hardening(quicktree): sanitize location parameter before header() redirects

## Summary

`get_nfilter_request_var('location')` returns the raw, unfiltered request value. At `quicktree.php:208` and `quicktree.php:336` that value is embedded directly in `header('Location: ...')` calls without stripping CRLF characters or URL-encoding the output. A `location` value containing `\r\n` injects arbitrary HTTP response headers. PHP 8.x throws `ValueError` on CRLF in `header()`, but PHP 7.x deployments are silently exploitable.

## Details

| Field | Value |
|-------|-------|
| File | quicktree.php |
| Lines | 208, 336 |
| Auth required | Yes — authenticated Cacti user |
| CWE | CWE-93 |

```php
// Before
header('Location: quicktree.php?location=' . get_nfilter_request_var('location'));

// After
header('Location: quicktree.php?location=' . rawurlencode(
    str_replace(["\r", "\n"], '', (string) get_nfilter_request_var('location'))
));
```

Fix applied at both sites in branch `security/quicktree-sanitize-location-header`.

## Acceptance criteria

- [ ] CRLF characters stripped before `header()` at both sites
- [ ] Value URL-encoded before embedding in Location header
- [ ] Regression test in `tests/Security/QuicktreeXssTest.php`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

hardening(quicktree): sanitize location parameter before header() redirects #8

Summary

Details

Acceptance criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Field	Value
File	quicktree.php
Lines	208, 336
Auth required	Yes — authenticated Cacti user
CWE	CWE-93

hardening(quicktree): sanitize location parameter before header() redirects #8

Description

Summary

Details

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions