webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

cacti: Update to 0.8.8b.

Browse Source
This commit is contained in:
Michael Tremer
2014-05-28 15:26:32 +02:00
parent 5930a368ad
commit 59dbe8d424
15 changed files with 9209 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
config/cacti/cacti.conf
View File

@@ -1,11 +1,16 @@
Listen 1009
<VirtualHost *:1009>
DocumentRoot /usr/share/cacti
Include /etc/httpd/conf/conf.d/php*.conf
Alias /cacti /usr/share/cacti
<Directory /usr/share/cacti>
Options FollowSymLinks
AllowOverride None
</Directory>
RewriteEngine on
RewriteRule ^/$ /cacti/ [R]
</VirtualHost>

6
config/cacti/cacti.logrotate Normal file
View File

@@ -0,0 +1,6 @@
/var/log/cacti/cacti.log {
missingok
monthly
notifempty
compress
}

BIN
config/cacti/d.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.9 KiB

BIN
config/cacti/d.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
config/cacti/throbber.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

59
config/rootfiles/packages/cacti
View File

@@ -1,5 +1,7 @@
etc/fcron.cyclic/cacti.cron
etc/httpd/conf/vhosts.d/cacti.conf
#etc/logrotate.d
etc/logrotate.d/cacti
#usr/share/cacti
#usr/share/cacti/LICENSE
#usr/share/cacti/README
@@ -27,6 +29,7 @@ usr/share/cacti/cli/poller_graphs_reapply_names.php
usr/share/cacti/cli/poller_output_empty.php
usr/share/cacti/cli/poller_reindex_hosts.php
usr/share/cacti/cli/rebuild_poller_cache.php
usr/share/cacti/cli/reorder_data_query.php
usr/share/cacti/cli/repair_database.php
usr/share/cacti/cli/repair_templates.php
usr/share/cacti/cli/structure_rra_paths.php
@@ -191,12 +194,17 @@ usr/share/cacti/images/cacti_logo.gif
usr/share/cacti/images/calendar.gif
usr/share/cacti/images/delete_icon.gif
usr/share/cacti/images/delete_icon_large.gif
usr/share/cacti/images/disable_icon.png
usr/share/cacti/images/enable_icon.png
usr/share/cacti/images/enable_icon_disabled.png
usr/share/cacti/images/favicon.ico
usr/share/cacti/images/graph_page_top.gif
usr/share/cacti/images/graph_properties.gif
usr/share/cacti/images/graph_query.png
usr/share/cacti/images/graph_zoom.gif
usr/share/cacti/images/hide.gif
usr/share/cacti/images/install_icon.png
usr/share/cacti/images/install_icon_disabled.png
usr/share/cacti/images/left_border.gif
usr/share/cacti/images/menu_line.gif
usr/share/cacti/images/menuarrow.gif
@@ -222,6 +230,8 @@ usr/share/cacti/images/tab_mode_tree_down.gif
usr/share/cacti/images/tab_settings.gif
usr/share/cacti/images/tab_settings_down.gif
usr/share/cacti/images/transparent_line.gif
usr/share/cacti/images/uninstall_icon.gif
usr/share/cacti/images/view_none.gif
#usr/share/cacti/include
usr/share/cacti/include/auth.php
usr/share/cacti/include/bottom_footer.php
@@ -231,10 +241,28 @@ usr/share/cacti/include/global_arrays.php
usr/share/cacti/include/global_constants.php
usr/share/cacti/include/global_form.php
usr/share/cacti/include/global_settings.php
#usr/share/cacti/include/jscalendar
usr/share/cacti/include/js
usr/share/cacti/include/js/jquery
usr/share/cacti/include/js/jquery/colorpicker.js
usr/share/cacti/include/js/jquery/jquery-ui.js
usr/share/cacti/include/js/jquery/jquery.cookie.js
usr/share/cacti/include/js/jquery/jquery.dd.js
usr/share/cacti/include/js/jquery/jquery.dropdown.js
usr/share/cacti/include/js/jquery/jquery.js
usr/share/cacti/include/js/jquery/jquery.jstree.js
usr/share/cacti/include/js/jquery/jquery.tablednd.js
usr/share/cacti/include/js/jquery/jquery.timepicker.js
usr/share/cacti/include/js/jquery/jquery.zoom.js
usr/share/cacti/include/js/jquery/themes
usr/share/cacti/include/js/jquery/themes/default
usr/share/cacti/include/js/jquery/themes/default/d.gif
usr/share/cacti/include/js/jquery/themes/default/d.png
usr/share/cacti/include/js/jquery/themes/default/style.css
usr/share/cacti/include/js/jquery/themes/default/throbber.gif
usr/share/cacti/include/jscalendar
usr/share/cacti/include/jscalendar/calendar-setup.js
usr/share/cacti/include/jscalendar/calendar.js
#usr/share/cacti/include/jscalendar/lang
usr/share/cacti/include/jscalendar/lang
usr/share/cacti/include/jscalendar/lang/calendar-af.js
usr/share/cacti/include/jscalendar/lang/calendar-al.js
usr/share/cacti/include/jscalendar/lang/calendar-bg.js
@@ -280,20 +308,9 @@ usr/share/cacti/include/jscalendar/lang/calendar-zh.js
usr/share/cacti/include/jscalendar/lang/cn_utf8.js
usr/share/cacti/include/layout.js
usr/share/cacti/include/main.css
usr/share/cacti/include/plugins.php
usr/share/cacti/include/top_graph_header.php
usr/share/cacti/include/top_header.php
#usr/share/cacti/include/treeview
usr/share/cacti/include/treeview/ftiens4.js
usr/share/cacti/include/treeview/ftiens4_export.js
usr/share/cacti/include/treeview/ftv2blank.gif
usr/share/cacti/include/treeview/ftv2lastnode.gif
usr/share/cacti/include/treeview/ftv2mlastnode.gif
usr/share/cacti/include/treeview/ftv2mnode.gif
usr/share/cacti/include/treeview/ftv2node.gif
usr/share/cacti/include/treeview/ftv2plastnode.gif
usr/share/cacti/include/treeview/ftv2pnode.gif
usr/share/cacti/include/treeview/ftv2vertline.gif
usr/share/cacti/include/treeview/ua.js
usr/share/cacti/include/zoom.js
usr/share/cacti/index.php
#usr/share/cacti/install
@@ -318,6 +335,10 @@ usr/share/cacti/install/0_8_7d_to_0_8_7e.php
usr/share/cacti/install/0_8_7e_to_0_8_7f.php
usr/share/cacti/install/0_8_7f_to_0_8_7g.php
usr/share/cacti/install/0_8_7g_to_0_8_7h.php
usr/share/cacti/install/0_8_7h_to_0_8_7i.php
usr/share/cacti/install/0_8_7i_to_0_8_8.php
usr/share/cacti/install/0_8_8_to_0_8_8a.php
usr/share/cacti/install/0_8_8_to_0_8_8b.php
usr/share/cacti/install/0_8_to_0_8_1.php
usr/share/cacti/install/index.php
usr/share/cacti/install/install_finish.gif
@@ -338,7 +359,7 @@ usr/share/cacti/lib/adodb/adodb-php4.inc.php
usr/share/cacti/lib/adodb/adodb-time.inc.php
usr/share/cacti/lib/adodb/adodb-xmlschema.inc.php
usr/share/cacti/lib/adodb/adodb.inc.php
#usr/share/cacti/lib/adodb/datadict
usr/share/cacti/lib/adodb/datadict
usr/share/cacti/lib/adodb/datadict/datadict-access.inc.php
usr/share/cacti/lib/adodb/datadict/datadict-db2.inc.php
usr/share/cacti/lib/adodb/datadict/datadict-firebird.inc.php
@@ -351,7 +372,7 @@ usr/share/cacti/lib/adodb/datadict/datadict-oci8.inc.php
usr/share/cacti/lib/adodb/datadict/datadict-postgres.inc.php
usr/share/cacti/lib/adodb/datadict/datadict-sapdb.inc.php
usr/share/cacti/lib/adodb/datadict/datadict-sybase.inc.php
#usr/share/cacti/lib/adodb/drivers
usr/share/cacti/lib/adodb/drivers
usr/share/cacti/lib/adodb/drivers/adodb-access.inc.php
usr/share/cacti/lib/adodb/drivers/adodb-ado.inc.php
usr/share/cacti/lib/adodb/drivers/adodb-ado5.inc.php
@@ -392,7 +413,7 @@ usr/share/cacti/lib/adodb/drivers/adodb-sqlite.inc.php
usr/share/cacti/lib/adodb/drivers/adodb-sqlitepo.inc.php
usr/share/cacti/lib/adodb/drivers/adodb-sybase.inc.php
usr/share/cacti/lib/adodb/drivers/adodb-vfp.inc.php
#usr/share/cacti/lib/adodb/lang
usr/share/cacti/lib/adodb/lang
usr/share/cacti/lib/adodb/lang/adodb-ar.inc.php
usr/share/cacti/lib/adodb/lang/adodb-bg.inc.php
usr/share/cacti/lib/adodb/lang/adodb-bgutf8.inc.php
@@ -437,6 +458,7 @@ usr/share/cacti/lib/html_validate.php
usr/share/cacti/lib/import.php
usr/share/cacti/lib/ldap.php
usr/share/cacti/lib/ping.php
usr/share/cacti/lib/plugins.php
usr/share/cacti/lib/poller.php
usr/share/cacti/lib/rrd.php
usr/share/cacti/lib/snmp.php
@@ -450,6 +472,9 @@ usr/share/cacti/lib/variables.php
usr/share/cacti/lib/xml.php
usr/share/cacti/log
usr/share/cacti/logout.php
usr/share/cacti/plugins
usr/share/cacti/plugins.php
usr/share/cacti/plugins/index.php
usr/share/cacti/poller.php
usr/share/cacti/poller_commands.php
usr/share/cacti/poller_export.php

