]>
Commit | Line | Data |
---|---|---|
59dbe8d4 MT |
1 | ------------------------------------------------------------------------ |
2 | r7420 | cigamit | 2013-08-17 21:41:24 -0600 (Sat, 17 Aug 2013) | 1 line | |
3 | ||
4 | Bug #0002383 : Sanitize the step and id variables | |
5 | ------------------------------------------------------------------------ | |
6 | Index: branches/0.8.8/host.php | |
7 | =================================================================== | |
8 | --- branches/0.8.8/host.php (revision 7419) | |
9 | +++ branches/0.8.8/host.php (revision 7420) | |
10 | @@ -149,6 +149,9 @@ | |
11 | if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) { | |
12 | raise_message(4); | |
13 | }else{ | |
14 | + input_validate_input_number(get_request_var_post("id")); | |
15 | + input_validate_input_number(get_request_var_post("host_template_id")); | |
16 | + | |
17 | $host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"], | |
18 | trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"], | |
19 | $_POST["snmp_username"], $_POST["snmp_password"], | |
20 | Index: branches/0.8.8/lib/api_device.php | |
21 | =================================================================== | |
22 | --- branches/0.8.8/lib/api_device.php (revision 7419) | |
23 | +++ branches/0.8.8/lib/api_device.php (revision 7420) | |
24 | @@ -107,7 +107,7 @@ | |
25 | $_host_template_id = db_fetch_cell("select host_template_id from host where id=$id"); | |
26 | } | |
27 | ||
28 | - $save["id"] = $id; | |
29 | + $save["id"] = form_input_validate($id, "id", "^[0-9]+$", false, 3); | |
30 | $save["host_template_id"] = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3); | |
31 | $save["description"] = form_input_validate($description, "description", "", false, 3); | |
32 | $save["hostname"] = form_input_validate(trim($hostname), "hostname", "", false, 3); | |
33 | Index: branches/0.8.8/install/index.php | |
34 | =================================================================== | |
35 | --- branches/0.8.8/install/index.php (revision 7419) | |
36 | +++ branches/0.8.8/install/index.php (revision 7420) | |
37 | @@ -310,27 +310,28 @@ | |
38 | } | |
39 | ||
40 | /* pre-processing that needs to be done for each step */ | |
41 | -if (empty($_REQUEST["step"])) { | |
42 | - $_REQUEST["step"] = 1; | |
43 | -}else{ | |
44 | - if ($_REQUEST["step"] == "1") { | |
45 | - $_REQUEST["step"] = "2"; | |
46 | - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) { | |
47 | - $_REQUEST["step"] = "3"; | |
48 | - }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) { | |
49 | - $_REQUEST["step"] = "8"; | |
50 | - }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { | |
51 | - $_REQUEST["step"] = "9"; | |
52 | - }elseif ($_REQUEST["step"] == "8") { | |
53 | - $_REQUEST["step"] = "3"; | |
54 | - }elseif ($_REQUEST["step"] == "9") { | |
55 | - $_REQUEST["step"] = "3"; | |
56 | - }elseif ($_REQUEST["step"] == "3") { | |
57 | - $_REQUEST["step"] = "4"; | |
58 | +if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) { | |
59 | + $step = intval($_REQUEST["step"]); | |
60 | + if ($step == "1") { | |
61 | + $step = "2"; | |
62 | + } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) { | |
63 | + $step = "3"; | |
64 | + } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) { | |
65 | + $step = "8"; | |
66 | + } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) { | |
67 | + $step = "9"; | |
68 | + } elseif ($step == "8") { | |
69 | + $step = "3"; | |
70 | + } elseif ($step == "9") { | |
71 | + $step = "3"; | |
72 | + } elseif ($step == "3") { | |
73 | + $step = "4"; | |
74 | } | |
75 | +} else { | |
76 | + $step = 1; | |
77 | } | |
78 | ||
79 | -if ($_REQUEST["step"] == "4") { | |
80 | +if ($step == "4") { | |
81 | include_once("../lib/data_query.php"); | |
82 | include_once("../lib/utility.php"); | |
83 | ||
84 | @@ -366,7 +367,7 @@ | |
85 | ||
86 | header ("Location: ../index.php"); | |
87 | exit; | |
88 | -}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) { | |
89 | +}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) { | |
90 | /* if the version is not found, die */ | |
91 | if (!is_int($old_version_index)) { | |
92 | print " <p style='font-family: Verdana, Arial; font-size: 16px; font-weight: bold; color: red;'>Error</p> | |
93 | @@ -505,7 +506,7 @@ | |
94 | </tr> | |
95 | <tr> | |
96 | <td width="100%" style="font-size: 12px;"> | |
97 | - <?php if ($_REQUEST["step"] == "1") { ?> | |
98 | + <?php if ($step == "1") { ?> | |
99 | ||
100 | <p>Thanks for taking the time to download and install cacti, the complete graphing | |
101 | solution for your network. Before you can start making cool graphs, there are a few | |
102 | @@ -530,7 +531,7 @@ | |
103 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
104 | GNU General Public License for more details.</p> | |
105 | ||
106 | - <?php }elseif ($_REQUEST["step"] == "2") { ?> | |
107 | + <?php }elseif ($step == "2") { ?> | |
108 | ||
109 | <p>Please select the type of installation</p> | |
110 | ||
111 | @@ -551,7 +552,7 @@ | |
112 | print "Server Operating System Type: " . $config["cacti_server_os"] . "<br>"; ?> | |
113 | </p> | |
114 | ||
115 | - <?php }elseif ($_REQUEST["step"] == "3") { ?> | |
116 | + <?php }elseif ($step == "3") { ?> | |
117 | ||
118 | <p>Make sure all of these values are correct before continuing.</p> | |
119 | <?php | |
120 | @@ -609,7 +610,7 @@ | |
121 | is an upgrade. You can change any of the settings on this screen at a later | |
122 | time by going to "Cacti Settings" from within Cacti.</p> | |
123 | ||
124 | - <?php }elseif ($_REQUEST["step"] == "8") { ?> | |
125 | + <?php }elseif ($step == "8") { ?> | |
126 | ||
127 | <p>Upgrade results:</p> | |
128 | ||
129 | @@ -659,7 +660,7 @@ | |
130 | print $upgrade_results; | |
131 | ?> | |
132 | ||
133 | - <?php }elseif ($_REQUEST["step"] == "9") { ?> | |
134 | + <?php }elseif ($step == "9") { ?> | |
135 | ||
136 | <p style='font-size: 16px; font-weight: bold; color: red;'>Important Upgrade Notice</p> | |
137 | ||
138 | @@ -673,7 +674,7 @@ | |
139 | ||
140 | <?php }?> | |
141 | ||
142 | - <p align="right"><input type="image" src="install_<?php if ($_REQUEST["step"] == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($_REQUEST["step"] == "3"){?>Finish<?php }else{?>Next<?php }?>"></p> | |
143 | + <p align="right"><input type="image" src="install_<?php if ($step == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($step == "3"){?>Finish<?php }else{?>Next<?php }?>"></p> | |
144 | </td> | |
145 | </tr> | |
146 | </table> | |
147 | @@ -681,7 +682,7 @@ | |
148 | </tr> | |
149 | </table> | |
150 | ||
151 | -<input type="hidden" name="step" value="<?php print $_REQUEST["step"];?>"> | |
152 | +<input type="hidden" name="step" value="<?php print $step;?>"> | |
153 | ||
154 | </form> | |
155 |