main/cacti: fix from upstream for incomplete and incorrect input parsing

ref #3295
http://svn.cacti.net/viewvc?view=rev&revision=7454

1 files changed, 28 insertions, 0 deletions

diff --git a/main/cacti/bug-0002455.patch b/main/cacti/bug-0002455.patch
new file mode 100644
index 0000000000..bf65d6d474
--- /dev/null
+++ b/main/cacti/bug-0002455.patch
@@ -0,0 +1,28 @@
+Index: 0.8.8/lib/rrd.php
+===================================================================
+--- 0.8.8/lib/rrd.php	(revision 7453)
++++ 0.8.8/lib/rrd.php	(revision 7454)
+@@ -2060,7 +2060,7 @@
+ 		$size = 8;
+ 	}
+ 
+-	return "--font " . strtoupper($type) . ":" . $size . ":" . $font . RRD_NL;
++	return "--font " . strtoupper($type) . ":" . floatval($size) . ":" . $font . RRD_NL;
+ }
+ 
+ function rrd_substitute_host_query_data($txt_graph_item, $graph, $graph_item) {
+Index: 0.8.8/graph_settings.php
+===================================================================
+--- 0.8.8/graph_settings.php	(revision 7453)
++++ 0.8.8/graph_settings.php	(revision 7454)
+@@ -54,6 +54,10 @@
+ 
+ 	while (list($tab_short_name, $tab_fields) = each($settings_graphs)) {
+ 		while (list($field_name, $field_array) = each($tab_fields)) {
++			/* Check every field with a numeric default value and reset it to default if the inputted value is not numeric  */
++			if (isset($field_array["default"]) && is_numeric($field_array["default"]) && !is_numeric(get_request_var_post($field_name))) {
++				$_POST[$field_name] = $field_array["default"];
++			}
+ 			if ($field_array["method"] == "checkbox") {
+ 				if (isset($_POST[$field_name])) {
+ 					db_execute("REPLACE INTO settings_graphs (user_id,name,value) VALUES (" . $_SESSION["sess_user_id"] . ",'$field_name', 'on')");