Added patch to fix HTML injection vulnerabilities, thank Vadim Efimov for report, bug #294573. Removed old.

(Portage version: 2.2_rc46/cvs/Linux x86_64)

1 files changed, 0 insertions, 30 deletions

diff --git a/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch b/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch
deleted file mode 100644
index 7398e962151b..000000000000
--- a/net-analyzer/cacti/files/cacti-0.8.6j-dos-large-values.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -uNr -r cacti-0.8.6j-orig/graph_image.php cacti-0.8.6j/graph_image.php
---- cacti-0.8.6j-orig/graph_image.php	2007-01-18 01:23:10.000000000 +0100
-+++ cacti-0.8.6j/graph_image.php	2007-06-06 21:00:17.278210000 +0200
-@@ -51,22 +51,22 @@
- $graph_data_array = array();
- 
- /* override: graph start time (unix time) */
--if (!empty($_GET["graph_start"])) {
-+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
- 	$graph_data_array["graph_start"] = $_GET["graph_start"];
- }
- 
- /* override: graph end time (unix time) */
--if (!empty($_GET["graph_end"])) {
-+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
- 	$graph_data_array["graph_end"] = $_GET["graph_end"];
- }
- 
- /* override: graph height (in pixels) */
--if (!empty($_GET["graph_height"])) {
-+if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
- 	$graph_data_array["graph_height"] = $_GET["graph_height"];
- }
- 
- /* override: graph width (in pixels) */
--if (!empty($_GET["graph_width"])) {
-+if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
- 	$graph_data_array["graph_width"] = $_GET["graph_width"];
- }
-