rpms / cacti

Clone
Source Code
GIT

Files

  1.   078903f2f1944f8de6322ba9b59aa3679db71e64
  2.   cross_site_fix.patch
Blob Blame History Raw 
--- cacti-0.8.7e/graph.php	2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/graph.php	2009-11-21 23:10:16.000000000 -0500
@@ -35,6 +35,8 @@
 /* ================= input validation ================= */
 input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
 input_validate_input_number(get_request_var("local_graph_id"));
+input_validate_input_number(get_request_var("graph_end"));
+input_validate_input_number(get_request_var("graph_start"));
 input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
 /* ==================================================== */
 
--- cacti-0.8.7e/include/top_graph_header.php	2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/include/top_graph_header.php	2009-11-21 23:15:27.000000000 -0500
@@ -58,7 +58,7 @@
 		if ($_SESSION["custom"]) {
 			print "<meta http-equiv=refresh content='99999'>\r\n";
 		}else{
-			print "<meta http-equiv=refresh content='" . read_graph_config_option("page_refresh") . "'>\r\n";
+			print "<meta http-equiv=refresh content='" . htmlspecialchars(read_graph_config_option("page_refresh"),ENT_QUOTES) . "'>\r\n";
 		}
 	}
 	?>
@@ -113,7 +113,7 @@
 	</tr>
 	<tr class="noprint">
 		<td bgcolor="#efefef" colspan="1" height="8" style="background-image: url(images/shadow_gray.gif); background-repeat: repeat-x; border-right: #aaaaaa 1px solid;">
-			<img src="images/transparent_line.gif" width="<?php print read_graph_config_option("default_dual_pane_width");?>" height="2" border="0"><br>
+			<img src="images/transparent_line.gif" width="<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>" height="2" border="0"><br>
 		</td>
 		<td bgcolor="#ffffff" colspan="1" height="8" style="background-image: url(images/shadow.gif); background-repeat: repeat-x;">
 
@@ -144,7 +144,7 @@
 
 	<tr>
 		<?php if ((read_graph_config_option("default_tree_view_mode") == "2") && (($_REQUEST["action"] == "tree") || ((isset($_REQUEST["view_type"]) ? $_REQUEST["view_type"] : "") == "tree"))) { ?>
-		<td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print read_graph_config_option("default_dual_pane_width");?>' class='noprint'>
+		<td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>' class='noprint'>
 			<table border=0 cellpadding=0 cellspacing=0><tr><td><font size=-2><a style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank></a></font></td></tr></table>
 			<?php grow_dhtml_trees(); ?>
 			<script type="text/javascript">initializeDocument();</script>
--- cacti-0.8.7e/lib/html_form.php	2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/lib/html_form.php	2009-11-21 23:15:40.000000000 -0500
@@ -235,13 +235,21 @@
 
 		if (sizeof($items) > 0) {
 		foreach ($items as $item) {
-			print $item["name"] . "<br>";
+			print htmlspecialchars($item["name"],ENT_QUOTES) . "<br>";
 		}
 		}
 
 		break;
+	case 'font':
+		form_font_box($field_name, $field_array["value"],
+			((isset($field_array["default"])) ? $field_array["default"] : ""),
+			$field_array["max_length"],
+			((isset($field_array["size"])) ? $field_array["size"] : "40"), "text",
+			((isset($field_array["form_id"])) ? $field_array["form_id"] : ""));
+
+		break;
 	default:
-		print "<em>" . $field_array["value"] . "</em>";
+		print "<em>" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "</em>";
 
 		form_hidden_box($field_name, $field_array["value"], "");
 
@@ -384,7 +392,7 @@
 		$form_previous_value = $form_default_value;
 	}
 
-	print "<input type='hidden' id='$form_name' name='$form_name' value='$form_previous_value'>\n";
+	print "<input type='hidden' id='$form_name' name='$form_name' value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>\n";
 }
 
 /* form_dropdown - draws a standard html dropdown box
@@ -568,7 +576,7 @@
 			}
 		}
 
-		print ">". $array_display[$id];
+		print ">". htmlspecialchars($array_display[$id],ENT_QUOTES);
 		print "</option>\n";
 	}
 
