Skip to content

hardening: migrate RLIKE to db_qstr and improve input handling #761

Open
Open
hardening: migrate RLIKE to db_qstr and improve input handling#761
@somethingwithproof

Description

@somethingwithproof
somethingwithproof
opened on Mar 20, 2026

Summary

Migrate all RLIKE string interpolation to use db_qstr() for proper SQL quoting, and improve input handling across the plugin.

Changes

  • Convert 11 RLIKE interpolation sites in notify_lists.php, thold.php, thold_graph.php to use db_qstr()
  • Replace cacti_unserialize with sanitize_unserialize_selected_items in thold_webapi.php
  • Apply html_escape to drp_action hidden form fields in notify_lists.php

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions