Attachment #165104 for bug #205920

View | Details | Raw Unified | Return to bug 205920
Collapse All | Expand All

Lines 2-8 Link Here

(-)Makefile (-1 / +1 lines)
2		2
3	PORTNAME= cacti	3	PORTNAME= cacti
4	PORTVERSION= 0.8.8f${PATCHLEVEL}	4	PORTVERSION= 0.8.8f${PATCHLEVEL}
5	PORTREVISION= 1	5	PORTREVISION= 2
6	CATEGORIES= net-mgmt www	6	CATEGORIES= net-mgmt www
7	MASTER_SITES= http://www.cacti.net/downloads/ \	7	MASTER_SITES= http://www.cacti.net/downloads/ \
8	ftp://ftpmirror.uk/freebsd-ports/cacti/	8	ftp://ftpmirror.uk/freebsd-ports/cacti/




------------------------------------------------------------------------
r7767 | cigamit | 2015-11-28 20:08:16 +0000 (Sat, 28 Nov 2015) | 1 line
Changed paths:
   M /cacti/tags/0.8.8g/docs/CHANGELOG
   M /cacti/tags/0.8.8g/graph.php
   M /cacti/tags/0.8.8g/include/top_graph_header.php
------------------------------------------------------------------------

-bug:0002646: SQL injection in graph.php

--- graph.php	(revision 7766)
+++ graph.php	(revision 7767)
@@ -32,29 +32,29 @@
 
 api_plugin_hook_function('graph');
 
-include_once("./lib/html_tree.php");
-include_once("./include/top_graph_header.php");
-
 /* ================= input validation ================= */
-input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
-input_validate_input_number(get_request_var("local_graph_id"));
-input_validate_input_number(get_request_var("graph_end"));
-input_validate_input_number(get_request_var("graph_start"));
+input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
+input_validate_input_number(get_request_var_request("local_graph_id"));
+input_validate_input_number(get_request_var_request("graph_end"));
+input_validate_input_number(get_request_var_request("graph_start"));
 input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
 /* ==================================================== */
 
-if (!isset($_GET['rra_id'])) {
-	$_GET['rra_id'] = 'all';
+include_once("./lib/html_tree.php");
+include_once("./include/top_graph_header.php");
+
+if (!isset($_REQUEST['rra_id'])) {
+	$_REQUEST['rra_id'] = 'all';
 }
 
-if ($_GET["rra_id"] == "all") {
+if ($_REQUEST["rra_id"] == "all") {
 	$sql_where = " where id is not null";
 }else{
-	$sql_where = " where id=" . $_GET["rra_id"];
+	$sql_where = " where id=" . $_REQUEST["rra_id"];
 }
 
 /* make sure the graph requested exists (sanity) */
-if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_GET["local_graph_id"]))) {
+if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_REQUEST["local_graph_id"]))) {
 	print "<strong><font size='+1' color='FF0000'>GRAPH DOES NOT EXIST</font></strong>"; exit;
 }
 
@@ -61,7 +61,7 @@
 /* take graph permissions into account here, if the user does not have permission
 give an "access denied" message */
 if (read_config_option("auth_method") != 0) {
-	$access_denied = !(is_graph_allowed($_GET["local_graph_id"]));
+	$access_denied = !(is_graph_allowed($_REQUEST["local_graph_id"]));
 
 	if ($access_denied == true) {
 		print "<strong><font size='+1' color='FF0000'>ACCESS DENIED</font></strong>"; exit;
@@ -68,7 +68,7 @@
 	}
 }
 
-$graph_title = get_graph_title($_GET["local_graph_id"]);
+$graph_title = get_graph_title($_REQUEST["local_graph_id"]);
 
 if ($_REQUEST["view_type"] == "tree") {
 	print "<table width='100%' style='background-color: #ffffff; border: 1px solid #ffffff;' align='center' cellspacing='0' cellpadding='3'>";
@@ -76,15 +76,15 @@
 	print "<table width='100%' style='background-color: #f5f5f5; border: 1px solid #bbbbbb;' align='center' cellspacing='0' cellpadding='3'>";
 }
 
-$rras = get_associated_rras($_GET["local_graph_id"]);
+$rras = get_associated_rras($_REQUEST["local_graph_id"]);
 
 switch ($_REQUEST["action"]) {
 case 'view':
 	api_plugin_hook_function('page_buttons',
-		array('lgid' => $_GET["local_graph_id"],
+		array('lgid' => $_REQUEST["local_graph_id"],
 			'leafid' => '',//$leaf_id,
 			'mode' => 'mrtg',
-			'rraid' => $_GET["rra_id"])
+			'rraid' => $_REQUEST["rra_id"])
 		);
 	?>
 	<tr class='tableHeader'>
@@ -105,13 +105,13 @@
 					<table width='1' cellpadding='0'>
 						<tr>
 							<td>
-								<img class='graphimage' id='graph_<?php print $_GET["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
+								<img class='graphimage' id='graph_<?php print $_REQUEST["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
 							</td>
 							<td valign='top' style='padding: 3px;' class='noprint'>
-								<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
-								<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
-								<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
-								<?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?>
+								<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
+								<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
+								<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] .  "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
+								<?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?>
 								<a href='#page_top'><img src='<?php print $config['url_path']; ?>images/graph_page_top.gif' border='0' alt='Page Top' title='Page Top' style='padding: 3px;'></a><br>
 							</td>
 						</tr>
@@ -143,7 +143,7 @@
 	}
 
 	/* fetch information for the current RRA */
-	$rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_GET["rra_id"]);
+	$rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_REQUEST["rra_id"]);
 
 	/* define the time span, which decides which rra to use */
 	$timespan = -($rra["timespan"]);
@@ -154,7 +154,7 @@
 		FROM (data_template_data,data_template_rrd,graph_templates_item)
 		WHERE graph_templates_item.task_item_id=data_template_rrd.id
 		AND data_template_rrd.local_data_id=data_template_data.local_data_id
-		AND graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] .
+		AND graph_templates_item.local_graph_id=" . $_REQUEST["local_graph_id"] .
 		" LIMIT 0,1");
 	$ds_step = empty($ds_step) ? 300 : $ds_step;
 	$seconds_between_graph_updates = ($ds_step * $rra["steps"]);
@@ -161,17 +161,17 @@
 
 	$now = time();
 
-	if (isset($_GET["graph_end"]) && ($_GET["graph_end"] <= $now - $seconds_between_graph_updates)) {
-		$graph_end = $_GET["graph_end"];
+	if (isset($_REQUEST["graph_end"]) && ($_REQUEST["graph_end"] <= $now - $seconds_between_graph_updates)) {
+		$graph_end = $_REQUEST["graph_end"];
 	}else{
 		$graph_end = $now - $seconds_between_graph_updates;
 	}
 
-	if (isset($_GET["graph_start"])) {
-		if (($graph_end - $_GET["graph_start"])>$max_timespan) {
+	if (isset($_REQUEST["graph_start"])) {
+		if (($graph_end - $_REQUEST["graph_start"])>$max_timespan) {
 			$graph_start = $now - $max_timespan;
 		}else {
-			$graph_start = $_GET["graph_start"];
+			$graph_start = $_REQUEST["graph_start"];
 		}
 	}else{
 		$graph_start = $now + $timespan;
@@ -186,7 +186,7 @@
 		graph_templates_graph.height,
 		graph_templates_graph.width
 		from graph_templates_graph
-		where graph_templates_graph.local_graph_id=" . $_GET["local_graph_id"]);
+		where graph_templates_graph.local_graph_id=" . $_REQUEST["local_graph_id"]);
 
 	$graph_height = $graph["height"];
 	$graph_width = $graph["width"];
@@ -214,12 +214,12 @@
 			<table width='1' cellpadding='0'>
 				<tr>
 					<td>
-						<img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
+						<img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
 					</td>
 					<td valign='top' style='padding: 3px;' class='noprint'>
-						<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
-						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
-						<?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_GET['local_graph_id'], 'rra' =>  $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
+						<a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
+						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
+						<?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' =>  $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
 					</td>
 				</tr>
 				<tr>
@@ -249,17 +249,17 @@
 			<table width='1' cellpadding='0'>
 				<tr>
 					<td>
-						<img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&graph_start=" . (isset($_GET["graph_start"]) ? $_GET["graph_start"] : "0") . "&graph_end=" . (isset($_GET["graph_end"]) ? $_GET["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'>
+						<img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&graph_start=" . (isset($_REQUEST["graph_start"]) ? $_REQUEST["graph_start"] : "0") . "&graph_end=" . (isset($_REQUEST["graph_end"]) ? $_REQUEST["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'>
 					</td>
 					<td valign='top' style='padding: 3px;'>
-						<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
-						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
-						<?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_GET['local_graph_id'], 'rra' =>  $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
+						<a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
+						<a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
+						<?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' =>  $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
 					</td>
 				</tr>
 				<tr>
 					<td colspan='2' align='center'>
-						<strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_GET["rra_id"]));?></strong>
+						<strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_REQUEST["rra_id"]));?></strong>
 					</td>
 				</tr>
 			</table>
--- include/top_graph_header.php	(revision 7766)
+++ include/top_graph_header.php	(revision 7767)
@@ -146,12 +146,12 @@
 			$graph_data_array["print_source"] = true;
 
 			/* override: graph start time (unix time) */
-			if (!empty($_GET["graph_start"])) {
+			if (!empty($_REQUEST["graph_start"])) {
 				$graph_data_array["graph_start"] = get_request_var_request("graph_start");
 			}
 
 			/* override: graph end time (unix time) */
-			if (!empty($_GET["graph_end"])) {
+			if (!empty($_REQUEST["graph_end"])) {
 				$graph_data_array["graph_end"] = get_request_var_request("graph_end");
 			}
 


