webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 09:48:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next' into kernel-4.14

Browse Source
This commit is contained in:
Arne Fitzenreiter
2017-12-18 18:22:06 +01:00
parent 547a03301d cbcc135126
commit d952f7557e
83 changed files with 242 additions and 14440 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8166
src/patches/cacti/cacti-0.8.8a-legal.patch
View File

File diff suppressed because one or more lines are too long

607
src/patches/cacti/cacti-0.8.8a-replace_treeview_by_jquery.jstree.patch
View File

@@ -1,607 +0,0 @@
Description: treeview has a license issue, cacti upstream is going to replace it
with functionality from jquery.jstree.
.
This patch implements the changes needed for an upstream layout where the
necessary code is in cacti/include/js/jquery/ but the code in that path is
not included in this patch.
.
The necessary jquery scripts and theme info can come from cacti upstream and from
debian packages (libjs-jquery and libjs-jquery-cookie) The version used when
creating this patch can be found here:
http://svn.cacti.net/viewvc/cacti/branches/0.8.9/include/js/jquery/jquery.js?pathrev=7324
http://svn.cacti.net/viewvc/cacti/branches/0.8.9/include/js/jquery/jquery.jstree.js?pathrev=7324
http://svn.cacti.net/viewvc/cacti/branches/main/include/js/jquery/themes/default/?pathrev=7324
http://anonscm.debian.org/gitweb/?p=pkg-javascript/jquery-goodies.git;a=blob;f=cookie/jquery.cookie.js;hb=c50e1a2d599cb48893e8d77470e71e83e44dfdb5
.
This patch does NOT implement the changes needed for the Debian package of
cacti.
.
This patch was updated with the patch from Jan Zalesak <zalesak@jaw.cz> in
http://bugs.debian.org/702690 which was further improved to also cover
lib/graph_export.php and to keep tag alignment consistent.
Bug: http://bugs.cacti.net/view.php?id=2228
Bug-Debian: http://bugs.debian.org/679980
Author: Paul Gevers <elbrus@debian.org>
Date: Sun, 31 Mar 2013 11:59:05 +0200
--- a/include/top_graph_header.php
+++ b/include/top_graph_header.php
@@ -84,8 +84,9 @@
<link href="<?php echo $config['url_path']; ?>include/main.css" type="text/css" rel="stylesheet">
<link href="<?php echo $config['url_path']; ?>images/favicon.ico" rel="shortcut icon"/>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/layout.js"></script>
- <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/treeview/ua.js"></script>
- <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/treeview/ftiens4.js"></script>
+ <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/js/jquery/jquery.js" language="javascript"></script>
+ <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/js/jquery/jquery.cookie.js" language="javascript"></script>
+ <script type="text/javascript" src="<?php echo $config['url_path']; ?>include/js/jquery/jquery.jstree.js"></script>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/jscalendar/calendar.js"></script>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/jscalendar/lang/calendar-en.js"></script>
<script type="text/javascript" src="<?php echo $config['url_path']; ?>include/jscalendar/calendar-setup.js"></script>
@@ -178,7 +179,6 @@
<td valign="top" style="padding: 5px; border-right: #aaaaaa 1px solid;background-repeat:repeat-y;background-color:#efefef;" bgcolor='#efefef' width='<?php print htmlspecialchars(read_graph_config_option("default_dual_pane_width"));?>' class='noprint'>
<table border=0 cellpadding=0 cellspacing=0><tr><td><a style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank></a></td></tr></table>
<?php grow_dhtml_trees(); ?>
- <script type="text/javascript">initializeDocument();</script>
<?php if (isset($_GET["select_first"])) { ?>
<script type="text/javascript">
--- a/lib/graph_export.php
+++ b/lib/graph_export.php
@@ -1365,15 +1365,6 @@
/* create the treeview representation for the html data */
grow_dhtml_trees_export($fp,$tree_id);
- fwrite($fp,"<script type='text/javascript'>initializeDocument();</script>\n");
- fwrite($fp,"<script type='text/javascript'>\n");
- fwrite($fp,"var obj;\n");
- fwrite($fp,"obj = findObj(1);\n");
- fwrite($fp,"if (!obj.isOpen) {\n");
- fwrite($fp,"clickOnNode(1);\n");
- fwrite($fp,"}\n");
- fwrite($fp,"clickOnLink(2,'','main');\n");
- fwrite($fp,"</script>\n");
fwrite($fp,"</td>\n");
fwrite($fp,"<td valign='top'>\n");
}
@@ -1383,16 +1374,7 @@
include_once($config["library_path"] . "/tree.php");
include_once($config["library_path"] . "/data_query.php");
- fwrite($fp, "<script type='text/javascript'>\n");
- fwrite($fp, "<!--
- USETEXTLINKS = 1
- STARTALLOPEN = 0
- USEFRAMES = 0
- USEICONS = 0
- WRAPTEXT = 1
- ICONPATH = 'treeview/'
- PERSERVESTATE = 1
- HIGHLIGHT = 1\n");
+ fwrite($fp, "<div id=\"jtree\">\n");
if (read_config_option("export_tree_isolation") == "off") {
$dhtml_tree_base = 0;
@@ -1413,9 +1395,34 @@
}
}
- fwrite($fp,"foldersTree.treeID = \"t2\"
- //-->\n
- </script>\n");
+ fwrite($fp, "</div>\n");
+ fwrite($fp, "<script type=\"text/javascript\">\n");
+ fwrite($fp, "$(function () {
+ $(\"#jtree\")
+ .jstree({
+ \"plugins\" : [\"ui\",\"themes\",\"html_data\",\"cookies\"],
+ \"themes\" : {\"icons\" : false,
+ \"url\" : \"./js/style.css\"},
+ \"cookies\" : {
+ \"save_opened\" : \"Cacti_jstree_open\",
+ \"save_selected\" : \"Cacti_jstree_select\"
+ }
+
+ })
+
+ // Make sure that the nodes are actually used as links
+ // We need reselect to prevent endless loops
+ // https://groups.google.com/d/topic/jstree/j6XNq9hQdeA/discussion
+ .bind(\"reselect.jstree\", function (e, data) {
+ data.inst.get_container().bind(\"select_node.jstree\", function (e, data) {
+ // data.rstl.obj is the object that was selected.
+ document.location.href = data.rslt.obj.children(\"a\").attr(\"href\");
+ });
+ });
+
+});\n");
+ fwrite($fp, "</script>\n");
+
}
/* get_graph_tree_array_export - returns a list of graph trees taking permissions into account if
@@ -1478,8 +1485,7 @@
$dhtml_tree = array();
$dhtml_tree[0] = $start;
$dhtml_tree[1] = read_graph_config_option("expand_hosts");
- $dhtml_tree[2] = "foldersTree = gFld(\"\", \"\")\n";
- $i = 2;
+ $i = 1;
$tree_list = get_graph_tree_array_export();
@@ -1499,7 +1505,6 @@
if (((read_config_option("export_tree_isolation") == "on") && ($tree_id == $tree["id"])) ||
(read_config_option("export_tree_isolation") == "off")) {
- $i++;
$hier_sql = "SELECT DISTINCT
graph_tree_items.id,
@@ -1522,19 +1527,53 @@
$dhtml_tree_id = 0;
if (sizeof($hierarchy) > 0) {
+ $last_tier = 1;
+ $openli = false;
+ $lasthost = false;
+ $opentree = false;
foreach ($hierarchy as $leaf) {
if ($dhtml_tree_id <> $tree["id"]) {
- $dhtml_tree[$i] = "ou0 = insFld(foldersTree, gFld(\"" . get_tree_name($tree["id"]) . "\", \"" . clean_up_export_name(get_tree_name($tree["id"])) . "_leaf.html\"))\n";
+ if ($opentree) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t</li>\n\t</ul>\n";
+ }
+ $i++;
+ $clean_id = clean_up_export_name(get_tree_name($tree["id"]));
+ $dhtml_tree[$i] = "\t<ul>\n\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . "_leaf.html\">" . get_tree_name($tree["id"]) . "</a>\n\t\t\t<ul>\n";
+ $opentree = true;
}
$dhtml_tree_id = $tree["id"];
- $i++;
$tier = tree_tier($leaf["order_key"]);
if ($leaf["host_id"] > 0) { //It's a host
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . ($tier-1) . ", gFld(\"Host: " . $leaf["hostname"] . "\", \"" . clean_up_export_name($leaf["hostname"] . "_" . $leaf["id"]) . ".html\"))\n";
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ $last_tier = $tier;
+ $lasthost = true;
+ $i++;
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_" . $leaf["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">Host: " . htmlspecialchars($leaf["hostname"]) . "</a>\n";
if (read_config_option("export_tree_expand_hosts") == "on") {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t<ul>\n";
if ($leaf["host_grouping_type"] == HOST_GROUPING_GRAPH_TEMPLATE) {
$graph_templates = db_fetch_assoc("SELECT
graph_templates.id,
@@ -1552,7 +1591,8 @@
if (sizeof($graph_templates) > 0) {
foreach ($graph_templates as $graph_template) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . $graph_template["name"] . "\", \"" . clean_up_export_name($leaf["hostname"] . "_gt_" . $leaf["id"]) . "_" . $graph_template["id"] . ".html\"))\n";
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_gt_" . $leaf["id"] . "_" . $graph_template["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">" . htmlspecialchars($graph_template["name"]) . "</a></li>\n";
}
}
}else if ($leaf["host_grouping_type"] == HOST_GROUPING_DATA_QUERY_INDEX) {
@@ -1567,36 +1607,77 @@
array_push($data_queries, array(
"id" => "0",
- "name" => "Graph Template Based"
+ "name" => "Non Query Based"
));
if (sizeof($data_queries) > 0) {
- foreach ($data_queries as $data_query) {
- $i++;
-
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . $data_query["name"] . "\", \"" . clean_up_export_name($leaf["hostname"] . "_dq_" . $leaf["title"] . "_" . $leaf["id"]) . "_" . $data_query["id"] . ".html\"))\n";
+ foreach ($data_queries as $data_query) {
+ $i++;
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_dq_" . $leaf["title"] . "_" . $leaf["id"] . "_" . $data_query["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">" . htmlspecialchars($data_query["name"]) . "</a>\n";
- /* fetch a list of field names that are sorted by the preferred sort field */
- $sort_field_data = get_formatted_data_query_indexes($leaf["host_id"], $data_query["id"]);
+ /* fetch a list of field names that are sorted by the preferred sort field */
+ $sort_field_data = get_formatted_data_query_indexes($leaf["host_id"], $data_query["id"]);
- if ($data_query["id"] > 0) {
- while (list($snmp_index, $sort_field_value) = each($sort_field_data)) {
+ if ($data_query["id"] > 0) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t<ul>\n";
+ while (list($snmp_index, $sort_field_value) = each($sort_field_data)) {
+ $i++;
+ $clean_id = clean_up_export_name($leaf["hostname"] . "_dqi_" . $leaf["id"] . "_" . $data_query["id"] . "_" . $snmp_index);
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . ".html\">" . htmlspecialchars($sort_field_value) . "</a></li>\n";
+ }
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+2) . " = insFld(ou" . ($tier+1) . ", gFld(\" " . $sort_field_value . "\", \"" . clean_up_export_name($leaf["hostname"] . "_dqi_" . $leaf["title"] . "_" . $leaf["id"]) . "_" . $data_query["id"] . "_" . $snmp_index . ".html\"))\n";
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t</ul>\n";
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t</li>\n";
}
}
- }
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n";
}
- }else {
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . ($tier-1) . ", gFld(\"" . $leaf["title"] . "\", \"" . clean_up_export_name(get_tree_name($tree["id"]) . "_" . $leaf["title"] . "_" . $leaf["id"]) . "_leaf.html\"))\n";
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }else { //It's not a host
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
+ }
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
+ $openli = false;
+ }
+ $last_tier = $tier;
+ $i++;
+ $clean_id = clean_up_export_name(get_tree_name($tree["id"]) . "_" . $leaf["title"] . "_" . $leaf["id"]);
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . $clean_id . "\"><a href=\"" . $clean_id . "_leaf.html\">" . htmlspecialchars($leaf["title"]) . "</a>\n";
+ $openli = true;
+ $lasthost = false;
}
}
+ for ($x = $last_tier; $x > 1; $x--) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t</li>\n\t</ul>\n";
}else{
if ($dhtml_tree_id <> $tree["id"]) {
- $dhtml_tree[$i] = "ou0 = insFld(foldersTree, gFld(\"" . get_tree_name($tree["id"]) . "\", \"" . clean_up_export_name(get_tree_name($tree["id"])) . "_leaf.html\"))\n";
$i++;
+ $clean_id = clean_up_export_name(get_tree_name($tree["id"]));
+ $dhtml_tree[$i] = "\t<ul>\n\t\t<li id=\"" . $clean_id . "_leaf\"><a href=\"" . $clean_id . "_leaf.html\">" . get_tree_name($tree["id"]) . "</a></li>\n\t</ul>";
}
}
}
@@ -1612,10 +1693,10 @@
$dir - the export directory where graphs will either be staged or located.
*/
function create_export_directory_structure($cacti_root_path, $dir) {
- /* create the treeview sub-directory */
- if (!is_dir("$dir/treeview")) {
- if (!mkdir("$dir/treeview", 0755)) {
- export_fatal("Create directory '" . $dir . "/treeview' failed. Can not continue");
+ /* create the jquery sub-directory */
+ if (!is_dir("$dir/js")) {
+ if (!mkdir("$dir/js", 0755)) {
+ export_fatal("Create directory '" . $dir . "/js' failed. Can not continue");
}
}
@@ -1626,8 +1707,6 @@
}
}
- $treeview_dir = $dir . "/treeview";
-
/* css */
copy("$cacti_root_path/include/main.css", "$dir/main.css");
@@ -1639,18 +1718,15 @@
copy("$cacti_root_path/images/shadow_gray.gif", "$dir/shadow_gray.gif");
/* java scripts for the tree */
- copy("$cacti_root_path/include/treeview/ftiens4_export.js", "$treeview_dir/ftiens4.js");
- copy("$cacti_root_path/include/treeview/ua.js", "$treeview_dir/ua.js");
-
- /* images for the tree */
- copy("$cacti_root_path/include/treeview/ftv2blank.gif", "$treeview_dir/ftv2blank.gif");
- copy("$cacti_root_path/include/treeview/ftv2lastnode.gif", "$treeview_dir/ftv2lastnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2mlastnode.gif", "$treeview_dir/ftv2mlastnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2mnode.gif", "$treeview_dir/ftv2mnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2node.gif", "$treeview_dir/ftv2node.gif");
- copy("$cacti_root_path/include/treeview/ftv2plastnode.gif", "$treeview_dir/ftv2plastnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2pnode.gif", "$treeview_dir/ftv2pnode.gif");
- copy("$cacti_root_path/include/treeview/ftv2vertline.gif", "$treeview_dir/ftv2vertline.gif");
+ copy("$cacti_root_path/include/js/jquery/jquery.js", "$dir/js/jquery.js");
+ copy("$cacti_root_path/include/js/jquery/jquery.jstree.js", "$dir/js/jquery.jstree.js");
+ copy("$cacti_root_path/include/js/jquery/jquery.cookie.js", "$dir/js/jquery.cookie.js");
+
+ /* theme info for java scripts */
+ copy("$cacti_root_path/include/js/jquery/themes/default/style.css", "$dir/js/style.css");
+ copy("$cacti_root_path/include/js/jquery/themes/default/d.png", "$dir/js/d.png");
+ copy("$cacti_root_path/include/js/jquery/themes/default/d.gif", "$dir/js/d.gif");
+ copy("$cacti_root_path/include/js/jquery/themes/default/throbber.gif", "$dir/js/throbber.gif");
}
function get_host_description($host_id) {
@@ -1738,8 +1814,9 @@
<meta http-equiv=refresh content='300'; url='index.html'>
<meta http-equiv=Pragma content=no-cache>
<meta http-equiv=cache-control content=no-cache>
- <script type=\"text/javascript\" src=\"./treeview/ua.js\"></script>
- <script type=\"text/javascript\" src=\"./treeview/ftiens4.js\"></script>
+ <script type=\"text/javascript\" src=\"./js/jquery.js\" language=\"javascript\"></script>
+ <script type=\"text/javascript\" src=\"./js/jquery.cookie.js\" language=\"javascript\"></script>
+ <script type=\"text/javascript\" src=\"./js/jquery.jstree.js\" language=\"javascript\"></script>
</head>
<body>
<table style='width:100%;height:100%;' cellspacing='0' cellpadding='0'>
--- a/lib/html_tree.php
+++ b/lib/html_tree.php
@@ -495,17 +495,9 @@
include_once($config["library_path"] . "/data_query.php");
?>
- <script type="text/javascript">
- <!--
- USETEXTLINKS = 1
- STARTALLOPEN = 0
- USEFRAMES = 0
- USEICONS = 0
- WRAPTEXT = 1
- PERSERVESTATE = 1
- HIGHLIGHT = 1
<?php
/* get current time */
+/* Probably not needed anymore as jstree uses jquery.cookies
list($micro,$seconds) = explode(" ", microtime());
$current_time = $seconds + $micro;
$expand_hosts = read_graph_config_option("expand_hosts");
@@ -522,6 +514,8 @@
$dhtml_tree = $_SESSION['dhtml_tree'];
}
}
+*/
+ $dhtml_tree = create_dhtml_tree();
$total_tree_items = sizeof($dhtml_tree) - 1;
@@ -529,8 +523,31 @@
print $dhtml_tree[$i];
}
?>
- //-->
- </script>
+<script type="text/javascript">
+$(function () {
+ $("#jtree")
+ .jstree({
+ "plugins" : ["ui","themes","html_data","cookies"],
+ "themes" : {"icons" : false,
+ "url" : "<?php echo $config['url_path']; ?>include/js/jquery/themes/default/style.css"},
+ "cookies" : {
+ "save_opened" : "Cacti_jstree_open",
+ "save_selected" : "Cacti_jstree_select"
+ }
+ })
+
+ // Make sure that the nodes are actually used as links
+ // We need reselect to prevent endless loops
+ // https://groups.google.com/d/topic/jstree/j6XNq9hQdeA/discussion
+ .bind("reselect.jstree", function (e, data) {
+ data.inst.get_container().bind("select_node.jstree", function (e, data) {
+ // data.rstl.obj is the object that was selected.
+ document.location.href = data.rslt.obj.children("a").attr("href");
+ });
+ });
+
+});
+</script>
<?php
}
@@ -543,9 +560,8 @@
$dhtml_tree[0] = $start;
$dhtml_tree[1] = read_graph_config_option("expand_hosts");
- $dhtml_tree[2] = "foldersTree = gFld(\"\", \"\")\n";
- $dhtml_tree[3] = "foldersTree.xID = \"root\"\n";
- $i = 3;
+ $dhtml_tree[2] = "\n<div id=\"jtree\">\n";
+ $i = 2;
$tree_list = get_graph_tree_array();
@@ -567,7 +583,6 @@
if (sizeof($tree_list) > 0) {
foreach ($tree_list as $tree) {
- $i++;
$hierarchy = db_fetch_assoc("select
graph_tree_items.id,
graph_tree_items.title,
@@ -583,21 +598,45 @@
and graph_tree_items.local_graph_id = 0
order by graph_tree_items.order_key");
- $dhtml_tree[$i] = "ou0 = insFld(foldersTree, gFld(\"" . htmlspecialchars($tree["name"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"]) . "\"))\n";
$i++;
- $dhtml_tree[$i] = "ou0.xID = \"tree_" . $tree["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t<ul>\n\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"]) . "\">" . htmlspecialchars($tree["name"]) . "</a>\n";
if (sizeof($hierarchy) > 0) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ $last_tier = 1;
+ $openli = false;
+ $lasthost = false;
foreach ($hierarchy as $leaf) {
- $i++;
$tier = tree_tier($leaf["order_key"]);
- if ($leaf["host_id"] > 0) {
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . abs(($tier-1)) . ", gFld(\"" . "Host: " . htmlspecialchars($leaf["hostname"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\"))\n";
+ if ($leaf["host_id"] > 0) { //It's a host
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ $last_tier = $tier;
+ $lasthost = true;
$i++;
- $dhtml_tree[$i] = "ou" . ($tier) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\">Host: " . htmlspecialchars($leaf["hostname"]) . "</a>\n";
if (read_graph_config_option("expand_hosts") == "on") {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t<ul>\n";
if ($leaf["host_grouping_type"] == HOST_GROUPING_GRAPH_TEMPLATE) {
$graph_templates = db_fetch_assoc("select
graph_templates.id,
@@ -612,9 +651,7 @@
if (sizeof($graph_templates) > 0) {
foreach ($graph_templates as $graph_template) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . htmlspecialchars($graph_template["name"]) . "\", \"graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=graph_template:" . $graph_template["id"] . "\"))\n";
- $i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_gt_" . $graph_template["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_gt_" . $graph_template["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=graph_template:" . $graph_template["id"]) . "\">" . htmlspecialchars($graph_template["name"]) . "</a></li>\n";
}
}
}else if ($leaf["host_grouping_type"] == HOST_GROUPING_DATA_QUERY_INDEX) {
@@ -645,33 +682,71 @@
if ((($data_query["id"] == 0) && ($non_template_graphs > 0)) ||
(($data_query["id"] > 0) && (sizeof($sort_field_data) > 0))) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . " = insFld(ou" . ($tier) . ", gFld(\" " . htmlspecialchars($data_query["name"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query:" . $data_query["id"]) . "\"))\n";
- $i++;
- $dhtml_tree[$i] = "ou" . ($tier+1) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dq_" . $data_query["id"] . "\"\n";
-
+ $dhtml_tree[$i] = "\t\t\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dq_" . $data_query["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query:" . $data_query["id"]) . "\">" . htmlspecialchars($data_query["name"]) . "</a>\n";
if ($data_query["id"] > 0) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t<ul>\n";
while (list($snmp_index, $sort_field_value) = each($sort_field_data)) {
$i++;
- $dhtml_tree[$i] = "ou" . ($tier+2) . " = insFld(ou" . ($tier+1) . ", gFld(\" " . htmlspecialchars($sort_field_value) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query_index:" . $data_query["id"] . ":" . urlencode($snmp_index)) . "\"))\n";
- $i++;
- $dhtml_tree[$i] = "ou" . ($tier+2) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dqi" . $data_query["id"] . "_" . urlencode($snmp_index) . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "_hgd_dqi" . $data_query["id"]) . "_" . urlencode($snmp_index) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"] . "&host_group_data=data_query_index:" . $data_query["id"] . ":" . urlencode($snmp_index)) . "\">" . htmlspecialchars($sort_field_value) . "</a></li>\n";
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t\t</ul>\n";
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t</li>\n";
}
}
}
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t\t</li>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</li>\n";
+ }else{ //It's not a host
+ if ($tier > $last_tier) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t<ul>\n";
+ } elseif ($tier < $last_tier) {
+ if (!$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
}
+ for ($x = $tier; $x < $last_tier; $x++) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ $openli = false;
+ }
+ } elseif ($openli && !$lasthost) {
+ $i++;
+ $dhtml_tree[$i] = "</li>\n";
+ $openli = false;
}
- }else{
- $dhtml_tree[$i] = "ou" . ($tier) . " = insFld(ou" . abs(($tier-1)) . ", gFld(\"" . htmlspecialchars($leaf["title"]) . "\", \"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\"))\n";
+ $last_tier = $tier;
$i++;
- $dhtml_tree[$i] = "ou" . ($tier) . ".xID = \"tree_" . $tree["id"] . "_leaf_" . $leaf["id"] . "\"\n";
+ $dhtml_tree[$i] = "\t\t\t\t<li id=\"" . htmlspecialchars("tree_" . $tree["id"] . "_leaf_" . $leaf["id"]) . "\"><a href=\"" . htmlspecialchars("graph_view.php?action=tree&tree_id=" . $tree["id"] . "&leaf_id=" . $leaf["id"]) . "\">" . htmlspecialchars($leaf["title"]) . "</a>\n";
+ $openli = true;
+ $lasthost = false;
}
}
+ for ($x = $last_tier; $x > 1; $x--) {
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t\t\t</ul>\n\t\t\t\t</li>\n";
+ }
+ $i++;
+ $dhtml_tree[$i] = "\t\t\t</ul>\n";
}
+ $i++;
+ $dhtml_tree[$i] = "\t\t</li>\n\t</ul>\n";
}
}
+ $i++;
+ $dhtml_tree[$i] = "</div>\n";
+
return $dhtml_tree;
}
@@ -758,14 +833,6 @@
}
}
- print "<script type=\"text/javascript\">\n";
- print "<!--\n";
- print "myNode = findObj(\"$nodeid\")\n";
- print "myNode.forceOpeningOfAncestorFolders();\n";
- print "highlightObjLink(myNode)\n";
- print "//-->\n";
- print "</script>";
-
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("graphs"));
input_validate_input_number(get_request_var_post("page"));

