cacti: added official patch, security update

3 files changed, 18 insertions, 0 deletions

diff --git a/net/cacti/DETAILS b/net/cacti/DETAILS
index 4fb7d2a659..5bbb0ae7ef 100755
--- a/net/cacti/DETAILS
+++ b/net/cacti/DETAILS
@@ -1,5 +1,6 @@
            SPELL=cacti
          VERSION=0.8.7e
+  SECURITY_PATCH=1
       PATCHLEVEL=2
           SOURCE=$SPELL-$VERSION.tar.gz
 if [[ $CACTI_PA == y ]]; then
diff --git a/net/cacti/HISTORY b/net/cacti/HISTORY
index 91e75829b8..bccb42a3e1 100644
--- a/net/cacti/HISTORY
+++ b/net/cacti/HISTORY
@@ -1,3 +1,7 @@
+2010-04-23 Vlad Glagolev <stealth@sourcemage.org>
+	* DETAILS: SECURITY_PATCH=1
+	* patches/sql_injection_template_export.patch: added
+
 2009-12-28 Vlad Glagolev <stealth@sourcemage.org>
 	* DETAILS: PATCHLEVEL=2; updated Plugin Architecture to 2.6
 	* PRE_BUILD: apply official patches first; corrected PA source dir
diff --git a/net/cacti/patches/sql_injection_template_export.patch b/net/cacti/patches/sql_injection_template_export.patch
new file mode 100644
index 0000000000..397990c137
--- /dev/null
+++ b/net/cacti/patches/sql_injection_template_export.patch
@@ -0,0 +1,13 @@
+--- cacti-0.8.7e/templates_export.php	2009-06-28 12:07:11.000000000 -0400
++++ cacti-fixed/templates_export.php	2010-04-17 14:08:42.000000000 -0400
+@@ -49,6 +49,10 @@
+ function form_save() {
+ 	global $export_types;
+ 
++    /* ================= input validation ================= */
++    input_validate_input_number(get_request_var_post("export_item_id"));
++    /* ==================================================== */
++
+ 	if (isset($_POST["save_component_export"])) {
+ 		$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
+