25
lfs/cacti
View File

@@ -24,7 +24,7 @@
include Config
VER = 0.8.7h
VER = 0.8.8b
THISAPP = cacti-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = cacti
PAK_VER = 4
PAK_VER = 5
DEPS = "netsnmpd mysql"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 58c9371341f49a190ae11a85118e598d
$(DL_FILE)_MD5 = acb40deae073ca22e5c01a8e3ba389fb
install : $(TARGET)
@@ -54,7 +54,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
@@ -78,6 +77,21 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/cacti/cacti-0.8.8a-legal.patch
cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/cacti/cacti-0.8.8a-replace_treeview_by_jquery.jstree.patch
cd $(DIR_APP) && patch -p2 -i $(DIR_SRC)/src/patches/cacti/cacti-0.8.8b-html-injection.patch
cd $(DIR_APP) && patch -p2 -i $(DIR_SRC)/src/patches/cacti/cacti-0.8.8b-remote-command-execution.patch
cd $(DIR_APP) && patch -p2 -i $(DIR_SRC)/src/patches/cacti/cacti-0.8.8b-rra-comments.patch
cd $(DIR_APP) && patch -p2 -i $(DIR_SRC)/src/patches/cacti/cacti-0.8.8b-sanitize-variables.patch
cd $(DIR_APP) && patch -p2 -i $(DIR_SRC)/src/patches/cacti/cacti-0.8.8b-sql-injection-shell-escaping.patch
cp -vf \
$(DIR_SRC)/config/cacti/d.gif \
$(DIR_SRC)/config/cacti/d.png \
$(DIR_SRC)/config/cacti/throbber.gif \
$(DIR_APP)/include/js/jquery/themes/default/
cd $(DIR_APP) && rm -rf include/treeview
@rm -rf /var/cacti /usr/share/cacti
mkdir -pv /var/cacti /usr/share/cacti
@@ -92,6 +106,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
ln -s /var/cacti/log /usr/share/cacti/log
ln -s /var/cacti/rra /usr/share/cacti/rra
-mkdir -pv /etc/logrotate.d
install -v -m 644 $(DIR_SRC)/config/cacti/cacti.logrotate /etc/logrotate.d/cacti
chown -R nobody:nobody /var/cacti/rra /var/cacti/log
@rm -rf $(DIR_APP)
@$(POSTBUILD)

