diff options
-rw-r--r-- | main/cacti/APKBUILD | 22 | ||||
-rw-r--r-- | main/cacti/CVE-2014-5025,5026.patch | 153 | ||||
-rw-r--r-- | main/cacti/bug-0002455.patch | 28 | ||||
-rw-r--r-- | main/cacti/security.patch | 139 |
4 files changed, 5 insertions, 337 deletions
diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD index 5a97d4e5dd..378b9ea252 100644 --- a/main/cacti/APKBUILD +++ b/main/cacti/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=cacti -pkgver=0.8.8b -pkgrel=3 +pkgver=0.8.8d +pkgrel=0 pkgdesc="Network monitoring tool based on RRDtool" url="http://www.cacti.net" arch="noarch" @@ -9,9 +9,6 @@ license="GPL2+" depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-gd" makedepends="" source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz - security.patch - CVE-2014-5025,5026.patch - bug-0002455.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -34,15 +31,6 @@ package() { mv "$srcdir"/$pkgname-$pkgver/* "$pkgdir"/usr/share/webapps/cacti/ || return 1 } -md5sums="acb40deae073ca22e5c01a8e3ba389fb cacti-0.8.8b.tar.gz -bd18f265cca1f9713f88296f0be1ef56 security.patch -04770edd7e55021e10ad7d50b0ffa2e9 CVE-2014-5025,5026.patch -aa6d50a78b32e7f3e1a71f93c40c6697 bug-0002455.patch" -sha256sums="ef0e2a813139e0b4c2e066f0fdae1f4ad086bef0aa23446055df6331cb1af98c cacti-0.8.8b.tar.gz -73758bdf3f7846875f1620c35d1d982fa27366b053d8bd87363c618e7747c163 security.patch -fbcb79c1500ca76d88a578aa8c0543ffe3789ab3ee0d79055d378e4d79b43637 CVE-2014-5025,5026.patch -598fe1d4677e0ac080a6ada7ae97ff73b748a20e35eabce13f441010227294c0 bug-0002455.patch" -sha512sums="98b216f3beb8e90dc554a16ca07cc8b3c9e247335786d8b5e76001d7293251a8a6e03bbe2464f7e9f8e0721359e7cd4a40615dd93ac7b1cc0bec507f01fa24c1 cacti-0.8.8b.tar.gz -bed640fb64584b877348cf8163cebe39f6786a2fb8a7e735a81e9a0504b53005feec13e9911566690426f63d120b3744b755c0cbffcb67c44e9fe6dae3ccae80 security.patch -1480f456e3720f344c00a6bba61e7c4200186d6b82b70357d42c7a7c9e67385edefd0633bec6f24d83c95bbecf5f7652e2d8228559d8c7cfc290d59892b4d364 CVE-2014-5025,5026.patch -abde50dca8c80c1ea3cfc16a418abda23212c7badda469ec30345b822cf372c45b14cd397bffc77e8765b1fcc605ebd1ab21fffb53a8fbc37bad175219c84596 bug-0002455.patch" +md5sums="4507d6d189cf0dc881bf00d47537037a cacti-0.8.8d.tar.gz" +sha256sums="1e3fb4aa137c0a9cb682fa66956c1f59dfc730040a215c45b7f9a5f9b9714bec cacti-0.8.8d.tar.gz" +sha512sums="aaf86bd89b5bba03921d05670badf832c7fe4806696fee7a4fa8b0a4914471b22e0f00eb5b63bf232d56e4f33f1af58f01cb5737232ebb99b8331f814264098a cacti-0.8.8d.tar.gz" diff --git a/main/cacti/CVE-2014-5025,5026.patch b/main/cacti/CVE-2014-5025,5026.patch deleted file mode 100644 index 3292e6cb0f..0000000000 --- a/main/cacti/CVE-2014-5025,5026.patch +++ /dev/null @@ -1,153 +0,0 @@ -Description: Several names/titles were not sanities which allowes a - privileged user to inject XSS code. -Bugs: http://bugs.cacti.net/view.php?id=2456 -Author: Paul Gevers <elbrus@debian.org> - ---- a/data_sources.php -+++ b/data_sources.php -@@ -427,7 +427,7 @@ - input_validate_input_number($matches[1]); - /* ==================================================== */ - -- $ds_list .= "<li>" . get_data_source_title($matches[1]) . "<br>"; -+ $ds_list .= "<li>" . htmlspecialchars(get_data_source_title($matches[1])) . "<br>"; - $ds_array[$i] = $matches[1]; - - $i++; -@@ -1359,7 +1359,7 @@ - $poller_interval = ((isset($poller_intervals[$data_source["local_data_id"]])) ? $poller_intervals[$data_source["local_data_id"]] : 0); - - form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $data_source["local_data_id"]); $i++; -- form_selectable_cell("<a class='linkEditMain' href='" . htmlspecialchars("data_sources.php?action=ds_edit&id=" . $data_source["local_data_id"]) . "' title='" . $data_source["name_cache"] . "'>" . ((get_request_var_request("filter") != "") ? preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) : title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) . "</a>", $data_source["local_data_id"]); -+ form_selectable_cell("<a class='linkEditMain' href='" . htmlspecialchars("data_sources.php?action=ds_edit&id=" . $data_source["local_data_id"]) . "' title='" . htmlspecialchars($data_source["name_cache"], ENT_QUOTES) . "'>" . ((get_request_var_request("filter") != "") ? preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) : title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) . "</a>", $data_source["local_data_id"]); - form_selectable_cell($data_source['local_data_id'], $data_source['local_data_id']); - form_selectable_cell($data_input_name, $data_source["local_data_id"]); - form_selectable_cell(get_poller_interval($poller_interval), $data_source["local_data_id"]); ---- a/cdef.php -+++ b/cdef.php -@@ -194,7 +194,7 @@ - input_validate_input_number($matches[1]); - /* ==================================================== */ - -- $cdef_list .= "<li>" . db_fetch_cell("select name from cdef where id=" . $matches[1]) . "<br>"; -+ $cdef_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from cdef where id=" . $matches[1])) . "<br>"; - $cdef_array[$i] = $matches[1]; - - $i++; ---- a/tree.php -+++ b/tree.php -@@ -354,7 +354,7 @@ - } - - include("./include/top_header.php"); -- form_confirm("Are You Sure?", $text, htmlspecialchars("tree.php?action=edit&id=" . $_GET["tree_id"]), htmlspecialchars("tree.php?action=item_remove&id=" . $_GET["id"] . "&tree_id=" . $_GET["tree_id"])); -+ form_confirm("Are You Sure?", htmlspecialchars($text, ENT_QUOTES), htmlspecialchars("tree.php?action=edit&id=" . $_GET["tree_id"]), htmlspecialchars("tree.php?action=item_remove&id=" . $_GET["id"] . "&tree_id=" . $_GET["tree_id"])); - include("./include/bottom_footer.php"); - exit; - } -@@ -383,7 +383,7 @@ - - if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { - include("./include/top_header.php"); -- form_confirm("Are You Sure?", "Are you sure you want to delete the tree <strong>'" . db_fetch_cell("select name from graph_tree where id=" . $_GET["id"]) . "'</strong>?", htmlspecialchars("tree.php"), htmlspecialchars("tree.php?action=remove&id=" . $_GET["id"])); -+ form_confirm("Are You Sure?", "Are you sure you want to delete the tree <strong>'" . htmlspecialchars(db_fetch_cell("select name from graph_tree where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>?", htmlspecialchars("tree.php"), htmlspecialchars("tree.php?action=remove&id=" . $_GET["id"])); - include("./include/bottom_footer.php"); - exit; - } ---- a/data_input.php -+++ b/data_input.php -@@ -185,7 +185,7 @@ - input_validate_input_number($matches[1]); - /* ==================================================== */ - -- $di_list .= "<li>" . db_fetch_cell("SELECT name FROM data_input WHERE id='" . $matches[1] . "'") . "</li>"; -+ $di_list .= "<li>" . htmlspecialchars(db_fetch_cell("SELECT name FROM data_input WHERE id='" . $matches[1] . "'")) . "</li>"; - $di_array[$i] = $matches[1]; - - $i++; -@@ -246,7 +246,7 @@ - - if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { - include("./include/top_header.php"); -- form_confirm("Are You Sure?", "Are you sure you want to delete the field <strong>'" . db_fetch_cell("select name from data_input_fields where id=" . $_GET["id"]) . "'</strong>?", htmlspecialchars("data_input.php?action=edit&id=" . $_GET["data_input_id"]), htmlspecialchars("data_input.php?action=field_remove&id=" . $_GET["id"] . "&data_input_id=" . $_GET["data_input_id"])); -+ form_confirm("Are You Sure?", "Are you sure you want to delete the field <strong>'" . htmlspecialchars(db_fetch_cell("select name from data_input_fields where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>?", htmlspecialchars("data_input.php?action=edit&id=" . $_GET["data_input_id"]), htmlspecialchars("data_input.php?action=field_remove&id=" . $_GET["id"] . "&data_input_id=" . $_GET["data_input_id"])); - include("./include/bottom_footer.php"); - exit; - } ---- a/graphs.php -+++ b/graphs.php -@@ -387,7 +387,7 @@ - input_validate_input_number($matches[1]); - /* ==================================================== */ - -- $graph_list .