Version in base suite: 1.2.24+ds1-1+deb12u1 Base version: cacti_1.2.24+ds1-1+deb12u1 Target version: cacti_1.2.24+ds1-1+deb12u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/cacti/cacti_1.2.24+ds1-1+deb12u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/c/cacti/cacti_1.2.24+ds1-1+deb12u2.dsc cacti.links | 1 changelog | 16 control | 1 patches/CVE-2023-39360.patch | 39 - patches/CVE-2023-39513.patch | 839 +++++++++++++++++++++++++++++++ patches/CVE-2023-49084.patch | 47 + patches/CVE-2023-49085.patch | 126 ++++ patches/CVE-2023-49086.patch | 49 + patches/CVE-2023-49088,50250,50569.patch | 173 ++++++ patches/series | 6 10 files changed, 1278 insertions(+), 19 deletions(-) diff -Nru cacti-1.2.24+ds1/debian/cacti.links cacti-1.2.24+ds1/debian/cacti.links --- cacti-1.2.24+ds1/debian/cacti.links 2023-10-27 20:23:02.000000000 +0000 +++ cacti-1.2.24+ds1/debian/cacti.links 2024-02-22 16:47:55.000000000 +0000 @@ -10,6 +10,7 @@ /usr/share/fonts-fork-awesome /usr/share/cacti/site/include/fa /usr/share/javascript/chart.js/Chart.js /usr/share/cacti/site/include/js/Chart.js /usr/share/nodejs/d3/dist/d3.min.js /usr/share/cacti/site/include/js/d3.js +/usr/share/nodejs/dompurify/dist/purify.min.js /usr/share/cacti/site/include/js/purify.js /usr/share/javascript/jquery-cookie/jquery.cookie.min.js /usr/share/cacti/site/include/js/jquery.cookie.js /usr/share/javascript/jquery-hotkeys/jquery.hotkeys.js /usr/share/cacti/site/include/js/jquery.hotkeys.js /usr/share/javascript/jquery-metadata/jquery.metadata.min.js /usr/share/cacti/site/include/js/jquery.metadata.js diff -Nru cacti-1.2.24+ds1/debian/changelog cacti-1.2.24+ds1/debian/changelog --- cacti-1.2.24+ds1/debian/changelog 2023-10-27 20:23:02.000000000 +0000 +++ cacti-1.2.24+ds1/debian/changelog 2024-03-15 09:53:35.000000000 +0000 @@ -1,3 +1,19 @@ +cacti (1.2.24+ds1-1+deb12u2) bookworm-security; urgency=high + + [Sylvain Beucler] + * Non-maintainer upload by the LTS Security Team. + * Fix patch for CVE-2023-39360. + * Fix patch for CVE-2023-39513. + * Backport security patches: CVE-2023-49084, CVE-2023-49085, + CVE-2023-49086, CVE-2023-49088, CVE-2023-50250, CVE-2023-50569 + (Closes: #1059254) + + [Paul Gevers] + * Depends on node-dompurify and link purify.js instead of using upstream + vendored version + + -- Sylvain Beucler Fri, 15 Mar 2024 10:53:35 +0100 + cacti (1.2.24+ds1-1+deb12u1) bookworm-security; urgency=high * Backport security patches from 1.2.25: CVE-2023-39357, CVE-2023-39358, diff -Nru cacti-1.2.24+ds1/debian/control cacti-1.2.24+ds1/debian/control --- cacti-1.2.24+ds1/debian/control 2023-10-27 20:23:02.000000000 +0000 +++ cacti-1.2.24+ds1/debian/control 2024-02-22 16:47:37.000000000 +0000 @@ -30,6 +30,7 @@ libapache2-mod-php | php, libjs-chart.js, node-d3, + node-dompurify, libjs-jquery, libjs-jquery-cookie, libjs-jquery-hotkeys, diff -Nru cacti-1.2.24+ds1/debian/patches/CVE-2023-39360.patch cacti-1.2.24+ds1/debian/patches/CVE-2023-39360.patch --- cacti-1.2.24+ds1/debian/patches/CVE-2023-39360.patch 2023-10-27 20:23:02.000000000 +0000 +++ cacti-1.2.24+ds1/debian/patches/CVE-2023-39360.patch 2024-02-22 10:57:52.000000000 +0000 @@ -1,26 +1,27 @@ -From 9696bbd8060c7332b11b709f4dd17e6c3776bba2 Mon Sep 17 00:00:00 2001 +Origin: https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa +Reviewed-by: Sylvain Beucler +Last-Update: 2024-02-22 + +From bc6dc996745ef0dee3427178c8d87a6402f3fefa Mon Sep 17 00:00:00 2001 From: TheWitness -Date: Fri, 4 Aug 2023 13:34:37 -0400 -Subject: [PATCH] Protect against XSS Reflection attacks +Date: Fri, 4 Aug 2023 15:10:57 -0400 +Subject: [PATCH] QA: Different approach to XSS issue --- - CHANGELOG | 1 + - graphs_new.php | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) + graphs_new.php | 4 ++-- + lib/html_form.php | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) -diff --git a/graphs_new.php b/graphs_new.php -index 458ef613b..b6a50e162 100644 ---- a/graphs_new.php -+++ b/graphs_new.php -@@ -990,7 +990,7 @@ function graphs() { +Index: cacti-1.2.24+ds1/lib/html_form.php +=================================================================== +--- cacti-1.2.24+ds1.orig/lib/html_form.php ++++ cacti-1.2.24+ds1/lib/html_form.php +@@ -1306,7 +1306,7 @@ function form_save_button($cancel_url, $ } - if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'graphs_new') === false) { -- set_request_var('returnto', basename($_SERVER['HTTP_REFERER'])); -+ set_request_var('returnto', basename(sanitize_uri($_SERVER['HTTP_REFERER']))); + if ($force_type != 'import' && $force_type != 'export' && $force_type != 'save' && $force_type != 'close' && $cancel_url != '') { +- $cancel_action = ""; ++ $cancel_action = ""; + } else { + $cancel_action = ''; } - - load_current_session_value('returnto', 'sess_grn_returnto', ''); --- -2.42.0 - diff -Nru cacti-1.2.24+ds1/debian/patches/CVE-2023-39513.patch cacti-1.2.24+ds1/debian/patches/CVE-2023-39513.patch --- cacti-1.2.24+ds1/debian/patches/CVE-2023-39513.patch 1970-01-01 00:00:00.000000000 +0000 +++ cacti-1.2.24+ds1/debian/patches/CVE-2023-39513.patch 2024-03-15 09:42:07.000000000 +0000 @@ -0,0 +1,839 @@ +Origin: https://github.com/cacti/cacti/commit/f66ed84ee2dfd22581e831db97afd2bb145312ef +Origin: https://github.com/cacti/cacti/commit/23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 +Reviewed-by: Sylvain Beucler +Last-Update: 2024-03-15 + +From f66ed84ee2dfd22581e831db97afd2bb145312ef Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Sun, 4 Jun 2023 12:28:26 -0400 +Subject: [PATCH] Fixing #5324 - Over Escaping Debug log + +This is an issue between releases due to escaping log entries in the wrong location in the security fix. This change resolves that issue. + +Reindex device from GUI - debug info broken due to over escaping +--- + CHANGELOG | 1 + + graphs.php | 4 ++-- + host.php | 1 + + lib/data_query.php | 58 +++++++++++++++++++++++----------------------- + lib/functions.php | 11 +++++---- + lib/template.php | 12 +++++----- + 6 files changed, 45 insertions(+), 42 deletions(-) + +From 23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Sat, 17 Jun 2023 18:01:26 -0400 +Subject: [PATCH] QA: Minor rework to #5324 - XSS Issues + +Missed a few untranslated strings in addition, ensured bot the log insert and the query_debug_timer functions were covered. +--- + lib/data_query.php | 146 ++++++++++++++++++++++----------------------- + lib/functions.php | 3 +- + 2 files changed, 75 insertions(+), 74 deletions(-) + +Index: cacti-1.2.24+ds1/lib/data_query.php +=================================================================== +--- cacti-1.2.24+ds1.orig/lib/data_query.php ++++ cacti-1.2.24+ds1/lib/data_query.php +@@ -68,10 +68,10 @@ function run_data_query($host_id, $snmp_ + unset($_SESSION['debug_log']['response']); + + automation_execute_data_query($host_id, $snmp_query_id); +- query_debug_timer_offset('data_query', __('Automation Execution for Data Query complete')); ++ query_debug_timer_offset('data_query', __esc('Automation Execution for Data Query complete')); + + api_plugin_hook_function('run_data_query', array('host_id' => $host_id, 'snmp_query_id' => $snmp_query_id)); +- query_debug_timer_offset('data_query', __('Plugin Hooks complete')); ++ query_debug_timer_offset('data_query', __esc('Plugin Hooks complete')); + + return $result; + } +@@ -89,7 +89,7 @@ function run_data_query($host_id, $snmp_ + // Load the XML structure for custom settings detection + $query_array = get_data_query_array($snmp_query_id); + +- query_debug_timer_offset('data_query', __('Running Data Query [%s].', $snmp_query_id)); ++ query_debug_timer_offset('data_query', __esc('Running Data Query [%s].', $snmp_query_id)); + + $type_id = db_fetch_cell_prepared('SELECT data_input.type_id + FROM snmp_query +@@ -99,7 +99,7 @@ function run_data_query($host_id, $snmp_ + array($snmp_query_id)); + + if (isset($input_types[$type_id])) { +- query_debug_timer_offset('data_query', __('Found Type = \'%s\' [%s].', $type_id, $input_types[$type_id])); ++ query_debug_timer_offset('data_query', __esc('Found Type = \'%s\' [%s].', $type_id, $input_types[$type_id])); + } + + if ($type_id == DATA_INPUT_TYPE_SNMP_QUERY) { +@@ -121,7 +121,7 @@ function run_data_query($host_id, $snmp_ + if (isset($arguments['result']) && $arguments['result'] !