QA: Additional Fixes to #6090 Associated with Injection Tests (#6095)

* Fix: #6090 - Incorrect raise_message() function name in automation

* QA: Issues with initial fix to #6090

This should resolve the issue reported in 6090 more completely.

automation_graph_rules.php

@@ -130,14 +130,22 @@ function save() {
 		/* Test for SQL injections */
 		$field_name = str_replace(array('ht.', 'h.', 'gt.'), '', $save['field']);
 
-		if (!db_column_exists('host', $field_name) && !db_column_exists('host_template', $field_name) && !db_column_exists('graph_templates', $field_name)) {
-			raise_message('sql_injection', __('An attempt was made to perform a SQL injection in Tree automation'), MESSAGE_LEVEL_ERROR);
+		$exists = db_fetch_cell_prepared('SELECT field_name
+			FROM host_snmp_cache
+			WHERE field_name = ?
+			LIMIT 1',
+			array($field_name));
 
-			cacti_log(sprintf('ERROR: An attempt was made to perform a SQL Injection in Graph Automation from client address \'%s\'', get_client_addr()), false, 'SECURITY');
+		if (!$exists) {
+			if (!db_column_exists('host', $field_name) && !db_column_exists('host_template', $field_name) && !db_column_exists('graph_templates', $field_name)) {
+				raise_message('sql_injection', __('An attempt was made to perform a SQL injection in Graph automation'), MESSAGE_LEVEL_ERROR);
 
-			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . get_request_var('id') . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION);
+				cacti_log(sprintf('ERROR: An attempt was made to perform a SQL Injection in Graph Automation from client address \'%s\'', get_client_addr()), false, 'SECURITY');
 
-			exit;
+				header('Location: automation_graph_rules.php?header=false&action=edit&id=' . get_request_var('id'));
+
+				exit;
+			}
 		}
 
 		if (!is_error_message()) {
@@ -171,6 +179,19 @@ function save() {
 		$save['operator']  = form_input_validate((isset_request_var('operator') ? get_nfilter_request_var('operator') : ''), 'operator', '^[0-9]+$', true, 3);
 		$save['pattern']   = form_input_validate((isset_request_var('pattern') ? get_nfilter_request_var('pattern') : ''), 'pattern', '', true, 3);
 
+		/* Test for SQL injections */
+		$field_name = str_replace(array('ht.', 'h.', 'gt.'), '', $save['field']);
+
+		if (!db_column_exists('host', $field_name) && !db_column_exists('host_template', $field_name) && !db_column_exists('graph_templates', $field_name)) {
+			raise_message('sql_injection', __('An attempt was made to perform a SQL injection in Graph automation'), MESSAGE_LEVEL_ERROR);
+
+			cacti_log(sprintf('ERROR: An attempt was made to perform a SQL Injection in Graph Automation from client address \'%s\'', get_client_addr()), false, 'SECURITY');
+
+			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . get_request_var('id') . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION);
+
+			exit;
+		}
+
 		if (!is_error_message()) {
 			$item_id = sql_save($save, 'automation_match_rule_items');
 

automation_tree_rules.php

@@ -162,13 +162,13 @@ function automation_tree_rules_form_save() {
 			header('Location: automation_tree_rules.php?header=false&action=edit&id=' . get_request_var('id') . '&rule_type=' . AUTOMATION_RULE_TYPE_TREE_MATCH);
 		}
 	} elseif (isset_request_var('save_component_automation_tree_rule_item')) {
-
 		/* ================= input validation ================= */
 		get_filter_request_var('id');
 		get_filter_request_var('item_id');
 		/* ==================================================== */
 
 		unset($save);
+
 		$save['id']                = form_input_validate(get_request_var('item_id'), 'item_id', '^[0-9]+$', false, 3);
 		$save['rule_id']           = form_input_validate(get_request_var('id'), 'id', '^[0-9]+$', false, 3);
 		$save['sequence']          = form_input_validate(get_nfilter_request_var('sequence'), 'sequence', '^[0-9]+$', false, 3);

lib/api_automation.php

@@ -1454,7 +1454,7 @@ function display_tree_rule_items($title, $rule_id, $item_type, $rule_type, $modu
 			form_alternate_row();
 			$form_data = '<td><a class="linkEditMain" href="' . html_escape($module . '?action=item_edit&id=' . $rule_id. '&item_id=' . $item['id'] . '&rule_type=' . $rule_type) . '">' . __('Item#%d', $i+1) . '</a></td>';
 			$form_data .= '<td>' . 	$item['sequence'] . '</td>';
-			$form_data .= '<td>' . 	$field_name . '</td>';
+			$form_data .= '<td>' . 	html_escape($field_name) . '</td>';
 			$form_data .= '<td>' . 	$tree_sort_types[$item['sort_type']] . '</td>';
 			$form_data .= '<td>' . 	($item['propagate_changes'] ? __('Yes'):__('No')) . '</td>';
 			$form_data .= '<td>' . 	html_escape($item['search_pattern']) . '</td>';