@@ -627,6 +635,65 @@
 	print "</select>\n";
 }
 
+/* form_font_box - draws a standard html textbox and provides status of a fonts existence
+   @arg $form_name - the name of this form element
+   @arg $form_previous_value - the current value of this form element
+   @arg $form_default_value - the value of this form element to use if there is
+     no current value available
+   @arg $form_max_length - the maximum number of characters that can be entered
+     into this textbox
+   @arg $form_size - the size (width) of the textbox
+   @arg $type - the type of textbox, either 'text' or 'password'
+   @arg $current_id - used to determine if a current value for this form element
+     exists or not. a $current_id of '0' indicates that no current value exists,
+     a non-zero value indicates that a current value does exist */
+function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) {
+	if (($form_previous_value == "") && (empty($current_id))) {
+		$form_previous_value = $form_default_value;
+	}
+
+	print "<input type='$type'";
+
+	if (isset($_SESSION["sess_error_fields"])) {
+		if (!empty($_SESSION["sess_error_fields"][$form_name])) {
+			print "class='txtErrorTextBox'";
+			unset($_SESSION["sess_error_fields"][$form_name]);
+		}
+	}
+
+	if (isset($_SESSION["sess_field_values"])) {
+		if (!empty($_SESSION["sess_field_values"][$form_name])) {
+			$form_previous_value = $_SESSION["sess_field_values"][$form_name];
+		}
+	}
+
+	if (strlen($form_previous_value) == 0) { # no data: defaults are used; everythings fine
+			$extra_data = "";
+	} else {
+		if (read_config_option("rrdtool_version") == "rrd-1.3.x") {	# rrdtool 1.3 uses fontconfig
+			$font = '"' . $form_previous_value . '"';
+			$out_array = array();
+			exec('fc-list ' . $font, $out_array);
+			if (sizeof($out_array) == 0) {
+				$extra_data = "<span style='color:red'><br>[" . "ERROR: FONT NOT FOUND" . "]</span>";
+			} else {
+				$extra_data = "<span style='color:green'><br>[" . "OK: FONT FOUND" . "]</span>";
+			}
+		} elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" ||
+				  read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files
+			if (is_file($form_previous_value)) {
+				$extra_data = "<span style='color:green'><br>[" . "OK: FILE FOUND" . "]</span>";
+			}else if (is_dir($form_previous_value)) {
+				$extra_data = "<span style='color:red'><br>[" . "ERROR: IS DIR" . "]</span>";
+			}else{
+				$extra_data = "<span style='color:red'><br>[" . "ERROR: FILE NOT FOUND" . "]</span>";
+			}
+		} # will be used for future versions of rrdtool
+	}
+
+	print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data;
+}
+
 /* form_confirm - draws a table presenting the user with some choice and allowing
      them to either proceed (delete) or cancel
    @arg $body_text - the text to prompt the user with on this form
--- cacti-0.8.7e/lib/timespan_settings.php	2009-06-28 12:07:11.000000000 -0400
+++ cacti-0.8.7e-patched/lib/timespan_settings.php	2009-11-21 23:15:49.000000000 -0500
@@ -125,9 +125,9 @@
 	if (isset($_POST["date1"])) {
 		/* the dates have changed, therefore, I am now custom */
 		if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) {
-			$timespan["current_value_date1"] = $_POST["date1"];
+			$timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
 			$timespan["begin_now"] =strtotime($timespan["current_value_date1"]);
-			$timespan["current_value_date2"] = $_POST["date2"];
+			$timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
 			$timespan["end_now"]=strtotime($timespan["current_value_date2"]);
 			$_SESSION["sess_current_timespan"] = GT_CUSTOM;
 			$_SESSION["custom"] = 1;
@@ -135,8 +135,8 @@
 		}else {
 			/* the default button wasn't pushed */
 			if (!isset($_POST["button_clear_x"])) {
-				$timespan["current_value_date1"] = $_POST["date1"];
-				$timespan["current_value_date2"] = $_POST["date2"];
+				$timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
+				$timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
 				$timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"];
 				$timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.