Return to bug 205920

Line 0 Link Here

(-)files/patch-CVE-2015-8369 (+218 lines)
		1	------------------------------------------------------------------------
		2	r7767 \| cigamit \| 2015-11-28 20:08:16 +0000 (Sat, 28 Nov 2015) \| 1 line
		3	Changed paths:
		4	M /cacti/tags/0.8.8g/docs/CHANGELOG
		5	M /cacti/tags/0.8.8g/graph.php
		6	M /cacti/tags/0.8.8g/include/top_graph_header.php
		7	------------------------------------------------------------------------
		8
		9	-bug:0002646: SQL injection in graph.php
		10
		11	--- graph.php (revision 7766)
		12	+++ graph.php (revision 7767)
		13	@@ -32,29 +32,29 @@
		14
		15	api_plugin_hook_function('graph');
		16
		17	-include_once("./lib/html_tree.php");
		18	-include_once("./include/top_graph_header.php");
		19	-
		20	/* ================= input validation ================= */
		21	-input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+\|all)$");
		22	-input_validate_input_number(get_request_var("local_graph_id"));
		23	-input_validate_input_number(get_request_var("graph_end"));
		24	-input_validate_input_number(get_request_var("graph_start"));
		25	+input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+\|all)$");
		26	+input_validate_input_number(get_request_var_request("local_graph_id"));
		27	+input_validate_input_number(get_request_var_request("graph_end"));
		28	+input_validate_input_number(get_request_var_request("graph_start"));
		29	input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
		30	/* ==================================================== */
		31
		32	-if (!isset($_GET['rra_id'])) {
		33	- $_GET['rra_id'] = 'all';
		34	+include_once("./lib/html_tree.php");
		35	+include_once("./include/top_graph_header.php");
		36	+
		37	+if (!isset($_REQUEST['rra_id'])) {
		38	+ $_REQUEST['rra_id'] = 'all';
		39	}
		40
		41	-if ($_GET["rra_id"] == "all") {
		42	+if ($_REQUEST["rra_id"] == "all") {
		43	$sql_where = " where id is not null";
		44	}else{
		45	- $sql_where = " where id=" . $_GET["rra_id"];
		46	+ $sql_where = " where id=" . $_REQUEST["rra_id"];
		47	}
		48
		49	/* make sure the graph requested exists (sanity) */
		50	-if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_GET["local_graph_id"]))) {
		51	+if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_REQUEST["local_graph_id"]))) {
		52	print "<strong><font size='+1' color='FF0000'>GRAPH DOES NOT EXIST</font></strong>"; exit;
		53	}
		54
		55	@@ -61,7 +61,7 @@
		56	/* take graph permissions into account here, if the user does not have permission
		57	give an "access denied" message */
		58	if (read_config_option("auth_method") != 0) {
		59	- $access_denied = !(is_graph_allowed($_GET["local_graph_id"]));
		60	+ $access_denied = !(is_graph_allowed($_REQUEST["local_graph_id"]));
		61
		62	if ($access_denied == true) {
		63	print "<strong><font size='+1' color='FF0000'>ACCESS DENIED</font></strong>"; exit;
		64	@@ -68,7 +68,7 @@
65	}
66	}
67
68	-$graph_title = get_graph_title($_GET["local_graph_id"]);
69	+$graph_title = get_graph_title($_REQUEST["local_graph_id"]);
70
71	if ($_REQUEST["view_type"] == "tree") {
72	print "<table width='100%' style='background-color: #ffffff; border: 1px solid #ffffff;' align='center' cellspacing='0' cellpadding='3'>";
73	@@ -76,15 +76,15 @@
74	print "<table width='100%' style='background-color: #f5f5f5; border: 1px solid #bbbbbb;' align='center' cellspacing='0' cellpadding='3'>";
75	}
76
77	-$rras = get_associated_rras($_GET["local_graph_id"]);
78	+$rras = get_associated_rras($_REQUEST["local_graph_id"]);
79
80	switch ($_REQUEST["action"]) {
81	case 'view':
82	api_plugin_hook_function('page_buttons',
83	- array('lgid' => $_GET["local_graph_id"],
84	+ array('lgid' => $_REQUEST["local_graph_id"],
85	'leafid' => '',//$leaf_id,
86	'mode' => 'mrtg',
87	- 'rraid' => $_GET["rra_id"])
88	+ 'rraid' => $_REQUEST["rra_id"])
89	);
90	?>
91	<tr class='tableHeader'>
92	@@ -105,13 +105,13 @@
93	<table width='1' cellpadding='0'>
94	<tr>
95	<td>
96	- <img class='graphimage' id='graph_<?php print $_GET["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
97	+ <img class='graphimage' id='graph_<?php print $_REQUEST["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
98	</td>
99	<td valign='top' style='padding: 3px;' class='noprint'>
100	- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
101	- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
102	- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
103	- <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?>
104	+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
105	+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
106	+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
107	+ <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?>
