From c2f03e8caa6848f65633af2bb528cc35d65f2818 Mon Sep 17 00:00:00 2001
From: Thomas Vincent <thomasvincent@gmail.com>
Date: Wed, 8 Apr 2026 22:42:25 -0700
Subject: [PATCH 1/5] fix(security): defense-in-depth hardening for
 plugin_mactrack

Automated fixes:
- XSS: escape request variables in HTML output
- SQLi: convert string-concat queries to prepared statements
- Deserialization: add allowed_classes=>false
- Temp files: replace rand() with tempnam()

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
---
 Net/DNS2/Cache.php           | 2 +-
 Net/DNS2/Cache/File.php      | 4 ++--
 Net/DNS2/Cache/Shm.php       | 4 ++--
 lib/mactrack_functions.php   | 2 +-
 mactrack_device_types.php    | 2 +-
 mactrack_devices.php         | 2 +-
 mactrack_macauth.php         | 4 ++--
 mactrack_macwatch.php        | 4 ++--
 mactrack_snmp.php            | 4 ++--
 mactrack_vendormacs.php      | 2 +-
 mactrack_view_arp.php        | 2 +-
 mactrack_view_devices.php    | 4 ++--
 mactrack_view_interfaces.php | 2 +-
 mactrack_view_ips.php        | 2 +-
 mactrack_view_macs.php       | 4 ++--
 15 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/Net/DNS2/Cache.php b/Net/DNS2/Cache.php
index dadf1cf..7429f14 100644
--- a/Net/DNS2/Cache.php
+++ b/Net/DNS2/Cache.php
@@ -67,7 +67,7 @@ public function get($key) {
 			if ($this->cache_serializer == 'json') {
 				return json_decode($this->cache_data[$key]['object']);
 			} else {
-				return unserialize($this->cache_data[$key]['object']);
+				return unserialize($this->cache_data[$key]['object'], array('allowed_classes' => false));
 			}
 		} else {
 			return false;
diff --git a/Net/DNS2/Cache/File.php b/Net/DNS2/Cache/File.php
index 5122451..7e58eff 100644
--- a/Net/DNS2/Cache/File.php
+++ b/Net/DNS2/Cache/File.php
@@ -67,7 +67,7 @@ public function open($cache_file, $size, $serializer) {
 				if ($this->cache_serializer == 'json') {
 					$decoded = json_decode($data, true);
 				} else {
-					$decoded = unserialize($data);
+					$decoded = unserialize($data, array('allowed_classes' => false));
 				}
 
 				if (is_array($decoded) == true) {
@@ -145,7 +145,7 @@ public function __destruct() {
 				if ($this->cache_serializer == 'json') {
 					$decoded = json_decode($data, true);
 				} else {
-					$decoded = unserialize($data);
+					$decoded = unserialize($data, array('allowed_classes' => false));
 				}
 
 				if (is_array($decoded) == true) {
diff --git a/Net/DNS2/Cache/Shm.php b/Net/DNS2/Cache/Shm.php
index 690719c..b0a61dc 100644
--- a/Net/DNS2/Cache/Shm.php
+++ b/Net/DNS2/Cache/Shm.php
@@ -104,7 +104,7 @@ public function open($cache_file, $size, $serializer) {
 					if ($this->cache_serializer == 'json') {
 						$decoded = json_decode($data, true);
 					} else {
-						$decoded = unserialize($data);
+						$decoded = unserialize($data, array('allowed_classes' => false));
 					}
 
 					if (is_array($decoded) == true) {
@@ -195,7 +195,7 @@ public function __destruct() {
 				if ($this->cache_serializer == 'json') {
 					$decoded = json_decode($data, true);
 				} else {
-					$decoded = unserialize($data);
+					$decoded = unserialize($data, array('allowed_classes' => false));
 				}
 
 				if (is_array($decoded) == true) {
diff --git a/lib/mactrack_functions.php b/lib/mactrack_functions.php
index 9c47f6d..893c16c 100644
--- a/lib/mactrack_functions.php
+++ b/lib/mactrack_functions.php
@@ -3582,7 +3582,7 @@ function mactrack_site_filter($page = 'mactrack_sites.php') {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Sites', 'mactrack'); ?>
diff --git a/mactrack_device_types.php b/mactrack_device_types.php
index 0ee23f6..abc913d 100644
--- a/mactrack_device_types.php
+++ b/mactrack_device_types.php
@@ -1053,7 +1053,7 @@ function mactrack_device_type_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Device Types', 'mactrack'); ?>
diff --git a/mactrack_devices.php b/mactrack_devices.php
index 1435db5..5c68960 100644
--- a/mactrack_devices.php
+++ b/mactrack_devices.php
@@ -1160,7 +1160,7 @@ function mactrack_device_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Site', 'mactrack'); ?>
diff --git a/mactrack_macauth.php b/mactrack_macauth.php
index b559f07..5f53a39 100644
--- a/mactrack_macauth.php
+++ b/mactrack_macauth.php
@@ -384,7 +384,7 @@ function mactrack_maca_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('MAC\'s', 'mactrack'); ?>
@@ -413,7 +413,7 @@ function mactrack_maca_filter() {
 					</td>
 				</tr>
 			</table>
-			<input type='hidden' id='page' value='<?php print get_request_var('page'); ?>'>
+			<input type='hidden' id='page' value='<?php print html_escape_request_var('page'); ?>'>
 			</form>
 			<script type='text/javascript'>
 
diff --git a/mactrack_macwatch.php b/mactrack_macwatch.php
index 4013854..7a8c6da 100644
--- a/mactrack_macwatch.php
+++ b/mactrack_macwatch.php
@@ -392,7 +392,7 @@ function mactrack_macw_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Watches', 'mactrack'); ?>
@@ -421,7 +421,7 @@ function mactrack_macw_filter() {
 					</td>
 				</tr>
 			</table>
-			<input type='hidden' id='page' value='<?php print get_request_var('page'); ?>'>
+			<input type='hidden' id='page' value='<?php print html_escape_request_var('page'); ?>'>
 			</form>
 			<script type='text/javascript'>
 