3
src/paks/cacti/install.sh
View File

@@ -23,7 +23,4 @@
#
. /opt/pakfire/lib/functions.sh
extract_files
mysqladmin --user=root -pmysqlfire create cacti
mysql --user=root -pmysqlfire cacti < /usr/share/cacti/cacti.sql
mysql --user=root -pmysqlfire -e "GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'cactiuser';" mysql
/etc/init.d/apache restart

8166
src/patches/cacti/cacti-0.8.8a-legal.patch Normal file
View File

File diff suppressed because one or more lines are too long

607
src/patches/cacti/cacti-0.8.8a-replace_treeview_by_jquery.jstree.patch Normal file
View File

@@ -0,0 +1,607 @@
Description: treeview has a license issue, cacti upstream is going to replace it
with functionality from jquery.jstree.
.
This patch implements the changes needed for an upstream layout where the
necessary code is in cacti/include/js/jquery/ but the code in that path is
not included in this patch.
.
The necessary jquery scripts and theme info can come from cacti upstream and from
debian packages (libjs-jquery and libjs-jquery-cookie) The version used when
creating this patch can be found here:
http://svn.cacti.net/viewvc/cacti/branches/0.8.9/include/js/jquery/jquery.js?pathrev=7324
http://svn.cacti.net/viewvc/cacti/branches/0.8.9/include/js/jquery/jquery.jstree.js?pathrev=7324
http://svn.cacti.net/viewvc/cacti/branches/main/include/js/jquery/themes/default/?pathrev=7324
http://anonscm.debian.org/gitweb/?p=pkg-javascript/jquery-goodies.git;a=blob;f=cookie/jquery.cookie.js;hb=c50e1a2d599cb48893e8d77470e71e83e44dfdb5
.
This patch does NOT implement the changes needed for the Debian package of
cacti.
.
This patch was updated with the patch from Jan Zalesak <zalesak@jaw.cz> in
http://bugs.debian.org/702690 which was further improved to also cover
lib/graph_export.php and to keep tag alignment consistent.
Bug: http://bugs.cacti.net/view.php?id=2228
Bug-Debian: http://bugs.debian.org/679980
Author: Paul Gevers <elbrus@debian.org>
Date: Sun, 31 Mar 2013 11:59:05 +0200
--- a/include/top_graph_header.php
+++ b/include/top_graph_header.php
@@ -84,8 +84,9 @@
<link href="<?php echo $config['url_path']; ?>include/main.css" type="text/css" rel="stylesheet">
<link href="<?php echo $config['url_path']; ?>images/favicon.ico" rel="shortcut icon"/>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/layout.js"></script>
- <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/treeview/ua.js"></script>
- <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/treeview/ftiens4.js"></script>
+ <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/js/jquery/jquery.js" language="javascript"></script>
+ <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/js/jquery/jquery.cookie.js" language="javascript"></script>
+ <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/js/jquery/jquery.jstree.js"></script>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/jscalendar/calendar.js"></script>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/jscalendar/lang/calendar-en.js"></script>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/jscalendar/calendar-setup.js"></script>
@@ -178,7 +179,6 @@
<td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;background-repeat:repeat-y;background-color:#efefef;" bgcolor='#efefef' width='<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>' class='noprint'>
<table border=0 cellpadding=0 cellspacing=0><tr><td><a style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank></a></td></tr></table>
<?php grow_dhtml_trees(); ?>
- <script type="text/javascript">initializeDocument();</script>
<?php if (isset($_GET["select_first"])) { ?>
<script type="text/javascript">
--- a/lib/graph_export.php
+++ b/lib/graph_export.php
@@ -1365,15 +1365,6 @@
/* create the treeview representation for the html data */
grow_dhtml_trees_export($fp,$tree_id);
- fwrite($fp,"<script type='text/javascript'>initializeDocument();</script>\n");
- fwrite($fp,"<script type='text/javascript'>\n");
- fwrite($fp,"var obj;\n");
- fwrite($fp,"obj = findObj(1);\n");
- fwrite($fp,"if (!obj.isOpen) {\n");
- fwrite($fp,"clickOnNode(1);\n");
- fwrite($fp,"}\n");
- fwrite($fp,"clickOnLink(2,'','main');\n");
- fwrite($fp,"</script>\n");
fwrite($fp,"</td>\n");
fwrite($fp,"<td valign='top'>\n");
}
@@ -1383,16 +1374,7 @@
include_once($config["library_path"] . "/tree.php");
include_once($config["library_path"] . "/data_query.php");
- fwrite($fp, "<script type='text/javascript'>\n");
- fwrite($fp, "<!--
- USETEXTLINKS = 1
- STARTALLOPEN = 0
- USEFRAMES = 0
- USEICONS = 0
- WRAPTEXT = 1
- ICONPATH = 'treeview/'
- PERSERVESTATE = 1
- HIGHLIGHT = 1\n");
+ fwrite($fp, "<div id=\"jtree\">\n");
if (read_config_option("export_tree_isolation") == "off") {
$dhtml_tree_base = 0;
@@ -1413,9 +1395,34 @@
}
}
- fwrite($fp,"foldersTree.treeID = \"t2\"
- //-->\n
- </script>\n");
+ fwrite($fp, "</div>\n");
+ fwrite($fp, "<script type=\"text/javascript\">\n");
+ fwrite($fp, "$(function () {
+ $(\"#jtree\")
+ .jstree({
+ \"plugins\" : [\"ui\",\"themes\",\"html_data\",\"cookies\"],
+ \"themes\" : {\"icons\" : false,
+ \"url\" : \"./js/style.css\"},
+ \"cookies\" : {
+ \"save_opened\" : \"Cacti_jstree_open\",
+ \"save_selected\" : \"Cacti_jstree_select\"
+ }
+
+ })
+
+ // Make sure that the nodes are actually used as links
+ // We need reselect to prevent endless loops
+ // https://groups.google.com/d/topic/jstree/j6XNq9hQdeA/discussion
+ .bind(\"reselect.jstree\", function (e, data) {
+ data.inst.get_container().bind(\"select_node.jstree\", function (e, data) {
