search

Cacti / plugin_thold

Thold Plugin for Cacti
GNU General Public License v2.0
68 stars 63 forks source link

Missing input validation - notification lists -> any list -> Thresholds #554

Closed xmacan closed 2 years ago

xmacan commented 2 years ago

I don't know if plugins also require this check. The notify_lists.php is missing in many places: 2022-04-07 17:31:00 - CMDPHP Input Validation Not Performed for 'id' Backtrace: (/plugins/thold/notify_lists.php[58]:form_actions(), /plugins/thold/notify_lists.php[426]:get_request_var(), /lib/html_utility.php[394]:html_log_input_error(), /lib/html_validate.php[44]:cacti_debug_backtrace()) 2022-04-07 17:31:00 - CMDPHP Input Validation Not Performed for 'notification_alert_action' Backtrace: (/plugins/thold/notify_lists.php[58]:form_actions(), /plugins/thold/notify_lists.php[421]:get_request_var(), /lib/html_utility.php[394]:html_log_input_error(), /lib/html_validate.php[44]:cacti_debug_backtrace()) 2022-04-07 17:31:00 - CMDPHP Input Validation Not Performed for 'notification_warning_action' Backtrace: (/plugins/thold/notify_lists.php[58]:form_actions(), /plugins/thold/notify_lists.php[401]:get_request_var(), /lib/html_utility.php[394]:html_log_input_error(), /lib/html_validate.php[44]:cacti_debug_backtrace())

I can fix it, if you want.

Cacti 1.2.20 Thold 1.6

interduo commented 2 years ago

I also get some kind of errrors in: 2022/08/31 12:57:00 - CMDPHP Input Validation Not Performed for 'host_id' Backtrace: (/plugins/thold/thold.php[87]:save_thold(), /plugins/thold/thold_functions.php[4468]:get_request_var(), /lib/html_utility.php[379]:html_log_input_error(), /lib/html_validate.php[44]:cacti_debug_backtrace())

@xmacan PR's are always welcome :)

TheWitness commented 2 years ago

Fixed.

interduo commented 2 years ago

Thanks - its done. Why You don't close the issue?