= "<li>" . get_graph_title($matches[1]) . "</li>"; -+ $graph_list .= "<li>" . htmlspecialchars(get_graph_title($matches[1])) . "</li>"; - $graph_array[$i] = $matches[1]; - - $i++; ---- a/host_templates.php -+++ b/host_templates.php -@@ -156,7 +156,7 @@ - input_validate_input_number($matches[1]); - /* ==================================================== */ - -- $host_list .= "<li>" . db_fetch_cell("select name from host_template where id=" . $matches[1]) . "<br>"; -+ $host_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from host_template where id=" . $matches[1])) . "<br>"; - $host_array[$i] = $matches[1]; - - $i++; ---- a/data_templates.php -+++ b/data_templates.php -@@ -305,7 +305,7 @@ - input_validate_input_number($matches[1]); - /* ==================================================== */ - -- $ds_list .= "<li>" . db_fetch_cell("select name from data_template where id=" . $matches[1]) . "<br>"; -+ $ds_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from data_template where id=" . $matches[1])) . "<br>"; - $ds_array[$i] = $matches[1]; - - $i++; ---- a/graph_templates.php -+++ b/graph_templates.php -@@ -216,7 +216,7 @@ - input_validate_input_number($matches[1]); - /* ==================================================== */ - -- $graph_list .= "<li>" . db_fetch_cell("select name from graph_templates where id=" . $matches[1]) . "<br>"; -+ $graph_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from graph_templates where id=" . $matches[1])) . "<br>"; - $graph_array[$i] = $matches[1]; - - $i++; ---- a/user_admin.php -+++ b/user_admin.php -@@ -175,7 +175,7 @@ - /* ==================================================== */ - - if (get_request_var_post("drp_action") != "2") { -- $user_list .= "<li>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1]) . "<br>"; -+ $user_list .= "<li>" . htmlspecialchars(db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1])) . "<br>"; - } - $user_array[$i] = $matches[1]; - ---- a/graph_templates_inputs.php -+++ b/graph_templates_inputs.php -@@ -134,7 +134,7 @@ - - if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { - include("./include/top_header.php"); -- form_confirm("Are You Sure?", "Are you sure you want to delete the input item <strong>'" . db_fetch_cell("select name from graph_template_input where id=" . $_GET["id"]) . "'</strong>? NOTE: Deleting this item will NOT affect graphs that use this template.", htmlspecialchars("graph_templates.php?action=template_edit&id=" . $_GET["graph_template_id"]), htmlspecialchars("graph_templates_inputs.php?action=input_remove&id=" . $_GET["id"] . "&graph_template_id=" . $_GET["graph_template_id"])); -+ form_confirm("Are You Sure?", "Are you sure you want to delete the input item <strong>'" . htmlspecialchars(db_fetch_cell("select name from graph_template_input where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>? NOTE: Deleting this item will NOT affect graphs that use this template.", htmlspecialchars("graph_templates.php?action=template_edit&id=" . $_GET["graph_template_id"]), htmlspecialchars("graph_templates_inputs.php?action=input_remove&id=" . $_GET["id"] . "&graph_template_id=" . $_GET["graph_template_id"])); - include("./include/bottom_footer.php"); - exit; - } ---- a/data_queries.php -+++ b/data_queries.php -@@ -340,7 +340,7 @@ - - if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { - include("./include/top_header.php"); -- form_confirm("Are You Sure?", "Are you sure you want to delete the Data Query Graph <strong>'" . db_fetch_cell("select name from snmp_query_graph where id=" . $_GET["id"]) . "'</strong>?", htmlspecialchars("data_queries.php?action=edit&id=" . $_GET["snmp_query_id"]), htmlspecialchars("data_queries.php?action=item_remove&id=" . $_GET["id"] . "&snmp_query_id=" . $_GET["snmp_query_id"])); -+ form_confirm("Are You Sure?", "Are you sure you want to delete the Data Query Graph <strong>'" . htmlspecialchars(db_fetch_cell("select name