Line 0
Link Here
|
|
|
1 |
------------------------------------------------------------------------ |
2 |
r7767 | cigamit | 2015-11-28 20:08:16 +0000 (Sat, 28 Nov 2015) | 1 line |
3 |
Changed paths: |
4 |
M /cacti/tags/0.8.8g/docs/CHANGELOG |
5 |
M /cacti/tags/0.8.8g/graph.php |
6 |
M /cacti/tags/0.8.8g/include/top_graph_header.php |
7 |
------------------------------------------------------------------------ |
8 |
|
9 |
-bug:0002646: SQL injection in graph.php |
10 |
|
11 |
--- graph.php (revision 7766) |
12 |
+++ graph.php (revision 7767) |
13 |
@@ -32,29 +32,29 @@ |
14 |
|
15 |
api_plugin_hook_function('graph'); |
16 |
|
17 |
-include_once("./lib/html_tree.php"); |
18 |
-include_once("./include/top_graph_header.php"); |
19 |
- |
20 |
/* ================= input validation ================= */ |
21 |
-input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$"); |
22 |
-input_validate_input_number(get_request_var("local_graph_id")); |
23 |
-input_validate_input_number(get_request_var("graph_end")); |
24 |
-input_validate_input_number(get_request_var("graph_start")); |
25 |
+input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); |
26 |
+input_validate_input_number(get_request_var_request("local_graph_id")); |
27 |
+input_validate_input_number(get_request_var_request("graph_end")); |
28 |
+input_validate_input_number(get_request_var_request("graph_start")); |
29 |
input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); |
30 |
/* ==================================================== */ |
31 |
|
32 |
-if (!isset($_GET['rra_id'])) { |
33 |
- $_GET['rra_id'] = 'all'; |
34 |
+include_once("./lib/html_tree.php"); |
35 |
+include_once("./include/top_graph_header.php"); |
36 |
+ |
37 |
+if (!isset($_REQUEST['rra_id'])) { |
38 |
+ $_REQUEST['rra_id'] = 'all'; |
39 |
} |
40 |
|
41 |
-if ($_GET["rra_id"] == "all") { |
42 |
+if ($_REQUEST["rra_id"] == "all") { |
43 |
$sql_where = " where id is not null"; |
44 |
}else{ |
45 |
- $sql_where = " where id=" . $_GET["rra_id"]; |
46 |
+ $sql_where = " where id=" . $_REQUEST["rra_id"]; |
47 |
} |
48 |
|
49 |
/* make sure the graph requested exists (sanity) */ |
50 |
-if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_GET["local_graph_id"]))) { |
51 |
+if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_REQUEST["local_graph_id"]))) { |
52 |
print "<strong><font size='+1' color='FF0000'>GRAPH DOES NOT EXIST</font></strong>"; exit; |
53 |
} |
54 |
|
55 |
@@ -61,7 +61,7 @@ |
56 |
/* take graph permissions into account here, if the user does not have permission |
57 |
give an "access denied" message */ |
58 |
if (read_config_option("auth_method") != 0) { |
59 |
- $access_denied = !(is_graph_allowed($_GET["local_graph_id"])); |
60 |
+ $access_denied = !(is_graph_allowed($_REQUEST["local_graph_id"])); |
61 |
|
62 |
if ($access_denied == true) { |
63 |
print "<strong><font size='+1' color='FF0000'>ACCESS DENIED</font></strong>"; exit; |
64 |
@@ -68,7 +68,7 @@ |
65 |
} |
66 |
} |
67 |
|
68 |
-$graph_title = get_graph_title($_GET["local_graph_id"]); |
69 |
+$graph_title = get_graph_title($_REQUEST["local_graph_id"]); |
70 |
|
71 |
if ($_REQUEST["view_type"] == "tree") { |
72 |
print "<table width='100%' style='background-color: #ffffff; border: 1px solid #ffffff;' align='center' cellspacing='0' cellpadding='3'>"; |
73 |
@@ -76,15 +76,15 @@ |
74 |
print "<table width='100%' style='background-color: #f5f5f5; border: 1px solid #bbbbbb;' align='center' cellspacing='0' cellpadding='3'>"; |
75 |
} |
76 |
|
77 |
-$rras = get_associated_rras($_GET["local_graph_id"]); |
78 |
+$rras = get_associated_rras($_REQUEST["local_graph_id"]); |
79 |
|
80 |
switch ($_REQUEST["action"]) { |
81 |
case 'view': |
82 |
api_plugin_hook_function('page_buttons', |
83 |
- array('lgid' => $_GET["local_graph_id"], |
84 |
+ array('lgid' => $_REQUEST["local_graph_id"], |
85 |
'leafid' => '',//$leaf_id, |
86 |
'mode' => 'mrtg', |
87 |
- 'rraid' => $_GET["rra_id"]) |
88 |
+ 'rraid' => $_REQUEST["rra_id"]) |
89 |
); |
90 |
?> |
91 |
<tr class='tableHeader'> |
92 |
@@ -105,13 +105,13 @@ |
93 |
<table width='1' cellpadding='0'> |
94 |
<tr> |
95 |
<td> |
96 |
- <img class='graphimage' id='graph_<?php print $_GET["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> |
97 |
+ <img class='graphimage' id='graph_<?php print $_REQUEST["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> |
98 |
</td> |
99 |
<td valign='top' style='padding: 3px;' class='noprint'> |
100 |
- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> |
101 |
- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> |
102 |
- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> |
103 |
- <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?> |
104 |
+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> |
105 |
+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> |
106 |
+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> |
107 |
+ <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?> |
108 |
<a href='#page_top'><img src='<?php print $config['url_path']; ?>images/graph_page_top.gif' border='0' alt='Page Top' title='Page Top' style='padding: 3px;'></a><br> |