== false) { + $result = $arguments['result']; + } else { +- query_debug_timer_offset('data_query', __('Unknown Type = \'%s\'.', $type_id)); ++ query_debug_timer_offset('data_query', __esc('Unknown Type = \'%s\'.', $type_id)); + } + } + +@@ -156,7 +156,7 @@ function run_data_query($host_id, $snmp_ + if (query_check_suitable($new_sort_field, $old_sort_field, $host_id, $snmp_query_id)) { + if ($old_sort_field != $new_sort_field) { + if ($old_sort_field != '') { +- query_debug_timer_offset('data_query', __('WARNING: Sort Field Association has Changed. Re-mapping issues may occur!')); ++ query_debug_timer_offset('data_query', __esc('WARNING: Sort Field Association has Changed. Re-mapping issues may occur!')); + + cacti_log('WARNING: Sort Field has Changed for Device[' . $host_id . '] and DQ[' . $snmp_query_id . ']. Old Sort:' . $old_sort_field . ', New Sort:' . $new_sort_field . '. Re-mapping issues may occur!', false, 'REINDEX'); + } +@@ -168,7 +168,7 @@ function run_data_query($host_id, $snmp_ + } + } + +- query_debug_timer_offset('data_query', __('Update Data Query Sort Cache complete')); ++ query_debug_timer_offset('data_query', __esc('Update Data Query Sort Cache complete')); + + /* recalculate/change sort order */ + $local_data = db_fetch_assoc_prepared('SELECT dl.id AS local_data_id, dl.host_id, +@@ -191,7 +191,7 @@ function run_data_query($host_id, $snmp_ + $changed_ids = array(); + $orphaned_ids = array(); + if (cacti_sizeof($local_data)) { +- query_debug_timer_offset('data_query', __('Found %s Local Data ID\'s to Verify', cacti_sizeof($local_data))); ++ query_debug_timer_offset('data_query', __esc('Found %s Local Data ID\'s to Verify', cacti_sizeof($local_data))); + + foreach($local_data as $data_source) { + // Just in case there is a forced type from the data source page +@@ -285,7 +285,7 @@ function run_data_query($host_id, $snmp_ + // Non blank index found + // Check to see if the index changed + if ($current_index != $data_source['snmp_index']) { +- query_debug_timer_offset('data_query', __('Index Change Detected! CurrentIndex: %s, PreviousIndex: %s', $current_index, $data_source['query_index'])); ++ query_debug_timer_offset('data_query', __esc('Index Change Detected! CurrentIndex: %s, PreviousIndex: %s', $current_index, $data_source['query_index'])); + + db_execute_prepared('UPDATE data_local + SET snmp_index = ?, +@@ -298,10 +298,10 @@ function run_data_query($host_id, $snmp_ + } elseif ($data_source['snmp_index'] != '' && !$forced_type) { + if (isset($query_array['index_transient']) && $query_array['index_transient'] == 'true') { + // Found removed index, but this is expected, so no action taken +- query_debug_timer_offset('data_query', __('Transient Index Removal Detected! PreviousIndex: %s. No action taken.', $data_source['query_index'])); ++ query_debug_timer_offset('data_query', __esc('Transient Index Removal Detected! PreviousIndex: %s. No action taken.', $data_source['query_index'])); + } else { + // Found a deleted index, masking off to prevent issues +- query_debug_timer_offset('data_query', __('Index Removal Detected! PreviousIndex: %s', $data_source['query_index'])); ++ query_debug_timer_offset('data_query', __esc('Index Removal Detected! PreviousIndex: %s', $data_source['query_index'])); + + // Set the index to Null, note that the Data Source still has the value + db_execute_prepared('UPDATE data_local +@@ -328,45 +328,45 @@ function run_data_query($host_id, $snmp_ + } + } + +- query_debug_timer_offset('data_query', __('Verification of %s Local Data ID\'s Complete', cacti_sizeof($local_data))); ++ query_debug_timer_offset('data_query', __esc('Verification of %s Local Data ID\'s Complete', cacti_sizeof($local_data))); + + if (cacti_sizeof($changed_ids) || cacti_sizeof($orphaned_ids)) { +- query_debug_timer_offset('data_query', __('Found Changed %s and %s Orphaned Local Data ID\'s to Re-map.', cacti_sizeof($changed_ids), cacti_sizeof($orphaned_ids))); ++ query_debug_timer_offset('data_query', __esc('Found Changed %s and %s Orphaned Local Data ID\'s to Re-map.', cacti_sizeof($changed_ids), cacti_sizeof($orphaned_ids))); + data_query_remap_indexes($changed_ids); + data_query_remap_indexes($orphaned_ids); +- query_debug_timer_offset('data_query', __('Done remapping Graphs to their new Indexes')); ++ query_debug_timer_offset('data_query', __esc('Done remapping Graphs to their new Indexes')); + } + + if ((cacti_sizeof($changed_ids) || cacti_sizeof($orphaned_ids)) && !$force) { + /* update title cache for graph and data source */ + update_data_source_title_cache_from_host($host_id, $snmp_query_id, array_merge($changed_ids, $orphaned_ids)); +- query_debug_timer_offset('data_query', __('Done updating Data Source Title Cache')); ++ query_debug_timer_offset('data_query', __esc('Done updating Data Source Title Cache')); + + update_graph_title_cache_from_host($host_id, $snmp_query_id, array_merge($changed_ids, $orphaned_ids)); +- query_debug_timer_offset('data_query', __('Done updating Graph Title Cache')); ++ query_debug_timer_offset('data_query', __esc('Done updating Graph Title Cache')); + } elseif ($force) { + /* update title cache for graph and data source */ + update_data_source_title_cache_from_host($host_id, $snmp_query_id); +- query_debug_timer_offset('data_query', __('Done updating Data Source Title Cache')); ++ query_debug_timer_offset('data_query', __esc('Done updating Data Source Title Cache')); + + update_graph_title_cache_from_host($host_id, $snmp_query_id); +- query_debug_timer_offset('data_query', __('Done updating Graph Title Cache')); ++ query_debug_timer_offset('data_query', __esc('Done updating Graph Title Cache')); + } + } + +- query_debug_timer_offset('data_query', __('Index Association with Local Data complete')); ++ query_debug_timer_offset('data_query', __esc('Index Association with Local Data complete')); + + update_reindex_cache($host_id, $snmp_query_id); + + /* update the auto reindex cache */ + if (cacti_sizeof($changed_ids)) { +- query_debug_timer_offset('data_query', __('Update Re-Index Cache complete. There were ' . cacti_sizeof($changed_ids) . ' index changes, and ' . cacti_sizeof($orphaned_ids) . ' orphaned indexes.')); ++ query_debug_timer_offset('data_query', __esc('Update Re-Index Cache complete. There were %s index changes, and %s orphaned indexes.', cacti_sizeof($changed_ids), cacti_sizeof($orphaned_ids))); + + /* update the poller cache */ + update_poller_cache_from_query($host_id, $snmp_query_id, $changed_ids); +- query_debug_timer_offset('data_query', __('Update Poller Cache for Query complete')); ++ query_debug_timer_offset('data_query', __esc('Update Poller Cache for Query complete')); + } else { +- query_debug_timer_offset('data_query', __('No Index Changes Detected, Skipping Re-Index and Poller Cache Re-population')); ++ query_debug_timer_offset('data_query', __esc('No Index Changes Detected, Skipping Re-Index and Poller Cache Re-population')); + } + + if (cacti_sizeof($orphaned_ids) && +@@ -388,18 +388,18 @@ function run_data_query($host_id, $snmp_ + if ($config['poller_id'] == 1) { + /* perform any automation on reindex */ + automation_execute_data_query($host_id, $snmp_query_id); +- query_debug_timer_offset('data_query', __('Automation Executing for Data Query complete')); ++ query_debug_timer_offset('data_query', __esc('Automation Executing for Data Query complete')); + + api_plugin_hook_function('run_data_query', array('host_id' => $host_id, 'snmp_query_id' => $snmp_query_id)); +- query_debug_timer_offset('data_query', __('Plugin hooks complete')); ++ query_debug_timer_offset('data_query', __esc('Plugin hooks complete')); + } elseif ($config['connection'] == 'online') { + poller_push_reindex_data_to_poller($host_id, $snmp_query_id); + + automation_execute_data_query($host_id, $snmp_query_id); +- query_debug_timer_offset('data_query', __('Automation Execution for Data Query complete')); ++ query_debug_timer_offset('data_query', __esc('Automation Execution for Data Query complete')); + + api_plugin_hook_function('run_data_query', array('host_id' => $host_id, 'snmp_query_id' => $snmp_query_id)); +- query_debug_timer_offset('data_query', __('Plugin Hooks complete')); ++ query_debug_timer_offset('data_query', __esc('Plugin Hooks complete')); + + if (!isset($_SESSION)) { + $config['debug_log']['result'] = $result; +@@ -447,12 +447,12 @@ function data_query_remove_disabled_item + + function query_check_suitable($new_sort_field, $old_sort_field, $host_id, $snmp_query_id) { + if ($new_sort_field == $old_sort_field) { +- query_debug_timer_offset('data_query', __('Checking for Sort Field change. No changes detected.')); ++ query_debug_timer_offset('data_query', __esc('Checking for Sort Field change. No changes detected.')); + + return true; + } + +- query_debug_timer_offset('data_query', __('Detected New Sort Field: \'%s\' Old Sort Field \'%s\'', $new_sort_field, $old_sort_field)); ++ query_debug_timer_offset('data_query', __esc('Detected New Sort Field: \'%s\' Old Sort Field \'%s\'', $new_sort_field, $old_sort_field)); + + $new_sort_count = db_fetch_cell_prepared('SELECT COUNT(*) + FROM host_snmp_cache +@@ -469,7 +469,7 @@ function query_check_suitable($new_sort_ + array($host_id, $snmp_query_id, $old_sort_field)); + + if ($new_sort_count < $old_sort_count) { +- query_debug_timer_offset('data_query', __('ERROR: New Sort Field not suitable. Sort Field will not change.')); ++ query_debug_timer_offset('data_query', __esc('ERROR: New Sort Field not suitable. Sort Field will not change.')); + + /* update the cache */ + db_execute_prepared('UPDATE host_snmp_query +@@ -481,7 +481,7 @@ function query_check_suitable($new_sort_ + return false; + } + +- query_debug_timer_offset('data_query', __('New Sort Field validated. Sort Field be updated.')); ++ query_debug_timer_offset('data_query', __esc('New Sort Field validated. Sort Field be updated.')); + + return true; + } +@@ -569,11 +569,11 @@ function get_data_query_array($snmp_quer + $xml_file_path = str_replace($search, $replace, $xml_file_path); + + if (!file_exists($xml_file_path)) { +- query_debug_timer_offset('data_query', __('Could not find data query XML file at \'%s\'', $xml_file_path)); ++ query_debug_timer_offset('data_query', __esc('Could not find data query XML file at \'%s\'', $xml_file_path)); + return array(); + } + +- query_debug_timer_offset('data_query', __('Found data query XML file at \'%s\'', $xml_file_path)); ++ query_debug_timer_offset('data_query', __esc('Found data query XML file at \'%s\'', $xml_file_path)); + + $data = implode('',file($xml_file_path)); + +@@ -596,11 +596,11 @@ function query_script_host($host_id, $sn + + /* invalid xml check */ + if ((!is_array($script_queries)) || (cacti_sizeof($script_queries) == 0)) { +- query_debug_timer_offset('data_query', __('Error parsing XML file into an array.')); ++ query_debug_timer_offset('data_query', __esc('Error parsing XML file into an array.')); + return false; + } + +- query_debug_timer_offset('data_query', __('XML file parsed ok.')); ++ query_debug_timer_offset('data_query', __esc('XML file parsed ok.')); + + /* are we talking to script server? */ + if (isset($script_queries['script_server'])) { +@@ -626,14 +626,14 @@ function query_script_host($host_id, $sn + + // if the number of indexes does not exist use emulation + if (!cacti_sizeof($script_num_index_array)) { +- query_debug_timer_offset('data_query', __('Data Query returned no indexes.')); ++ query_debug_timer_offset('data_query', __esc('Data Query returned no indexes.')); + query_debug_timer_offset('data_query', __('<arg_num_indexes> exists in XML file but no data returned., \'Index Count Changed\' not supported')); + } + +- query_debug_timer_offset('data_query', __('Executing script for num of indexes \'%s\'', $script_path)); ++ query_debug_timer_offset('data_query', __esc('Executing script for num of indexes \'%s\'', $script_path)); + + foreach ($script_num_index_array as $element) { +- query_debug_timer_offset('data_query', __('Found number of indexes: %s' , $element)); ++ query_debug_timer_offset('data_query', __esc('Found number of indexes: %s' , $element)); + } + } else { + if (isset($script_queries['script_server'])) { +@@ -650,16 +650,16 @@ function query_script_host($host_id, $sn + $script_index_array = exec_into_array($script_path); + + if (!cacti_sizeof($script_index_array)) { +- query_debug_timer_offset('data_query', __('ERROR: Data Query returned no indexes.')); ++ query_debug_timer_offset('data_query', __esc('ERROR: Data Query returned no indexes.')); + return false; + } + +- query_debug_timer_offset('data_query', __('Executing script for list of indexes \'%s\', Index Count: %s', $script_path, cacti_sizeof($script_index_array))); ++ query_debug_timer_offset('data_query', __esc('Executing script for list of indexes \'%s\', Index Count: %s', $script_path, cacti_sizeof($script_index_array))); + +- debug_log_insert_section_start('data_query', __('Click to show Data Query output for \'index\''), true); ++ debug_log_insert_section_start('data_query', __esc('Click to show Data Query output for \'index\''), true); + + foreach ($script_index_array as $element) { +- debug_log_insert('data_query', __('Found index: %s', $element)); ++ debug_log_insert('data_query', __esc('Found index: %s', $element)); + } + + debug_log_insert_section_end('data_query'); +@@ -674,15 +674,15 @@ function query_script_host($host_id, $sn + $rewrite_value = isset($field_array['rewrite_value']) ? $field_array['rewrite_value'] : null; + $script_path = get_script_query_path((isset($script_queries['arg_prepend']) ? $script_queries['arg_prepend'] . ' ': '') . $script_queries['arg_query'] . ' ' . $field_array['query_name'], $script_queries['script_path'], $host_id); + +- debug_log_insert_section_start('data_query', __('Click to show Data Query output for field \'%s\'', $field_name), true); ++ debug_log_insert_section_start('data_query', __esc('Click to show Data Query output for field \'%s\'', $field_name), true); + + $script_data_array = exec_into_array($script_path); + + if (!cacti_sizeof($script_data_array) && $field_name == $sort_field) { + $empty_types[] = $field_name; +- query_debug_timer_offset('data_query', __('Sort field returned no data for field name %s, skipping', $field_name)); ++ query_debug_timer_offset('data_query', __esc('Sort field returned no data for field name %s, skipping', $field_name)); + } else { +- debug_log_insert('data_query', __('Executing script query \'%s\'', $script_path)); ++ debug_log_insert('data_query', __esc('Executing script query \'%s\'', $script_path)); + + if (cacti_sizeof($script_data_array)) { + foreach ($script_data_array as $element) { +@@ -693,14 +693,14 @@ function query_script_host($host_id, $sn + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $field_value, $script_index, ''); + +- debug_log_insert('data_query', __('Found item [%s=\'%s\'] index: %s', $field_name, $field_value, $script_index)); ++ debug_log_insert('data_query', __esc('Found item [%s=\'%s\'] index: %s', $field_name, $field_value, $script_index)); + } elseif (isset($script_queries['output_delimiter']) && preg_match("/(.