Skip to content

Commit

Permalink
Resolving Issue #907
Browse files Browse the repository at this point in the history
XSS in spikekill.php
  • Loading branch information
cigamit committed Aug 15, 2017
1 parent b98fbd8 commit a032ce0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
1 change: 1 addition & 0 deletions docs/CHANGELOG
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ Cacti CHANGELOG
1.1.18
-issue#903: Upgrade pace.js to v0.7.8
-issue#906: Create a separate Realm for Realtime Graphs
-issue#907: XSS issue in spikekill.php

1.1.17
-issue#450: List View to Preview shows no results
Expand Down
5 changes: 3 additions & 2 deletions spikekill.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
case 'fill':
break;
default:
echo __("FATAL: Spike Kill method '%s' is Invalid\n", get_nfilter_request_var('method'));
echo __("FATAL: Spike Kill method '%s' is Invalid\n", htmlspecialchars(get_nfilter_request_var('method'), ENT_QUOTES, 'UTF-8'));
exit(1);
break;
}
Expand All @@ -45,7 +45,8 @@
FROM graph_templates_item
LEFT JOIN data_template_rrd
ON graph_templates_item.task_item_id=data_template_rrd.id
WHERE graph_templates_item.local_graph_id = ?', array(get_filter_request_var('local_graph_id')));
WHERE graph_templates_item.local_graph_id = ?',
array(get_filter_request_var('local_graph_id')));

$results = '';
if (sizeof($local_data_ids)) {
Expand Down

0 comments on commit a032ce0

Please sign in to comment.