19
src/patches/cacti/cacti-0.8.8b-html-injection.patch
View File

@@ -1,19 +0,0 @@
------------------------------------------------------------------------
r7443 | rony | 2014-03-30 18:43:28 -0500 (Sun, 30 Mar 2014) | 2 lines
bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
------------------------------------------------------------------------
Index: branches/0.8.8/cdef.php
===================================================================
--- branches/0.8.8/cdef.php (revision 7442)
+++ branches/0.8.8/cdef.php (revision 7443)
@@ -431,7 +431,7 @@
<a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a>
</td>
<td>
- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong>
+ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong>
</td>
<td>
<a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a>

28
src/patches/cacti/cacti-0.8.8b-remote-command-execution.patch
View File

@@ -1,28 +0,0 @@
------------------------------------------------------------------------
r7442 | rony | 2014-03-30 18:41:56 -0500 (Sun, 30 Mar 2014) | 2 lines
bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
------------------------------------------------------------------------
Index: branches/0.8.8/lib/graph_export.php
===================================================================
--- branches/0.8.8/lib/graph_export.php (revision 7441)
+++ branches/0.8.8/lib/graph_export.php (revision 7442)
@@ -339,7 +339,7 @@
chdir($stExportDir);
/* set the initial command structure */
- $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password'];
+ $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']);
/* if the user requested passive mode, use it */
if ($aFtpExport['passive']) {
@@ -347,7 +347,7 @@
}
/* setup the port, server, remote directory and all files */
- $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . ".";
+ $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . ".";
/* run the command */
$iExecuteReturns = 0;

42
src/patches/cacti/cacti-0.8.8b-rra-comments.patch
View File

@@ -1,42 +0,0 @@
------------------------------------------------------------------------
r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line
fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
------------------------------------------------------------------------
Index: branches/0.8.8/lib/rrd.php
===================================================================
--- branches/0.8.8/lib/rrd.php (revision 7417)
+++ branches/0.8.8/lib/rrd.php (revision 7418)
@@ -1343,20 +1343,20 @@
$need_rrd_nl = TRUE;
if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
+ # perform variable substitution first (in case this will yield an empty results or brings command injection problems)
+ $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
+ # next, compute the argument of the COMMENT statement and perform injection counter measures
+ if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
+ $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
+ } else {
+ $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
+ }
+
+ # create rrdtool specific command line
if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
- if (trim($comment_string) == 'COMMENT:"\n"') {
- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
- } else if (trim($comment_string) != "COMMENT:\"\"") {
- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
- }
+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
}else {
- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
- if (trim($comment_string) == 'COMMENT:"\n"') {
- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
- } else if (trim($comment_string) != "COMMENT:\"\"") {
- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
- }
+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
}
}elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
$graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */

155
src/patches/cacti/cacti-0.8.8b-sanitize-variables.patch
View File

@@ -1,155 +0,0 @@
------------------------------------------------------------------------
r7420 | cigamit | 2013-08-17 21:41:24 -0600 (Sat, 17 Aug 2013) | 1 line
Bug #0002383 : Sanitize the step and id variables
------------------------------------------------------------------------
Index: branches/0.8.8/host.php
===================================================================
--- branches/0.8.8/host.php (revision 7419)
+++ branches/0.8.8/host.php (revision 7420)
@@ -149,6 +149,9 @@
if ($_POST["snmp_version"] == 3 && ($_POST["snmp_password"] != $_POST["snmp_password_confirm"])) {
raise_message(4);
}else{
+ input_validate_input_number(get_request_var_post("id"));
+ input_validate_input_number(get_request_var_post("host_template_id"));
+
$host_id = api_device_save($_POST["id"], $_POST["host_template_id"], $_POST["description"],
trim($_POST["hostname"]), $_POST["snmp_community"], $_POST["snmp_version"],
$_POST["snmp_username"], $_POST["snmp_password"],
Index: branches/0.8.8/lib/api_device.php
===================================================================
--- branches/0.8.8/lib/api_device.php (revision 7419)
+++ branches/0.8.8/lib/api_device.php (revision 7420)
@@ -107,7 +107,7 @@
$_host_template_id = db_fetch_cell("select host_template_id from host where id=$id");
}
- $save["id"] = $id;
+ $save["id"] = form_input_validate($id, "id", "^[0-9]+$", false, 3);
$save["host_template_id"] = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3);
$save["description"] = form_input_validate($description, "description", "", false, 3);
$save["hostname"] = form_input_validate(trim($hostname), "hostname", "", false, 3);
Index: branches/0.8.8/install/index.php
===================================================================
--- branches/0.8.8/install/index.php (revision 7419)
+++ branches/0.8.8/install/index.php (revision 7420)
@@ -310,27 +310,28 @@
}
/* pre-processing that needs to be done for each step */
-if (empty($_REQUEST["step"])) {
- $_REQUEST["step"] = 1;
-}else{
- if ($_REQUEST["step"] == "1") {
- $_REQUEST["step"] = "2";
- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "1")) {
- $_REQUEST["step"] = "3";
- }elseif (($_REQUEST["step"] == "2") && ($_REQUEST["install_type"] == "3")) {
- $_REQUEST["step"] = "8";
- }elseif (($_REQUEST["step"] == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {
- $_REQUEST["step"] = "9";
- }elseif ($_REQUEST["step"] == "8") {
- $_REQUEST["step"] = "3";
- }elseif ($_REQUEST["step"] == "9") {
- $_REQUEST["step"] = "3";
- }elseif ($_REQUEST["step"] == "3") {
- $_REQUEST["step"] = "4";
+if (isset($_REQUEST["step"]) && $_REQUEST["step"] > 0) {
+ $step = intval($_REQUEST["step"]);
+ if ($step == "1") {
+ $step = "2";
+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "1")) {
+ $step = "3";
+ } elseif (($step == "2") && ($_REQUEST["install_type"] == "3")) {
+ $step = "8";
+ } elseif (($step == "8") && ($old_version_index <= array_search("0.8.5a", $cacti_versions))) {
+ $step = "9";
+ } elseif ($step == "8") {
+ $step = "3";
+ } elseif ($step == "9") {
+ $step = "3";
+ } elseif ($step == "3") {
+ $step = "4";
}
+} else {
+ $step = 1;
}
-if ($_REQUEST["step"] == "4") {
+if ($step == "4") {
include_once("../lib/data_query.php");
include_once("../lib/utility.php");
@@ -366,7 +367,7 @@
header ("Location: ../index.php");
exit;
-}elseif (($_REQUEST["step"] == "8") && ($_REQUEST["install_type"] == "3")) {
+}elseif (($step == "8") && ($_REQUEST["install_type"] == "3")) {
/* if the version is not found, die */
if (!is_int($old_version_index)) {
print " <p style='font-family: Verdana, Arial; font-size: 16px; font-weight: bold; color: red;'>Error</p>
@@ -505,7 +506,7 @@
</tr>
<tr>
<td width="100%" style="font-size: 12px;">
- <?php if ($_REQUEST["step"] == "1") { ?>
+ <?php if ($step == "1") { ?>
<p>Thanks for taking the time to download and install cacti, the complete graphing
solution for your network. Before you can start making cool graphs, there are a few
@@ -530,7 +531,7 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.</p>
- <?php }elseif ($_REQUEST["step"] == "2") { ?>
+ <?php }elseif ($step == "2") { ?>
<p>Please select the type of installation</p>
@@ -551,7 +552,7 @@
print "Server Operating System Type: " . $config["cacti_server_os"] . "<br>"; ?>
</p>
- <?php }elseif ($_REQUEST["step"] == "3") { ?>
+ <?php }elseif ($step == "3") { ?>
<p>Make sure all of these values are correct before continuing.</p>
<?php
@@ -609,7 +610,7 @@
is an upgrade. You can change any of the settings on this screen at a later
time by going to "Cacti Settings" from within Cacti.</p>
- <?php }elseif ($_REQUEST["step"] == "8") { ?>
+ <?php }elseif ($step == "8") { ?>
<p>Upgrade results:</p>
@@ -659,7 +660,7 @@
print $upgrade_results;
?>
- <?php }elseif ($_REQUEST["step"] == "9") { ?>
+ <?php }elseif ($step == "9") { ?>
<p style='font-size: 16px; font-weight: bold; color: red;'>Important Upgrade Notice</p>
@@ -673,7 +674,7 @@
<?php }?>
- <p align="right"><input type="image" src="install_<?php if ($_REQUEST["step"] == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($_REQUEST["step"] == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>
+ <p align="right"><input type="image" src="install_<?php if ($step == "3") {?>finish<?php }else{?>next<?php }?>.gif" alt="<?php if ($step == "3"){?>Finish<?php }else{?>Next<?php }?>"></p>
</td>
</tr>
</table>
@@ -681,7 +682,7 @@
</tr>
</table>
-<input type="hidden" name="step" value="<?php print $_REQUEST["step"];?>">
+<input type="hidden" name="step" value="<?php print $step;?>">
</form>

117
src/patches/cacti/cacti-0.8.8b-sql-injection-shell-escaping.patch
View File

@@ -1,117 +0,0 @@
------------------------------------------------------------------------
r7439 | rony | 2014-03-30 17:52:10 -0500 (Sun, 30 Mar 2014) | 5 lines
bug#0002405: SQL injection in graph_xport.php
- Fixed form input validation problems
- Fixed rrd export and graph shell escape issues
------------------------------------------------------------------------
Index: branches/0.8.8/graph_xport.php
===================================================================
--- branches/0.8.8/graph_xport.php (revision 7438)
+++ branches/0.8.8/graph_xport.php (revision 7439)
@@ -47,43 +47,48 @@
$graph_data_array = array();
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var("local_graph_id"));
+input_validate_input_number(get_request_var("rra_id"));
+/* ==================================================== */
+
/* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
- $graph_data_array["graph_start"] = $_GET["graph_start"];
+if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"] && $_GET["graph_start"] < 1600000000)) {
+ $graph_data_array["graph_start"] = get_request_var("graph_start");
}
/* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
- $graph_data_array["graph_end"] = $_GET["graph_end"];
+if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
+ $graph_data_array["graph_end"] = get_request_var("graph_end");
}
/* override: graph height (in pixels) */
-if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
- $graph_data_array["graph_height"] = $_GET["graph_height"];
+if (!empty($_GET["graph_height"]) && is_numeric($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
+ $graph_data_array["graph_height"] = get_request_var("graph_height");
}
/* override: graph width (in pixels) */
-if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
- $graph_data_array["graph_width"] = $_GET["graph_width"];
+if (!empty($_GET["graph_width"]) && is_numeric($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
+ $graph_data_array["graph_width"] = get_request_var("graph_width");
}
/* override: skip drawing the legend? */
if (!empty($_GET["graph_nolegend"])) {
- $graph_data_array["graph_nolegend"] = $_GET["graph_nolegend"];
+ $graph_data_array["graph_nolegend"] = get_request_var("graph_nolegend");
}
/* print RRDTool graph source? */
if (!empty($_GET["show_source"])) {
- $graph_data_array["print_source"] = $_GET["show_source"];
+ $graph_data_array["print_source"] = get_request_var("show_source");
}
-$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . $_REQUEST["local_graph_id"] . "'");
+$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . get_request_var("local_graph_id") . "'");
/* for bandwidth, NThPercentile */
$xport_meta = array();
/* Get graph export */
-$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array, $xport_meta);
+$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], get_request_var("rra_id"), $graph_data_array, $xport_meta);
/* Make graph title the suggested file name */
if (is_array($xport_array["meta"])) {
Index: branches/0.8.8/lib/rrd.php
===================================================================
--- branches/0.8.8/lib/rrd.php (revision 7438)
+++ branches/0.8.8/lib/rrd.php (revision 7439)
@@ -865,13 +865,13 @@
/* basic graph options */
$graph_opts .=
"--imgformat=" . $image_types{$graph["image_format_id"]} . RRD_NL .
- "--start=$graph_start" . RRD_NL .
- "--end=$graph_end" . RRD_NL .
+ "--start=" . cacti_escapeshellarg($graph_start) . RRD_NL .
+ "--end=" . cacti_escapeshellarg($graph_end) . RRD_NL .
"--title=" . cacti_escapeshellarg($graph["title_cache"]) . RRD_NL .
"$rigid" .
- "--base=" . $graph["base_value"] . RRD_NL .
- "--height=$graph_height" . RRD_NL .
- "--width=$graph_width" . RRD_NL .
+ "--base=" . cacti_escapeshellarg($graph["base_value"]) . RRD_NL .
+ "--height=" . cacti_escapeshellarg($graph_height) . RRD_NL .
+ "--width=" . cacti_escapeshellarg($graph_width) . RRD_NL .
"$scale" .
"$unit_value" .
"$unit_exponent_value" .
@@ -1606,8 +1606,8 @@
/* basic export options */
$xport_opts =
- "--start=$xport_start" . RRD_NL .
- "--end=$xport_end" . RRD_NL .
+ "--start=" . cacti_escapeshellarg($xport_start) . RRD_NL .
+ "--end=" . cacti_escapeshellarg($xport_end) . RRD_NL .
"--maxrows=10000" . RRD_NL;
$xport_defs = "";
@@ -1997,7 +1997,7 @@
$stacked_columns["col" . $j] = ($graph_item_types{$xport_item["graph_type_id"]} == "STACK") ? 1 : 0;
$j++;
- $txt_xport_items .= "XPORT:" . $data_source_name . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ;
+ $txt_xport_items .= "XPORT:" . cacti_escapeshellarg($data_source_name) . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ;
}else{
$need_rrd_nl = FALSE;
}