*?)" . preg_quote($script_queries['output_delimiter']) . "(.*)/", $element, $matches)) { + $script_index = $matches[1]; + $field_value = $matches[2]; + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $field_value, $script_index, ''); + +- debug_log_insert('data_query', __('Found item [%s=\'%s\'] index: %s', $field_name, $field_value, $script_index)); ++ debug_log_insert('data_query', __esc('Found item [%s=\'%s\'] index: %s', $field_name, $field_value, $script_index)); + } + } + } +@@ -778,13 +778,13 @@ function query_snmp_host($host_id, $snmp + $sort_field = get_best_data_query_index_type($host_id, $snmp_query_id); + + if (!cacti_sizeof($host) || $host['hostname'] == '') { +- query_debug_timer_offset('data_query', __('Invalid host_id: %s', $host_id)); ++ query_debug_timer_offset('data_query', __esc('Invalid host_id: %s', $host_id)); + return false; + } + + /* invalid xml check */ + if ((!is_array($snmp_queries)) || (cacti_sizeof($snmp_queries) == 0)) { +- query_debug_timer_offset('data_query', __('Error parsing XML file into an array.')); ++ query_debug_timer_offset('data_query', __esc('Error parsing XML file into an array.')); + return false; + } + +@@ -802,7 +802,7 @@ function query_snmp_host($host_id, $snmp + $low_total = 999; + $selected = -1; + +- query_debug_timer_offset('data_query', __('Auto Bulk Walk Size Selected.')); ++ query_debug_timer_offset('data_query', __esc('Auto Bulk Walk Size Selected.')); + + foreach($walk_sizes as $size) { + $session = cacti_snmp_session($host['hostname'], $host['snmp_community'], +@@ -812,7 +812,7 @@ function query_snmp_host($host_id, $snmp + $host['snmp_timeout'], $host['ping_retries'], $host['max_oids'], $size); + + if ($session === false) { +- debug_log_insert('data_query', __('Failed to load SNMP session.')); ++ debug_log_insert('data_query', __esc('Failed to load SNMP session.')); + + return false; + } +@@ -822,7 +822,7 @@ function query_snmp_host($host_id, $snmp + $snmp_indexes = cacti_snmp_session_walk($session, $snmp_queries['oid_index']); + $end = microtime(true); + +- query_debug_timer_offset('data_query', __('Tested Bulk Walk Size %d with a response of %2.4f.', $size, $end - $start)); ++ query_debug_timer_offset('data_query', __esc('Tested Bulk Walk Size %d with a response of %2.4f.', $size, $end - $start)); + + $total = $end - $start; + if ($total > $low_total) { +@@ -833,10 +833,10 @@ function query_snmp_host($host_id, $snmp + } + } + +- query_debug_timer_offset('data_query', __('Bulk Walk Size selected was %d.', $walk_size)); ++ query_debug_timer_offset('data_query', __esc('Bulk Walk Size selected was %d.', $walk_size)); + + if ($host['bulk_walk_size'] == 0) { +- query_debug_timer_offset('data_query', __('Saving Bulk Walk Size to Device.')); ++ query_debug_timer_offset('data_query', __esc('Saving Bulk Walk Size to Device.')); + + $host['bulk_walk_size'] = $walk_size; + +@@ -848,7 +848,7 @@ function query_snmp_host($host_id, $snmp + } else { + $walk_size = $host['bulk_walk_size']; + +- query_debug_timer_offset('data_query', __('Bulk Walk Size is fixed at %d.', $walk_size)); ++ query_debug_timer_offset('data_query', __esc('Bulk Walk Size is fixed at %d.', $walk_size)); + + $session = cacti_snmp_session($host['hostname'], $host['snmp_community'], + $host['snmp_version'], $host['snmp_username'], $host['snmp_password'], +@@ -857,7 +857,7 @@ function query_snmp_host($host_id, $snmp + $host['snmp_timeout'], $host['ping_retries'], $host['max_oids'], $walk_size); + + if ($session === false) { +- debug_log_insert('data_query', __('Failed to load SNMP session.')); ++ debug_log_insert('data_query', __esc('Failed to load SNMP session.')); + + return false; + } +@@ -870,21 +870,21 @@ function query_snmp_host($host_id, $snmp + if (isset($snmp_queries['oid_num_indexes'])) { + $snmp_num_indexes = cacti_snmp_session_get($session, $snmp_queries['oid_num_indexes']); + +- query_debug_timer_offset('data_query', __('Executing SNMP get for num of indexes @ \'%s\' Index Count: %s' , $snmp_queries['oid_num_indexes'] , $snmp_num_indexes)); ++ query_debug_timer_offset('data_query', __esc('Executing SNMP get for num of indexes @ \'%s\' Index Count: %s' , $snmp_queries['oid_num_indexes'] , $snmp_num_indexes)); + } else { + query_debug_timer_offset('data_query', __('<oid_num_indexes> missing in XML file, \'Index Count Changed\' emulated by counting oid_index entries')); + } + +- query_debug_timer_offset('data_query', __('Executing SNMP walk for list of indexes @ \'%s\' Index Count: %s', $snmp_queries['oid_index'] , cacti_sizeof($snmp_indexes))); ++ query_debug_timer_offset('data_query', __esc('Executing SNMP walk for list of indexes @ \'%s\' Index Count: %s', $snmp_queries['oid_index'] , cacti_sizeof($snmp_indexes))); + + /* no data found; get out */ + if (!cacti_sizeof($snmp_indexes)) { +- query_debug_timer_offset('data_query', __('No SNMP data returned')); ++ query_debug_timer_offset('data_query', __esc('No SNMP data returned')); + return false; + } else { + /* show list of indices found */ + foreach ($snmp_indexes as $oid => $value) { +- query_debug_timer_offset('data_query', __('Index found at OID: \'%s\' value: \'%s\'', $oid , $value)); ++ query_debug_timer_offset('data_query', __esc('Index found at OID: \'%s\' value: \'%s\'', $oid , $value)); + } + } + +@@ -900,11 +900,11 @@ function query_snmp_host($host_id, $snmp + unset($snmp_indexes[$oid]); + } + } +- query_debug_timer_offset('data_query', __('List of indexes filtered by value @ \'%s\' Index Count: %s', $snmp_queries['oid_index'] , cacti_sizeof($snmp_indexes))); ++ query_debug_timer_offset('data_query', __esc('List of indexes filtered by value @ \'%s\' Index Count: %s', $snmp_queries['oid_index'] , cacti_sizeof($snmp_indexes))); + + /* show list of indices found */ + foreach ($snmp_indexes as $oid => $value) { +- query_debug_timer_offset('data_query', __('Filtered Index by value found at OID: \'%s\' value: \'%s\'', $oid , $value)); ++ query_debug_timer_offset('data_query', __esc('Filtered Index by value found at OID: \'%s\' value: \'%s\'', $oid , $value)); + } + } + +@@ -920,11 +920,11 @@ function query_snmp_host($host_id, $snmp + } + + $snmp_indexes = $parsed_indexes; +- query_debug_timer_offset('data_query', __('Filtering list of indexes @ \'%s\' Index Count: %s', $snmp_queries['oid_index'] , cacti_sizeof($snmp_indexes))); ++ query_debug_timer_offset('data_query', __esc('Filtering list of indexes @ \'%s\' Index Count: %s', $snmp_queries['oid_index'] , cacti_sizeof($snmp_indexes))); + + /* show list of indices found */ + foreach ($snmp_indexes as $oid => $value) { +- query_debug_timer_offset('data_query', __('Filtered Index found at OID: \'%s\' value: \'%s\'', $oid , $value)); ++ query_debug_timer_offset('data_query', __esc('Filtered Index found at OID: \'%s\' value: \'%s\'', $oid , $value)); + } + } + +@@ -944,19 +944,19 @@ function query_snmp_host($host_id, $snmp + if ($field_array['source'] != 'index' && ($field_array['direction'] == 'input' || $field_array['direction'] == 'input-output') && $field_array['method'] != 'get' && + (isset($field_array['rewrite_index']) || isset($field_array['oid_suffix']))) { + $field_array['method'] = 'get'; +- debug_log_insert('data_query', __('Fixing wrong \'method\' field for \'%s\' since \'rewrite_index\' or \'oid_suffix\' is defined',$field_name)); ++ debug_log_insert('data_query', __esc('Fixing wrong \'method\' field for \'%s\' since \'rewrite_index\' or \'oid_suffix\' is defined',$field_name)); + } + + $rewrite_value = isset($field_array['rewrite_value']) ? $field_array['rewrite_value'] : null; + + if ((!isset($field_array['oid'])) && ($field_array['source'] == 'index')) { + foreach ($snmp_indexes as $oid => $value) { +- query_debug_timer_offset('data_query', __('Inserting index data for field \'%s\' [value=\'%s\']' , $field_name, $value)); ++ query_debug_timer_offset('data_query', __esc('Inserting index data for field \'%s\' [value=\'%s\']' , $field_name, $value)); + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $value, $value, ''); + } + } elseif (($field_array['method'] == 'get') && ($field_array['direction'] == 'input' || $field_array['direction'] == 'input-output')) { +- query_debug_timer_offset('data_query', __('Located input field \'%s\' [get]',$field_name)); ++ query_debug_timer_offset('data_query', __esc('Located input field \'%s\' [get]',$field_name)); + + if ($field_array['source'] == 'value' && !isset($field_array['rewrite_index'])) { + $oid_rewrite_pattern = null; +@@ -965,7 +965,7 @@ function query_snmp_host($host_id, $snmp + if (isset($field_array['oid_rewrite_pattern']) && isset($field_array['oid_rewrite_replacement'])) { + $oid_rewrite_pattern = '/' . str_replace('OID/REGEXP:', '', $field_array['oid_rewrite_pattern']) . '/'; + $oid_rewrite_replacement = $field_array['oid_rewrite_replacement']; +- query_debug_timer_offset('data_query', __('Found OID rewrite rule: \'s/%s/%s/\'', $oid_rewrite_pattern,$oid_rewrite_replacement)); ++ query_debug_timer_offset('data_query', __esc('Found OID rewrite rule: \'s/%s/%s/\'', $oid_rewrite_pattern,$oid_rewrite_replacement)); + } + + foreach ($snmp_indexes as $oid => $index) { +@@ -976,7 +976,7 @@ function query_snmp_host($host_id, $snmp + if (isset($oid_rewrite_pattern)) { + $orig_oid = $oid; + $oid = preg_replace($oid_rewrite_pattern, $oid_rewrite_replacement, $oid); +- query_debug_timer_offset('data_query', __('oid_rewrite at OID: \'%s\' new OID: \'%s\'', $orig_oid , $oid)); ++ query_debug_timer_offset('data_query', __esc('oid_rewrite at OID: \'%s\' new OID: \'%s\'', $orig_oid , $oid)); + } + + if (isset($field_array['output_format'])) { +@@ -997,7 +997,7 @@ function query_snmp_host($host_id, $snmp + $value = cacti_snmp_session_get($session, $oid); + } + +- query_debug_timer_offset('data_query', __('Executing SNMP get for data @ \'%s\' [value=\'%s\']', $oid, $value)); ++ query_debug_timer_offset('data_query', __esc('Executing SNMP get for data @ \'%s\' [value=\'%s\']', $oid, $value)); + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $value, $index, $oid); + } +@@ -1008,7 +1008,7 @@ function query_snmp_host($host_id, $snmp + $rewritten_indexes = data_query_rewrite_indexes($errmsg, $host_id, $snmp_query_id, $field_array['rewrite_index'], $snmp_indexes, $fields_processed); + if (cacti_sizeof($errmsg)) { + foreach ($errmsg as $message) { +- debug_log_insert('data_query', __('Field \'%s\' %s', $field_name,$message)); ++ debug_log_insert('data_query', __esc('Field \'%s\' %s', $field_name,$message)); + } + } + } +@@ -1065,7 +1065,7 @@ function query_snmp_host($host_id, $snmp + $oids[] = $value['oid']; + } + +- debug_log_insert('data_query', __('Executing SNMP get for %s oids (%s)' , cacti_count($oids), implode(', ', $oids))); ++ debug_log_insert('data_query', __esc('Executing SNMP get for %s oids (%s)' , cacti_count($oids), implode(', ', $oids))); + + $value_output_format = SNMP_STRING_OUTPUT_GUESS; + if (isset($field_array['output_format'])) { +@@ -1091,11 +1091,11 @@ function query_snmp_host($host_id, $snmp + } + + if (!cacti_sizeof($results) && $field_name == $sort_field) { +- query_debug_timer_offset('data_query', __('Sort field returned no data for OID[%s], skipping.', $oid)); ++ query_debug_timer_offset('data_query', __esc('Sort field returned no data for OID[%s], skipping.', $oid)); + } elseif (cacti_sizeof($results)) { + foreach ($results as $key => $value) { + debug_log_insert('data_query', +- __('Found result for data @ \'%s\' [value=\'%s\']', ++ __esc('Found result for data @ \'%s\' [value=\'%s\']', + $key, $value)); + } + +@@ -1103,11 +1103,11 @@ function query_snmp_host($host_id, $snmp + if (isset($results[$values[$key]['oid']])) { + $values[$key]['value'] = $results[$values[$key]['oid']]; + debug_log_insert('data_query', +- __('Setting result for data @ \'%s\' [key=\'%s\', value=\'%s\']', ++ __esc('Setting result for data @ \'%s\' [key=\'%s\', value=\'%s\']', + $values[$key]['oid'], $key, $values[$key]['value'])); + } else { + debug_log_insert('data_query', +- __('Skipped result for data @ \'%s\' [key=\'%s\', value=\'%s\']', ++ __esc('Skipped result for data @ \'%s\' [key=\'%s\', value=\'%s\']', + $values[$key]['oid'], $key, $values[$key]['value'])); + } + } +@@ -1121,7 +1121,7 @@ function query_snmp_host($host_id, $snmp + } + + foreach ($values as $item) { +- debug_log_insert('data_query', __('Got SNMP get result for data @ \'%s\' [value=\'%s\'] (index: %s)', $item['oid'], $item['value'], $item['index'])); ++ debug_log_insert('data_query', __esc('Got SNMP get result for data @ \'%s\' [value=\'%s\'] (index: %s)', $item['oid'], $item['value'], $item['index'])); + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $item['value'], $item['index'], $item['oid']); + } + +@@ -1151,15 +1151,15 @@ function query_snmp_host($host_id, $snmp + + $value = preg_replace('/' . str_replace('VALUE/REGEXP:', '', $field_array['source']) . '/', "\\1", $value); + +- query_debug_timer_offset('data_query', __('Executing SNMP get for data @ \'%s\' [value=\'$value\']', $oid, $value)); ++ query_debug_timer_offset('data_query', __esc('Executing SNMP get for data @ \'%s\' [value=\'$value\']', $oid, $value)); + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $value, $index, $oid); + } + } + } elseif ($field_array['method'] == 'walk' && ($field_array['direction'] == 'input' || $field_array['direction'] == 'input-output')) { +- debug_log_insert_section_start('data_query', __('Click to show Data Query output for field \'%s\'', $field_name), true); ++ debug_log_insert_section_start('data_query', __esc('Click to show Data Query output for field \'%s\'', $field_name), true); + +- query_debug_timer_offset('data_query', __('Located input field \'%s\' [walk]', $field_name)); ++ query_debug_timer_offset('data_query', __esc('Located input field \'%s\' [walk]', $field_name)); + + if (isset($field_array['output_format'])) { + if ($field_array['output_format'] == 'hex') { +@@ -1183,7 +1183,7 @@ function query_snmp_host($host_id, $snmp + } + } elseif ($field_name == $sort_field) { + $empty_types[] = $field_name; +- query_debug_timer_offset('data_query', __('Sort field returned no data for OID[%s], skipping.', $field_array['oid'])); ++ query_debug_timer_offset('data_query', __esc('Sort field returned no data for OID[%s], skipping.', $field_array['oid'])); + continue; + } + } else { +@@ -1191,12 +1191,12 @@ function query_snmp_host($host_id, $snmp + + if (!cacti_sizeof($snmp_data) && $field_name == $sort_field) { + $empty_types[] = $field_name; +- query_debug_timer_offset('data_query', __('Sort field returned no data for OID[%s], skipping.', $field_array['oid'])); ++ query_debug_timer_offset('data_query', __esc('Sort field returned no data for OID[%s], skipping.', $field_array['oid'])); + continue; + } + } + +- query_debug_timer_offset('data_query', __('Executing SNMP walk for data @ \'%s\'', $field_array['oid'])); ++ query_debug_timer_offset('data_query', __esc('Executing SNMP walk for data @ \'%s\'', $field_array['oid'])); + + if (preg_match('/^VALUE\/TABLE:(.