diff -Naur -x '*~' -x '*.rej' -x '*.orig' cacti-0.8.7e/graph.php cacti-0.8.7e-cross_site_fix/graph.php --- cacti-0.8.7e/graph.php 2009-12-17 14:08:59.000000000 +0100 +++ cacti-0.8.7e-cross_site_fix/graph.php 2009-12-17 14:04:05.000000000 +0100 @@ -35,6 +35,8 @@ /* ================= input validation ================= */ input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); input_validate_input_number(get_request_var("local_graph_id")); +input_validate_input_number(get_request_var("graph_end")); +input_validate_input_number(get_request_var("graph_start")); input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); /* ==================================================== */ diff -Naur -x '*~' -x '*.rej' -x '*.orig' cacti-0.8.7e/include/top_graph_header.php cacti-0.8.7e-cross_site_fix/include/top_graph_header.php --- cacti-0.8.7e/include/top_graph_header.php 2009-12-17 14:08:59.000000000 +0100 +++ cacti-0.8.7e-cross_site_fix/include/top_graph_header.php 2009-12-17 14:08:22.000000000 +0100 @@ -66,7 +66,7 @@ print "<meta http-equiv=refresh content='99999'>\r\n"; }else{ $refresh = api_plugin_hook_function('top_graph_refresh', read_graph_config_option('page_refresh')); - print "<meta http-equiv=refresh content='" . $refresh . "'>\r\n"; + print "<meta http-equiv=refresh content='" . htmlspecialchars($refresh,ENT_QUOTES) . "'>\r\n"; } } ?> @@ -160,7 +160,7 @@ } ?> <tr> <?php if ((read_graph_config_option("default_tree_view_mode") == "2") && ((isset($_REQUEST["action"]) && $_REQUEST["action"] == "tree") || ((isset($_REQUEST["view_type"]) ? $_REQUEST["view_type"] : "") == "tree"))) { ?> - <td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print read_graph_config_option("default_dual_pane_width");?>' class='noprint'> + <td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;" bgcolor='#efefef' width='<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>' class='noprint'> <table border=0 cellpadding=0 cellspacing=0><tr><td><font size=-2><a style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank></a></font></td></tr></table> <?php grow_dhtml_trees(); ?> <script type="text/javascript">initializeDocument();</script> diff -Naur -x '*~' -x '*.rej' -x '*.orig' cacti-0.8.7e/lib/html_form.php cacti-0.8.7e-cross_site_fix/lib/html_form.php --- cacti-0.8.7e/lib/html_form.php 2009-12-17 14:08:59.000000000 +0100 +++ cacti-0.8.7e-cross_site_fix/lib/html_form.php 2009-12-17 14:04:05.000000000 +0100 @@ -235,13 +235,21 @@ if (sizeof($items) > 0) { foreach ($items as $item) { - print $item["name"] . "<br>"; + print htmlspecialchars($item["name"],ENT_QUOTES) . "<br>"; } } break; + case 'font': + form_font_box($field_name, $field_array["value"], + ((isset($field_array["default"])) ? $field_array["default"] : ""), + $field_array["max_length"], + ((isset($field_array["size"])) ? $field_array["size"] : "40"), "text", + ((isset($field_array["form_id"])) ? $field_array["form_id"] : "")); + + break; default: - print "<em>" . $field_array["value"] . "</em>"; + print "<em>" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "</em>"; form_hidden_box($field_name, $field_array["value"], ""); @@ -384,7 +392,7 @@ $form_previous_value = $form_default_value; } - print "<input type='hidden' id='$form_name' name='$form_name' value='$form_previous_value'>\n"; + print "<input type='hidden' id='$form_name' name='$form_name' value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>\n"; } /* form_dropdown - draws a standard html dropdown box @@ -568,7 +576,7 @@ } } - print ">". $array_display[$id]; + print ">". htmlspecialchars($array_display[$id],ENT_QUOTES); print "</option>\n"; } @@ -627,6 +635,65 @@ print "</select>\n"; } +/* form_font_box - draws a standard html textbox and provides status of a fonts existence + @arg $form_name - the name of this form element + @arg $form_previous_value - the current value of this form element + @arg $form_default_value - the value of this form element to use if there is + no current value available + @arg $form_max_length - the maximum number of characters that can be entered + into this textbox + @arg $form_size - the size (width) of the textbox + @arg $type - the type of textbox, either 'text' or 'password' + @arg $current_id - used to determine if a current value for this form element + exists or not. a $current_id of '0' indicates that no current value exists, + a non-zero value indicates that a current value does exist */ +function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) { + if (($form_previous_value == "") && (empty($current_id))) { + $form_previous_value = $form_default_value; + } + + print "<input type='$type'"; + + if (isset($_SESSION["sess_error_fields"])) { + if (!empty($_SESSION["sess_error_fields"][$form_name])) { + print "class='txtErrorTextBox'"; + unset($_SESSION["sess_error_fields"][$form_name]); + } + } + + if (isset($_SESSION["sess_field_values"])) { + if (!empty($_SESSION["sess_field_values"][$form_name])) { + $form_previous_value = $_SESSION["sess_field_values"][$form_name]; + } + } + + if (strlen($form_previous_value) == 0) { # no data: defaults are used; everythings fine + $extra_data = ""; + } else { + if (read_config_option("rrdtool_version") == "rrd-1.3.x") { # rrdtool 1.3 uses fontconfig + $font = '"' . $form_previous_value . '"'; + $out_array = array(); + exec('fc-list ' . $font, $out_array); + if (sizeof($out_array) == 0) { + $extra_data = "<span style='color:red'><br>[" . "ERROR: FONT NOT FOUND" . "]</span>"; + } else { + $extra_data = "<span style='color:green'><br>[" . "OK: FONT FOUND" . "]</span>"; + } + } elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" || + read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files + if (is_file($form_previous_value)) { + $extra_data = "<span style='color:green'><br>[" . "OK: FILE FOUND" . "]</span>"; + }else if (is_dir($form_previous_value)) { + $extra_data = "<span style='color:red'><br>[" . "ERROR: IS DIR" . "]</span>"; + }else{ + $extra_data = "<span style='color:red'><br>[" . "ERROR: FILE NOT FOUND" . "]</span>"; + } + } # will be used for future versions of rrdtool + } + + print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data; +} + /* form_confirm - draws a table presenting the user with some choice and allowing them to either proceed (delete) or cancel @arg $body_text - the text to prompt the user with on this form diff -Naur -x '*~' -x '*.rej' -x '*.orig' cacti-0.8.7e/lib/timespan_settings.php cacti-0.8.7e-cross_site_fix/lib/timespan_settings.php --- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 18:07:11.000000000 +0200 +++ cacti-0.8.7e-cross_site_fix/lib/timespan_settings.php 2009-12-17 14:04:05.000000000 +0100 @@ -125,9 +125,9 @@ if (isset($_POST["date1"])) { /* the dates have changed, therefore, I am now custom */ if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) { - $timespan["current_value_date1"] = $_POST["date1"]; + $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); $timespan["begin_now"] =strtotime($timespan["current_value_date1"]); - $timespan["current_value_date2"] = $_POST["date2"]; + $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); $timespan["end_now"]=strtotime($timespan["current_value_date2"]); $_SESSION["sess_current_timespan"] = GT_CUSTOM; $_SESSION["custom"] = 1; @@ -135,8 +135,8 @@ }else { /* the default button wasn't pushed */ if (!isset($_POST["button_clear_x"])) { - $timespan["current_value_date1"] = $_POST["date1"]; - $timespan["current_value_date2"] = $_POST["date2"]; + $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); + $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); $timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"]; $timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];