blob: f55b7b0a40df22bef69be8515534a94d009a1563 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
https://bugs.gentoo.org/765019
https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
From 565e0604a53f4988dc5b544d01f4a631eaa80d82 Mon Sep 17 00:00:00 2001
From: TheWitness <thewitness@cacti.net>
Date: Thu, 24 Dec 2020 10:39:50 -0500
Subject: [PATCH] Fixing Issue #4022
SQL Injection in data_debug.php
--- a/data_debug.php
+++ b/data_debug.php
@@ -35,6 +35,8 @@
set_default_action();
+validate_request_vars();
+
switch (get_request_var('action')) {
case 'actions':
form_actions();
@@ -123,8 +125,6 @@
break;
default:
- validate_request_vars();
-
$refresh = array(
'seconds' => get_request_var('refresh'),
'page' => 'data_debug.php?header=false',
|
