From 46eedbedafdb0040c37884982d4c775ce277fb7b Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Wed, 20 Oct 2021 10:22:14 +0100
Subject: gentoo resync : 20.10.2021

---
 net-analyzer/cacti/Manifest                        |   4 -
 net-analyzer/cacti/cacti-1.2.16-r1.ebuild          |  54 ----
 .../cacti/files/cacti-1.2.16-CVE-2020-35701.patch  |  29 --
 .../cacti/files/cacti-1.2.16-XSS-issue-4019.patch  | 360 ---------------------
 4 files changed, 447 deletions(-)
 delete mode 100644 net-analyzer/cacti/cacti-1.2.16-r1.ebuild
 delete mode 100644 net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
 delete mode 100644 net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch

(limited to 'net-analyzer/cacti')

diff --git a/net-analyzer/cacti/Manifest b/net-analyzer/cacti/Manifest
index daa0c26b23bb..9ce5de6b4346 100644
--- a/net-analyzer/cacti/Manifest
+++ b/net-analyzer/cacti/Manifest
@@ -1,8 +1,4 @@
-AUX cacti-1.2.16-CVE-2020-35701.patch 706 BLAKE2B 746fca9b32bc863fd701f86df53f22284de9ffec7d0ad42d7eb0376e27b9e482d82a482d937f40ec61fff41d3a7cec0fcda6e3282087c9597c32a4147e0a9c1e SHA512 f909820f8c57ca61571b15d2304567d3333563520cb5611f8f01c22c22e155104fa6958eda3605d66af7ba29b756ff826a259faf587b63e04ba20bcd09f8a9cd
-AUX cacti-1.2.16-XSS-issue-4019.patch 19600 BLAKE2B 3a9f2c7474a633c8633fdaaa5db71c124c486e796dbdbbfdc5ed53ece7cd0f45652b1e62a4355855f8512b03e5a4ca9189ee50dd2784cbd0e8d84ee9f131d0fc SHA512 f002b947c27c3b2a6ba8300eae456fca771d5283bfd9a7516239745e41b7b6521b7affed6122ffc3c8f7108a4de70cfbf2411970065bd47a9164b0a849656947
 AUX postinstall-en.txt 2249 BLAKE2B ec7a32177aca0ebec0194fc4dee825251a5ac71c1005c41f91ba7e7da690e8b3734312b7df5ef506aea771284264035517a73c12d37be1e9479dea7e6e5a99d4 SHA512 8df52b187b301b42382746f9dea43993f7963edf018bc80e94305a743ea5fbb024d670917c0200f4782c0a3bd47abfb879c755ad415581616ae5c6413cf00623
-DIST cacti-1.2.16.tar.gz 29197220 BLAKE2B 19939d0ff79c895b481aeb7ffec8331d8b9c10a6b7e0dbda6532e06ef0322f21cf02f4bf53a9522e1f672dd04b343f5550e2f34f08b3af2050e1f72465cffc43 SHA512 fe22acf4dea8ab6ec79825d66a84ad4c43fdce2815e7327536d182bc04400ed7b1d268209bbbca8b307c4779ee5bf7369a617ec1f052d8805757c2ca9b30cc35
 DIST cacti-1.2.17.tar.gz 38344112 BLAKE2B e555fc99560d10e94181c38b50e6f839532fb3dc66ff688b36a7efd10c15304e7636c9b4b483763fcea751317bcb283bb2bd8f813d5759c98aed6bbf02fd256a SHA512 94ae75b2494a91c536906c7bbeaa948d16c7ad96ed3a62c1eb21175f92c01787c6849960bbc791e04b3df46edbfd3cd787eb825bb423ce0814c0904edb2c915d
-EBUILD cacti-1.2.16-r1.ebuild 1111 BLAKE2B 15341dcd648cf686bd1f840538494b700d96df84a924b5badfe8034d03f2ce859bf9b498b45031459e23a8cc26127ab7454f85c697c4d26cced5d1862232a6a4 SHA512 94639a653783ce6589f523f5506bc6f15abc8f9f21b585b39fa168b3ed8404d34b257673a870dca10c9d99d85425735c5c4527fd54e8f62ed94ff668d47402a6
 EBUILD cacti-1.2.17.ebuild 1016 BLAKE2B 3fd84d213f5f184e06eb129880a19efa6442e1004534688a7f68a2a72387beded0b1a27e0c7763e7b7c849a50c61400f0a0a2cae4341780c9dd2b011b7481d34 SHA512 33d434610d58e3962fc3f61b17b47bbf9aab2f00176053d497a4572ee2029a493aec9f27639f134ccacdaf1ff4b28cea2ca29699e136a409b30a26a0b3786f53
 MISC metadata.xml 935 BLAKE2B f600d10bd7dfd3bce36a092f31a12a750548866bac21b5b66ff4fc4a876c554ee26d5c4f467830bd3fdcdaf63b0c20c53bf5ca1fb98d6497f84a04b3d8474a81 SHA512 309b48d93e91560458b50ef3c96f1da32a7b7d2dbf38eb4bdaad7b6acb4301528fb9f50b2e79398c7c6026f19efb66d2c79a46afe8e38ecd01f0a4d2d9310ca0
diff --git a/net-analyzer/cacti/cacti-1.2.16-r1.ebuild b/net-analyzer/cacti/cacti-1.2.16-r1.ebuild
deleted file mode 100644
index 78185ebd73d0..000000000000
--- a/net-analyzer/cacti/cacti-1.2.16-r1.ebuild
+++ /dev/null
@@ -1,54 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit edos2unix webapp
-
-# Support for _p* in version.
