net-mgmt/cacti: Update 1.2.26 → 1.2.28 (PHP 8.3 support and security fixes)

Security fixes in 1.2.27:
GHSA-37x7-mfjv-mm7m Authentication Bypass when using using older

password hashes

GHSA-7cmj-g5qc-pj88 RCE vulnerability when importing packages
GHSA-cx8g-hvq8-p2rv RCE vulnerability when plugins include files
GHSA-gj3f-p326-gh8r SQL Injection vulnerability when using tree rules

through Automation API

GHSA-grj5-8fcj-34gh XSS vulnerability when using JavaScript based

messaging API

GHSA-jrxg-8wh8-943x SQL Injection vulnerability when using form

templates

GHSA-p4ch-7hjw-6m87 XSS vulnerability when reading tree rules with

Automation API

GHSA-rqc8-78cm-85j3 XSS vulnerability when managing data queries
GHSA-vjph-r677-6pcc SQL Injection vulnerability when retrieving graphs

using Automation API

Security fixes in 1.2.28:
GHSA-49f2-hwx9-qffr XSS vulnerability when creating external links with

the consolenewsection parameter

GHSA-fgc6-g8gc-wcg5 XSS vulnerability when creating external links with

the title parameter

GHSA-gxq4-mv8h-6qj4 RCE vulnerability can be executed via Log Poisoning
GHSA-wh9c-v56x-v77c XSS vulnerability when creating external links with

the fileurl parameter

Also 1.2.27 contains fixes for PHP 8.3 compatibility which is default
in ports now.

Changelogs:
http://www.cacti.net/info/changelog/1.2.27
http://www.cacti.net/info/changelog/1.2.28

PR: 284037
Approved by: Michael Muenz <m.muenz@gmail.com> (maintainer)
MFH: 2025Q1

(cherry picked from commit 75e2ca30e765f24d07c12dc8744a40b0b90f783e)