Skip to content

fix(security): defense-in-depth hardening for plugin_thold #767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
somethingwithproof wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

fix(security): defense-in-depth hardening for plugin_thold #767

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2d6b8f2
fix(security): defense-in-depth hardening for plugin_thold
somethingwithproof Apr 9, 2026
a276abf
fix(js): migrate deprecated jQuery shorthand events to .on()/.off()
somethingwithproof Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions notify_lists.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1138,7 +1138,7 @@ function hosts($header_label) {
<script type='text/javascript'>

function applyFilter() {
strURL = '?header=false&action=edit&id=<?php print get_request_var('id'); ?>'
strURL = '?header=false&action=edit&id=<?php print (int)get_filter_request_var('id'); ?>'
strURL += '&rows=' + $('#rows').val();
strURL += '&host_template_id=' + $('#host_template_id').val();
strURL += '&site_id=' + $('#site_id').val();
Expand All @@ -1148,12 +1148,12 @@ function applyFilter() {
}

function clearFilter() {
strURL = 'notify_lists.php?header=false&action=edit&id=<?php print get_request_var('id'); ?>&clear=true'
strURL = 'notify_lists.php?header=false&action=edit&id=<?php print (int)get_filter_request_var('id'); ?>&clear=true'
loadPageNoHeader(strURL);
}

$(function() {
$('#form_devices').submit(function(event) {
$('#form_devices').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down Expand Up @@ -1507,7 +1507,7 @@ function tholds($header_label) {
<script type='text/javascript'>

function applyFilter() {
strURL = 'notify_lists.php?header=false&action=edit&tab=tholds&id=<?php print get_request_var('id'); ?>'
strURL = 'notify_lists.php?header=false&action=edit&tab=tholds&id=<?php print (int)get_filter_request_var('id'); ?>'
strURL += '&associated=' + $('#associated').is(':checked');
strURL += '&state=' + $('#state').val();
strURL += '&site_id=' + $('#site_id').val();
Expand All @@ -1518,12 +1518,12 @@ function applyFilter() {
}

function clearFilter() {
strURL = 'notify_lists.php?header=false&action=edit&tab=tholds&id=<?php print get_request_var('id'); ?>&clear=true'
strURL = 'notify_lists.php?header=false&action=edit&tab=tholds&id=<?php print (int)get_filter_request_var('id'); ?>&clear=true'
loadPageNoHeader(strURL);
}

$(function() {
$('#listthold').submit(function(event) {
$('#listthold').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down Expand Up @@ -1796,20 +1796,20 @@ function templates($header_label) {
<script type='text/javascript'>

function applyFilter() {
strURL = 'notify_lists.php?header=false&action=edit&tab=templates&id=<?php print get_request_var('id'); ?>'
strURL = 'notify_lists.php?header=false&action=edit&tab=templates&id=<?php print (int)get_filter_request_var('id'); ?>'
strURL += '&associated=' + $('#associated').is(':checked');
strURL += '&rows=' + $('#rows').val();
strURL += '&rfilter=' + base64_encode($('#rfilter').val());
loadPageNoHeader(strURL);
}

function clearFilter() {
strURL = 'notify_lists.php?header=false&action=edit&tab=templates&id=<?php print get_request_var('id'); ?>&clear=true'
strURL = 'notify_lists.php?header=false&action=edit&tab=templates&id=<?php print (int)get_filter_request_var('id'); ?>&clear=true'
loadPageNoHeader(strURL);
}

$(function() {
$('#listthold').submit(function(event) {
$('#listthold').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down Expand Up @@ -2128,7 +2128,7 @@ function clearFilter() {
}

$(function() {
$('#lists').submit(function(event) {
$('#lists').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down
12 changes: 6 additions & 6 deletions notify_queue.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -331,30 +331,30 @@ function clearFilter() {
}

$(function() {
$('#refresh').click(function() {
$('#refresh').on('click', function() {
applyFilter();
});

