QA: Increase Cacti Security in four areas

Cacti · Nov 18, 2023 · c7c91bf · c7c91bf
1 parent dc58d2b
commit c7c91bf
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 14 deletions.
diff --git a/link.php b/link.php
@@ -77,7 +77,7 @@
 		} else {
 			print '<div id="content">';
 
-			$file = CACTI_PATH_INCLUDE . '/content/' . str_replace('../', '', $page['contentfile']);
+			$file = CACTI_PATH_INCLUDE . '/content/' . basename($page['contentfile']);
 
 			if (file_exists($file)) {
 				include_once($file);

diff --git a/pollers.php b/pollers.php
@@ -455,10 +455,9 @@ function poller_host_duplicate($poller_id, $host) {
 		return db_fetch_cell_prepared(
 			'SELECT COUNT(*)
 			FROM poller
-			WHERE dbhost LIKE "' . $host . '%"
+			WHERE dbhost LIKE ?
 			AND id != ?',
-			array($poller_id)
-		);
+			array($host . '%', $poller_id));
 	}
 }
 

diff --git a/reports_admin.php b/reports_admin.php
@@ -48,7 +48,7 @@
 
 		break;
 	case 'send':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_send(get_request_var('id'));
 
@@ -68,7 +68,7 @@
 
 		break;
 	case 'ajax_get_branches':
-		print reports_get_branch_select(get_request_var('tree_id'));
+		print reports_get_branch_select(get_filter_request_var('tree_id'));
 
 		break;
 	case 'ajax_hosts':
@@ -136,23 +136,23 @@
 
 		break;
 	case 'item_movedown':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_item_movedown();
 
 		header('Location: reports_admin.php?action=edit&tab=items&id=' . get_request_var('id'));
 
 		break;
 	case 'item_moveup':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_item_moveup();
 
 		header('Location: reports_admin.php?action=edit&tab=items&id=' . get_request_var('id'));
 
 		break;
 	case 'item_remove':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_item_remove();
 

diff --git a/reports_user.php b/reports_user.php
@@ -47,7 +47,7 @@
 
 		break;
 	case 'send':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_send(get_request_var('id'));
 
@@ -57,7 +57,7 @@
 	case 'ajax_dnd':
 		reports_item_dnd();
 
-		header('Location: reports_admin.php?action=edit&tab=items&id=' . get_request_var('id'));
+		header('Location: reports_admin.php?action=edit&tab=items&id=' . get_filter_request_var('id'));
 
 		break;
 	case 'setvar':
@@ -135,23 +135,23 @@
 
 		break;
 	case 'item_movedown':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_item_movedown();
 
 		header('Location: reports_user.php?action=edit&tab=items&id=' . get_request_var('id'));
 
 		break;
 	case 'item_moveup':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_item_moveup();
 
 		header('Location: reports_user.php?action=edit&tab=items&id=' . get_request_var('id'));
 
 		break;
 	case 'item_remove':
-		get_request_var('id');
+		get_filter_request_var('id');
 
 		reports_item_remove();