess_error_fields"][$form_name]);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (isset($_SESSION["sess_field_values"])) {
|
|
+ if (!empty($_SESSION["sess_field_values"][$form_name])) {
|
|
+ $form_previous_value = $_SESSION["sess_field_values"][$form_name];
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (strlen($form_previous_value) == 0) { # no data: defaults are used; everythings fine
|
|
+ $extra_data = "";
|
|
+ } else {
|
|
+ if (read_config_option("rrdtool_version") == "rrd-1.3.x") { # rrdtool 1.3 uses fontconfig
|
|
+ $font = '"' . $form_previous_value . '"';
|
|
+ $out_array = array();
|
|
+ exec('fc-list ' . $font, $out_array);
|
|
+ if (sizeof($out_array) == 0) {
|
|
+ $extra_data = "<span style='color:red'><br>[" . "ERROR: FONT NOT FOUND" . "]</span>";
|
|
+ } else {
|
|
+ $extra_data = "<span style='color:green'><br>[" . "OK: FONT FOUND" . "]</span>";
|
|
+ }
|
|
+ } elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" ||
|
|
+ read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files
|
|
+ if (is_file($form_previous_value)) {
|
|
+ $extra_data = "<span style='color:green'><br>[" . "OK: FILE FOUND" . "]</span>";
|
|
+ }else if (is_dir($form_previous_value)) {
|
|
+ $extra_data = "<span style='color:red'><br>[" . "ERROR: IS DIR" . "]</span>";
|
|
+ }else{
|
|
+ $extra_data = "<span style='color:red'><br>[" . "ERROR: FILE NOT FOUND" . "]</span>";
|
|
+ }
|
|
+ } # will be used for future versions of rrdtool
|
|
+ }
|
|
+
|
|
+ print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data;
|
|
+}
|
|
+
|
|
/* form_confirm - draws a table presenting the user with some choice and allowing
|
|
them to either proceed (delete) or cancel
|
|
@arg $body_text - the text to prompt the user with on this form
|
|
--- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400
|
|
+++ cacti-0.8.7e-patched/lib/timespan_settings.php 2009-11-21 23:15:49.000000000 -0500
|
|
@@ -125,9 +125,9 @@
|
|
if (isset($_POST["date1"])) {
|
|
/* the dates have changed, therefore, I am now custom */
|
|
if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) {
|
|
- $timespan["current_value_date1"] = $_POST["date1"];
|
|
+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
|
|
$timespan["begin_now"] =strtotime($timespan["current_value_date1"]);
|
|
- $timespan["current_value_date2"] = $_POST["date2"];
|
|
+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
|
|
$timespan["end_now"]=strtotime($timespan["current_value_date2"]);
|
|
$_SESSION["sess_current_timespan"] = GT_CUSTOM;
|
|
$_SESSION["custom"] = 1;
|
|
@@ -135,8 +135,8 @@
|
|
}else {
|
|
/* the default button wasn't pushed */
|
|
if (!isset($_POST["button_clear_x"])) {
|
|
- $timespan["current_value_date1"] = $_POST["date1"];
|
|
- $timespan["current_value_date2"] = $_POST["date2"];
|
|
+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
|
|
+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
|
|
$timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"];
|
|
$timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];
|
|
|