diff -ruBbd cacti-0.8.6i/cmd.php cacti-0.8.6i-patch/cmd.php
--- cacti-0.8.6i/cmd.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/cmd.php 2007-01-01 12:27:15.328125000 -0500
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
@@ -70,6 +71,10 @@
$print_data_to_stdout = false;
if ($_SERVER["argc"] == "3") {
if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
+ /* address potential exploits */
+ input_validate_input_number($_SERVER["argv"][1]);
+ input_validate_input_number($_SERVER["argv"][2]);
+
$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
"id >= " .
$_SERVER["argv"][1] .
diff -ruBbd cacti-0.8.6i/copy_cacti_user.php cacti-0.8.6i-patch/copy_cacti_user.php
--- cacti-0.8.6i/copy_cacti_user.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/copy_cacti_user.php 2007-01-01 12:27:15.312500000 -0500
@@ -25,9 +25,10 @@
*/
/* do NOT run this script through a web browser */
-if (! isset($_SERVER["argv"][0])) {
- die("This script is only meant to run at the command line.\n");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("<br><strong>This script is only meant to run at the command line.</strong>");
}
+
if (empty($_SERVER["argv"][2])) {
die("\nSyntax:\n php copy_cacti_user.php <template user> <new user>\n\n");
}
diff -ruBbd cacti-0.8.6i/include/html/inc_timespan_settings.php cacti-0.8.6i-patch/include/html/inc_timespan_settings.php
--- cacti-0.8.6i/include/html/inc_timespan_settings.php 2006-10-09 00:05:58.000000000 -0400
+++ cacti-0.8.6i-patch/include/html/inc_timespan_settings.php 2007-01-02 11:55:45.953125000 -0500
@@ -24,6 +24,20 @@
+-------------------------------------------------------------------------+
*/
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("predefined_timespan"));
+/* ==================================================== */
+
+/* clean up date1 string */
+if (isset($_REQUEST["date1"])) {
+ $_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
+}
+
+/* clean up date2 string */
+if (isset($_REQUEST["date2"])) {
+ $_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
+}
+
/* initialize the timespan array */
$timespan = array();
diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patch/poller.php
--- cacti-0.8.6i/poller.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller.php 2007-01-01 12:27:15.328125000 -0500
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/poller_commands.php cacti-0.8.6i-patch/poller_commands.php
--- cacti-0.8.6i/poller_commands.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_commands.php 2007-01-01 12:27:15.328125000 -0500
@@ -27,7 +27,7 @@
define("MAX_RECACHE_RUNTIME", 296);
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/poller_export.php cacti-0.8.6i-patch/poller_export.php
--- cacti-0.8.6i/poller_export.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_export.php 2007-01-01 12:27:15.328125000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/poller_reindex_hosts.php cacti-0.8.6i-patch/poller_reindex_hosts.php
--- cacti-0.8.6i/poller_reindex_hosts.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/poller_reindex_hosts.php 2007-01-01 12:27:15.328125000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/rebuild_poller_cache.php cacti-0.8.6i-patch/rebuild_poller_cache.php
--- cacti-0.8.6i/rebuild_poller_cache.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/rebuild_poller_cache.php 2007-01-01 12:27:15.312500000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
diff -ruBbd cacti-0.8.6i/script_server.php cacti-0.8.6i-patch/script_server.php
--- cacti-0.8.6i/script_server.php 2006-10-09 00:06:00.000000000 -0400
+++ cacti-0.8.6i-patch/script_server.php 2007-01-01 12:27:15.312500000 -0500
@@ -26,9 +26,8 @@
$no_http_headers = true;
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
- exit(-1);
}
/* define STDOUT/STDIN file descriptors if not running under CLI */