$('#clear').click(function() {
$('#clear').on('click', function() {
clearFilter();
});

$('#suspend').click(function() {
$('#suspend').on('click', function() {
strURL = 'notify_queue.php?action=suspend';
loadPage(strURL);
});

$('#resume').click(function() {
$('#resume').on('click', function() {
strURL = 'notify_queue.php?action=resume';
loadPage(strURL);
});

$('#purge').click(function() {
$('#purge').on('click', function() {
strURL = 'notify_queue.php?action=purge';
loadPage(strURL);
});

$('#form_notify').submit(function(event) {
$('#form_notify').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down
20 changes: 10 additions & 10 deletions setup.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1233,7 +1233,7 @@ function thold_page_head() {
<script type='text/javascript'>
$(function() {
$(document).ajaxComplete(function() {
$('.tholdVRule').unbind().click(function(event) {
$('.tholdVRule').off().on('click', function(event) {
event.preventDefault();

href = $(this).attr('href');
Expand Down Expand Up @@ -1394,14 +1394,14 @@ function thold_device_top() {
$('#cdialog').dialog();
});

$('#continue').click(function(data) {
$('#continue').on('click', function(data) {
$.post('host.php?action=item_remove_tt', {
__csrf_magic: csrfMagicToken,
host_id: <?php print get_request_var('host_id'); ?>,
id: <?php print get_request_var('id'); ?>
host_id: <?php print (int)get_filter_request_var('host_id'); ?>,
id: <?php print (int)get_filter_request_var('id'); ?>
}).done(function(data) {
$('#cdialog').dialog('close');
loadPageNoHeader('host.php?action=edit&header=false&id=<?php print get_request_var('host_id'); ?>');
loadPageNoHeader('host.php?action=edit&header=false&id=<?php print (int)get_filter_request_var('host_id'); ?>');
});
});
</script>
Expand Down Expand Up @@ -1503,7 +1503,7 @@ function thold_device_template_edit() {
</table>
<script type='text/javascript'>
function addThresholdTemplate() {
$('#add_tt').click(function() {
$('#add_tt').on('click', function() {
scrollTop = $(window).scrollTop();
$.post('host_templates.php?header=false&action=item_add_tt', {
host_template_id: $('#id').val(),
Expand Down Expand Up @@ -1564,14 +1564,14 @@ function thold_device_template_top() {
$('#cdialog').dialog();
});

$('#continue').click(function(data) {
$('#continue').on('click', function(data) {
$.post('host_templates.php?action=item_remove_tt', {
__csrf_magic: csrfMagicToken,
host_template_id: <?php print get_request_var('host_template_id'); ?>,
id: <?php print get_request_var('id'); ?>
host_template_id: <?php print (int)get_filter_request_var('host_template_id'); ?>,
id: <?php print (int)get_filter_request_var('id'); ?>
}).done(function(data) {
$('#cdialog').dialog('close');
loadPageNoHeader('host_templates.php?action=edit&header=false&id=<?php print get_request_var('host_template_id'); ?>');
loadPageNoHeader('host_templates.php?action=edit&header=false&id=<?php print (int)get_filter_request_var('host_template_id'); ?>');
});
});
</script>
Expand Down
2 changes: 1 addition & 1 deletion thold.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -784,7 +784,7 @@ function clearFilter() {
}

$(function() {
$('#thold').submit(function(event) {
$('#thold').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down
10 changes: 5 additions & 5 deletions thold_graph.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ function form_thold_filter() {
</td>
</tr>
</table>
<input type='hidden' id='page' value='<?php print get_request_var('page'); ?>'>
<input type='hidden' id='page' value='<?php print html_escape_request_var('page'); ?>'>
<input type='hidden' id='tab' value='thold'>
</form>
<script type='text/javascript'>
Expand All @@ -274,7 +274,7 @@ function clearFilter() {
}

