Skip to content

hardening: migrate RLIKE to db_qstr and improve input handling #761

New issue
New issue
Open
Open
hardening: migrate RLIKE to db_qstr and improve input handling#761
@somethingwithproof

Description

@somethingwithproof
somethingwithproof
opened on Mar 20, 2026

Summary

Migrate all RLIKE string interpolation to use db_qstr() for proper SQL quoting, and improve input handling across the plugin.

Changes

  • Convert 11 RLIKE interpolation sites in notify_lists.php, thold.php, thold_graph.php to use db_qstr()
  • Replace cacti_unserialize with sanitize_unserialize_selected_items in thold_webapi.php
  • Apply html_escape to drp_action hidden form fields in notify_lists.php

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions