Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When viewing hosts, some input variables are not properly checked #3105

Closed
majed17 opened this issue Nov 27, 2019 · 4 comments
Closed

When viewing hosts, some input variables are not properly checked #3105

majed17 opened this issue Nov 27, 2019 · 4 comments
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@majed17
Copy link

majed17 commented Nov 27, 2019

on 1.2.x (not the latest), got an error while deleting a host with all data sources:
CMDPHP Input Validation Not Performed for 'delete_type' Backtrace: (/host.php[70]:form_actions(), /host.php[294]:get_request_var(), /lib/html_utility.php[369]:html_log_input_error(), /lib/html_validate.php[44]:cacti_debug_backtrace())

although it actually delete succesfully

@cigamit
Copy link
Member

cigamit commented Nov 28, 2019

Okay, got it. There is a setting in Cacti to warn if we use any request variable that has not been validated/inspected, and you enabled that setting and are now helping keep Cacti safe :)

@cigamit cigamit added the bug Undesired behaviour label Nov 28, 2019
@cigamit cigamit changed the title delete error Request variable delete_type not validated in host.php resulting in warnings Nov 28, 2019
cigamit added a commit that referenced this issue Nov 28, 2019
Request variable delete_type not validated in host.php resulting in warnings
@cigamit cigamit added this to the v1.2.8 milestone Nov 28, 2019
@cigamit cigamit added the resolved A fixed issue label Nov 28, 2019
@cigamit cigamit closed this as completed Nov 28, 2019
@majed17
Copy link
Author

majed17 commented Nov 29, 2019

and what is it exactly that i enabled :)? i am unsure that i am away from defaults almost everywhere..

@netniV
Copy link
Member

netniV commented Nov 29, 2019

It is the option to verify that parameters are being properly vetted. Having that on is not a bad thing 👍

@cigamit
Copy link
Member

cigamit commented Nov 29, 2019

We might want to create a 'developer' tab or something as this is literally a developer option. Fortunately, it defaults to off. Maybe we create a small project for the next release.

@netniV netniV changed the title Request variable delete_type not validated in host.php resulting in warnings When viewing hosts, some input variables are not properly checked Dec 7, 2019
@github-actions github-actions bot locked and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

3 participants