-MY_P=${P/_p*/}
-
-DESCRIPTION="Cacti is a complete frontend to rrdtool"
-HOMEPAGE="https://www.cacti.net/"
-SRC_URI="https://www.cacti.net/downloads/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ppc ~ppc64 sparc x86"
-IUSE="snmp doc"
-
-need_httpd
-
-RDEPEND="
-	dev-lang/php[cli,mysql,pdo,session,sockets,xml]
-	dev-php/adodb
-	net-analyzer/rrdtool[graph]
-	virtual/cron
-	snmp? ( >=net-analyzer/net-snmp-5.2.0 )
-"
-
-PATCHES=(
-	"${FILESDIR}/${P}-CVE-2020-35701.patch"
-	"${FILESDIR}/${P}-XSS-issue-4019.patch"
-)
-
-src_compile() { :; }
-
-src_install() {
-	dodoc CHANGELOG
-	dodoc -r docs
-	mv docs .. || die
-
-	webapp_src_preinst
-
-	edos2unix `find -type f -name '*.php'`
-
-	dodir ${MY_HTDOCSDIR}
-	cp -r . "${ED}"${MY_HTDOCSDIR}
-
-	webapp_serverowned ${MY_HTDOCSDIR}/rra
-	webapp_serverowned ${MY_HTDOCSDIR}/log
-	webapp_configfile ${MY_HTDOCSDIR}/include/config.php
-	webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
-
-	webapp_src_install
-}
diff --git a/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch b/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
deleted file mode 100644
index f55b7b0a40df..000000000000
--- a/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://bugs.gentoo.org/765019
-https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
-
-From 565e0604a53f4988dc5b544d01f4a631eaa80d82 Mon Sep 17 00:00:00 2001
-From: TheWitness <thewitness@cacti.net>
-Date: Thu, 24 Dec 2020 10:39:50 -0500
-Subject: [PATCH] Fixing Issue #4022
-
-SQL Injection in data_debug.php
---- a/data_debug.php
-+++ b/data_debug.php
-@@ -35,6 +35,8 @@
- 
- set_default_action();
- 
-+validate_request_vars();
-+
- switch (get_request_var('action')) {
- 	case 'actions':
- 		form_actions();
-@@ -123,8 +125,6 @@
- 
- 		break;
- 	default:
--		validate_request_vars();
--
- 		$refresh = array(
- 			'seconds' => get_request_var('refresh'),
- 			'page'    => 'data_debug.php?header=false',
diff --git a/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch b/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch
deleted file mode 100644
index 1f09e572c860..000000000000
--- a/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch
+++ /dev/null
@@ -1,360 +0,0 @@
-https://github.com/Cacti/cacti/issues/4019
-
-From ef10fe1c340ed932dc18b6a566b21f9dd15933c2 Mon Sep 17 00:00:00 2001
-From: TheWitness <thewitness@cacti.net>
-Date: Wed, 23 Dec 2020 16:33:27 -0500
-Subject: [PATCH] Fixing Issue #4019
-
-* In a recent audit of core Cacti code, there were a few stored XSS issues that can be exposed
-* Also removed a few spurious title_trims, that should no longer be a problem.
---- a/automation_devices.php
-+++ b/automation_devices.php
-@@ -485,7 +485,7 @@ function draw_filter() {
- 							<?php
- 							if (cacti_sizeof($networks)) {
- 								foreach ($networks as $key => $name) {
--									print "<option value='" . $key . "'"; if (get_request_var('network') == $key) { print ' selected'; } print '>' . $name . "</option>";
-+									print "<option value='" . html_escape($key) . "'"; if (get_request_var('network') == $key) { print ' selected'; } print '>' . html_escape($name) . "</option>";
- 								}
- 							}
- 							?>
-@@ -515,7 +515,7 @@ function draw_filter() {
- 							<?php
- 							if (cacti_sizeof($status_arr)) {
- 								foreach ($status_arr as $st) {
--									print "<option value='" . $st . "'"; if (get_request_var('status') == $st) { print ' selected'; } print '>' . $st . "</option>";
-+									print "<option value='" . html_escape($st) . "'"; if (get_request_var('status') == $st) { print ' selected'; } print '>' . html_escape($st) . "</option>";
- 								}
- 							}
- 							?>
-@@ -530,7 +530,7 @@ function draw_filter() {
- 							<?php
- 							if (cacti_sizeof($os_arr)) {
- 								foreach ($os_arr as $st) {
--									print "<option value='" . $st . "'"; if (get_request_var('os') == $st) { print ' selected'; } print '>' . $st . "</option>";
-+									print "<option value='" . html_escape($st) . "'"; if (get_request_var('os') == $st) { print ' selected'; } print '>' . html_escape($st) . "</option>";
- 								}
- 							}
- 							?>
-@@ -545,7 +545,7 @@ function draw_filter() {
- 							<?php
- 							if (cacti_sizeof($status_arr)) {
- 								foreach ($status_arr as $st) {
--									print "<option value='" . $st . "'"; if (get_request_var('snmp') == $st) { print ' selected'; } print '>' . $st . "</option>";
-+									print "<option value='" . html_escape($st) . "'"; if (get_request_var('snmp') == $st) { print ' selected'; } print '>' . html_escape($st) . "</option>";
- 								}
- 							}
- 							?>
-@@ -560,7 +560,7 @@ function draw_filter() {
- 							<?php
- 							if (cacti_sizeof($item_rows) > 0) {
- 								foreach ($item_rows as $key => $value) {
--									print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . "</option>";
-+									print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . html_escape($value) . "</option>";
- 								}
- 							}
- 							?>
---- a/data_debug.php
-+++ b/data_debug.php
-@@ -969,7 +969,7 @@ function data_debug_filter() {
- 
- 							if (cacti_sizeof($templates) > 0) {
- 								foreach ($templates as $template) {
--									print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim(html_escape($template['name']), 40) . "</option>";
-+									print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>';
- 								}
- 							}
- 							?>
-@@ -997,7 +997,7 @@ function data_debug_filter() {
- 							$profiles = array_rekey(db_fetch_assoc('SELECT id, name FROM data_source_profiles ORDER BY name'), 'id', 'name');
- 							if (cacti_sizeof($profiles)) {
- 								foreach ($profiles as $key => $value) {
--									print "<option value='" . $key . "'"; if (get_request_var('profile') == $key) { print ' selected'; } print '>' . html_escape($value) . "</option>";
-+									print "<option value='" . $key . "'"; if (get_request_var('profile') == $key) { print ' selected'; } print '>' . html_escape($value) . '</option>';
- 								}
- 							}
- 							?>
-@@ -1063,7 +1063,7 @@ function data_debug_filter() {
- 							<?php
- 							if (cacti_sizeof($item_rows) > 0) {
- 								foreach ($item_rows as $key => $value) {
--									print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . html_escape($value) . "</option>";
-+									print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . html_escape($value) . '</option>';
- 								}
- 							}
- 							?>
---- a/data_sources.php
-+++ b/data_sources.php
-@@ -1361,7 +1361,7 @@ function clearFilter() {
- 
- 							if (cacti_sizeof($templates)) {
- 								foreach ($templates as $template) {
--									print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim(html_escape($template['name']), 40) . '</option>';
-+									print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>';
- 								}
- 							}
- 							?>
---- a/lib/api_automation.php
-+++ b/lib/api_automation.php
-@@ -154,7 +154,7 @@ function clearDeviceFilter() {
- 
- 								if (cacti_sizeof($host_templates)) {
- 									foreach ($host_templates as $host_template) {
--										print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . $host_template['name'] . "</option>\n";
-+										print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . html_escape($host_template['name']) . '</option>';
- 									}
- 								}
- 								?>
-@@ -184,7 +184,7 @@ function clearDeviceFilter() {
- 								<?php
- 								if (cacti_sizeof($item_rows)) {
- 									foreach ($item_rows as $key => $value) {
--										print "<option value='". $key . "'"; if (get_request_var('rowsd') == $key) { print ' selected'; } print '>' . $value . '</option>\n';
-+										print "<option value='". $key . "'"; if (get_request_var('rowsd') == $key) { print ' selected'; } print '>' . $value . '</option>';
- 									}
- 								}
- 								?>
-@@ -432,7 +432,7 @@ function clearFilter() {
- 								$hosts = get_allowed_devices();
- 								if (cacti_sizeof($hosts)) {
- 									foreach ($hosts as $host) {
--										print "<option value='" . $host['id'] . "'"; if (get_request_var('host_id') == $host['id']) { print ' selected'; } print '>' . html_escape($host['description']) . "</option>\n";
-+										print "<option value='" . $host['id'] . "'"; if (get_request_var('host_id') == $host['id']) { print ' selected'; } print '>' . html_escape($host['description']) . '</option>';
- 									}
- 								}
- 								?>
-@@ -453,7 +453,7 @@ function clearFilter() {
- 
- 								if (cacti_sizeof($templates) > 0) {
- 									foreach ($templates as $template) {
--										print "<option value=' " . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim($template['name'], 40) . "</option>\n";
-+										print "<option value=' " . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>';
- 									}
- 								}
- 								?>
-@@ -484,7 +484,7 @@ function clearFilter() {
- 								<?php
- 								if (cacti_sizeof($item_rows)) {
- 									foreach ($item_rows as $key => $value) {
--										print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . "</option>\n";
-+										print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>';
- 									}
- 								}
- 								?>
-@@ -718,7 +718,7 @@ function clearObjectFilter() {
- 								<?php
- 								if (cacti_sizeof($item_rows)) {
- 									foreach ($item_rows as $key => $value) {
--										print "<option value='". $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>\n';
-+										print "<option value='". $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>';
- 									}
- 								}
- 								?>
-@@ -1078,10 +1078,10 @@ function clearFilter() {
- 							<?php
- 							$host_templates = db_fetch_assoc('select id,name from host_template order by name');
- 
--							if (cacti_sizeof($host_templates) > 0) {
--							foreach ($host_templates as $host_template) {
--								print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . $host_template['name'] . "</option>\n";
--							}
-+							if (cacti_sizeof($host_templates)) {
-+								foreach ($host_templates as $host_template) {
-+									print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . html_escape($host_template['name']) . '</option>';
-+								}
- 							}
- 							?>
- 						</select>
-@@ -1110,7 +1110,7 @@ function clearFilter() {
- 							<?php
- 							if (cacti_sizeof($item_rows)) {
- 								foreach ($item_rows as $key => $value) {
--									print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . "</option>\n";
-+									print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>';
- 								}
- 							}
- 							?>
---- a/lib/html.php
-+++ b/lib/html.php
-@@ -998,7 +998,7 @@ function html_create_list($form_data, $column_display, $column_id, $form_previou
- 					print ' selected';
- 				}
- 
--				print '>' . title_trim(null_out_substitutions(html_escape($form_data[$id])), 75) . '</option>';
-+				print '>' . html_escape(null_out_substitutions($form_data[$id])) . '</option>';
- 			}
- 		}
- 	} else {
-@@ -1011,9 +1011,9 @@ function html_create_list($form_data, $column_display, $column_id, $form_previou
- 				}
- 
- 				if (isset($row['host_id'])) {
--					print '>' . title_trim(html_escape($row[$column_display]), 75) . '</option>';
-+					print '>' . html_escape($row[$column_display]) . '</option>';
- 				} else {
--					print '>' . title_trim(null_out_substitutions(html_escape($row[$column_display])), 75) . '</option>';
-+					print '>' . html_escape(null_out_substitutions($row[$column_display])) . '</option>';
- 				}
- 			}
- 		}
-@@ -2010,7 +2010,7 @@ function html_host_filter($host_id = '-1', $call_back = 'applyFilter', $sql_wher
- 
- 				if (cacti_sizeof($devices)) {
- 					foreach ($devices as $device) {
--						print "<option value='" . $device['id'] . "'"; if ($host_id == $device['id']) { print ' selected'; } print '>' . title_trim(html_escape(strip_domain($device['description'])), 40) . '</option>';
-+						print "<option value='" . $device['id'] . "'"; if ($host_id == $device['id']) { print ' selected'; } print '>' . html_escape(strip_domain($device['description'])) . '</option>';
- 					}
- 				}
- 				?>
-@@ -2385,6 +2385,7 @@ function html_common_header($title, $selectedTheme = '') {
- 	<meta name='apple-mobile-web-app-capable' content='yes'>
- 	<meta name='description' content='Monitoring tool of the Internet'>
- 	<meta name='mobile-web-app-capable' content='yes'>
-+	<meta name="theme-color" content="#161616"/>
- 	<meta http-equiv="Content-Security-Policy" content="default-src *; img-src 'self' <?php print $alternates;?> data: blob:; style-src 'self' 'unsafe-inline' <?php print $alternates;?>; script-src 'self' <?php print $script_policy;?> 'unsafe-inline' <?php print $alternates;?>; worker-src 'self'">
- 	<meta name='robots' content='noindex,nofollow'>
- 	<title><?php print $title; ?></title>
---- a/lib/html_graph.php
-+++ b/lib/html_graph.php
-@@ -212,9 +212,9 @@ function html_graph_preview_filter($page, $action, $devices_where = '', $templat
- 						<select id='graphs' onChange='applyGraphFilter()'>
- 							<?php
- 							if (cacti_sizeof($graphs_per_page)) {
--							foreach ($graphs_per_page as $key => $value) {
--								print "<option value='" . $key . "'"; if (get_request_var('graphs') == $key) { print ' selected'; } print '>' . $value . "</option>\n";
--							}
-+								foreach ($graphs_per_page as $key => $value) {
-+									print "<option value='" . $key . "'"; if (get_request_var('graphs') == $key) { print ' selected'; } print '>' . $value . "</option>\n";
-+								}
- 							}
- 							?>
- 						</select>
-@@ -260,7 +260,7 @@ function html_graph_preview_filter($page, $action, $devices_where = '', $templat
- 
- 							if (cacti_sizeof($graph_timespans)) {
- 								foreach($graph_timespans as $value => $text) {
--									print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . $text . "</option>\n";
-+									print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . html_escape($text) . '</option>';
- 								}
- 							}
- 							?>
-@@ -293,7 +293,7 @@ function html_graph_preview_filter($page, $action, $devices_where = '', $templat
- 								$end_val = cacti_sizeof($graph_timeshifts)+1;
- 								if (cacti_sizeof($graph_timeshifts) > 0) {
- 									for ($shift_value=$start_val; $shift_value < $end_val; $shift_value++) {
--										print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . title_trim($graph_timeshifts[$shift_value], 40) . "</option>\n";
-+										print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . html_escape($graph_timeshifts[$shift_value]) . '</option>';
- 									}
- 								}
- 								?>
---- a/lib/html_tree.php
-+++ b/lib/html_tree.php
-@@ -1138,7 +1138,7 @@ function grow_right_pane_tree($tree_id, $leaf_id, $host_group_data) {
- 
- 							if (cacti_sizeof($graph_timespans)) {
- 								foreach($graph_timespans as $value => $text) {
--									print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . $text . '</option>';
-+									print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . html_escape($text) . '</option>';
- 								}
- 							}
- 							?>
-@@ -1171,7 +1171,7 @@ function grow_right_pane_tree($tree_id, $leaf_id, $host_group_data) {
- 								$end_val = cacti_sizeof($graph_timeshifts)+1;
- 								if (cacti_sizeof($graph_timeshifts)) {
- 									for ($shift_value=$start_val; $shift_value < $end_val; $shift_value++) {
--										print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . title_trim($graph_timeshifts[$shift_value], 40) . '</option>';