+ // data.rstl.obj is the object that was selected.
+ document.location.href = data.rslt.obj.children(\"a\").attr(\"href\");
+ });
+ });
+
+});\n");
+ fwrite($fp, "</script>\n");
+
}
/* get_graph_tree_array_export - returns a list of graph trees taking permissions into account if
@@ -1478,8 +1485,7 @@
$dhtml_tree = array();
$dhtml_tree[0] = $start;
$dhtml_tree[1] = read_graph_config_option("expand_hosts");
- $dhtml_tree[2] = "foldersTree = gFld(\"\", \"\")\n";
- $i = 2;
+ $i = 1;
$tree_list = get_graph_tree_array_export();
@@ -1499,7 +1505,6 @@
if (((read_config_option("export_tree_isolation") == "on") && ($tree_id == $tree["id"])) ||
(read_config_option("export_tree_isolation") == "off")) {
- $i++;
$hier_sql = "SELECT DISTINCT
graph_tree_items.id,
@@ -1522,19 +1527,53 @@
$dhtml_tree_id = 0;
if (sizeof($hierarchy) > 0) {
+ $last_tier = 1;
+ $openli = false;
+ $lasthost = false;
+ $opentree = false;
foreach ($hierarchy as $leaf) {
if ($dhtml_tree_id <> $tree["id"]) {
- $dhtml_tree[$i] = "ou0 = insFld(foldersTree, gFld(\"" . get_tree_name($tree["id"]) . "\", \"" . clean_up_export_name(get_tree_name($tree["id"])) . "_leaf.html\"))\n";
+ if ($opentree) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t</li>\n\t</ul>\n";
+ }
+ $i++;
+ $clean_id = clean_up_export_name(get_tree_name($tree["id"]));
+ $dhtml_tree[$i] = "\t<ul>\n\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . "_leaf.html\">" . get_tree_name($tree["id"]) . "</a>\n\t\t\t<ul>\n";
+ $opentree = true;
}
$dhtml_tree_id = $tree["id"];
- $i++;
$tier = tree_tier($leaf["order_key"]);
if ($leaf["host_id"] > 0) { //It's a host
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . ($tier-1) . ", gFld(\"Host: " . $leaf["hostname"] . "\", \"" . clean_up_export_name($leaf["hostname"] . "_" . $leaf["id"]) . ".html\"))\n";
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ $last_tier = $tier;
+ $lasthost = true;
+ $i++;
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_" . $leaf["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">Host: " . htmlspecialchars($leaf["hostname"]) . "</a>\n";
if (read_config_option("export_tree_expand_hosts") == "on") {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t<ul>\n";
if ($leaf["host_grouping_type"] == HOST_GROUPING_GRAPH_TEMPLATE) {
$graph_templates = db_fetch_assoc("SELECT
graph_templates.id,
@@ -1552,7 +1591,8 @@
if (sizeof($graph_templates) > 0) {
foreach ($graph_templates as $graph_template) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . $graph_template["name"] . "\", \"" . clean_up_export_name($leaf["hostname"] . "_gt_" . $leaf["id"]) . "_" . $graph_template["id"] . ".html\"))\n";
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_gt_" . $leaf["id"] . "_" . $graph_template["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">" . htmlspecialchars($graph_template["name"]) . "</a></li>\n";
}
}
}else if ($leaf["host_grouping_type"] == HOST_GROUPING_DATA_QUERY_INDEX) {
@@ -1567,36 +1607,77 @@
array_push($data_queries, array(
"id" => "0",
- "name" => "Graph Template Based"
+ "name" => "Non Query Based"
));
if (sizeof($data_queries) > 0) {
- foreach ($data_queries as $data_query) {
- $i++;
-
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . $data_query["name"] . "\", \"" . clean_up_export_name($leaf["hostname"] . "_dq_" . $leaf["title"] . "_" . $leaf["id"]) . "_" . $data_query["id"] . ".html\"))\n";
+ foreach ($data_queries as $data_query) {
+ $i++;
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_dq_" . $leaf["title"] . "_" . $leaf["id"] . "_" . $data_query["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">" . htmlspecialchars($data_query["name"]) . "</a>\n";
- /* fetch a list of field names that are sorted by the preferred sort field */
- $sort_field_data = get_formatted_data_query_indexes($leaf["host_id"], $data_query["id"]);
+ /* fetch a list of field names that are sorted by the preferred sort field */
+ $sort_field_data = get_formatted_data_query_indexes($leaf["host_id"], $data_query["id"]);
- if ($data_query["id"] > 0) {
- while (list($snmp_index, $sort_field_value) = each($sort_field_data)) {
+ if ($data_query["id"] > 0) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t<ul>\n";
+ while (list($snmp_index, $sort_field_value) = each($sort_field_data)) {
+ $i++;
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_dqi_" . $leaf["id"] . "_" . $data_query["id"] . "_" . $snmp_index);
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">" . htmlspecialchars($sort_field_value) . "</a></li>\n";
+ }
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+2) . " = insFld(ou" . ($tier+1) . ", gFld(\" " . $sort_field_value . "\", \"" . clean_up_export_name($leaf["hostname"] . "_dqi_" . $leaf["title"] . "_" . $leaf["id"]) . "_" . $data_query["id"] . "_" . $snmp_index . ".html\"))\n";
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t</ul>\n";
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t</li>\n";
}
}
- }
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n";
}
- }else {
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . ($tier-1) . ", gFld(\"" . $leaf["title"] . "\", \"" . clean_up_export_name(get_tree_name($tree["id"]) . "_" . $leaf["title"] . "_" . $leaf["id"]) . "_leaf.html\"))\n";
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }else { //It's not a host
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
+ }
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
+ $openli = false;
+ }
+ $last_tier = $tier;
+ $i++;
+ $clean_id = clean_up_export_name(get_tree_name($tree["id"]) . "_" . $leaf["title"] . "_" . $leaf["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . "_leaf.html\">" . htmlspecialchars($leaf["title"]) . "</a>\n";
+ $openli = true;
+ $lasthost = false;
}
}
+ for ($x = $last_tier; $x > 1; $x--) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t</li>\n\t</ul>\n";
}else{
if ($dhtml_tree_id <> $tree["id"]) {
- $dhtml_tree[$i] = "ou0 = insFld(foldersTree, gFld(\"" . get_tree_name($tree["id"]) . "\", \"" . clean_up_export_name(get_tree_name($tree["id"])) . "_leaf.html\"))\n";
$i++;
+ $clean_id = clean_up_export_name(get_tree_name($tree["id"]));
+ $dhtml_tree[$i] = "\t<ul>\n\t\t<li id=\"" . $clean_id . "_leaf\"><a href=\"" . $clean_id . "_leaf.html\">" . get_tree_name($tree["id"]) . "</a></li>\n\t</ul>";
}
}
}
@@ -1612,10 +1693,10 @@
$dir - the export directory where graphs will either be staged or located.
*/
function create_export_directory_structure($cacti_root_path, $dir) {
- /* create the treeview sub-directory */
- if (!is_dir("$dir/treeview")) {
- if (!mkdir("$dir/treeview", 0755)) {
- export_fatal("Create directory '" . $dir . "/treeview' failed. Can not continue");
+ /* create the jquery sub-directory */
+ if (!is_dir("$dir/js")) {
+ if (!mkdir("$dir/js", 0755)) {
+ export_fatal("Create directory '" . $dir . "/js' failed. Can not continue");
}
}
@@ -1626,8 +1707,6 @@
}
}
- $treeview_dir = $dir . "/treeview";
-
/* css */
copy("$cacti_root_path/include/main.css", "$dir/main.css");
@@ -1639,18 +1718,15 @@
copy("$cacti_root_path/images/shadow_gray.gif", "$dir/shadow_gray.gif");
/* java scripts for the tree */
- copy("$cacti_root_path/include/treeview/ftiens4_export.js", "$treeview_dir/ftiens4.js");
- copy("$cacti_root_path/include/treeview/ua.js", "$treeview_dir/ua.js");
-
- /* images for the tree */
- copy("$cacti_root_path/include/treeview/ftv2blank.gif", "$treeview_dir/ftv2blank.gif");
- copy("$cacti_root_path/include/treeview/ftv2lastnode.gif", "$treeview_dir/ftv2lastnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2mlastnode.gif", "$treeview_dir/ftv2mlastnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2mnode.gif", "$treeview_dir/ftv2mnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2node.gif", "$treeview_dir/ftv2node.gif");
- copy("$cacti_root_path/include/treeview/ftv2plastnode.gif", "$treeview_dir/ftv2plastnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2pnode.gif", "$treeview_dir/ftv2pnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2vertline.gif", "$treeview_dir/ftv2vertline.gif");
+ copy("$cacti_root_path/include/js/jquery/jquery.js", "$dir/js/jquery.js");
+ copy("$cacti_root_path/include/js/jquery/jquery.jstree.js", "$dir/js/jquery.jstree.js");
+ copy("$cacti_root_path/include/js/jquery/jquery.cookie.js", "$dir/js/jquery.cookie.js");
+
+ /* theme info for java scripts */
+ copy("$cacti_root_path/include/js/jquery/themes/default/style.css", "$dir/js/style.css");
+ copy("$cacti_root_path/include/js/jquery/themes/default/d.png", "$dir/js/d.png");
+ copy("$cacti_root_path/include/js/jquery/themes/default/d.gif", "$dir/js/d.gif");
+ copy("$cacti_root_path/include/js/jquery/themes/default/throbber.gif", "$dir/js/throbber.gif");
}
function get_host_description($host_id) {
@@ -1738,8 +1814,9 @@
<meta http-equiv=refresh content='300'; url='index.html'>
<meta http-equiv=Pragma content=no-cache>
<meta http-equiv=cache-control content=no-cache>
- <script type=\"text/javascript\" src=\"./treeview/ua.js\"></script>
- <script type=\"text/javascript\" src=\"./treeview/ftiens4.js\"></script>
+ <script type=\"text/javascript\" src=\"./js/jquery.js\" language=\"javascript\"></script>
+ <script type=\"text/javascript\" src=\"./js/jquery.cookie.js\" language=\"javascript\"></script>
+ <script type=\"text/javascript\" src=\"./js/jquery.jstree.js\" language=\"javascript\"></script>
</head>
<body>
<table style='width:100%;height:100%;' cellspacing='0' cellpadding='0'>
--- a/lib/html_tree.php
+++ b/lib/html_tree.php
@@ -495,17 +495,9 @@
include_once($config["library_path"] . "/data_query.php");
?>
- <script type="text/javascript">
- <!--
- USETEXTLINKS = 1
- STARTALLOPEN = 0
- USEFRAMES = 0
- USEICONS = 0
- WRAPTEXT = 1
- PERSERVESTATE = 1
- HIGHLIGHT = 1
<?php
/* get current time */
+/* Probably not needed anymore as jstree uses jquery.cookies
list($micro,$seconds) = explode(" ", microtime());
$current_time = $seconds + $micro;
$expand_hosts = read_graph_config_option("expand_hosts");
@@ -522,6 +514,8 @@
$dhtml_tree = $_SESSION['dhtml_tree'];
}
}
+*/
+ $dhtml_tree = create_dhtml_tree();
$total_tree_items = sizeof($dhtml_tree) - 1;
@@ -529,8 +523,31 @@
print $dhtml_tree[$i];
}
?>
- //-->
- </script>
+<script type="text/javascript">
+$(function () {
+ $("#jtree")
+ .jstree({
+ "plugins" : ["ui","themes","html_data","cookies"],
+ "themes" : {"icons" : false,
+ "url" : "<?php echo $config['url_path']; ?>include/js/jquery/themes/default/style.css"},
+ "cookies" : {
+ "save_opened" : "Cacti_jstree_open",
+ "save_selected" : "Cacti_jstree_select"
+ }
+ })
+
+ // Make sure that the nodes are actually used as links
+ // We need reselect to prevent endless loops
+ // https://groups.google.com/d/topic/jstree/j6XNq9hQdeA/discussion
+ .bind("reselect.jstree", function (e, data) {
+ data.inst.get_container().bind("select_node.jstree", function (e, data) {
+ // data.rstl.obj is the object that was selected.
+ document.location.href = data.rslt.obj.children("a").attr("href");
+ });
+ });
+
+});
+</script>
<?php
}
@@ -543,9 +560,8 @@
$dhtml_tree[0] = $start;
$dhtml_tree[1] = read_graph_config_option("expand_hosts");
