diff -ruBbd cacti-0.8.6h/cmd.php cacti-0.8.6h-patch/cmd.php
--- cacti-0.8.6h/cmd.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/cmd.php 2007-01-01 12:31:15.203125000 -0500
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("
This script is only meant to run at the command line.");
}
@@ -71,6 +71,10 @@
$print_data_to_stdout = false;
if ($_SERVER["argc"] == "3") {
if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
+ /* address potential exploits */
+ input_validate_input_number($_SERVER["argv"][1]);
+ input_validate_input_number($_SERVER["argv"][2]);
+
$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
"id >= " .
$_SERVER["argv"][1] .
diff -ruBbd cacti-0.8.6h/copy_cacti_user.php cacti-0.8.6h-patch/copy_cacti_user.php
--- cacti-0.8.6h/copy_cacti_user.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/copy_cacti_user.php 2007-01-01 12:31:15.203125000 -0500
@@ -25,9 +25,10 @@
*/
/* do NOT run this script through a web browser */
-if (! isset($_SERVER["argv"][0])) {
- die("This script is only meant to run at the command line.\n");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die("
This script is only meant to run at the command line.");
}
+
if (empty($_SERVER["argv"][2])) {
die("\nSyntax:\n php copy_cacti_user.php \n\n");
}
diff -ruBbd cacti-0.8.6h/include/html/inc_timespan_settings.php cacti-0.8.6h-patch/include/html/inc_timespan_settings.php
--- cacti-0.8.6h/include/html/inc_timespan_settings.php 2006-01-03 22:08:28.000000000 -0500
+++ cacti-0.8.6h-patch/include/html/inc_timespan_settings.php 2007-01-02 11:56:20.937500000 -0500
@@ -24,6 +24,20 @@
+-------------------------------------------------------------------------+
*/
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("predefined_timespan"));
+/* ==================================================== */
+
+/* clean up date1 string */
+if (isset($_REQUEST["date1"])) {
+ $_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
+}
+
+/* clean up date2 string */
+if (isset($_REQUEST["date2"])) {
+ $_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
+}
+
/* initialize the timespan array */
$timespan = array();
Only in cacti-0.8.6h/log: cacti.log
diff -ruBbd cacti-0.8.6h/poller.php cacti-0.8.6h-patch/poller.php
--- cacti-0.8.6h/poller.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/poller.php 2007-01-01 12:31:15.203125000 -0500
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("
This script is only meant to run at the command line.");
}
diff -ruBbd cacti-0.8.6h/poller_commands.php cacti-0.8.6h-patch/poller_commands.php
--- cacti-0.8.6h/poller_commands.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/poller_commands.php 2007-01-01 12:31:15.203125000 -0500
@@ -27,7 +27,7 @@
define("MAX_RECACHE_RUNTIME", 296);
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("
This script is only meant to run at the command line.");
}
diff -ruBbd cacti-0.8.6h/poller_export.php cacti-0.8.6h-patch/poller_export.php
--- cacti-0.8.6h/poller_export.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/poller_export.php 2007-01-01 12:31:15.218750000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("
This script is only meant to run at the command line.");
}
diff -ruBbd cacti-0.8.6h/poller_reindex_hosts.php cacti-0.8.6h-patch/poller_reindex_hosts.php
--- cacti-0.8.6h/poller_reindex_hosts.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/poller_reindex_hosts.php 2007-01-01 12:31:15.218750000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("
This script is only meant to run at the command line.");
}
diff -ruBbd cacti-0.8.6h/rebuild_poller_cache.php cacti-0.8.6h-patch/rebuild_poller_cache.php
--- cacti-0.8.6h/rebuild_poller_cache.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/rebuild_poller_cache.php 2007-01-01 12:31:15.218750000 -0500
@@ -25,7 +25,7 @@
*/
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("
This script is only meant to run at the command line.");
}
diff -ruBbd cacti-0.8.6h/script_server.php cacti-0.8.6h-patch/script_server.php
--- cacti-0.8.6h/script_server.php 2006-01-03 22:08:30.000000000 -0500
+++ cacti-0.8.6h-patch/script_server.php 2007-01-01 12:31:15.218750000 -0500
@@ -23,14 +23,14 @@
| - raXnet - http://www.raxnet.net/ |
+-------------------------------------------------------------------------+
*/
-$no_http_headers = true;
/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
die("
This script is only meant to run at the command line.");
- exit(-1);
}
+$no_http_headers = true;
+
/* define STDOUT/STDIN file descriptors if not running under CLI */
if (php_sapi_name() != "cli") {
define("STDIN", fopen('php://stdin', 'r'));