Skip to content

Commit a032ce0

Browse files
committed
Resolving Issue #907
XSS in spikekill.php
1 parent b98fbd8 commit a032ce0

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

Diff for: docs/CHANGELOG

+1
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ Cacti CHANGELOG
33
1.1.18
44
-issue#903: Upgrade pace.js to v0.7.8
55
-issue#906: Create a separate Realm for Realtime Graphs
6+
-issue#907: XSS issue in spikekill.php
67

78
1.1.17
89
-issue#450: List View to Preview shows no results

Diff for: spikekill.php

+3-2
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
case 'fill':
3535
break;
3636
default:
37-
echo __("FATAL: Spike Kill method '%s' is Invalid\n", get_nfilter_request_var('method'));
37+
echo __("FATAL: Spike Kill method '%s' is Invalid\n", htmlspecialchars(get_nfilter_request_var('method'), ENT_QUOTES, 'UTF-8'));
3838
exit(1);
3939
break;
4040
}
@@ -45,7 +45,8 @@
4545
FROM graph_templates_item
4646
LEFT JOIN data_template_rrd
4747
ON graph_templates_item.task_item_id=data_template_rrd.id
48-
WHERE graph_templates_item.local_graph_id = ?', array(get_filter_request_var('local_graph_id')));
48+
WHERE graph_templates_item.local_graph_id = ?',
49+
array(get_filter_request_var('local_graph_id')));
4950

5051
$results = '';
5152
if (sizeof($local_data_ids)) {

0 commit comments

Comments
 (0)