- $dhtml_tree[2] = "foldersTree = gFld(\"\", \"\")\n";
- $dhtml_tree[3] = "foldersTree.xID = \"root\"\n";
- $i = 3;
+ $dhtml_tree[2] = "\n<div id=\"jtree\">\n";
+ $i = 2;
$tree_list = get_graph_tree_array();
@@ -567,7 +583,6 @@
if (sizeof($tree_list) > 0) {
foreach ($tree_list as $tree) {
- $i++;
$hierarchy = db_fetch_assoc("select
graph_tree_items.id,
graph_tree_items.title,
@@ -583,21 +598,45 @@
and graph_tree_items.local_graph_id = 0
order by graph_tree_items.order_key");
- $dhtml_tree[$i] = "ou0 = insFld(foldersTree, gFld(\"" . htmlspecialchars($tree["name"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"]) . "\"))\n";
$i++;
- $dhtml_tree[$i] = "ou0.xID = \"tree_" . $tree["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t<ul>\n\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"]) . "\">" . htmlspecialchars($tree["name"]) . "</a>\n";
if (sizeof($hierarchy) > 0) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ $last_tier = 1;
+ $openli = false;
+ $lasthost = false;
foreach ($hierarchy as $leaf) {
- $i++;
$tier = tree_tier($leaf["order_key"]);
- if ($leaf["host_id"] > 0) {
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . abs(($tier-1)) . ", gFld(\"" . "Host: " . htmlspecialchars($leaf["hostname"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\"))\n";
+ if ($leaf["host_id"] > 0) { //It's a host
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ $last_tier = $tier;
+ $lasthost = true;
$i++;
- $dhtml_tree[$i] = "ou" . ($tier) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\">Host: " . htmlspecialchars($leaf["hostname"]) . "</a>\n";
if (read_graph_config_option("expand_hosts") == "on") {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t<ul>\n";
if ($leaf["host_grouping_type"] == HOST_GROUPING_GRAPH_TEMPLATE) {
$graph_templates = db_fetch_assoc("select
graph_templates.id,
@@ -612,9 +651,7 @@
if (sizeof($graph_templates) > 0) {
foreach ($graph_templates as $graph_template) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . htmlspecialchars($graph_template["name"]) . "\", \"graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=graph_template:" . $graph_template["id"] . "\"))\n";
- $i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_gt_" . $graph_template["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_gt_" . $graph_template["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=graph_template:" . $graph_template["id"]) . "\">" . htmlspecialchars($graph_template["name"]) . "</a></li>\n";
}
}
}else if ($leaf["host_grouping_type"] == HOST_GROUPING_DATA_QUERY_INDEX) {
@@ -645,33 +682,71 @@
if ((($data_query["id"] == 0) && ($non_template_graphs > 0)) ||
(($data_query["id"] > 0) && (sizeof($sort_field_data) > 0))) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . htmlspecialchars($data_query["name"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query:" . $data_query["id"]) . "\"))\n";
- $i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dq_" . $data_query["id"] . "\"\n";
-
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dq_" . $data_query["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query:" . $data_query["id"]) . "\">" . htmlspecialchars($data_query["name"]) . "</a>\n";
if ($data_query["id"] > 0) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t<ul>\n";
while (list($snmp_index, $sort_field_value) = each($sort_field_data)) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+2) . " = insFld(ou" . ($tier+1) . ", gFld(\" " . htmlspecialchars($sort_field_value) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query_index:" . $data_query["id"] . ":" . urlencode($snmp_index)) . "\"))\n";
- $i++;
- $dhtml_tree[$i] = "ou" . ($tier+2) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dqi" . $data_query["id"] . "_" . urlencode($snmp_index) . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dqi" . $data_query["id"]) . "_" . urlencode($snmp_index) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query_index:" . $data_query["id"] . ":" . urlencode($snmp_index)) . "\">" . htmlspecialchars($sort_field_value) . "</a></li>\n";
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t</ul>\n";
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t</li>\n";
}
}
}
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t</li>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }else{ //It's not a host
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
}
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
+ $openli = false;
}
- }else{
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . abs(($tier-1)) . ", gFld(\"" . htmlspecialchars($leaf["title"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\"))\n";
+ $last_tier = $tier;
$i++;
- $dhtml_tree[$i] = "ou" . ($tier) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\">" . htmlspecialchars($leaf["title"]) . "</a>\n";
+ $openli = true;
+ $lasthost = false;
}
}
+ for ($x = $last_tier; $x > 1; $x--) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n";
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t</li>\n\t</ul>\n";
}
}
+ $i++;
+ $dhtml_tree[$i] = "</div>\n";
+
return $dhtml_tree;
}
@@ -758,14 +833,6 @@
}
}
- print "<script type=\"text/javascript\">\n";
- print "<!--\n";
- print "myNode = findObj(\"$nodeid\")\n";
- print "myNode.forceOpeningOfAncestorFolders();\n";
- print "highlightObjLink(myNode)\n";
- print "//-->\n";
- print "</script>";
-
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("graphs"));
input_validate_input_number(get_request_var_post("page"));

19
src/patches/cacti/cacti-0.8.8b-html-injection.patch Normal file
View File

@@ -0,0 +1,19 @@
------------------------------------------------------------------------
r7443 | rony | 2014-03-30 18:43:28 -0500 (Sun, 30 Mar 2014) | 2 lines
bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
------------------------------------------------------------------------
Index: branches/0.8.8/cdef.php
===================================================================
--- branches/0.8.8/cdef.php (revision 7442)
+++ branches/0.8.8/cdef.php (revision 7443)
@@ -431,7 +431,7 @@
<a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a>
</td>
<td>
- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong>
+ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong>
</td>
<td>
<a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a>

28
src/patches/cacti/cacti-0.8.8b-remote-command-execution.patch Normal file
View File

@@ -0,0 +1,28 @@
------------------------------------------------------------------------
r7442 | rony | 2014-03-30 18:41:56 -0500 (Sun, 30 Mar 2014) | 2 lines
bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
------------------------------------------------------------------------
Index: branches/0.8.8/lib/graph_export.php
===================================================================
--- branches/0.8.8/lib/graph_export.php (revision 7441)
+++ branches/0.8.8/lib/graph_export.php (revision 7442)
@@ -339,7 +339,7 @@
chdir($stExportDir);
/* set the initial command structure */
- $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password'];
+ $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']);
/* if the user requested passive mode, use it */
if ($aFtpExport['passive']) {
@@ -347,7 +347,7 @@
}
/* setup the port, server, remote directory and all files */
- $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . ".";
+ $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . ".";
/* run the command */
$iExecuteReturns = 0;

42
src/patches/cacti/cacti-0.8.8b-rra-comments.patch Normal file
View File

@@ -0,0 +1,42 @@
------------------------------------------------------------------------
r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line
fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
------------------------------------------------------------------------
Index: branches/0.8.8/lib/rrd.php
===================================================================
--- branches/0.8.8/lib/rrd.php (revision 7417)
+++ branches/0.8.8/lib/rrd.php (revision 7418)
@@ -1343,20 +1343,20 @@
$need_rrd_nl = TRUE;
if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
+ # perform variable substitution first (in case this will yield an empty results or brings command injection problems)
+ $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
+ # next, compute the argument of the COMMENT statement and perform injection counter measures
+ if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
+ $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
+ } else {
+ $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
+ }
+
+ # create rrdtool specific command line
if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
- if (trim($comment_string) == 'COMMENT:"\n"') {
- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
- } else if (trim($comment_string) != "COMMENT:\"\"") {
- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
- }
+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
}else {
- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
- if (trim($comment_string) == 'COMMENT:"\n"') {
- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
- } else if (trim($comment_string) != "COMMENT:\"\"") {
- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
- }
+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
}
}elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
$graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */

155
src/patches/cacti/cacti-0.8.8b-sanitize-variables.patch Normal file
View File

@@ -0,0 +1,155 @@
------------------------------------------------------------------------
r7420 | cigamit | 2013-08-17 21:41:24 -0600 (Sat, 17 Aug 2013) | 1 line
Bug #0002383 : Sanitize the step and id variables
------------------------------------------------------------------------
Index: branches/0.8.8/host.php
===================================================================
--- branches/0.8.8/host.php (revision 7419)
+++ branches/0.8.8/host.php (revision 7420)
@@ -149,6 +149,9 @@
if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) {
raise_message(4);
}else{
+ input_validate_input_number(get_request_var_post("id"));
+ input_validate_input_number(get_request_var_post("host_template_id"));
+
$host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"],
trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"],
$_POST["snmp_username"], $_POST["snmp_password"],
Index: branches/0.8.8/lib/api_device.php
===================================================================
--- branches/0.8.8/lib/api_device.php (revision 7419)
+++ branches/0.8.8/lib/api_device.php (revision 7420)
@@ -107,7 +107,7 @@
$_host_template_id = db_fetch_cell("select host_template_id from host where id=$id");
}
- $save["id"] = $id;
+ $save["id"] = form_input_validate($id, "id", "^[0-9]+$", false, 3);
$save["host_template_id"] = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3);
$save["description"] = form_input_validate($description, "description", "", false, 3);
$save["hostname"] = form_input_validate(trim($hostname), "hostname", "", false, 3);
Index: branches/0.8.8/install/index.php
===================================================================
--- branches/0.8.8/install/index.php (revision 7419)
+++ branches/0.8.8/install/index.php (revision 7420)
@@ -310,27 +310,28 @@
}
/* pre-processing that needs to be done for each step */
-if (empty($_REQUEST["step"])) {
- $_REQUEST["step"] = 1;
-}else{
- if ($_REQUEST["step"] == "1") {
- $_REQUEST["step"] = "2";
- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) {
- $_REQUEST["step"] = "3";
- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) {
- $_REQUEST["step"] = "8";
- }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {
- $_REQUEST["step"] = "9";
- }elseif ($_REQUEST["step"] == "8") {
- $_REQUEST["step"] = "3";
- }elseif ($_REQUEST["step"] == "9") {
- $_REQUEST["step"] = "3";
- }elseif ($_REQUEST["step"] == "3") {
- $_REQUEST["step"] = "4";
+if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) {
+ $step = intval($_REQUEST["step"]);
+ if ($step == "1") {
+ $step = "2";
+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) {
+ $step = "3";
+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) {
+ $step = "8";
+ } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {
+ $step = "9";
+ } elseif ($step == "8") {
+ $step = "3";
+ } elseif ($step == "9") {
+ $step = "3";
+ } elseif ($step == "3") {
+ $step = "4";
}
+} else {
+ $step = 1;
}
-if ($_REQUEST["step"] == "4") {
+if ($step == "4") {
include_once("../lib/data_query.php");
include_once("../lib/utility.php");
@@ -366,7 +367,7 @@
header ("Location: ../index.php");
exit;
-}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) {
+}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) {
/* if the version is not found, die */
if (!is_int($old_version_index)) {
print " <p style='font-family: Verdana, Arial; font-size: 16px; font-weight: bold; color: red;'>Error</p>
@@ -505,7 +506,7 @@
</tr>
<tr>
<td width="100%" style="font-size: 12px;">
- <?php if ($_REQUEST["step"] == "1") { ?>
+ <?php if ($step == "1") { ?>
<p>Thanks for taking the time to download and install cacti, the complete graphing
solution for your network. Before you can start making cool graphs, there are a few
@@ -530,7 +531,7 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.</p>
- <?php }elseif ($_REQUEST["step"] == "2") { ?>
+ <?php }elseif ($step == "2") { ?>
<p>Please select the type of installation</p>
@@ -551,7 +552,7 @@
print "Server Operating System Type: " . $config["cacti_server_os"] . "<br>"; ?>
</p>
- <?php }elseif ($_REQUEST["step"] == "3") { ?>
+ <?php }elseif ($step == "3") { ?>
<p>Make sure all of these values are correct before continuing.</p>
<?php
@@ -609,7 +610,7 @@
is an upgrade. You can change any of the settings on this screen at a later
time by going to "Cacti Settings" from within Cacti.</p>
- <?php }elseif ($_REQUEST["step"] == "8") { ?>
+ <?php }elseif ($step == "8") { ?>
<p>Upgrade results:</p>
@@ -659,7 +660,7 @@
print $upgrade_results;
?>
- <?php }elseif ($_REQUEST["step"] == "9") { ?>
+ <?php }elseif ($step == "9") { ?>
<p style='font-size: 16px; font-weight: bold; color: red;'>Important Upgrade Notice</p>
@@ -673,7 +674,7 @@
<?php }?>
- <p align="right"><input type="image" src="install_<?php if ($_REQUEST["step"] == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($_REQUEST["step"] == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>
+ <p align="right"><input type="image" src="install_<?php if ($step == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($step == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>
</td>
</tr>
</table>
@@ -681,7 +682,7 @@
</tr>
</table>
-<input type="hidden" name="step" value="<?php print $_REQUEST["step"];?>">
+<input type="hidden" name="step" value="<?php print $step;?>">
</form>

