rpms/cacti/F-12 sql_injection_template_export.patch, NONE, 1.1 cacti.spec, 1.30, 1.31

Mike McGrath mmcgrath at fedoraproject.org
Fri Apr 23 13:54:06 UTC 2010 

Author: mmcgrath

Update of /cvs/pkgs/rpms/cacti/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22192/F-12

Modified Files:
	cacti.spec 
Added Files:
	sql_injection_template_export.patch 
Log Message:
fixing sql injection issues - 585207

sql_injection_template_export.patch:
 templates_export.php |    4 ++++
 1 file changed, 4 insertions(+)

--- NEW FILE sql_injection_template_export.patch ---
--- cacti-0.8.7e/templates_export.php	2009-06-28 12:07:11.000000000 -0400
+++ cacti-fixed/templates_export.php	2010-04-17 14:08:42.000000000 -0400
@@ -49,6 +49,10 @@
 function form_save() {
 	global $export_types;
 
+    /* ================= input validation ================= */
+    input_validate_input_number(get_request_var_post("export_item_id"));
+    /* ==================================================== */
+
 	if (isset($_POST["save_component_export"])) {
 		$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
 


Index: cacti.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cacti/F-12/cacti.spec,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -p -r1.30 -r1.31
--- cacti.spec	1 Dec 2009 15:19:47 -0000	1.30
+++ cacti.spec	23 Apr 2010 13:54:05 -0000	1.31
@@ -1,6 +1,6 @@
 Name: cacti
 Version: 0.8.7e
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: An rrd based graphing tool
 
 Group: Applications/System
@@ -15,6 +15,7 @@ Patch0: cli_add_graph.patch
 Patch1: snmp_invalid_response.patch
 Patch2: template_duplication.patch
 Patch3: cross_site_fix.patch
+Patch4: sql_injection_template_export.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -38,6 +39,7 @@ used to creating traffic graphs with MRT
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 echo "#*/5 * * * *	cacti	%{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
 
@@ -113,6 +115,11 @@ fi
 %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
 
 %changelog
+* Fri Apr 23 2010 Mike McGrath <mmcgrath at redhat.com> - 0.8.7e-4
+- Pulling in patches from upstream
+- SQL injection fix
+- BZ #541279
+
 * Tue Dec  1 2009 Mike McGrath <mmcgrath at redhat.com> - 0.8.7e-3
 - Pulling in some official patches
 - #541279

More information about the scm-commits mailing list