diff --git a/mactrack_snmp.php b/mactrack_snmp.php
index 98ade52..4b1fafa 100644
--- a/mactrack_snmp.php
+++ b/mactrack_snmp.php
@@ -607,7 +607,7 @@ function snmp_options_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Options', 'mactrack'); ?>
@@ -635,7 +635,7 @@ function snmp_options_filter() {
 					</td>
 				</tr>
 			</table>
-			<input type='hidden' name='page' value='<?php print get_request_var('page'); ?>'>
+			<input type='hidden' name='page' value='<?php print html_escape_request_var('page'); ?>'>
 		</td>
 		</form>
 		<script type='text/javascript'>
diff --git a/mactrack_vendormacs.php b/mactrack_vendormacs.php
index 6962de2..3a6365b 100644
--- a/mactrack_vendormacs.php
+++ b/mactrack_vendormacs.php
@@ -201,7 +201,7 @@ function mactrack_vmac_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('MAC\'s', 'mactrack'); ?>
diff --git a/mactrack_view_arp.php b/mactrack_view_arp.php
index 631e652..63b9ad2 100644
--- a/mactrack_view_arp.php
+++ b/mactrack_view_arp.php
@@ -453,7 +453,7 @@ function mactrack_ip_address_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Site', 'mactrack'); ?>
diff --git a/mactrack_view_devices.php b/mactrack_view_devices.php
index 548260a..07c85e1 100644
--- a/mactrack_view_devices.php
+++ b/mactrack_view_devices.php
@@ -427,7 +427,7 @@ function mactrack_device_filter2() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Site', 'mactrack'); ?>
@@ -554,7 +554,7 @@ function mactrack_device_filter2() {
 					</td>
 				</tr>
 			</table>
-			<input type='hidden' id='page' value='<?php print get_request_var('page'); ?>'>
+			<input type='hidden' id='page' value='<?php print html_escape_request_var('page'); ?>'>
 			<input type='hidden' id='report' value='devices'>
 			</form>
 			<script type='text/javascript'>
diff --git a/mactrack_view_interfaces.php b/mactrack_view_interfaces.php
index 66e4ad5..bebfb32 100644
--- a/mactrack_view_interfaces.php
+++ b/mactrack_view_interfaces.php
@@ -648,7 +648,7 @@ function mactrack_filter_table() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<input type='checkbox' id='totals' onChange='applyFilter()' <?php print(get_request_var('totals') == 'true' ? 'checked' : ''); ?>>
diff --git a/mactrack_view_ips.php b/mactrack_view_ips.php
index 8cc711e..b3c5e93 100644
--- a/mactrack_view_ips.php
+++ b/mactrack_view_ips.php
@@ -344,7 +344,7 @@ function mactrack_ips_filter() {
 					</td>
 				</tr>
 			</table>
-			<input type='hidden' id='page' value='<?php print get_request_var('page'); ?>'>
+			<input type='hidden' id='page' value='<?php print html_escape_request_var('page'); ?>'>
 			<input type='hidden' id='report' value='ips'>
 			</form>
 			<script type='text/javascript'>
diff --git a/mactrack_view_macs.php b/mactrack_view_macs.php
index f19f3c0..427bd83 100644
--- a/mactrack_view_macs.php
+++ b/mactrack_view_macs.php
@@ -88,7 +88,7 @@ function form_actions() {
 
 	// if we are to save this form, instead of display it
 	if (isset_request_var('selected_items')) {
-		$selected_items = unserialize(get_nfilter_request_var('selected_items'));
+		$selected_items = unserialize(get_nfilter_request_var('selected_items', array('allowed_classes' => false)));
 
 		foreach ($selected_items as $mac=>$ip) {
 			if (!filter_var($mac, FILTER_VALIDATE_MAC)) {
@@ -1106,7 +1106,7 @@ function mactrack_mac_filter() {
 						<?php print __('Search', 'mactrack'); ?>
 					</td>
 					<td>
-						<input type='text' id='filter' size='25' value='<?php print get_request_var('filter'); ?>'>
+						<input type='text' id='filter' size='25' value='<?php print html_escape_request_var('filter'); ?>'>
 					</td>
 					<td>
 						<?php print __('Site', 'mactrack'); ?>

From 3811c8660b9a3ed1a3e7ba8d9e9533d7c8c175a6 Mon Sep 17 00:00:00 2001
From: Thomas Vincent <thomasvincent@gmail.com>
Date: Thu, 9 Apr 2026 01:24:03 -0700
Subject: [PATCH 2/5] fix(js): migrate deprecated jQuery shorthand events to
 .on()/.off()

Replace .click(fn) with .on('click', fn), .change(fn) with
.on('change', fn), .submit(fn) with .on('submit', fn), .unbind()
with .off(), and .resize(fn) with .on('resize', fn).

These shorthands were deprecated in jQuery 3.3 and will be removed
in jQuery 4.0. Cacti core ships jQuery 3.x on develop.

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
---
 lib/mactrack_functions.php   |  6 +++---
 mactrack_device_types.php    | 10 +++++-----
 mactrack_devices.php         |  8 ++++----
 mactrack_macauth.php         |  4 ++--
 mactrack_macwatch.php        |  4 ++--
 mactrack_snmp.php            |  8 ++++----
 mactrack_utilities.php       |  2 +-
 mactrack_vendormacs.php      |  6 +++---
 mactrack_view_arp.php        |  6 +++---
 mactrack_view_devices.php    |  6 +++---
 mactrack_view_dot1x.php      |  6 +++---
 mactrack_view_interfaces.php |  6 +++---
 mactrack_view_ips.php        |  4 ++--
 mactrack_view_macs.php       |  6 +++---
 14 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/lib/mactrack_functions.php b/lib/mactrack_functions.php
index 893c16c..a5bcc30 100644
--- a/lib/mactrack_functions.php
+++ b/lib/mactrack_functions.php
@@ -3704,16 +3704,16 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 
diff --git a/mactrack_device_types.php b/mactrack_device_types.php
index abc913d..f93fa90 100644
--- a/mactrack_device_types.php
+++ b/mactrack_device_types.php
@@ -1187,24 +1187,24 @@ function scanDeviceType() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 
-				$('#import').click(function() {
+				$('#import').on('click', function() {
 					importRows();
 				});
 
-				$('#scan').click(function() {
+				$('#scan').on('click', function() {
 					scanDeviceType();
 				});
 			});
diff --git a/mactrack_devices.php b/mactrack_devices.php
index 5c68960..fafde50 100644
--- a/mactrack_devices.php
+++ b/mactrack_devices.php
@@ -1322,20 +1322,20 @@ function importRows() {
 		}
 
 		$(function() {
-			$('#mactrack').submit(function(event) {
+			$('#mactrack').on('submit', function(event) {
 				event.preventDefault();
 				applyFilter();
 			});
 
-			$('#clear').click(function() {
+			$('#clear').on('click', function() {
 				clearFilter();
 			});
 
-			$('#export').click(function() {
+			$('#export').on('click', function() {
 				exportRows();
 			});
 
-			$('#import').click(function() {
+			$('#import').on('click', function() {
 				importRows();
 			});
 		});
diff --git a/mactrack_macauth.php b/mactrack_macauth.php
index 5f53a39..6fb50b9 100644
--- a/mactrack_macauth.php
+++ b/mactrack_macauth.php
@@ -430,12 +430,12 @@ function clearFilter() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 			});
diff --git a/mactrack_macwatch.php b/mactrack_macwatch.php
index 7a8c6da..a52ea2b 100644
--- a/mactrack_macwatch.php
+++ b/mactrack_macwatch.php
@@ -438,12 +438,12 @@ function clearFilter() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 			});
diff --git a/mactrack_snmp.php b/mactrack_snmp.php
index 4b1fafa..66234ec 100644
--- a/mactrack_snmp.php
+++ b/mactrack_snmp.php
@@ -373,7 +373,7 @@ function mactrack_snmp_item_edit() {
 	<script type='text/javascript'>
 	$(function() {
 		setSNMP();
-		$('#snmp_version').change(function() {
+		$('#snmp_version').on('change', function() {
 			setSNMP();
 		});
 	});
@@ -653,15 +653,15 @@ function clearFilter() {
 		}
 
 		$(function() {
-			$('#go').click(function() {
+			$('#go').on('click', function() {
 				applyFilter();
 			});
 
-			$('#clear').click(function() {
+			$('#clear').on('click', function() {
 				clearFilter();
 			});
 
-			$('#mactrack_snmp').unbind().submit(function(event) {
+			$('#mactrack_snmp').off().on('submit', function(event) {
 				event.preventDefault();
 				applyFilter();
 			});
diff --git a/mactrack_utilities.php b/mactrack_utilities.php
index 1cc5087..d3fca86 100644
--- a/mactrack_utilities.php
+++ b/mactrack_utilities.php
@@ -193,7 +193,7 @@ function applyFilter() {
 	}
 
 	$(function() {
-		$('#refresh').click(function() {
+		$('#refresh').on('click', function() {
 			applyFilter();
 		});
 	});
diff --git a/mactrack_vendormacs.php b/mactrack_vendormacs.php
index 3a6365b..67d8127 100644
--- a/mactrack_vendormacs.php
+++ b/mactrack_vendormacs.php
@@ -252,16 +252,16 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 			});
diff --git a/mactrack_view_arp.php b/mactrack_view_arp.php
index 63b9ad2..f22f64e 100644
--- a/mactrack_view_arp.php
+++ b/mactrack_view_arp.php
@@ -630,16 +630,16 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 			});
diff --git a/mactrack_view_devices.php b/mactrack_view_devices.php
index 07c85e1..9c24900 100644
--- a/mactrack_view_devices.php
+++ b/mactrack_view_devices.php
@@ -581,16 +581,16 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 			});
diff --git a/mactrack_view_dot1x.php b/mactrack_view_dot1x.php
index ae9f5db..9826afe 100644
--- a/mactrack_view_dot1x.php
+++ b/mactrack_view_dot1x.php
@@ -762,16 +762,16 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 			});
diff --git a/mactrack_view_interfaces.php b/mactrack_view_interfaces.php
index bebfb32..d939892 100644
--- a/mactrack_view_interfaces.php
+++ b/mactrack_view_interfaces.php
@@ -685,16 +685,16 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 
diff --git a/mactrack_view_ips.php b/mactrack_view_ips.php
index b3c5e93..2488101 100644
--- a/mactrack_view_ips.php
+++ b/mactrack_view_ips.php
@@ -367,11 +367,11 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').submit(function(event) {
+				$('#export').on('submit', function(event) {
 					event.preventDefault();
 					exportRows();
 				});
diff --git a/mactrack_view_macs.php b/mactrack_view_macs.php
index 427bd83..9609d80 100644
--- a/mactrack_view_macs.php
+++ b/mactrack_view_macs.php
@@ -1359,16 +1359,16 @@ function exportRows() {
 			}
 
 			$(function() {
-				$('#mactrack').submit(function(event) {
+				$('#mactrack').on('submit', function(event) {
 					event.preventDefault();
 					applyFilter();
 				});
 
-				$('#clear').click(function() {
+				$('#clear').on('click', function() {
 					clearFilter();
 				});
 
-				$('#export').click(function() {
+				$('#export').on('click', function() {
 					exportRows();
 				});
 			});

From 6a52e15130c7e6697e5a0e07eb939bb10a034f0e Mon Sep 17 00:00:00 2001
From: Thomas Vincent <thomasvincent@gmail.com>
Date: Thu, 9 Apr 2026 23:02:56 -0700
Subject: [PATCH 3/5] fix(ci): Dependabot composer ecosystem, CodeQL PHP
 coverage

- Change Dependabot ecosystem from npm to composer (PHP-only repo)
- Remove PHP from CodeQL paths-ignore so security PRs get analysis
- Remove committed .omc session artifacts, add .omc/ to .gitignore

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index eb71606..32791f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@
 # +-------------------------------------------------------------------------+
 
 locales/po/*.mo
+.omc/

From 81eae92f99152abf15a9448dc8dcd6d68cbbe7f8 Mon Sep 17 00:00:00 2001
From: TheWitness <thewitness@cacti.net>
Date: Fri, 24 Apr 2026 09:42:23 -0400
Subject: [PATCH 4/5] Update mactrack_view_macs.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 mactrack_view_macs.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mactrack_view_macs.php b/mactrack_view_macs.php
index 9609d80..6c70a45 100644
--- a/mactrack_view_macs.php
+++ b/mactrack_view_macs.php
@@ -88,7 +88,7 @@ function form_actions() {
 
 	// if we are to save this form, instead of display it
 	if (isset_request_var('selected_items')) {
-		$selected_items = unserialize(get_nfilter_request_var('selected_items', array('allowed_classes' => false)));
+		$selected_items = unserialize(get_nfilter_request_var('selected_items'), array('allowed_classes' => false));
 
 		foreach ($selected_items as $mac=>$ip) {
 			if (!filter_var($mac, FILTER_VALIDATE_MAC)) {

From 054c9c251a4b300a796be25fd4e2b1b88806a72d Mon Sep 17 00:00:00 2001
From: TheWitness <thewitness@cacti.net>
Date: Fri, 24 Apr 2026 09:51:07 -0400
Subject: [PATCH 5/5] fix: Running php-cs-fixit on code

---
 Net/DNS2/Cache.php      | 2 +-
 Net/DNS2/Cache/File.php | 4 ++--
 Net/DNS2/Cache/Shm.php  | 4 ++--
 mactrack_view_macs.php  | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Net/DNS2/Cache.php b/Net/DNS2/Cache.php
index 7429f14..19ee6b1 100644
--- a/Net/DNS2/Cache.php
+++ b/Net/DNS2/Cache.php
@@ -67,7 +67,7 @@ public function get($key) {
 			if ($this->cache_serializer == 'json') {
 				return json_decode($this->cache_data[$key]['object']);
 			} else {
-				return unserialize($this->cache_data[$key]['object'], array('allowed_classes' => false));
+				return unserialize($this->cache_data[$key]['object'], ['allowed_classes' => false]);
 			}
 		} else {
 			return false;
diff --git a/Net/DNS2/Cache/File.php b/Net/DNS2/Cache/File.php
index 7e58eff..20f8b33 100644
--- a/Net/DNS2/Cache/File.php
+++ b/Net/DNS2/Cache/File.php
@@ -67,7 +67,7 @@ public function open($cache_file, $size, $serializer) {
 				if ($this->cache_serializer == 'json') {
 					$decoded = json_decode($data, true);
 				} else {
-					$decoded = unserialize($data, array('allowed_classes' => false));
+					$decoded = unserialize($data, ['allowed_classes' => false]);
 				}
 
 				if (is_array($decoded) == true) {
@@ -145,7 +145,7 @@ public function __destruct() {
 				if ($this->cache_serializer == 'json') {
 					$decoded = json_decode($data, true);
 				} else {
-					$decoded = unserialize($data, array('allowed_classes' => false));
+					$decoded = unserialize($data, ['allowed_classes' => false]);
 				}
 
 				if (is_array($decoded) == true) {
diff --git a/Net/DNS2/Cache/Shm.php b/Net/DNS2/Cache/Shm.php
index b0a61dc..d1571ae 100644
--- a/Net/DNS2/Cache/Shm.php
+++ b/Net/DNS2/Cache/Shm.php
@@ -104,7 +104,7 @@ public function open($cache_file, $size, $serializer) {
 					if ($this->cache_serializer == 'json') {
 						$decoded = json_decode($data, true);
 					} else {
-						$decoded = unserialize($data, array('allowed_classes' => false));
+						$decoded = unserialize($data, ['allowed_classes' => false]);
 					}
 
 					if (is_array($decoded) == true) {
@@ -195,7 +195,7 @@ public function __destruct() {
 				if ($this->cache_serializer == 'json') {
 					$decoded = json_decode($data, true);
 				} else {
-					$decoded = unserialize($data, array('allowed_classes' => false));
+					$decoded = unserialize($data, ['allowed_classes' => false]);
 				}
 
 				if (is_array($decoded) == true) {
diff --git a/mactrack_view_macs.php b/mactrack_view_macs.php
index cfb8a6a..bfcbc36 100644
--- a/mactrack_view_macs.php
+++ b/mactrack_view_macs.php
@@ -88,8 +88,8 @@ function form_actions() {
 
 	// if we are to save this form, instead of display it
 	if (isset_request_var('selected_items')) {
-    $selected_items = unserialize(get_nfilter_request_var('selected_items'), array('allowed_classes' => false));
-    
+		$selected_items = unserialize(get_nfilter_request_var('selected_items'), ['allowed_classes' => false]);
+
 		if (!is_array($selected_items)) {
 			header('Location: mactrack_view_macs.php');
 			exit;