Skip to content

Commit

Permalink
QA: Fix 2 of 3 - Commits for CVE-2023-49088 and CVE-2023-48086
Browse files Browse the repository at this point in the history
  • Loading branch information
TheWitness committed Dec 28, 2023
1 parent c0ba9af commit 6ec01c8
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
2 changes: 1 addition & 1 deletion data_debug.php
Original file line number Diff line number Diff line change
Expand Up @@ -691,7 +691,7 @@ function debug_view() {
array($id));

if (cacti_sizeof($dtd)) {
$real_path = str_replace('<path_rra>', CACTI_PATH_RRA, $dtd['data_source_path']);
$real_path = html_escape(str_replace('<path_rra>', $config['rra_path'], $dtd['data_source_path']));
} else {
$real_path = __('Not Found');
}
Expand Down
20 changes: 18 additions & 2 deletions graphs_new.php
Original file line number Diff line number Diff line change
Expand Up @@ -997,8 +997,24 @@ function saveFilter() {
form_hidden_box('host_template_id', $host['host_template_id'], '0');
}

if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'graphs_new') === false) {
set_request_var('returnto', basename($_SERVER['HTTP_REFERER']));
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
$referer_url = parse_url($_SERVER['HTTP_REFERER']);

if ($_SERVER['SERVER_NAME'] != $referer_url['host']) {
/* Potential security exploit 1 */
set_request_var('returnto', 'host.php');
} elseif (strpos($_SERVER['HTTP_REFERER'], 'graphs_new') === false) {
set_request_var('returnto', basename($_SERVER['HTTP_REFERER']));
} else {
set_request_var('returnto', 'host.php');
}
} elseif (isset_request_var('returnto') && get_nfilter_request_var('returnto') != '') {
$returnto_url = parse_url(get_nfilter_request_var('returnto'));

if ($_SERVER['SERVER_NAME'] != $returnto_url['host']) {
/* Potential security exploit 2 */
set_request_var('returnto', 'host.php');
}
}

load_current_session_value('returnto', 'sess_grn_returnto', '');
Expand Down

0 comments on commit 6ec01c8

Please sign in to comment.