+
+-
++ |
+
+
+
+--- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400
++++ cacti-0.8.7b/include/html/inc_timespan_settings.php 2009-11-21 23:15:49.000000000 -0500
+@@ -125,9 +125,9 @@
+ if (isset($_POST["date1"])) {
+ /* the dates have changed, therefore, I am now custom */
+ if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) {
+- $timespan["current_value_date1"] = $_POST["date1"];
++ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
+ $timespan["begin_now"] =strtotime($timespan["current_value_date1"]);
+- $timespan["current_value_date2"] = $_POST["date2"];
++ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
+ $timespan["end_now"]=strtotime($timespan["current_value_date2"]);
+ $_SESSION["sess_current_timespan"] = GT_CUSTOM;
+ $_SESSION["custom"] = 1;
+@@ -135,8 +135,8 @@
+ }else {
+ /* the default button wasn't pushed */
+ if (!isset($_POST["button_clear_x"])) {
+- $timespan["current_value_date1"] = $_POST["date1"];
+- $timespan["current_value_date2"] = $_POST["date2"];
++ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
++ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
+ $timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"];
+ $timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];
+
+--- ../old/cacti-0.8.7b/lib/html_form.php 2008-02-13 22:07:53.000000000 +0000
++++ cacti-0.8.7b/lib/html_form.php 2009-12-07 16:38:16.000000000 +0000
+@@ -241,13 +241,13 @@
+
+ if (sizeof($items) > 0) {
+ foreach ($items as $item) {
+- print $item["name"] . " ";
++ print htmlspecialchars($item["name"],ENT_QUOTES) . " ";
+ }
+ }
+
+ break;
+ default:
+- print "" . $field_array["value"] . "";
++ print "" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "";
+
+ form_hidden_box($field_name, $field_array["value"], "");
+
+@@ -390,7 +390,7 @@
+ $form_previous_value = $form_default_value;
+ }
+
+- print "\n";
++ print "\n";
+ }
+
+ /* form_dropdown - draws a standard html dropdown box
+@@ -574,7 +574,7 @@
+ }
+ }
+
+- print ">". $array_display[$id];
++ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES);
+ print "\n";
+ }
+
--- cacti-0.8.7b.orig/debian/patches/07_php_self_nonstandard_dir.patch
+++ cacti-0.8.7b/debian/patches/07_php_self_nonstandard_dir.patch
@@ -0,0 +1,13 @@
+Index: cacti/include/global.php
+===================================================================
+--- cacti.orig/include/global.php 2008-02-14 00:03:06.000000000 +0100
++++ cacti/include/global.php 2008-02-14 00:03:27.000000000 +0100
+@@ -110,7 +110,7 @@
+ /* Sanity Check on "Corrupt" PHP_SELF */
+ if ((!is_file($_SERVER["PHP_SELF"])) && (!is_file($config["base_path"] . '/' . $_SERVER["PHP_SELF"]))) {
+ if (!is_file($_SERVER["DOCUMENT_ROOT"] . $_SERVER["PHP_SELF"])) {
+- if (!((is_file($_SERVER["SCRIPT_FILENAME"])) && (substr_count($_SERVER["SCRIPT_FILENAME"], $_SERVER["PHP_SELF"])))) {
++ if (!((is_file($_SERVER["SCRIPT_FILENAME"])) && (substr_count($_SERVER["SCRIPT_FILENAME"], basename($_SERVER["PHP_SELF"]))))) {
+ echo "\nInvalid PHP_SELF Path\n";
+ exit;
+ }
--- cacti-0.8.7b.orig/debian/patches/CVE-2010-2092.patch
+++ cacti-0.8.7b/debian/patches/CVE-2010-2092.patch
@@ -0,0 +1,13 @@
+Index: cacti-0.8.7b/graph.php
+===================================================================
+--- cacti-0.8.7b.orig/graph.php 2010-06-10 17:08:08.000000000 +0000
++++ cacti-0.8.7b/graph.php 2010-06-10 17:08:21.000000000 +0000
+@@ -33,7 +33,7 @@
+ include("./include/top_graph_header.php");
+
+ /* ================= input validation ================= */
+-input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
++input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
+ input_validate_input_number(get_request_var("local_graph_id"));
+ input_validate_input_number(get_request_var("graph_end"));
+ input_validate_input_number(get_request_var("graph_start"));
|