More fixing for issue #3549

Several XSS Vulnerabilities
Cacti · May 21, 2020 · dc35a79 · dc35a79
1 parent f7337e0
commit dc35a79
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/graphs_new.php b/graphs_new.php
@@ -184,7 +184,6 @@ function host_new_graphs_save($host_id) {
 
 	/* form an array that contains all of the data on the previous form */
 	foreach ($_POST as $var => $val) {
-
 		if (preg_match('/^g_(\d+)_(\d+)_(\w+)/', $var, $matches)) { // 1: snmp_query_id, 2: graph_template_id, 3: field_name
 			if (empty($matches[1])) { // this is a new graph from template field
 				$values['cg'][$matches[2]]['graph_template'][$matches[3]] = $val;
@@ -389,7 +388,7 @@ function saveFilter() {
 
 								if (cacti_sizeof($snmp_queries) > 0) {
 									foreach ($snmp_queries as $query) {
-										print "<option value='" . $query['id'] . "'"; if (get_request_var('graph_type') == $query['id']) { print ' selected'; } print '>' . $query['name'] . "</option>\n";
+										print "<option value='" . $query['id'] . "'"; if (get_request_var('graph_type') == $query['id']) { print ' selected'; } print '>' . html_escape($query['name']) . '</option>';
 									}
 								}
 								?>
@@ -447,7 +446,10 @@ function saveFilter() {
 
 	form_start('graphs_new.php', 'chk');
 
-	$total_rows = cacti_sizeof(db_fetch_assoc_prepared('SELECT graph_template_id FROM host_graph WHERE host_id = ?', array(get_request_var('host_id'))));
+	$total_rows = cacti_sizeof(db_fetch_assoc_prepared('SELECT graph_template_id
+		FROM host_graph
+		WHERE host_id = ?',
+		array(get_request_var('host_id'))));
 
 	$i = 0;
 

diff --git a/lib/html_tree.php b/lib/html_tree.php
@@ -1053,8 +1053,7 @@ function grow_right_pane_tree($tree_id, $leaf_id, $host_group_data) {
 												print ' selected';
 											}
 										}
-										print '>';
-										print $gt['name'] . "</option>\n";
+										print '>' . html_escape($gt['name']) . '</option>';
 									}
 								}
 							}

diff --git a/lib/template.php b/lib/template.php
@@ -1619,7 +1619,7 @@ function create_save_graph($host_id, $form_type, $form_id1, $form_array2, $value
 		$return_array = create_complete_graph_from_template($graph_template_id, $host_id, $snmp_query_array, $values['cg']);
 
 		if ($return_array !== false) {
-			debug_log_insert('new_graphs', __('Created: %s', get_graph_title($return_array['local_graph_id'])));
+			debug_log_insert('new_graphs', __esc('Created: %s', get_graph_title($return_array['local_graph_id'])));
 
 			/* lastly push host-specific information to our data sources */
 			if (cacti_sizeof($return_array['local_data_id'])) { # we expect at least one data source associated
@@ -1639,7 +1639,7 @@ function create_save_graph($host_id, $form_type, $form_id1, $form_array2, $value
 			$return_array = create_complete_graph_from_template($graph_template_id, $host_id, $snmp_query_array, $values['sg'][$snmp_query_array['snmp_query_id']]);
 
 			if ($return_array !== false) {
-				debug_log_insert('new_graphs', __('Created: %s', get_graph_title($return_array['local_graph_id'])));
+				debug_log_insert('new_graphs', __esc('Created: %s', get_graph_title($return_array['local_graph_id'])));
 
 				/* lastly push host-specific information to our data sources */
 				if (cacti_sizeof($return_array['local_data_id'])) { # we expect at least one data source associated