109 |
</td> |
110 |
</tr> |
111 |
@@ -143,7 +143,7 @@ |
112 |
} |
113 |
|
114 |
/* fetch information for the current RRA */ |
115 |
- $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_GET["rra_id"]); |
116 |
+ $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_REQUEST["rra_id"]); |
117 |
|
118 |
/* define the time span, which decides which rra to use */ |
119 |
$timespan = -($rra["timespan"]); |
120 |
@@ -154,7 +154,7 @@ |
121 |
FROM (data_template_data,data_template_rrd,graph_templates_item) |
122 |
WHERE graph_templates_item.task_item_id=data_template_rrd.id |
123 |
AND data_template_rrd.local_data_id=data_template_data.local_data_id |
124 |
- AND graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] . |
125 |
+ AND graph_templates_item.local_graph_id=" . $_REQUEST["local_graph_id"] . |
126 |
" LIMIT 0,1"); |
127 |
$ds_step = empty($ds_step) ? 300 : $ds_step; |
128 |
$seconds_between_graph_updates = ($ds_step * $rra["steps"]); |
129 |
@@ -161,17 +161,17 @@ |
130 |
|
131 |
$now = time(); |
132 |
|
133 |
- if (isset($_GET["graph_end"]) && ($_GET["graph_end"] <= $now - $seconds_between_graph_updates)) { |
134 |
- $graph_end = $_GET["graph_end"]; |
135 |
+ if (isset($_REQUEST["graph_end"]) && ($_REQUEST["graph_end"] <= $now - $seconds_between_graph_updates)) { |
136 |
+ $graph_end = $_REQUEST["graph_end"]; |
137 |
}else{ |
138 |
$graph_end = $now - $seconds_between_graph_updates; |
139 |
} |
140 |
|
141 |
- if (isset($_GET["graph_start"])) { |
142 |
- if (($graph_end - $_GET["graph_start"])>$max_timespan) { |
143 |
+ if (isset($_REQUEST["graph_start"])) { |
144 |
+ if (($graph_end - $_REQUEST["graph_start"])>$max_timespan) { |
145 |
$graph_start = $now - $max_timespan; |
146 |
}else { |
147 |
- $graph_start = $_GET["graph_start"]; |
148 |
+ $graph_start = $_REQUEST["graph_start"]; |
149 |
} |
150 |
}else{ |
151 |
$graph_start = $now + $timespan; |
152 |
@@ -186,7 +186,7 @@ |
153 |
graph_templates_graph.height, |
154 |
graph_templates_graph.width |
155 |
from graph_templates_graph |
156 |
- where graph_templates_graph.local_graph_id=" . $_GET["local_graph_id"]); |
157 |
+ where graph_templates_graph.local_graph_id=" . $_REQUEST["local_graph_id"]); |
158 |
|
159 |
$graph_height = $graph["height"]; |
160 |
$graph_width = $graph["width"]; |
161 |
@@ -214,12 +214,12 @@ |
162 |
<table width='1' cellpadding='0'> |
163 |
<tr> |
164 |
<td> |
165 |
- <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> |
166 |
+ <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> |
167 |
</td> |
168 |
<td valign='top' style='padding: 3px;' class='noprint'> |
169 |
- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> |
170 |
- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> |
171 |
- <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> |
172 |
+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> |
173 |
+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> |
174 |
+ <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> |
175 |
</td> |
176 |
</tr> |
177 |
<tr> |
178 |
@@ -249,17 +249,17 @@ |
179 |
<table width='1' cellpadding='0'> |
180 |
<tr> |
181 |
<td> |
182 |
- <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&graph_start=" . (isset($_GET["graph_start"]) ? $_GET["graph_start"] : "0") . "&graph_end=" . (isset($_GET["graph_end"]) ? $_GET["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'> |
183 |
+ <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&graph_start=" . (isset($_REQUEST["graph_start"]) ? $_REQUEST["graph_start"] : "0") . "&graph_end=" . (isset($_REQUEST["graph_end"]) ? $_REQUEST["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'> |
184 |
</td> |
185 |
<td valign='top' style='padding: 3px;'> |
186 |
- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> |
187 |
- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> |
188 |
- <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> |
189 |
+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> |
190 |
+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> |
191 |
+ <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> |
192 |
</td> |
193 |
</tr> |
194 |
<tr> |
195 |
<td colspan='2' align='center'> |
196 |
- <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_GET["rra_id"]));?></strong> |
197 |
+ <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_REQUEST["rra_id"]));?></strong> |
198 |
</td> |
199 |
</tr> |
200 |
</table> |
201 |
--- include/top_graph_header.php (revision 7766) |
202 |
+++ include/top_graph_header.php (revision 7767) |
203 |
@@ -146,12 +146,12 @@ |
204 |
$graph_data_array["print_source"] = true; |
205 |
|
206 |
/* override: graph start time (unix time) */ |
207 |
- if (!empty($_GET["graph_start"])) { |
208 |
+ if (!empty($_REQUEST["graph_start"])) { |
209 |
$graph_data_array["graph_start"] = get_request_var_request("graph_start"); |
210 |
} |
211 |
|
212 |
/* override: graph end time (unix time) */ |
213 |
- if (!empty($_GET["graph_end"])) { |
214 |
+ if (!empty($_REQUEST["graph_end"])) { |
215 |
$graph_data_array["graph_end"] = get_request_var_request("graph_end"); |
216 |
} |
217 |
|
218 |
|