diff options
Diffstat (limited to 'net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch')
| -rw-r--r-- | net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch b/net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch new file mode 100644 index 000000000000..ae87c954315f --- /dev/null +++ b/net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch @@ -0,0 +1,12 @@ +--- /var/www/localhost/htdocs/cacti/auth_login.php 2004-08-17 11:24:40.000000000 +0300 ++++ auth_login.php 2004-08-17 12:33:52.271029872 +0300 +@@ -29,9 +29,6 @@ + + switch ($_REQUEST["action"]) { + case 'login': +- /* --- UPDATE old password with new md5 password value */ +- db_execute("update user_auth set password = '" . md5($_POST["password"]) . "' where username='" . $_POST["username"] . "' and password = PASSWORD('" . $_POST["password"] . "')"); +- + /* --- start ldap section --- */ + $ldap_auth = false; + if ((read_config_option("ldap_enabled") == "on") && ($_POST["realm"] == "ldap") && (strlen($_POST["password"]))){ |