117
src/patches/cacti/cacti-0.8.8b-sql-injection-shell-escaping.patch Normal file
View File

@@ -0,0 +1,117 @@
------------------------------------------------------------------------
r7439 | rony | 2014-03-30 17:52:10 -0500 (Sun, 30 Mar 2014) | 5 lines
bug#0002405: SQL injection in graph_xport.php
- Fixed form input validation problems
- Fixed rrd export and graph shell escape issues
------------------------------------------------------------------------
Index: branches/0.8.8/graph_xport.php
===================================================================
--- branches/0.8.8/graph_xport.php (revision 7438)
+++ branches/0.8.8/graph_xport.php (revision 7439)
@@ -47,43 +47,48 @@
$graph_data_array = array();
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var("local_graph_id"));
+input_validate_input_number(get_request_var("rra_id"));
+/* ==================================================== */
+
/* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
- $graph_data_array["graph_start"] = $_GET["graph_start"];
+if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"] && $_GET["graph_start"] < 1600000000)) {
+ $graph_data_array["graph_start"] = get_request_var("graph_start");
}
/* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
- $graph_data_array["graph_end"] = $_GET["graph_end"];
+if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
+ $graph_data_array["graph_end"] = get_request_var("graph_end");
}
/* override: graph height (in pixels) */
-if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
- $graph_data_array["graph_height"] = $_GET["graph_height"];
+if (!empty($_GET["graph_height"]) && is_numeric($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
+ $graph_data_array["graph_height"] = get_request_var("graph_height");
}
/* override: graph width (in pixels) */
-if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
- $graph_data_array["graph_width"] = $_GET["graph_width"];
+if (!empty($_GET["graph_width"]) && is_numeric($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
+ $graph_data_array["graph_width"] = get_request_var("graph_width");
}
/* override: skip drawing the legend? */
if (!empty($_GET["graph_nolegend"])) {
- $graph_data_array["graph_nolegend"] = $_GET["graph_nolegend"];
+ $graph_data_array["graph_nolegend"] = get_request_var("graph_nolegend");
}
/* print RRDTool graph source? */
if (!empty($_GET["show_source"])) {
- $graph_data_array["print_source"] = $_GET["show_source"];
+ $graph_data_array["print_source"] = get_request_var("show_source");
}
-$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . $_REQUEST["local_graph_id"] . "'");
+$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . get_request_var("local_graph_id") . "'");
/* for bandwidth, NThPercentile */
$xport_meta = array();
/* Get graph export */
-$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array, $xport_meta);
+$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], get_request_var("rra_id"), $graph_data_array, $xport_meta);
/* Make graph title the suggested file name */
if (is_array($xport_array["meta"])) {
Index: branches/0.8.8/lib/rrd.php
===================================================================
--- branches/0.8.8/lib/rrd.php (revision 7438)
+++ branches/0.8.8/lib/rrd.php (revision 7439)
@@ -865,13 +865,13 @@
/* basic graph options */
$graph_opts .=
"--imgformat=" . $image_types{$graph["image_format_id"]} . RRD_NL .
- "--start=$graph_start" . RRD_NL .
- "--end=$graph_end" . RRD_NL .
+ "--start=" . cacti_escapeshellarg($graph_start) . RRD_NL .
+ "--end=" . cacti_escapeshellarg($graph_end) . RRD_NL .
"--title=" . cacti_escapeshellarg($graph["title_cache"]) . RRD_NL .
"$rigid" .
- "--base=" . $graph["base_value"] . RRD_NL .
- "--height=$graph_height" . RRD_NL .
- "--width=$graph_width" . RRD_NL .
+ "--base=" . cacti_escapeshellarg($graph["base_value"]) . RRD_NL .
+ "--height=" . cacti_escapeshellarg($graph_height) . RRD_NL .
+ "--width=" . cacti_escapeshellarg($graph_width) . RRD_NL .
"$scale" .
"$unit_value" .
"$unit_exponent_value" .
@@ -1606,8 +1606,8 @@
/* basic export options */
$xport_opts =
- "--start=$xport_start" . RRD_NL .
- "--end=$xport_end" . RRD_NL .
+ "--start=" . cacti_escapeshellarg($xport_start) . RRD_NL .
+ "--end=" . cacti_escapeshellarg($xport_end) . RRD_NL .
"--maxrows=10000" . RRD_NL;
$xport_defs = "";
@@ -1997,7 +1997,7 @@
$stacked_columns["col" . $j] = ($graph_item_types{$xport_item["graph_type_id"]} == "STACK") ? 1 : 0;
$j++;
- $txt_xport_items .= "XPORT:" . $data_source_name . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ;
+ $txt_xport_items .= "XPORT:" . cacti_escapeshellarg($data_source_name) . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ;
}else{
$need_rrd_nl = FALSE;
}