main/cacti: fix from upstream for incomplete and incorrect input parsing

ref #3295
http://svn.cacti.net/viewvc?view=rev&revision=7454

2 files changed, 36 insertions, 4 deletions

diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD
index 9de1dccb91..6ecd8e04a6 100644
--- a/main/cacti/APKBUILD
+++ b/main/cacti/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Jeff Bilyk <jbilyk@gmail.com>
 pkgname=cacti
 pkgver=0.8.8b
-pkgrel=1
+pkgrel=2
 pkgdesc="Network monitoring tool based on RRDtool"
 url="http://www.cacti.net"
 arch="noarch"
@@ -10,6 +10,7 @@ depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-g
 makedepends=""
 source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz
 	security.patch
+	bug-0002455.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -33,8 +34,11 @@ package() {
 
 }
 md5sums="acb40deae073ca22e5c01a8e3ba389fb  cacti-0.8.8b.tar.gz
-bd18f265cca1f9713f88296f0be1ef56  security.patch"
+bd18f265cca1f9713f88296f0be1ef56  security.patch
+aa6d50a78b32e7f3e1a71f93c40c6697  bug-0002455.patch"
 sha256sums="ef0e2a813139e0b4c2e066f0fdae1f4ad086bef0aa23446055df6331cb1af98c  cacti-0.8.8b.tar.gz
-73758bdf3f7846875f1620c35d1d982fa27366b053d8bd87363c618e7747c163  security.patch"
+73758bdf3f7846875f1620c35d1d982fa27366b053d8bd87363c618e7747c163  security.patch
+598fe1d4677e0ac080a6ada7ae97ff73b748a20e35eabce13f441010227294c0  bug-0002455.patch"
 sha512sums="98b216f3beb8e90dc554a16ca07cc8b3c9e247335786d8b5e76001d7293251a8a6e03bbe2464f7e9f8e0721359e7cd4a40615dd93ac7b1cc0bec507f01fa24c1  cacti-0.8.8b.tar.gz
-bed640fb64584b877348cf8163cebe39f6786a2fb8a7e735a81e9a0504b53005feec13e9911566690426f63d120b3744b755c0cbffcb67c44e9fe6dae3ccae80  security.patch"
+bed640fb64584b877348cf8163cebe39f6786a2fb8a7e735a81e9a0504b53005feec13e9911566690426f63d120b3744b755c0cbffcb67c44e9fe6dae3ccae80  security.patch
+abde50dca8c80c1ea3cfc16a418abda23212c7badda469ec30345b822cf372c45b14cd397bffc77e8765b1fcc605ebd1ab21fffb53a8fbc37bad175219c84596  bug-0002455.patch"
diff --git a/main/cacti/bug-0002455.patch b/main/cacti/bug-0002455.patch
new file mode 100644
index 0000000000..bf65d6d474
--- /dev/null
+++ b/main/cacti/bug-0002455.patch
@@ -0,0 +1,28 @@
+Index: 0.8.8/lib/rrd.php
+===================================================================
+--- 0.8.8/lib/rrd.php	(revision 7453)
++++ 0.8.8/lib/rrd.php	(revision 7454)
+@@ -2060,7 +2060,7 @@
+ 		$size = 8;
+ 	}
+ 
+-	return "--font " . strtoupper($type) . ":" . $size . ":" . $font . RRD_NL;
++	return "--font " . strtoupper($type) . ":" . floatval($size) . ":" . $font . RRD_NL;
+ }
+ 
+ function rrd_substitute_host_query_data($txt_graph_item, $graph, $graph_item) {
+Index: 0.8.8/graph_settings.php
+===================================================================
+--- 0.8.8/graph_settings.php	(revision 7453)
++++ 0.8.8/graph_settings.php	(revision 7454)
+@@ -54,6 +54,10 @@
+ 
+ 	while (list($tab_short_name, $tab_fields) = each($settings_graphs)) {
+ 		while (list($field_name, $field_array) = each($tab_fields)) {
++			/* Check every field with a numeric default value and reset it to default if the inputted value is not numeric  */
++			if (isset($field_array["default"]) && is_numeric($field_array["default"]) && !is_numeric(get_request_var_post($field_name))) {
++				$_POST[$field_name] = $field_array["default"];
++			}
+ 			if ($field_array["method"] == "checkbox") {
+ 				if (isset($_POST[$field_name])) {
+ 					db_execute("REPLACE INTO settings_graphs (user_id,name,value) VALUES (" . $_SESSION["sess_user_id"] . ",'$field_name', 'on')");