from snmp_query_graph where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>?", htmlspecialchars("data_queries.php?action=edit&id=" . $_GET["snmp_query_id"]), htmlspecialchars("data_queries.php?action=item_remove&id=" . $_GET["id"] . "&snmp_query_id=" . $_GET["snmp_query_id"])); - include("./include/bottom_footer.php"); - exit; - } diff --git a/main/cacti/bug-0002455.patch b/main/cacti/bug-0002455.patch deleted file mode 100644 index bf65d6d474..0000000000 --- a/main/cacti/bug-0002455.patch +++ /dev/null @@ -1,28 +0,0 @@ -Index: 0.8.8/lib/rrd.php -=================================================================== ---- 0.8.8/lib/rrd.php (revision 7453) -+++ 0.8.8/lib/rrd.php (revision 7454) -@@ -2060,7 +2060,7 @@ - $size = 8; - } - -- return "--font " . strtoupper($type) . ":" . $size . ":" . $font . RRD_NL; -+ return "--font " . strtoupper($type) . ":" . floatval($size) . ":" . $font . RRD_NL; - } - - function rrd_substitute_host_query_data($txt_graph_item, $graph, $graph_item) { -Index: 0.8.8/graph_settings.php -=================================================================== ---- 0.8.8/graph_settings.php (revision 7453) -+++ 0.8.8/graph_settings.php (revision 7454) -@@ -54,6 +54,10 @@ - - while (list($tab_short_name, $tab_fields) = each($settings_graphs)) { - while (list($field_name, $field_array) = each($tab_fields)) { -+ /* Check every field with a numeric default value and reset it to default if the inputted value is not numeric */ -+ if (isset($field_array["default"]) && is_numeric($field_array["default"]) && !is_numeric(get_request_var_post($field_name))) { -+ $_POST[$field_name] = $field_array["default"]; -+ } - if ($field_array["method"] == "checkbox") { - if (isset($_POST[$field_name])) { - db_execute("REPLACE INTO settings_graphs (user_id,name,value) VALUES (" . $_SESSION["sess_user_id"] . ",'$field_name', 'on')"); diff --git a/main/cacti/security.patch b/main/cacti/security.patch deleted file mode 100644 index 3891da8ae7..0000000000 --- a/main/cacti/security.patch +++ /dev/null @@ -1,139 +0,0 @@ -diff -ruBbd cacti-0.8.8b/cdef.php cacti-0.8.8b.patched/cdef.php ---- cacti-0.8.8b/cdef.php 2013-08-06 22:31:19.000000000 -0400 -+++ cacti-0.8.8b.patched/cdef.php 2014-04-04 21:39:04.000000000 -0400 -@@ -431,7 +431,7 @@ - <a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a> - </td> - <td> -- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong> -+ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong> - </td> - <td> - <a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a> -diff -ruBbd cacti-0.8.8b/graph_xport.php cacti-0.8.8b.patched/graph_xport.php ---- cacti-0.8.8b/graph_xport.php 2013-08-06 22:31:19.000000000 -0400 -+++ cacti-0.8.8b.patched/graph_xport.php 2014-04-04 21:39:04.000000000 -0400 -@@ -47,43 +47,48 @@ - - $graph_data_array = array(); - -+/* ================= input validation ================= */ -+input_validate_input_number(get_request_var("local_graph_id")); -+input_validate_input_number(get_request_var("rra_id")); -+/* ==================================================== */ -+ - /* override: graph start time (unix time) */ --if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) { -- $graph_data_array["graph_start"] = $_GET["graph_start"]; -+if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"] && $_GET["graph_start"] < 1600000000)) { -+ $graph_data_array["graph_start"] = get_request_var("graph_start"); - } - - /* override: graph end time (unix time) */ --if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { -- $graph_data_array["graph_end"] = $_GET["graph_end"]; -+if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { -+ $graph_data_array["graph_end"] = get_request_var("graph_end"); - } - - /* override: graph height (in pixels) */ --if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { -- $graph_data_array["graph_height"] = $_GET["graph_height"]; -+if (!empty($_GET["graph_height"]) && is_numeric($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { -+ $graph_data_array["graph_height"] = get_request_var("graph_height"); - } - - /* override: graph width (in pixels) */ --if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { -- $graph_data_array["graph_width"] = $_GET["graph_width"]; -+if (!empty($_GET["graph_width"]) && is_numeric($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { -+ $graph_data_array["graph_width"] = get_request_var("graph_width"); - } - - /* override: skip drawing the legend? */ - if (!empty($_GET["graph_nolegend"])) { -- $graph_data_array["graph_nolegend"] = $_GET["graph_nolegend"]; -+ $graph_data_array["graph_nolegend"] = get_request_var("graph_nolegend"); - } - - /* print RRDTool graph source? */ - if (!empty($_GET["show_source"])) { -- $graph_data_array["print_source"] = $_GET["show_source"]; -+ $graph_data_array["print_source"] = get_request_var("show_source"); - } - --$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . $_REQUEST["local_graph_id"] . "'"); -+$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . get_request_var("local_graph_id") . "'"); - - /* for bandwidth, NThPercentile */ - $xport_meta = array(); - - /* Get graph export */ --$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array, $xport_meta); -+$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], get_request_var("rra_id"), $graph_data_array, $xport_meta); - - /* Make graph title the suggested file name */ - if (is_array($xport_array["meta"])) { -diff -ruBbd cacti-0.8.8b/lib/graph_export.php cacti-0.8.8b.patched/lib/graph_export.php ---- cacti-0.8.8b/lib/graph_export.php 2013-08-06 22:31:19.000000000 -0400 -+++ cacti-0.8.8b.patched/lib/graph_export.php 2014-04-04 21:39:05.000000000 -0400 -@@ -339,7 +339,7 @@ - chdir($stExportDir); - - /* set the initial command structure */ -- $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password']; -+ $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']); - - /* if the user requested passive mode, use it */ - if ($aFtpExport['passive']) { -@@ -347,7 +347,7 @@ - } - - /* setup the port, server, remote directory and all files */ -- $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . "."; -+ $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . "."; - - /* run the command */ - $iExecuteReturns = 0; -diff -ruBbd cacti-0.8.8b/lib/rrd.php cacti-0.8.8b.patched/lib/rrd.php ---- cacti-0.8.8b/lib/rrd.php 2013-08-06 22:31:18.000000000 -0400 -+++ cacti-0.8.8b.patched/lib/rrd.php 2014-04-04 21:39:04.000000000 -0400 -@@ -865,13 +865,13 @@ - /* basic graph options */ - $graph_opts .= - "--imgformat=" . $image_types{$graph["image_format_id"]} . RRD_NL . -- "--start=$graph_start" . RRD_NL . -- "--end=$graph_end" . RRD_NL . -+ "--start=" . cacti_escapeshellarg($graph_start) . RRD_NL . -+ "--end=" . cacti_escapeshellarg($graph_end) . RRD_NL . - "--title=" . cacti_escapeshellarg($graph["title_cache"]) . RRD_NL . - "$rigid" . -- "--base=" . $graph["base_value"] . RRD_NL . -- "--height=$graph_height" . RRD_NL . -- "--width=$graph_width" . RRD_NL . -+ "--base=" . cacti_escapeshellarg($graph["base_value"]) . RRD_NL . -+ "--height=" . cacti_escapeshellarg($graph_height) . RRD_NL . -+ "--width=" . cacti_escapeshellarg($graph_width) . RRD_NL . - "$scale" . - "$unit_value" . - "$unit_exponent_value" . -@@ -1606,8 +1606,8 @@ - - /* basic export options */ - $xport_opts = -- "--start=$xport_start" . RRD_NL . -- "--end=$xport_end" . RRD_NL . -+ "--start=" . cacti_escapeshellarg($xport_start) . RRD_NL . -+ "--end=" . cacti_escapeshellarg($xport_end) . RRD_NL . - "--maxrows=10000" . RRD_NL; - - $xport_defs = ""; -@@ -1997,7 +1997,7 @@ - $stacked_columns["col" . $j] = ($graph_item_types{$xport_item["graph_type_id"]} == "STACK") ? 1 : 0; - $j++; - -- $txt_xport_items .= "XPORT:" . $data_source_name . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ; -+ $txt_xport_items .= "XPORT:" . cacti_escapeshellarg($data_source_name) . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ; - }else{ - $need_rrd_nl = FALSE; - } |