25
src/patches/fireinfo/0001-Add-an-other-forbidden-string-Serial.patch
View File

@@ -1,25 +0,0 @@
From edacae4b2cdc41f1c0bfc93e041532ff6c49f60c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 17 Mar 2015 22:19:17 +0100
Subject: [PATCH 1/5] Add an other forbidden string: "Serial"
---
src/fireinfo/system.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
index daf77b399d20..9d7872822b85 100644
--- a/src/fireinfo/system.py
+++ b/src/fireinfo/system.py
@@ -45,7 +45,7 @@ INVALID_ID_STRINGS = (
"EVAL",
"Not Applicable",
"None", "empty",
- "System Serial Number",
+ "Serial", "System Serial Number",
"XXXXX",
"01010101-0101-0101-0101-010101010101",
"00020003-0004-0005-0006-000700080009",
--
2.4.3

69
src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch
View File

@@ -1,69 +0,0 @@
From 4468fb2eb49e21d2350f6619584e6816f5159d29 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 28 Mar 2015 13:17:57 +0100
Subject: [PATCH 2/5] Escape any non-printable ascii characters
http://forum.ipfire.org/viewtopic.php?f=5&t=12970
---
src/fireinfo/system.py | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
index 9d7872822b85..4148c66eded7 100644
--- a/src/fireinfo/system.py
+++ b/src/fireinfo/system.py
@@ -325,6 +325,16 @@ class System(object):
return v, m
+ @staticmethod
+ def escape_string(s):
+ """
+ Will remove all non-printable characters from the given string
+ """
+ if s is None:
+ return
+
+ return filter(lambda x: x in string.printable, s)
+
@property
def vendor(self):
"""
@@ -334,14 +344,14 @@ class System(object):
for file in ("sys_vendor", "board_vendor", "chassis_vendor",):
ret = read_from_file(os.path.join(SYS_CLASS_DMI, file))
if ret:
- return ret
+ return self.escape_string(ret)
if os.path.exists("/proc/device-tree"):
ret = self.__cpuinfo.get("Hardware", None)
else:
ret, m = self.vendor_model_tuple()
- return ret
+ return self.escape_string(ret)
@property
def model(self):
@@ -352,7 +362,7 @@ class System(object):
for file in ("product_name", "board_model", "chassis_model",):
ret = read_from_file(os.path.join(SYS_CLASS_DMI, file))
if ret:
- return ret
+ return self.escape_string(ret)
# Read device-tree model if available
ret = read_from_file("/proc/device-tree/model")
@@ -364,7 +374,7 @@ class System(object):
if not ret:
v, ret = self.vendor_model_tuple()
- return ret
+ return self.escape_string(ret)
@property
def memory(self):
--
2.4.3

35
src/patches/fireinfo/0003-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch
View File

@@ -1,35 +0,0 @@
From c667589410912ca980a78f417e86dd6585d58f9a Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 4 May 2015 16:00:31 +0200
Subject: [PATCH 3/5] Skip search for hypervisor name when the CPU string is
empty
---
src/_fireinfo/fireinfo.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/_fireinfo/fireinfo.c b/src/_fireinfo/fireinfo.c
index fc639d9d4cd9..6601c21a733f 100644
--- a/src/_fireinfo/fireinfo.c
+++ b/src/_fireinfo/fireinfo.c
@@ -156,11 +156,12 @@ int detect_hypervisor(int *hypervisor) {
*hypervisor = HYPER_OTHER;
- int id;
- for (id = HYPER_NONE + 1; id < HYPER_LAST; id++) {
- if (strcmp(hypervisor_ids[id], sig.text) == 0) {
- *hypervisor = id;
- break;
+ if (*sig.text) {
+ for (int id = HYPER_NONE + 1; id < HYPER_LAST; id++) {
+ if (strcmp(hypervisor_ids[id], sig.text) == 0) {
+ *hypervisor = id;
+ break;
+ }
}
}
--
2.4.3

28
src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch
View File

@@ -1,28 +0,0 @@
From d58f8ef75a29dd6f8968084b5383ce0f39c75666 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 12 Aug 2015 10:50:42 +0100
Subject: [PATCH 4/5] Filter all IDs that only consist of 0xff
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
src/fireinfo/system.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
index 4148c66eded7..edf7359a17e6 100644
--- a/src/fireinfo/system.py
+++ b/src/fireinfo/system.py
@@ -255,6 +255,10 @@ class System(object):
id = None
break
+ # Check if the string only contains 0xff
+ if all((e == "\xff" for e in id)):
+ id = None
+
if id:
_ids.append(id)
--
2.4.3

