1 |
jmbsvicetto 13/08/27 02:21:33 |
2 |
|
3 |
Added: cacti-r7420.patch |
4 |
Log: |
5 |
Bring cacti from my overlay. |
6 |
Do a revision bump to add a patch to address bugs.cacti.net/view.php?id=2383 . |
7 |
Fixes bug 482424 (CVE-2013-5588, CVE-2013-5589). |
8 |
|
9 |
(Portage version: 2.2.0_alpha196/cvs/Linux x86_64, signed Manifest commit with key BB0E6E98) |
10 |
|
11 |
Revision Changes Path |
12 |
1.1 net-analyzer/cacti/files/cacti-r7420.patch |
13 |
|
14 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/cacti/files/cacti-r7420.patch?rev=1.1&view=markup |
15 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/cacti/files/cacti-r7420.patch?rev=1.1&content-type=text/plain |
16 |
|
17 |
Index: cacti-r7420.patch |
18 |
=================================================================== |
19 |
Index: cacti-0.8.8b/host.php |
20 |
=================================================================== |
21 |
--- cacti-0.8.8b/host.php (revision 7419) |
22 |
+++ cacti-0.8.8b/host.php (revision 7420) |
23 |
@@ -149,6 +149,9 @@ |
24 |
if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) { |
25 |
raise_message(4); |
26 |
}else{ |
27 |
+ input_validate_input_number(get_request_var_post("id")); |
28 |
+ input_validate_input_number(get_request_var_post("host_template_id")); |
29 |
+ |
30 |
$host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"], |
31 |
trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"], |
32 |
$_POST["snmp_username"], $_POST["snmp_password"], |
33 |
Index: cacti-0.8.8b/lib/api_device.php |
34 |
=================================================================== |
35 |
--- cacti-0.8.8b/lib/api_device.php (revision 7419) |
36 |
+++ cacti-0.8.8b/lib/api_device.php (revision 7420) |
37 |
@@ -107,7 +107,7 @@ |
38 |
$_host_template_id = db_fetch_cell("select host_template_id from host where id=$id"); |
39 |
} |
40 |
|
41 |
- $save["id"] = $id; |
42 |
+ $save["id"] = form_input_validate($id, "id", "^[0-9]+$", false, 3); |
43 |
$save["host_template_id"] = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3); |
44 |
$save["description"] = form_input_validate($description, "description", "", false, 3); |
45 |
$save["hostname"] = form_input_validate(trim($hostname), "hostname", "", false, 3); |
46 |
Index: cacti-0.8.8b/install/index.php |
47 |
=================================================================== |
48 |
--- cacti-0.8.8b/install/index.php (revision 7419) |
49 |
+++ cacti-0.8.8b/install/index.php (revision 7420) |
50 |
@@ -310,27 +310,28 @@ |
51 |
} |
52 |
|
53 |
/* pre-processing that needs to be done for each step */ |
54 |
-if (empty($_REQUEST["step"])) { |
55 |
- $_REQUEST["step"] = 1; |
56 |
-}else{ |
57 |
- if ($_REQUEST["step"] == "1") { |
58 |
- $_REQUEST["step"] = "2"; |
59 |
- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) { |
60 |
- $_REQUEST["step"] = "3"; |
61 |
- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) { |
62 |
- $_REQUEST["step"] = "8"; |
63 |
- }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { |
64 |
- $_REQUEST["step"] = "9"; |
65 |
- }elseif ($_REQUEST["step"] == "8") { |
66 |
- $_REQUEST["step"] = "3"; |
67 |
- }elseif ($_REQUEST["step"] == "9") { |
68 |
- $_REQUEST["step"] = "3"; |
69 |
- }elseif ($_REQUEST["step"] == "3") { |
70 |
- $_REQUEST["step"] = "4"; |
71 |
+if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) { |
72 |
+ $step = intval($_REQUEST["step"]); |
73 |
+ if ($step == "1") { |
74 |
+ $step = "2"; |
75 |
+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) { |
76 |
+ $step = "3"; |
77 |
+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) { |
78 |
+ $step = "8"; |
79 |
+ } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { |
80 |
+ $step = "9"; |
81 |
+ } elseif ($step == "8") { |
82 |
+ $step = "3"; |
83 |
+ } elseif ($step == "9") { |
84 |
+ $step = "3"; |
85 |
+ } elseif ($step == "3") { |
86 |
+ $step = "4"; |
87 |
} |
88 |
+} else { |
89 |
+ $step = 1; |
90 |
} |
91 |
|
92 |
-if ($_REQUEST["step"] == "4") { |
93 |
+if ($step == "4") { |
94 |
include_once("../lib/data_query.php"); |
95 |
include_once("../lib/utility.php"); |
96 |
|
97 |
@@ -366,7 +367,7 @@ |
98 |
|
99 |
header ("Location: ../index.php"); |
100 |
exit; |
101 |
-}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) { |
102 |
+}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) { |
103 |
/* if the version is not found, die */ |
104 |
if (!is_int($old_version_index)) { |
105 |
print " <p style='font-family: Verdana, Arial; font-size: 16px; font-weight: bold; color: red;'>Error</p> |
106 |
@@ -505,7 +506,7 @@ |
107 |
</tr> |
108 |
<tr> |
109 |
<td width="100%" style="font-size: 12px;"> |
110 |
- <?php if ($_REQUEST["step"] == "1") { ?> |
111 |
+ <?php if ($step == "1") { ?> |
112 |
|
113 |
<p>Thanks for taking the time to download and install cacti, the complete graphing |
114 |
solution for your network. Before you can start making cool graphs, there are a few |
115 |
@@ -530,7 +531,7 @@ |
116 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
117 |
GNU General Public License for more details.</p> |
118 |
|
119 |
- <?php }elseif ($_REQUEST["step"] == "2") { ?> |
120 |
+ <?php }elseif ($step == "2") { ?> |
121 |
|
122 |
<p>Please select the type of installation</p> |
123 |
|
124 |
@@ -551,7 +552,7 @@ |
125 |
print "Server Operating System Type: " . $config["cacti_server_os"] . "<br>"; ?> |
126 |
</p> |
127 |
|
128 |
- <?php }elseif ($_REQUEST["step"] == "3") { ?> |
129 |
+ <?php }elseif ($step == "3") { ?> |
130 |
|
131 |
<p>Make sure all of these values are correct before continuing.</p> |
132 |
<?php |
133 |
@@ -609,7 +610,7 @@ |
134 |
is an upgrade. You can change any of the settings on this screen at a later |
135 |
time by going to "Cacti Settings" from within Cacti.</p> |
136 |
|
137 |
- <?php }elseif ($_REQUEST["step"] == "8") { ?> |
138 |
+ <?php }elseif ($step == "8") { ?> |
139 |
|
140 |
<p>Upgrade results:</p> |
141 |
|
142 |
@@ -659,7 +660,7 @@ |
143 |
print $upgrade_results; |
144 |
?> |
145 |
|
146 |
- <?php }elseif ($_REQUEST["step"] == "9") { ?> |
147 |
+ <?php }elseif ($step == "9") { ?> |
148 |
|
149 |
<p style='font-size: 16px; font-weight: bold; color: red;'>Important Upgrade Notice</p> |
150 |
|
151 |
@@ -673,7 +674,7 @@ |
152 |
|
153 |
<?php }?> |
154 |
|
155 |
- <p align="right"><input type="image" src="install_<?php if ($_REQUEST["step"] == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($_REQUEST["step"] == "3"){?>Finish<?php }else{?>Next<?php }?>"></p> |
156 |
+ <p align="right"><input type="image" src="install_<?php if ($step == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($step == "3"){?>Finish<?php }else{?>Next<?php }?>"></p> |
157 |
</td> |
158 |
</tr> |
159 |
</table> |
160 |
@@ -681,7 +682,7 @@ |
161 |
</tr> |
162 |
</table> |
163 |
|
164 |
-<input type="hidden" name="step" value="<?php print $_REQUEST["step"];?>"> |
165 |
+<input type="hidden" name="step" value="<?php print $step;?>"> |
166 |
|
167 |
</form> |