-+										print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . html_escape($graph_timeshifts[$shift_value]) . '</option>';
- 									}
- 								}
- 								?>
---- a/managers.php
-+++ b/managers.php
-@@ -483,7 +483,7 @@ function clearFilter() {
- 								<?php
- 								if (cacti_sizeof($mibs)) {
- 									foreach ($mibs as $mib) {
--										print "<option value='" . $mib['mib'] . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . $mib['mib'] . '</option>';
-+										print "<option value='" . html_escape($mib['mib']) . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . html_escape($mib['mib']) . '</option>';
- 									}
- 								}
- 								?>
---- a/utilities.php
-+++ b/utilities.php
-@@ -812,7 +812,7 @@ function applyFilter() {
- 
- 							if (cacti_sizeof($users)) {
- 								foreach ($users as $user) {
--									print "<option value='" . $user['username'] . "'"; if (get_request_var('username') == $user['username']) { print ' selected'; } print '>' . $user['username'] . '</option>';
-+									print "<option value='" . html_escape($user['username']) . "'"; if (get_request_var('username') == $user['username']) { print ' selected'; } print '>' . html_escape($user['username']) . '</option>';
- 								}
- 							}
- 							?>
-@@ -1034,19 +1034,19 @@ function utilities_view_logfile() {
- 
- 	$logfile = basename(get_nfilter_request_var('filename'));
- 	$logbase = basename(read_config_option('path_cactilog'));
--	
-+
- 	if ($logfile == '') {
- 		$logfile = $logbase;
- 	}
--	
-+
- 	if ($logfile == '') {
- 		$logfile = 'cacti.log';
- 	}
--	
-+
- 	$logname = '';
- 	$logpath = '';
- 
--	if (!clog_validate_filename($logfile, $logpath, $logname, true)) {	
-+	if (!clog_validate_filename($logfile, $logpath, $logname, true)) {
- 		raise_message('clog_invalid');
- 		header('Location: utilities.php?action=view_logfile&filename=' . $logbase);
- 		exit(0);
-@@ -1171,7 +1171,7 @@ function clearFilter() {
- 
- 							if (cacti_sizeof($logFileArray)) {
- 								foreach ($logFileArray as $logFile) {
--									print "<option value='" . $logFile . "'";
-+									print "<option value='" . html_escape($logFile) . "'";
- 
- 									if (get_nfilter_request_var('filename') == $logFile) {
- 										print ' selected';
-@@ -1182,7 +1182,7 @@ function clearFilter() {
- 									$logDate = cacti_count($logParts) < 2 ? '' : $logParts[1] . (isset($logParts[2]) ? '-' . $logParts[2]:'');
- 									$logName = $logParts[0];
- 
--									print '>' . $logName . ($logDate != '' ? ' [' . substr($logDate,4) . ']':'') . '</option>';
-+									print '>' . html_escape($logName . ($logDate != '' ? ' [' . substr($logDate,4) . ']':'')) . '</option>';
- 								}
- 							}
- 							?>
-@@ -1807,7 +1807,7 @@ function clearFilter() {
- 
- 							if (cacti_sizeof($templates)) {
- 								foreach ($templates as $template) {
--									print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim(html_escape($template['name']), 40) . '</option>';
-+									print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>';
- 								}
- 							}
- 							?>
-@@ -2540,7 +2540,7 @@ function clearFilter() {
- 								<?php
- 								if (cacti_sizeof($mibs) > 0) {
- 									foreach ($mibs as $mib) {
--										print "<option value='" . $mib['mib'] . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . html_escape($mib['mib']) . '</option>';
-+										print "<option value='" . html_escape($mib['mib']) . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . html_escape($mib['mib']) . '</option>';
- 									}
- 								}
- 								?>
-@@ -2804,7 +2804,7 @@ function purgeFilter() {
- 								<option value='-1'<?php if (get_request_var('receiver') == '-1') {?> selected<?php }?>><?php print __('Any');?></option>
- 								<?php
- 								foreach ($receivers as $receiver) {
--									print "<option value='" . $receiver['manager_id'] . "'"; if (get_request_var('receiver') == $receiver['manager_id']) { print ' selected'; } print '>' . $receiver['hostname'] . '</option>';
-+									print "<option value='" . $receiver['manager_id'] . "'"; if (get_request_var('receiver') == $receiver['manager_id']) { print ' selected'; } print '>' . html_escape($receiver['hostname']) . '</option>';
- 								}
- 								?>
- 							</select>
-- 
cgit v1.2.3