26
src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch
View File

@@ -1,26 +0,0 @@
From deafec982e4c8f2e6ffa3bf70b0a94fa30158e9a Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 9 Sep 2015 15:04:43 +0100
Subject: [PATCH 5/5] Fix crash if there is id has already been reset to None
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
src/fireinfo/system.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
index edf7359a17e6..c2ba12e818f0 100644
--- a/src/fireinfo/system.py
+++ b/src/fireinfo/system.py
@@ -256,7 +256,7 @@ class System(object):
break
# Check if the string only contains 0xff
- if all((e == "\xff" for e in id)):
+ if id and all((e == "\xff" for e in id)):
id = None
if id:
--
2.4.3

71
src/patches/phpSANE-0.3.3-fixes.patch
View File

@@ -1,71 +0,0 @@
diff -Naur phpSANE_org/config.php phpSANE/config.php
--- phpSANE_org/config.php 2005-02-21 07:05:00.000000000 +0100
+++ phpSANE/config.php 2008-03-04 14:44:30.000000000 +0100
@@ -1,7 +1,7 @@
<?PHP
// CONFIG ------------------------------------------------------------------------------------
$SCANIMAGE="/usr/bin/scanimage"; // auch mit
-$PNMTOJPEG="/usr/bin/pnmtojpeg"; // eigenen
+$PNMTOJPEG="/usr/local/netpbm/bin/pnmtojpeg"; // eigenen
$OCR="/usr/bin/gocr"; // Parametern
//$SAVE_PLACE="/srv/www/htdocs/web/phpSANE/";
@@ -63,7 +63,7 @@
if($_GET['mode']) if($clear == 1) $mode="Color"; else $mode=$_GET['mode']; else $mode="Color";
if($_GET['resolution']) if($clear == 1) $resolution=100; else $resolution=$_GET['resolution']; else $resolution=100;
if($clear == 1) $negative="no"; else $negative=$_GET['negative'];
-if($clear == 1) $quality_cal= "yes"; else $quality_cal=$_GET['quality_cal'];
+if($clear == 1) $quality_cal= "no"; else $quality_cal=$_GET['quality_cal'];
if($clear == 1) $first="";
//if($_GET['depth']) $depth=$_GET['depth']; else $depth="8"; // wers braucht
//$brightness=$_GET['brightness']; // die werden von meinem scanner leider nicht unterst<73>tzt
diff -Naur phpSANE_org/menu.php phpSANE/menu.php
--- phpSANE_org/menu.php 2005-02-21 06:39:01.000000000 +0100
+++ phpSANE/menu.php 2008-03-04 15:03:12.000000000 +0100
@@ -74,7 +74,7 @@
echo "<option value=\"Gray\" $selected_2>".$lang[$lang_id][16]."\n";
echo "<option value=\"Lineart\" $selected_3>".$lang[$lang_id][17]."\n";
echo "</SELECT></td>\n";
-if(!$_GET['first']) { $first=1; $checked1="checked"; }
+//if(!$_GET['first']) { $first=1; $checked1="checked"; }
if($quality_cal=="yes") { $checked1="checked"; $first=1; } else { $checked=""; $first=1; }
echo "<input type=hidden name=\"first\" value=\"$first\">\n";
echo "<td align=\"right\" class=\"text_padd\">".$lang[$lang_id][21]."&nbsp;<INPUT type=\"checkbox\" name=\"quality_cal\" value=\"yes\" ".$checked1."></td>\n";
diff -Naur phpSANE_org/scan.php phpSANE/scan.php
--- phpSANE_org/scan.php 2005-02-21 07:06:19.000000000 +0100
+++ phpSANE/scan.php 2008-03-04 15:57:37.000000000 +0100
@@ -75,25 +75,25 @@
if($action == $lang[$lang_id][27]) {
if($format == "jpg") {
-$cmd_scan=$cmd_scan." | pnmtojpeg --quality=100 > ".$file_scan;
-$scan_yes=`$cmd_scan`;
-echo "<script language=\"JavaScript\" type=\"text/javascript\">\n";
-echo "window.open(\"save.php?file=".$file_scan."&lang_id=".$lang_id."\",\"_blank\", \"width=400,height=100,left=320,top=200,scrollbars=no,location=no,status=no,menubar=no\");\n";
-echo "</script>\n";
-} else {
+$cmd_scan=$cmd_scan." | $PNMTOJPEG --quality=100 > ".$file_scan;
+}
+if($format == "tif") {
+$cmd_scan=$cmd_scan." --format=tiff > ".$file_scan;
+}
+if($format == "pnm") {
$cmd_scan=$cmd_scan." > ".$file_scan;
+}
$scan_yes=`$cmd_scan`;
echo "<script language=\"JavaScript\" type=\"text/javascript\">\n";
-echo "window.open(\"save.php?file=".$file_scan."%26lang_id=".$lang_id."\",\"_blank\", \"width=400,height=100,left=320,top=200,scrollbars=no,location=no,status=no,menubar=no\");\n";
+echo "window.open(\"save.php?file=".$file_scan."&lang_id=".$lang_id."\",\"_blank\", \"width=400,height=200,left=320,top=200,scrollbars=no,location=no,status=no,menubar=no\");\n";
echo "</script>\n";
}
-}
if($action == $lang[$lang_id][26]) {
$cmd_scan=$cmd_scan." | ".$OCR." - > ".$file.".txt";
$scan_yes=`$cmd_scan`;
echo "<script language=\"JavaScript\" type=\"text/javascript\">\n";
-echo "window.open(\"save.php?file=".$file.".txt%26lang_id=".$lang_id."\",\"_blank\", \"width=400,height=100,left=320,top=200,scrollbars=no,location=no,status=no,menubar=no\");\n";
+echo "window.open(\"save.php?file=".$file.".txt&lang_id=".$lang_id."\",\"_blank\", \"width=400,height=100,left=320,top=200,scrollbars=no,location=no,status=no,menubar=no\");\n";
echo "</script>\n";
}
}