hardening: guard variable function call with function_exists() check

Prevent a fatal error if an action map entry names a non-existent
function. Also fix indentation in the export elseif block.

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>

Author: somethingwithproof

functions.php

@@ -129,15 +129,20 @@ function syslog_sendemail($to, $from, $subject, $message, $smsmessage = '') {
 function syslog_apply_selected_items_action($selected_items, $drp_action, $action_map, $export_action = '', $export_items = '') {
 	if ($selected_items != false) {
 		if (isset($action_map[$drp_action])) {
-			foreach($selected_items as $selected_item) {
-				$action_function = $action_map[$drp_action];
-				$action_function($selected_item);
+			$action_function = $action_map[$drp_action];
+
+			if (function_exists($action_function)) {
+				foreach($selected_items as $selected_item) {
+					$action_function($selected_item);
+				}
+			} else {
+				cacti_log("SYSLOG ERROR: Bulk action function '$action_function' not found.", false, 'SYSTEM');
 			}
 		} elseif ($export_action != '' && $drp_action == $export_action) {
 			/* Re-serialize the sanitized array and URL-encode so the value is
-		 * safe to embed in a JS document.location string (avoids injection
-		 * via the raw request value that $export_items carries). */
-		$_SESSION['exporter'] = rawurlencode(serialize($selected_items));
+			 * safe to embed in a JS document.location string (avoids injection
+			 * via the raw request value that $export_items carries). */
+			$_SESSION['exporter'] = rawurlencode(serialize($selected_items));
 		}
 	}
 }