*)/',$field_array['source'],$matches)) { + preg_match_all('/([^:]+):([^:]+)/',$matches[1],$match_temp); +@@ -1215,7 +1215,7 @@ function query_snmp_host($host_id, $snmp + + if (isset($snmp_queries['value_index_parse'])) { + if (!in_array($snmp_index, $snmp_indexes)) { +- debug_log_insert('data_query', __('No index[%s] in value_index_parse, skipping.', $snmp_index)); ++ debug_log_insert('data_query', __esc('No index[%s] in value_index_parse, skipping.', $snmp_index)); + unset($snmp_data[$oid]); + continue; + } +@@ -1256,7 +1256,7 @@ function query_snmp_host($host_id, $snmp + } + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, isset($modified_value)?$modified_value:$value , $snmp_index, $oid); +- debug_log_insert('data_query', __('Found item [%s=\'%s\'] index: %s [from %s]',$field_name,isset($modified_value)?"$modified_value ($value)":$value,$snmp_index,$mode)); ++ debug_log_insert('data_query', __esc('Found item [%s=\'%s\'] index: %s [from %s]',$field_name,isset($modified_value)?"$modified_value ($value)":$value,$snmp_index,$mode)); + unset($modified_value); + } + } +@@ -1273,7 +1273,7 @@ function query_snmp_host($host_id, $snmp + + if (isset($snmp_queries['value_index_parse'])) { + if (!in_array($snmp_index, $snmp_indexes)) { +- debug_log_insert('data_query', __('No index[%s] in value_index_parse, skipping.', $snmp_index)); ++ debug_log_insert('data_query', __esc('No index[%s] in value_index_parse, skipping.', $snmp_index)); + unset($snmp_data[$oid]); + continue; + } +@@ -1298,13 +1298,13 @@ function query_snmp_host($host_id, $snmp + } + } + if ($isascii) { +- query_debug_timer_offset('data_query', __('Found OCTET STRING \'%s\' decoded value: \'%s\'', $parse_value, $decoded)); ++ query_debug_timer_offset('data_query', __esc('Found OCTET STRING \'%s\' decoded value: \'%s\'', $parse_value, $decoded)); + $parse_value = $decoded; + } + } + } + +- debug_log_insert('data_query', __('Found item [%s=\'%s\'] index: %s [from regexp oid parse]', $field_name, $parse_value, $snmp_index)); ++ debug_log_insert('data_query', __esc('Found item [%s=\'%s\'] index: %s [from regexp oid parse]', $field_name, $parse_value, $snmp_index)); + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $parse_value, $snmp_index, $oid); + } +@@ -1322,7 +1322,7 @@ function query_snmp_host($host_id, $snmp + + if (isset($snmp_queries['value_index_parse'])) { + if (!in_array($snmp_index, $snmp_indexes)) { +- debug_log_insert('data_query', __('No index[%s] in value_index_parse, skipping.', $snmp_index)); ++ debug_log_insert('data_query', __esc('No index[%s] in value_index_parse, skipping.', $snmp_index)); + unset($snmp_data[$oid]); + continue; + } +@@ -1349,7 +1349,7 @@ function query_snmp_host($host_id, $snmp + $parse_value = inet_ntop(inet_pton($ip_value)); + } + +- debug_log_insert('data_query', __('Found item [%s=\'%s\'] index: %s [from regexp oid parse]', $field_name, $parse_value, $snmp_index)); ++ debug_log_insert('data_query', __esc('Found item [%s=\'%s\'] index: %s [from regexp oid parse]', $field_name, $parse_value, $snmp_index)); + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $parse_value, $snmp_index, $oid); + } +@@ -1369,7 +1369,7 @@ function query_snmp_host($host_id, $snmp + + if (isset($snmp_queries['value_index_parse'])) { + if (!in_array($snmp_index, $snmp_indexes)) { +- debug_log_insert('data_query', __('No index[%s] in value_index_parse, skipping.', $snmp_index)); ++ debug_log_insert('data_query', __esc('No index[%s] in value_index_parse, skipping.', $snmp_index)); + unset($snmp_data[$oid]); + continue; + } +@@ -1377,7 +1377,7 @@ function query_snmp_host($host_id, $snmp + + $oid = $field_array['oid']; + +- debug_log_insert('data_query', __('Found item [%s=\'%s\'] index: %s [from regexp oid value parse]', $field_name, $parse_value, $snmp_index)); ++ debug_log_insert('data_query', __esc('Found item [%s=\'%s\'] index: %s [from regexp oid value parse]', $field_name, $parse_value, $snmp_index)); + + $output_array[] = data_query_format_record($host_id, $snmp_query_id, $field_name, $rewrite_value, $parse_value, $snmp_index, $oid); + } +@@ -1599,7 +1599,7 @@ function rewrite_snmp_enum_value($field_ + + foreach ($map as $index => $item) { + if (!isset($item['match']) || !isset($item['replace'])) { +- debug_log_insert('data_query', "Bogus rewrite_value item found, index='$index'"); ++ debug_log_insert('data_query', __esc('Bogus rewrite_value item found, index=\'%s\'', $index)); + continue; + } + +@@ -1612,7 +1612,7 @@ function rewrite_snmp_enum_value($field_ + } + + if ($map === false || !is_array($map)) { +- debug_log_insert('data_query', 'Could not parse translation map (rewrite_value)'); ++ debug_log_insert('data_query', __esc('Could not parse translation map (rewrite_value)')); + return $value; + } + +@@ -1636,7 +1636,7 @@ function rewrite_snmp_enum_value($field_ + foreach ($mapcache[$field_name] as $src => $dst) { + if (preg_match($src, $value)) { + $nvalue = preg_replace($src, $dst, $value); +- debug_log_insert('data_query', "rewrite_value: '$value' => '$nvalue'"); ++ debug_log_insert('data_query', __esc('rewrite_value: \'%s\' => \'%s\'', $value, $nvalue)); + $value = $nvalue; + break; + } +@@ -1741,7 +1741,7 @@ function update_data_query_cache($host_i + } + } + +- query_debug_timer_offset('data_query', 'Update graph data query cache complete'); ++ query_debug_timer_offset('data_query', __esc('Update graph data query cache complete')); + + $data_sources = db_fetch_assoc_prepared('SELECT * + FROM data_local +@@ -1758,7 +1758,7 @@ function update_data_query_cache($host_i + } + } + +- query_debug_timer_offset('data_query', __('Re-Indexing Data Query complete')); ++ query_debug_timer_offset('data_query', __esc('Re-Indexing Data Query complete')); + } + + /* update_graph_data_query_cache - updates the local data query cache for a particular +@@ -2323,7 +2323,7 @@ function verify_index_order($raw_xml) { + + /* invalid xml check */ + if ((!is_array($raw_xml)) || (cacti_sizeof($raw_xml) == 0)) { +- query_debug_timer_offset('data_query', __('Error parsing XML file into an array.')); ++ query_debug_timer_offset('data_query', __esc('Error parsing XML file into an array.')); + return false; + } + +Index: cacti-1.2.24+ds1/lib/functions.php +=================================================================== +--- cacti-1.2.24+ds1.orig/lib/functions.php ++++ cacti-1.2.24+ds1/lib/functions.php +@@ -4327,6 +4327,8 @@ function debug_log_clear($type = '') { + /** + * debug_log_return - returns the debug log for a particular category + * ++ * NOTE: Escaping is done in the insert functions. ++ * + * @param $type - the 'category' to return the debug log for. + * + * @return - the full debug log for a particular category +Index: cacti-1.2.24+ds1/graphs.php +=================================================================== +--- cacti-1.2.24+ds1.orig/graphs.php ++++ cacti-1.2.24+ds1/graphs.php +@@ -249,7 +249,7 @@ function form_save() { + $return_array = create_complete_graph_from_template($graph_template_id, $host_id, $snmp_query_array, $suggested_values); + + if ($return_array !== false) { +- debug_log_insert('new_graphs', __('Created graph: %s', get_graph_title($return_array['local_graph_id']))); ++ debug_log_insert('new_graphs', __esc('Created graph: %s', get_graph_title($return_array['local_graph_id']))); + + /* lastly push host-specific information to our data sources */ + if (cacti_sizeof($return_array['local_data_id'])) { # we expect at least one data source associated +@@ -257,7 +257,7 @@ function form_save() { + push_out_host($host_id, $item); + } + } else { +- debug_log_insert('new_graphs', __('ERROR: No Data Source associated. Check Template')); ++ debug_log_insert('new_graphs', __esc('ERROR: No Data Source associated. Check Template')); + } + } + +Index: cacti-1.2.24+ds1/lib/template.php +=================================================================== +--- cacti-1.2.24+ds1.orig/lib/template.php ++++ cacti-1.2.24+ds1/lib/template.php +@@ -2140,7 +2140,7 @@ function create_save_graph($host_id, $fo + push_out_host($host_id, $item); + } + } else { +- debug_log_insert('new_graphs', __('ERROR: No Data Source associated. Check Template')); ++ debug_log_insert('new_graphs', __esc('ERROR: No Data Source associated. Check Template')); + } + + db_execute_prepared('INSERT IGNORE INTO host_graph +@@ -2148,7 +2148,7 @@ function create_save_graph($host_id, $fo + VALUES(?, ?)', + array($host_id, $graph_template_id)); + } else { +- debug_log_insert('new_graphs', __('ERROR: Whitelist Validation Failed. Check Data Input Method')); ++ debug_log_insert('new_graphs', __esc('ERROR: Whitelist Validation Failed. Check Data Input Method')); + } + } else { + $name = db_fetch_cell_prepared('SELECT name +@@ -2156,7 +2156,7 @@ function create_save_graph($host_id, $fo + WHERE id = ?', + array($graph_template_id)); + +- debug_log_insert('new_graphs', __('Graph Not created for ' . $name . ' due to bad data')); ++ debug_log_insert('new_graphs', __esc('Graph Not created for %s due to bad data', $name)); + } + } elseif ($form_type == 'sg') { + foreach ($snmp_index_array as $snmp_index => $true) { +@@ -2174,10 +2174,10 @@ function create_save_graph($host_id, $fo + push_out_host($host_id, $item); + } + } else { +- debug_log_insert('new_graphs', __('ERROR: No Data Source associated. Check Template')); ++ debug_log_insert('new_graphs', __esc('ERROR: No Data Source associated. Check Template')); + } + } else { +- debug_log_insert('new_graphs', __('ERROR: Whitelist Validation Failed. Check Data Input Method')); ++ debug_log_insert('new_graphs', __esc('ERROR: Whitelist Validation Failed. Check Data Input Method')); + } + } else { + $name = db_fetch_cell_prepared('SELECT name +@@ -2185,7 +2185,7 @@ function create_save_graph($host_id, $fo + WHERE id = ?', + array($snmp_query_array['snmp_query_id'])); + +- debug_log_insert('new_graphs', __('NOTE: Graph not added for Data Query ' . $name . ' and index ' . $snmp_query_array['snmp_index'] . ' due to Data Source verification failure.')); ++ debug_log_insert('new_graphs', __esc('NOTE: Graph not added for Data Query %s and index %s due to Data Source verification failure', $name, $snmp_query_array['snmp_index'])); + } + } + } diff -Nru cacti-1.2.24+ds1/debian/patches/CVE-2023-49084.patch cacti-1.2.24+ds1/debian/patches/CVE-2023-49084.patch --- cacti-1.2.24+ds1/debian/patches/CVE-2023-49084.patch 1970-01-01 00:00:00.000000000 +0000 +++ cacti-1.2.24+ds1/debian/patches/CVE-2023-49084.patch 2024-03-15 09:45:51.000000000 +0000 @@ -0,0 +1,47 @@ +Origin: https://github.com/cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 +Origin: https://github.com/cacti/cacti/commit/c3a647e9867ae8e2982e26342630ba9edb2d94b7 +Reviewed-by: Sylvain Beucler +Last-Update: 2024-03-15 + +From 5f451bc680d7584525d18026836af2a1e31b2188 Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Sat, 18 Nov 2023 10:03:08 -0500 +Subject: [PATCH] QA: Increase Cacti Security in four areas + +--- + link.php | 2 +- + pollers.php | 4 ++-- + reports_admin.php | 10 +++++----- + reports_user.php | 10 +++++----- + 4 files changed, 13 insertions(+), 13 deletions(-) + +From c3a647e9867ae8e2982e26342630ba9edb2d94b7 Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Wed, 22 Nov 2023 07:46:14 -0500 +Subject: [PATCH] QA: Further hardening of External Links + +Attribution: Aleksey Solovev (Positive Technologies) +Advisory forthcoming. +--- + link.php | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +Index: cacti-1.2.24+ds1/link.php +=================================================================== +--- cacti-1.2.24+ds1.orig/link.php ++++ cacti-1.2.24+ds1/link.php +@@ -76,10 +76,11 @@ if (!cacti_sizeof($page)) { + } else { + print '
'; + +- $file = $config['base_path'] . "/include/content/" . str_replace('../', '', $page['contentfile']); ++ $basepath = $config['base_path'] . '/include/content'; ++ $file = realpath($basepath . '/' . $page['contentfile']); + +- if (file_exists($file)) { +- include_once($file); ++ if ($file !== false && substr($file, 0, strlen($basepath)) == $basepath) { ++ print file_get_contents($file); + } else { + print '

The file \'' . html_escape($page['contentfile']) . '\' does not exist!!

'; + } diff -Nru cacti-1.2.24+ds1/debian/patches/CVE-2023-49085.patch cacti-1.2.24+ds1/debian/patches/CVE-2023-49085.patch --- cacti-1.2.24+ds1/debian/patches/CVE-2023-49085.patch 1970-01-01 00:00:00.000000000 +0000 +++ cacti-1.2.24+ds1/debian/patches/CVE-2023-49085.patch 2024-03-15 09:44:04.000000000 +0000 @@ -0,0 +1,126 @@ +Origin: https://github.com/cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 +Reviewed-by: Sylvain Beucler +Last-Update: 2024-02-26 + +From 5f451bc680d7584525d18026836af2a1e31b2188 Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Sat, 18 Nov 2023 10:03:08 -0500 +Subject: [PATCH] QA: Increase Cacti Security in four areas + +--- + link.php | 2 +- + pollers.php | 4 ++-- + reports_admin.php | 10 +++++----- + reports_user.php | 10 +++++----- + 4 files changed, 13 insertions(+), 13 deletions(-) + +Index: cacti-1.2.24+ds1/pollers.php +=================================================================== +--- cacti-1.2.24+ds1.orig/pollers.php ++++ cacti-1.2.24+ds1/pollers.php +@@ -424,9 +424,9 @@ function poller_host_duplicate($poller_i + } else { + return db_fetch_cell_prepared('SELECT COUNT(*) + FROM poller +- WHERE dbhost LIKE "' . $host . '%" ++ WHERE dbhost LIKE ? + AND id != ?', +- array($poller_id)); ++ array($host . '%', $poller_id)); + } + } + +Index: cacti-1.2.24+ds1/reports_admin.php +=================================================================== +--- cacti-1.2.24+ds1.orig/reports_admin.php ++++ cacti-1.2.24+ds1/reports_admin.php +@@ -48,7 +48,7 @@ switch (get_request_var('action')) { + + break; + case 'send': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_send(get_request_var('id')); + +@@ -66,7 +66,7 @@ switch (get_request_var('action')) { + + break; + case 'ajax_get_branches': +- print reports_get_branch_select(get_request_var('tree_id')); ++ print reports_get_branch_select(get_filter_request_var('tree_id')); + + break; + case 'ajax_hosts': +@@ -131,21 +131,21 @@ switch (get_request_var('action')) { + + break; + case 'item_movedown': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_item_movedown(); + + header('Location: reports_admin.php?action=edit&tab=items&id=' . get_request_var('id')); + break; + case 'item_moveup': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_item_moveup(); + + header('Location: reports_admin.php?action=edit&tab=items&id=' . get_request_var('id')); + break; + case 'item_remove': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_item_remove(); + +Index: cacti-1.2.24+ds1/reports_user.php +=================================================================== +--- cacti-1.2.24+ds1.orig/reports_user.php ++++ cacti-1.2.24+ds1/reports_user.php +@@ -47,7 +47,7 @@ switch (get_request_var('action')) { + + break; + case 'send': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_send(get_request_var('id')); + +@@ -56,7 +56,7 @@ switch (get_request_var('action')) { + case 'ajax_dnd': + reports_item_dnd(); + +- header('Location: reports_admin.php?action=edit&tab=items&id=' . get_request_var('id')); ++ header('Location: reports_admin.php?action=edit&tab=items&id=' . get_filter_request_var('id')); + break; + case 'setvar': + $changed = reports_item_validate(); +@@ -129,21 +129,21 @@ switch (get_request_var('action')) { + reports_form_actions(); + break; + case 'item_movedown': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_item_movedown(); + + header('Location: reports_user.php?action=edit&tab=items&id=' . get_request_var('id')); + break; + case 'item_moveup': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_item_moveup(); + + header('Location: reports_user.php?action=edit&tab=items&id=' . get_request_var('id')); + break; + case 'item_remove': +- get_request_var('id'); ++ get_filter_request_var('id'); + + reports_item_remove(); + diff -Nru cacti-1.2.24+ds1/debian/patches/CVE-2023-49086.patch cacti-1.2.24+ds1/debian/patches/CVE-2023-49086.patch --- cacti-1.2.24+ds1/debian/patches/CVE-2023-49086.patch 1970-01-01 00:00:00.000000000 +0000 +++ cacti-1.2.24+ds1/debian/patches/CVE-2023-49086.patch 2024-03-15 09:47:44.000000000 +0000 @@ -0,0 +1,49 @@ +Origin: https://github.com/cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 +Reviewed-by: Sylvain Beucler +Last-Update: 2024-02-22 + +From 56f9d99e6e5ab434ea18fa344236f41e78f99c59 Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Thu, 28 Dec 2023 13:53:57 -0500 +Subject: [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and + CVE-2023-48086 + +Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x +and here: +https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr +--- + data_debug.php | 2 +- + graphs_new.php | 20 ++++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/graphs_new.php b/graphs_new.php +index b81987b0c..87f3b46c1 100644 +--- a/graphs_new.php ++++ b/graphs_new.php +@@ -985,8 +985,24 @@ function saveFilter() { + form_hidden_box('host_template_id', $host['host_template_id'], '0'); + } + +- if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'graphs_new') === false) { +- set_request_var('returnto', basename($_SERVER['HTTP_REFERER'])); ++ if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { ++ $referer_url = parse_url($_SERVER['HTTP_REFERER']); ++ ++ if ($_SERVER['SERVER_NAME'] != $referer_url['host']) { ++ /* Potential security exploit 1 */ ++ set_request_var('returnto', 'host.php'); ++ } elseif (strpos($_SERVER['HTTP_REFERER'], 'graphs_new') === false) { ++ set_request_var('returnto', basename($_SERVER['HTTP_REFERER'])); ++ } else { ++ set_request_var('returnto', 'host.php'); ++ } ++ } elseif (isset_request_var('returnto') && get_nfilter_request_var('returnto') != '') { ++ $returnto_url = parse_url(get_nfilter_request_var('returnto')); ++ ++ if ($_SERVER['SERVER_NAME'] != $returnto_url['host']) { ++ /* Potential security exploit 2 */ ++ set_request_var('returnto', 'host.php'); ++ } + } + + load_current_session_value('returnto', 'sess_grn_returnto', ''); diff -Nru cacti-1.2.24+ds1/debian/patches/CVE-2023-49088,50250,50569.patch cacti-1.2.24+ds1/debian/patches/CVE-2023-49088,50250,50569.patch --- cacti-1.2.24+ds1/debian/patches/CVE-2023-49088,50250,50569.patch 1970-01-01 00:00:00.000000000 +0000 +++ cacti-1.2.24+ds1/debian/patches/CVE-2023-49088,50250,50569.patch 2024-03-15 09:50:59.000000000 +0000 @@ -0,0 +1,173 @@ +Origin: https://github.com/cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 +Origin: https://github.com/cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc +Origin: https://github.com/cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 +Reviewed-by: Sylvain Beucler +Last-Update: 2024-03-15 + +Backport note: 56f9d99e6e5ab434ea18fa344236f41e78f99c59 isn't the +actual fix for CVE-2023-49088, but including it for completeness. + +From 56f9d99e6e5ab434ea18fa344236f41e78f99c59 Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Thu, 28 Dec 2023 13:53:57 -0500 +Subject: [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and + CVE-2023-48086 + +Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x +and here: +https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr +--- + data_debug.php | 2 +- + graphs_new.php | 20 ++++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +From 58a980f335980ab57659420053d89d4e721ae3fc Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Wed, 20 Dec 2023 16:24:54 -0500 +Subject: [PATCH] QA: Address multiple security issues (#5623) + +--- + include/js/purify.js | 1490 ++++++++++++++++++++++++++++++++++++++++++ + include/layout.js | 5 +- + lib/functions.php | 6 +- + lib/html.php | 1 + + managers.php | 11 +- + utilities.php | 4 +- + 6 files changed, 1509 insertions(+), 8 deletions(-) + create mode 100644 include/js/purify.js + +From 73d9a60e24d6d826e6343b94d833b48c28b68643 Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Wed, 20 Dec 2023 18:32:29 -0500 +Subject: [PATCH] QA: Fix Purify from GitHub (#5625) + +--- + include/js/purify.js | 592 +++++++++++++++++++++++++++++-------------- + 1 file changed, 398 insertions(+), 194 deletions(-) + +From 59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b Mon Sep 17 00:00:00 2001 +From: TheWitness +Date: Thu, 28 Dec 2023 12:58:07 -0500 +Subject: [PATCH] QA: Fix 1 of 3 - Two 1.2.26 release merge issues + +Due to not properly merging of the security solutions, these two errors are present in the 1.2.26 release. +--- + include/layout.js | 2 +- + utilities.php | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +Index: cacti-1.2.24+ds1/data_debug.php +=================================================================== +--- cacti-1.2.24+ds1.orig/data_debug.php ++++ cacti-1.2.24+ds1/data_debug.php +@@ -681,7 +681,7 @@ function debug_view() { + array($id)); + + if (cacti_sizeof($dtd)) { +- $real_path = str_replace('', $config['rra_path'], $dtd['data_source_path']); ++ $real_path = html_escape(str_replace('', $config['rra_path'], $dtd['data_source_path'])); + } else { + $real_path = __('Not Found'); + } +Index: cacti-1.2.24+ds1/include/layout.js +=================================================================== +--- cacti-1.2.24+ds1.orig/include/layout.js ++++ cacti-1.2.24+ds1/include/layout.js +@@ -834,10 +834,11 @@ function applySkin() { + var element = $(this); + + if (element.is('div')) { +- var text = $(this).find('span').html(); ++ var text = DOMPurify.sanitize($(this).find('span').html()); + } else if (element.is('span') || element.is('a')) { +- var text = $(this).prop('title'); ++ var text = DOMPurify.sanitize($(this).prop('title')); + } ++ + return text; + } + }); +Index: cacti-1.2.24+ds1/lib/functions.php +=================================================================== +--- cacti-1.2.24+ds1.orig/lib/functions.php ++++ cacti-1.2.24+ds1/lib/functions.php +@@ -1041,10 +1041,10 @@ function raise_message($message_id, $mes + function raise_message_javascript($title, $header, $message) { + ?> + + $id) { ++ input_validate_input_number($id); ++ } ++ + if (get_nfilter_request_var('drp_action') == '1') { // delete + db_execute('DELETE FROM snmpagent_managers WHERE id IN (' . implode(',' ,$selected_items) . ')'); + db_execute('DELETE FROM snmpagent_managers_notifications WHERE manager_id IN (' . implode(',' ,$selected_items) . ')'); +Index: cacti-1.2.24+ds1/utilities.php +=================================================================== +--- cacti-1.2.24+ds1.orig/utilities.php ++++ cacti-1.2.24+ds1/utilities.php +@@ -3067,13 +3067,15 @@ function snmpagent_utilities_run_cache() + + ?> + +