[Pkg-cacti-maint] Bug#807599: Fix for broken cacti image on 0.8.7g-1+squeeze9+deb6u11
Marcel Meckel
debian at thermoman.de
Mon Dec 28 10:47:51 UTC 2015
The much better solution to fix this would be keeping the
include block over the input_validate_* calls in graph.php
(which without more modifications would reopen the sql injection vuln)
and then fix this in
/usr/share/cacti/site/include/top_graph_header.php
where you just have to add the line
input_validate_input_regex(get_request_var("rra_id"),
"^([0-9]+|all)$");
in the input validation block.
More information about the Pkg-cacti-maint
mailing list