108	<a href='#page_top'><img src='<?php print $config['url_path']; ?>images/graph_page_top.gif' border='0' alt='Page Top' title='Page Top' style='padding: 3px;'></a><br>
109	</td>
110	</tr>
111	@@ -143,7 +143,7 @@
112	}
113
114	/* fetch information for the current RRA */
115	- $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_GET["rra_id"]);
116	+ $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_REQUEST["rra_id"]);
117
118	/* define the time span, which decides which rra to use */
119	$timespan = -($rra["timespan"]);
120	@@ -154,7 +154,7 @@
121	FROM (data_template_data,data_template_rrd,graph_templates_item)
122	WHERE graph_templates_item.task_item_id=data_template_rrd.id
123	AND data_template_rrd.local_data_id=data_template_data.local_data_id
124	- AND graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] .
125	+ AND graph_templates_item.local_graph_id=" . $_REQUEST["local_graph_id"] .
126	" LIMIT 0,1");
127	$ds_step = empty($ds_step) ? 300 : $ds_step;
128	$seconds_between_graph_updates = ($ds_step * $rra["steps"]);
129	@@ -161,17 +161,17 @@
130
131	$now = time();
132
133	- if (isset($_GET["graph_end"]) && ($_GET["graph_end"] <= $now - $seconds_between_graph_updates)) {
134	- $graph_end = $_GET["graph_end"];
135	+ if (isset($_REQUEST["graph_end"]) && ($_REQUEST["graph_end"] <= $now - $seconds_between_graph_updates)) {
136	+ $graph_end = $_REQUEST["graph_end"];
137	}else{
138	$graph_end = $now - $seconds_between_graph_updates;
139	}
140
141	- if (isset($_GET["graph_start"])) {
142	- if (($graph_end - $_GET["graph_start"])>$max_timespan) {
143	+ if (isset($_REQUEST["graph_start"])) {
144	+ if (($graph_end - $_REQUEST["graph_start"])>$max_timespan) {
145	$graph_start = $now - $max_timespan;
146	}else {
147	- $graph_start = $_GET["graph_start"];
148	+ $graph_start = $_REQUEST["graph_start"];
149	}
150	}else{
151	$graph_start = $now + $timespan;
152	@@ -186,7 +186,7 @@
153	graph_templates_graph.height,
154	graph_templates_graph.width
155	from graph_templates_graph
156	- where graph_templates_graph.local_graph_id=" . $_GET["local_graph_id"]);
157	+ where graph_templates_graph.local_graph_id=" . $_REQUEST["local_graph_id"]);
158
159	$graph_height = $graph["height"];
160	$graph_width = $graph["width"];
161	@@ -214,12 +214,12 @@
162	<table width='1' cellpadding='0'>
163	<tr>
164	<td>
165	- <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
166	+ <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'>
167	</td>
168	<td valign='top' style='padding: 3px;' class='noprint'>
169	- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
170	- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
171	- <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
172	+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a>
173	+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
174	+ <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
175	</td>
176	</tr>
177	<tr>
178	@@ -249,17 +249,17 @@
179	<table width='1' cellpadding='0'>
180	<tr>
181	<td>
182	- <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&graph_start=" . (isset($_GET["graph_start"]) ? $_GET["graph_start"] : "0") . "&graph_end=" . (isset($_GET["graph_end"]) ? $_GET["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'>
183	+ <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&graph_start=" . (isset($_REQUEST["graph_start"]) ? $_REQUEST["graph_start"] : "0") . "&graph_end=" . (isset($_REQUEST["graph_end"]) ? $_REQUEST["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'>
184	</td>
185	<td valign='top' style='padding: 3px;'>
186	- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
187	- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
188	- <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
189	+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br>
190	+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br>
191	+ <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?>
192	</td>
193	</tr>
194	<tr>
195	<td colspan='2' align='center'>
196	- <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_GET["rra_id"]));?></strong>
197	+ <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_REQUEST["rra_id"]));?></strong>
198	</td>
199	</tr>
200	</table>
201	--- include/top_graph_header.php (revision 7766)
202	+++ include/top_graph_header.php (revision 7767)
203	@@ -146,12 +146,12 @@
204	$graph_data_array["print_source"] = true;
205
206	/* override: graph start time (unix time) */
207	- if (!empty($_GET["graph_start"])) {
208	+ if (!empty($_REQUEST["graph_start"])) {
209	$graph_data_array["graph_start"] = get_request_var_request("graph_start");
210	}
211
212	/* override: graph end time (unix time) */
213	- if (!empty($_GET["graph_end"])) {
214	+ if (!empty($_REQUEST["graph_end"])) {
215	$graph_data_array["graph_end"] = get_request_var_request("graph_end");
216	}
217
218