commit: 8d752c75f06d85b2eeceb3770f27484ca7bd2df1 Author: John Helmert III <ajak <AT> gentoo <DOT> org> AuthorDate: Sun Oct 17 20:07:19 2021 +0000 Commit: John Helmert III <ajak <AT> gentoo <DOT> org> CommitDate: Sun Oct 17 20:36:42 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d752c75
net-analyzer/cacti: drop 1.2.16-r1 Bug: https://bugs.gentoo.org/765022 Signed-off-by: John Helmert III <ajak <AT> gentoo.org> net-analyzer/cacti/Manifest | 1 - net-analyzer/cacti/cacti-1.2.16-r1.ebuild | 54 ---- .../cacti/files/cacti-1.2.16-CVE-2020-35701.patch | 29 -- .../cacti/files/cacti-1.2.16-XSS-issue-4019.patch | 360 --------------------- 4 files changed, 444 deletions(-) diff --git a/net-analyzer/cacti/Manifest b/net-analyzer/cacti/Manifest index 8d2399500a5..b8685c4f777 100644 --- a/net-analyzer/cacti/Manifest +++ b/net-analyzer/cacti/Manifest @@ -1,2 +1 @@ -DIST cacti-1.2.16.tar.gz 29197220 BLAKE2B 19939d0ff79c895b481aeb7ffec8331d8b9c10a6b7e0dbda6532e06ef0322f21cf02f4bf53a9522e1f672dd04b343f5550e2f34f08b3af2050e1f72465cffc43 SHA512 fe22acf4dea8ab6ec79825d66a84ad4c43fdce2815e7327536d182bc04400ed7b1d268209bbbca8b307c4779ee5bf7369a617ec1f052d8805757c2ca9b30cc35 DIST cacti-1.2.17.tar.gz 38344112 BLAKE2B e555fc99560d10e94181c38b50e6f839532fb3dc66ff688b36a7efd10c15304e7636c9b4b483763fcea751317bcb283bb2bd8f813d5759c98aed6bbf02fd256a SHA512 94ae75b2494a91c536906c7bbeaa948d16c7ad96ed3a62c1eb21175f92c01787c6849960bbc791e04b3df46edbfd3cd787eb825bb423ce0814c0904edb2c915d diff --git a/net-analyzer/cacti/cacti-1.2.16-r1.ebuild b/net-analyzer/cacti/cacti-1.2.16-r1.ebuild deleted file mode 100644 index 78185ebd73d..00000000000 --- a/net-analyzer/cacti/cacti-1.2.16-r1.ebuild +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit edos2unix webapp - -# Support for _p* in version. -MY_P=${P/_p*/} - -DESCRIPTION="Cacti is a complete frontend to rrdtool" -HOMEPAGE="https://www.cacti.net/"; -SRC_URI="https://www.cacti.net/downloads/${MY_P}.tar.gz"; - -LICENSE="GPL-2" -KEYWORDS="~alpha amd64 ~arm ~hppa ~ppc ~ppc64 sparc x86" -IUSE="snmp doc" - -need_httpd - -RDEPEND=" - dev-lang/php[cli,mysql,pdo,session,sockets,xml] - dev-php/adodb - net-analyzer/rrdtool[graph] - virtual/cron - snmp? ( >=net-analyzer/net-snmp-5.2.0 ) -" - -PATCHES=( - "${FILESDIR}/${P}-CVE-2020-35701.patch" - "${FILESDIR}/${P}-XSS-issue-4019.patch" -) - -src_compile() { :; } - -src_install() { - dodoc CHANGELOG - dodoc -r docs - mv docs .. || die - - webapp_src_preinst - - edos2unix `find -type f -name '*.php'` - - dodir ${MY_HTDOCSDIR} - cp -r . "${ED}"${MY_HTDOCSDIR} - - webapp_serverowned ${MY_HTDOCSDIR}/rra - webapp_serverowned ${MY_HTDOCSDIR}/log - webapp_configfile ${MY_HTDOCSDIR}/include/config.php - webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt - - webapp_src_install -} diff --git a/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch b/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch deleted file mode 100644 index f55b7b0a40d..00000000000 --- a/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://bugs.gentoo.org/765019 -https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82 - -From 565e0604a53f4988dc5b544d01f4a631eaa80d82 Mon Sep 17 00:00:00 2001 -From: TheWitness <[email protected]> -Date: Thu, 24 Dec 2020 10:39:50 -0500 -Subject: [PATCH] Fixing Issue #4022 - -SQL Injection in data_debug.php ---- a/data_debug.php -+++ b/data_debug.php -@@ -35,6 +35,8 @@ - - set_default_action(); - -+validate_request_vars(); -+ - switch (get_request_var('action')) { - case 'actions': - form_actions(); -@@ -123,8 +125,6 @@ - - break; - default: -- validate_request_vars(); -- - $refresh = array( - 'seconds' => get_request_var('refresh'), - 'page' => 'data_debug.php?header=false', diff --git a/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch b/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch deleted file mode 100644 index 1f09e572c86..00000000000 --- a/net-analyzer/cacti/files/cacti-1.2.16-XSS-issue-4019.patch +++ /dev/null @@ -1,360 +0,0 @@ -https://github.com/Cacti/cacti/issues/4019 - -From ef10fe1c340ed932dc18b6a566b21f9dd15933c2 Mon Sep 17 00:00:00 2001 -From: TheWitness <[email protected]> -Date: Wed, 23 Dec 2020 16:33:27 -0500 -Subject: [PATCH] Fixing Issue #4019 - -* In a recent audit of core Cacti code, there were a few stored XSS issues that can be exposed -* Also removed a few spurious title_trims, that should no longer be a problem. ---- a/automation_devices.php -+++ b/automation_devices.php -@@ -485,7 +485,7 @@ function draw_filter() { - <?php - if (cacti_sizeof($networks)) { - foreach ($networks as $key => $name) { -- print "<option value='" . $key . "'"; if (get_request_var('network') == $key) { print ' selected'; } print '>' . $name . "</option>"; -+ print "<option value='" . html_escape($key) . "'"; if (get_request_var('network') == $key) { print ' selected'; } print '>' . html_escape($name) . "</option>"; - } - } - ?> -@@ -515,7 +515,7 @@ function draw_filter() { - <?php - if (cacti_sizeof($status_arr)) { - foreach ($status_arr as $st) { -- print "<option value='" . $st . "'"; if (get_request_var('status') == $st) { print ' selected'; } print '>' . $st . "</option>"; -+ print "<option value='" . html_escape($st) . "'"; if (get_request_var('status') == $st) { print ' selected'; } print '>' . html_escape($st) . "</option>"; - } - } - ?> -@@ -530,7 +530,7 @@ function draw_filter() { - <?php - if (cacti_sizeof($os_arr)) { - foreach ($os_arr as $st) { -- print "<option value='" . $st . "'"; if (get_request_var('os') == $st) { print ' selected'; } print '>' . $st . "</option>"; -+ print "<option value='" . html_escape($st) . "'"; if (get_request_var('os') == $st) { print ' selected'; } print '>' . html_escape($st) . "</option>"; - } - } - ?> -@@ -545,7 +545,7 @@ function draw_filter() { - <?php - if (cacti_sizeof($status_arr)) { - foreach ($status_arr as $st) { -- print "<option value='" . $st . "'"; if (get_request_var('snmp') == $st) { print ' selected'; } print '>' . $st . "</option>"; -+ print "<option value='" . html_escape($st) . "'"; if (get_request_var('snmp') == $st) { print ' selected'; } print '>' . html_escape($st) . "</option>"; - } - } - ?> -@@ -560,7 +560,7 @@ function draw_filter() { - <?php - if (cacti_sizeof($item_rows) > 0) { - foreach ($item_rows as $key => $value) { -- print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . "</option>"; -+ print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . html_escape($value) . "</option>"; - } - } - ?> ---- a/data_debug.php -+++ b/data_debug.php -@@ -969,7 +969,7 @@ function data_debug_filter() { - - if (cacti_sizeof($templates) > 0) { - foreach ($templates as $template) { -- print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim(html_escape($template['name']), 40) . "</option>"; -+ print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>'; - } - } - ?> -@@ -997,7 +997,7 @@ function data_debug_filter() { - $profiles = array_rekey(db_fetch_assoc('SELECT id, name FROM data_source_profiles ORDER BY name'), 'id', 'name'); - if (cacti_sizeof($profiles)) { - foreach ($profiles as $key => $value) { -- print "<option value='" . $key . "'"; if (get_request_var('profile') == $key) { print ' selected'; } print '>' . html_escape($value) . "</option>"; -+ print "<option value='" . $key . "'"; if (get_request_var('profile') == $key) { print ' selected'; } print '>' . html_escape($value) . '</option>'; - } - } - ?> -@@ -1063,7 +1063,7 @@ function data_debug_filter() { - <?php - if (cacti_sizeof($item_rows) > 0) { - foreach ($item_rows as $key => $value) { -- print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . html_escape($value) . "</option>"; -+ print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . html_escape($value) . '</option>'; - } - } - ?> ---- a/data_sources.php -+++ b/data_sources.php -@@ -1361,7 +1361,7 @@ function clearFilter() { - - if (cacti_sizeof($templates)) { - foreach ($templates as $template) { -- print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim(html_escape($template['name']), 40) . '</option>'; -+ print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>'; - } - } - ?> ---- a/lib/api_automation.php -+++ b/lib/api_automation.php -@@ -154,7 +154,7 @@ function clearDeviceFilter() { - - if (cacti_sizeof($host_templates)) { - foreach ($host_templates as $host_template) { -- print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . $host_template['name'] . "</option>\n"; -+ print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . html_escape($host_template['name']) . '</option>'; - } - } - ?> -@@ -184,7 +184,7 @@ function clearDeviceFilter() { - <?php - if (cacti_sizeof($item_rows)) { - foreach ($item_rows as $key => $value) { -- print "<option value='". $key . "'"; if (get_request_var('rowsd') == $key) { print ' selected'; } print '>' . $value . '</option>\n'; -+ print "<option value='". $key . "'"; if (get_request_var('rowsd') == $key) { print ' selected'; } print '>' . $value . '</option>'; - } - } - ?> -@@ -432,7 +432,7 @@ function clearFilter() { - $hosts = get_allowed_devices(); - if (cacti_sizeof($hosts)) { - foreach ($hosts as $host) { -- print "<option value='" . $host['id'] . "'"; if (get_request_var('host_id') == $host['id']) { print ' selected'; } print '>' . html_escape($host['description']) . "</option>\n"; -+ print "<option value='" . $host['id'] . "'"; if (get_request_var('host_id') == $host['id']) { print ' selected'; } print '>' . html_escape($host['description']) . '</option>'; - } - } - ?> -@@ -453,7 +453,7 @@ function clearFilter() { - - if (cacti_sizeof($templates) > 0) { - foreach ($templates as $template) { -- print "<option value=' " . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim($template['name'], 40) . "</option>\n"; -+ print "<option value=' " . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>'; - } - } - ?> -@@ -484,7 +484,7 @@ function clearFilter() { - <?php - if (cacti_sizeof($item_rows)) { - foreach ($item_rows as $key => $value) { -- print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . "</option>\n"; -+ print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>'; - } - } - ?> -@@ -718,7 +718,7 @@ function clearObjectFilter() { - <?php - if (cacti_sizeof($item_rows)) { - foreach ($item_rows as $key => $value) { -- print "<option value='". $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>\n'; -+ print "<option value='". $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>'; - } - } - ?> -@@ -1078,10 +1078,10 @@ function clearFilter() { - <?php - $host_templates = db_fetch_assoc('select id,name from host_template order by name'); - -- if (cacti_sizeof($host_templates) > 0) { -- foreach ($host_templates as $host_template) { -- print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . $host_template['name'] . "</option>\n"; -- } -+ if (cacti_sizeof($host_templates)) { -+ foreach ($host_templates as $host_template) { -+ print "<option value='" . $host_template['id'] . "'"; if (get_request_var('host_template_id') == $host_template['id']) { print ' selected'; } print '>' . html_escape($host_template['name']) . '</option>'; -+ } - } - ?> - </select> -@@ -1110,7 +1110,7 @@ function clearFilter() { - <?php - if (cacti_sizeof($item_rows)) { - foreach ($item_rows as $key => $value) { -- print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . "</option>\n"; -+ print "<option value='" . $key . "'"; if (get_request_var('rows') == $key) { print ' selected'; } print '>' . $value . '</option>'; - } - } - ?> ---- a/lib/html.php -+++ b/lib/html.php -@@ -998,7 +998,7 @@ function html_create_list($form_data, $column_display, $column_id, $form_previou - print ' selected'; - } - -- print '>' . title_trim(null_out_substitutions(html_escape($form_data[$id])), 75) . '</option>'; -+ print '>' . html_escape(null_out_substitutions($form_data[$id])) . '</option>'; - } - } - } else { -@@ -1011,9 +1011,9 @@ function html_create_list($form_data, $column_display, $column_id, $form_previou - } - - if (isset($row['host_id'])) { -- print '>' . title_trim(html_escape($row[$column_display]), 75) . '</option>'; -+ print '>' . html_escape($row[$column_display]) . '</option>'; - } else { -- print '>' . title_trim(null_out_substitutions(html_escape($row[$column_display])), 75) . '</option>'; -+ print '>' . html_escape(null_out_substitutions($row[$column_display])) . '</option>'; - } - } - } -@@ -2010,7 +2010,7 @@ function html_host_filter($host_id = '-1', $call_back = 'applyFilter', $sql_wher - - if (cacti_sizeof($devices)) { - foreach ($devices as $device) { -- print "<option value='" . $device['id'] . "'"; if ($host_id == $device['id']) { print ' selected'; } print '>' . title_trim(html_escape(strip_domain($device['description'])), 40) . '</option>'; -+ print "<option value='" . $device['id'] . "'"; if ($host_id == $device['id']) { print ' selected'; } print '>' . html_escape(strip_domain($device['description'])) . '</option>'; - } - } - ?> -@@ -2385,6 +2385,7 @@ function html_common_header($title, $selectedTheme = '') { - <meta name='apple-mobile-web-app-capable' content='yes'> - <meta name='description' content='Monitoring tool of the Internet'> - <meta name='mobile-web-app-capable' content='yes'> -+ <meta name="theme-color" content="#161616"/> - <meta http-equiv="Content-Security-Policy" content="default-src *; img-src 'self' <?php print $alternates;?> data: blob:; style-src 'self' 'unsafe-inline' <?php print $alternates;?>; script-src 'self' <?php print $script_policy;?> 'unsafe-inline' <?php print $alternates;?>; worker-src 'self'"> - <meta name='robots' content='noindex,nofollow'> - <title><?php print $title; ?></title> ---- a/lib/html_graph.php -+++ b/lib/html_graph.php -@@ -212,9 +212,9 @@ function html_graph_preview_filter($page, $action, $devices_where = '', $templat - <select id='graphs' onChange='applyGraphFilter()'> - <?php - if (cacti_sizeof($graphs_per_page)) { -- foreach ($graphs_per_page as $key => $value) { -- print "<option value='" . $key . "'"; if (get_request_var('graphs') == $key) { print ' selected'; } print '>' . $value . "</option>\n"; -- } -+ foreach ($graphs_per_page as $key => $value) { -+ print "<option value='" . $key . "'"; if (get_request_var('graphs') == $key) { print ' selected'; } print '>' . $value . "</option>\n"; -+ } - } - ?> - </select> -@@ -260,7 +260,7 @@ function html_graph_preview_filter($page, $action, $devices_where = '', $templat - - if (cacti_sizeof($graph_timespans)) { - foreach($graph_timespans as $value => $text) { -- print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . $text . "</option>\n"; -+ print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . html_escape($text) . '</option>'; - } - } - ?> -@@ -293,7 +293,7 @@ function html_graph_preview_filter($page, $action, $devices_where = '', $templat - $end_val = cacti_sizeof($graph_timeshifts)+1; - if (cacti_sizeof($graph_timeshifts) > 0) { - for ($shift_value=$start_val; $shift_value < $end_val; $shift_value++) { -- print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . title_trim($graph_timeshifts[$shift_value], 40) . "</option>\n"; -+ print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . html_escape($graph_timeshifts[$shift_value]) . '</option>'; - } - } - ?> ---- a/lib/html_tree.php -+++ b/lib/html_tree.php -@@ -1138,7 +1138,7 @@ function grow_right_pane_tree($tree_id, $leaf_id, $host_group_data) { - - if (cacti_sizeof($graph_timespans)) { - foreach($graph_timespans as $value => $text) { -- print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . $text . '</option>'; -+ print "<option value='$value'"; if ($_SESSION['sess_current_timespan'] == $value) { print ' selected'; } print '>' . html_escape($text) . '</option>'; - } - } - ?> -@@ -1171,7 +1171,7 @@ function grow_right_pane_tree($tree_id, $leaf_id, $host_group_data) { - $end_val = cacti_sizeof($graph_timeshifts)+1; - if (cacti_sizeof($graph_timeshifts)) { - for ($shift_value=$start_val; $shift_value < $end_val; $shift_value++) { -- print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . title_trim($graph_timeshifts[$shift_value], 40) . '</option>'; -+ print "<option value='$shift_value'"; if ($_SESSION['sess_current_timeshift'] == $shift_value) { print ' selected'; } print '>' . html_escape($graph_timeshifts[$shift_value]) . '</option>'; - } - } - ?> ---- a/managers.php -+++ b/managers.php -@@ -483,7 +483,7 @@ function clearFilter() { - <?php - if (cacti_sizeof($mibs)) { - foreach ($mibs as $mib) { -- print "<option value='" . $mib['mib'] . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . $mib['mib'] . '</option>'; -+ print "<option value='" . html_escape($mib['mib']) . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . html_escape($mib['mib']) . '</option>'; - } - } - ?> ---- a/utilities.php -+++ b/utilities.php -@@ -812,7 +812,7 @@ function applyFilter() { - - if (cacti_sizeof($users)) { - foreach ($users as $user) { -- print "<option value='" . $user['username'] . "'"; if (get_request_var('username') == $user['username']) { print ' selected'; } print '>' . $user['username'] . '</option>'; -+ print "<option value='" . html_escape($user['username']) . "'"; if (get_request_var('username') == $user['username']) { print ' selected'; } print '>' . html_escape($user['username']) . '</option>'; - } - } - ?> -@@ -1034,19 +1034,19 @@ function utilities_view_logfile() { - - $logfile = basename(get_nfilter_request_var('filename')); - $logbase = basename(read_config_option('path_cactilog')); -- -+ - if ($logfile == '') { - $logfile = $logbase; - } -- -+ - if ($logfile == '') { - $logfile = 'cacti.log'; - } -- -+ - $logname = ''; - $logpath = ''; - -- if (!clog_validate_filename($logfile, $logpath, $logname, true)) { -+ if (!clog_validate_filename($logfile, $logpath, $logname, true)) { - raise_message('clog_invalid'); - header('Location: utilities.php?action=view_logfile&filename=' . $logbase); - exit(0); -@@ -1171,7 +1171,7 @@ function clearFilter() { - - if (cacti_sizeof($logFileArray)) { - foreach ($logFileArray as $logFile) { -- print "<option value='" . $logFile . "'"; -+ print "<option value='" . html_escape($logFile) . "'"; - - if (get_nfilter_request_var('filename') == $logFile) { - print ' selected'; -@@ -1182,7 +1182,7 @@ function clearFilter() { - $logDate = cacti_count($logParts) < 2 ? '' : $logParts[1] . (isset($logParts[2]) ? '-' . $logParts[2]:''); - $logName = $logParts[0]; - -- print '>' . $logName . ($logDate != '' ? ' [' . substr($logDate,4) . ']':'') . '</option>'; -+ print '>' . html_escape($logName . ($logDate != '' ? ' [' . substr($logDate,4) . ']':'')) . '</option>'; - } - } - ?> -@@ -1807,7 +1807,7 @@ function clearFilter() { - - if (cacti_sizeof($templates)) { - foreach ($templates as $template) { -- print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . title_trim(html_escape($template['name']), 40) . '</option>'; -+ print "<option value='" . $template['id'] . "'"; if (get_request_var('template_id') == $template['id']) { print ' selected'; } print '>' . html_escape($template['name']) . '</option>'; - } - } - ?> -@@ -2540,7 +2540,7 @@ function clearFilter() { - <?php - if (cacti_sizeof($mibs) > 0) { - foreach ($mibs as $mib) { -- print "<option value='" . $mib['mib'] . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . html_escape($mib['mib']) . '</option>'; -+ print "<option value='" . html_escape($mib['mib']) . "'"; if (get_request_var('mib') == $mib['mib']) { print ' selected'; } print '>' . html_escape($mib['mib']) . '</option>'; - } - } - ?> -@@ -2804,7 +2804,7 @@ function purgeFilter() { - <option value='-1'<?php if (get_request_var('receiver') == '-1') {?> selected<?php }?>><?php print __('Any');?></option> - <?php - foreach ($receivers as $receiver) { -- print "<option value='" . $receiver['manager_id'] . "'"; if (get_request_var('receiver') == $receiver['manager_id']) { print ' selected'; } print '>' . $receiver['hostname'] . '</option>'; -+ print "<option value='" . $receiver['manager_id'] . "'"; if (get_request_var('receiver') == $receiver['manager_id']) { print ' selected'; } print '>' . html_escape($receiver['hostname']) . '</option>'; - } - ?> - </select>