$(function() {
$('#thold').submit(function(event) {
$('#thold').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down Expand Up @@ -1261,7 +1261,7 @@ function form_host_filter() {
</td>
</tr>
</table>
<input type='hidden' name='page' value='<?php print get_request_var('page'); ?>'>
<input type='hidden' name='page' value='<?php print html_escape_request_var('page'); ?>'>
<input type='hidden' name='tab' value='hoststat'>
</form>
<script type='text/javascript'>
Expand All @@ -1282,7 +1282,7 @@ function clearFilter() {
}

$(function() {
$('#form_devices').submit(function(event) {
$('#form_devices').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down Expand Up @@ -1763,7 +1763,7 @@ function exportLog() {
}

$(function() {
$('#form_log').submit(function(event) {
$('#form_log').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down
2 changes: 1 addition & 1 deletion thold_process.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@
$item = [];

if (substr($thold_data['rrd_reindexed'], 0, 1) == 'a') {
$rrd_reindexed[$thold_data['local_data_id']] = cacti_unserialize($thold_data['rrd_reindexed']);
$rrd_reindexed[$thold_data['local_data_id']] = cacti_unserialize($thold_data['rrd_reindexed'], array('allowed_classes' => false));
} else {
$rrd_reindexed[$thold_data['local_data_id']] = json_decode($thold_data['rrd_reindexed'], true);
}
Expand Down
6 changes: 3 additions & 3 deletions thold_templates.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -565,7 +565,7 @@ function applyFilter(type) {
}

$(function() {
$('#go').button().click(function() {
$('#go').button().on('click', function() {
strURL = $('#tholdform').attr('action');
json = $('input, select').serializeObject();
loadPageUsingPost(strURL, json);
Expand Down Expand Up @@ -2201,7 +2201,7 @@ function importTemplate() {
}

$(function() {
$('#listthold').submit(function(event) {
$('#listthold').on('submit', function(event) {
event.preventDefault();
applyFilter();
});
Expand Down Expand Up @@ -2566,7 +2566,7 @@ function thold_form_end($ajax = true) {
if ($ajax) { ?>
<script type='text/javascript'>
$(function() {
$('#<?php print $form_id; ?>').submit(function(event) {
$('#<?php print $form_id; ?>').on('submit', function(event) {
if ($('#drp_action').val() != '1') {
event.preventDefault();
strURL = '<?php print $form_action; ?>';
Expand Down
4 changes: 2 additions & 2 deletions thold_webapi.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -839,7 +839,7 @@ function applyTholdFilter() {
$(function() {
if ($('#type_id').val() == 'template') {
$('#submit').prev().hide();
$('#submit').off().click(function(event) {
$('#submit').off().on('click', function(event) {
event.preventDefault();

json = $('input, select').serializeObject();
Expand All @@ -861,7 +861,7 @@ function applyTholdFilter() {
function thold_new_graphs_save($host_id) {
$return_array = false;

$selected_graphs_array = cacti_unserialize(stripslashes(get_nfilter_request_var('selected_graphs_array')));
$selected_graphs_array = cacti_unserialize(stripslashes(get_nfilter_request_var('selected_graphs_array', array('allowed_classes' => false))));
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

get_nfilter_request_var() is being called with a second argument (array('allowed_classes' => false)), but this codebase otherwise only calls it with a single parameter. This is likely a runtime error (too many arguments) and also doesn’t apply the allowed_classes restriction to the unserialize operation. Pass the options array to cacti_unserialize() instead (second parameter), and keep get_nfilter_request_var('selected_graphs_array') as-is.

Suggested change
$selected_graphs_array = cacti_unserialize(stripslashes(get_nfilter_request_var('selected_graphs_array', array('allowed_classes' => false))));
$selected_graphs_array = cacti_unserialize(stripslashes(get_nfilter_request_var('selected_graphs_array')), array('allowed_classes' => false));

Copilot uses AI. Check for mistakes.

$values = [];

Expand Down
Loading