Hello community,
here is the log from the commit of package cacti for openSUSE:Factory checked
in at 2012-05-14 16:11:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cacti (Old)
and /work/SRC/openSUSE:Factory/.cacti.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti", Maintainer is "crrodrig...@novell.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/cacti/cacti.changes 2012-05-07
22:45:16.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.cacti.new/cacti.changes 2012-05-14
16:11:11.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Apr 30 11:09:10 UTC 2012 - aldemir.akpi...@airties.com
+
+- New version 0.8.8a
+- Fixed an rpmlint warning
+
+-------------------------------------------------------------------
Old:
----
cacti-0.8.8-cacti-log-path.patch
cacti-0.8.8-cacti-script.patch
cacti-0.8.8.tar.bz2
New:
----
cacti-0.8.8a-cacti-log-path.patch
cacti-0.8.8a-cacti-script.patch
cacti-0.8.8a.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cacti.spec ++++++
--- /var/tmp/diff_new_pack.tNcjoa/_old 2012-05-14 16:11:12.000000000 +0200
+++ /var/tmp/diff_new_pack.tNcjoa/_new 2012-05-14 16:11:12.000000000 +0200
@@ -17,7 +17,7 @@
Name: cacti
-Version: 0.8.8
+Version: 0.8.8a
Release: 0.0
Summary: Web Front-End to Monitor System Data via RRDtool
License: GPL-2.0+
@@ -75,6 +75,7 @@
Requires: logrotate
Requires: net-snmp
Obsoletes: cacti-PA
+Provides: cacti-PA
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%if 0%{?suse_version}
++++++ cacti-0.8.8-cacti-log-path.patch -> cacti-0.8.8a-cacti-log-path.patch
++++++
++++++ cacti-0.8.8-cacti-script.patch -> cacti-0.8.8a-cacti-script.patch ++++++
++++++ cacti-0.8.8.tar.bz2 -> cacti-0.8.8a.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/auth_login.php
new/cacti-0.8.8a/auth_login.php
--- old/cacti-0.8.8/auth_login.php 2012-04-03 20:58:35.000000000 +0200
+++ new/cacti-0.8.8a/auth_login.php 2012-04-23 04:00:14.000000000 +0200
@@ -39,6 +39,13 @@
$username = str_replace("\\", "\\\\", $_SERVER["REMOTE_USER"]);
}elseif (isset($_SERVER["REDIRECT_REMOTE_USER"])) {
$username = str_replace("\\", "\\\\",
$_SERVER["REDIRECT_REMOTE_USER"]);
+ }elseif (isset($_SERVER["HTTP_PHP_AUTH_USER"])) {
+ $username = str_replace("\\", "\\\\",
$_SERVER["HTTP_PHP_AUTH_USER"]);
+ }elseif (isset($_SERVER["HTTP_REMOTE_USER"])) {
+ $username = str_replace("\\", "\\\\",
$_SERVER["HTTP_REMOTE_USER"]);
+ }elseif (isset($_SERVER["HTTP_REDIRECT_REMOTE_USER"])) {
+ $username = str_replace("\\", "\\\\",
$_SERVER["HTTP_REDIRECT_REMOTE_USER"]);
+
}else{
/* No user - Bad juju! */
$username = "";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/cacti.sql new/cacti-0.8.8a/cacti.sql
--- old/cacti-0.8.8/cacti.sql 2012-04-03 20:58:36.000000000 +0200
+++ new/cacti-0.8.8a/cacti.sql 2012-04-23 04:00:14.000000000 +0200
@@ -2172,7 +2172,7 @@
rrd_name varchar(19) NOT NULL default '',
time datetime NOT NULL default '0000-00-00 00:00:00',
output text NOT NULL,
- PRIMARY KEY (local_data_id,rrd_name,time) USING BTREE
+ PRIMARY KEY (local_data_id,rrd_name,time) /*!50060 USING BTREE */
) ENGINE=MyISAM;
--
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/cli/upgrade_database.php
new/cacti-0.8.8a/cli/upgrade_database.php
--- old/cacti-0.8.8/cli/upgrade_database.php 2012-04-03 20:58:35.000000000
+0200
+++ new/cacti-0.8.8a/cli/upgrade_database.php 2012-04-23 04:00:14.000000000
+0200
@@ -66,6 +66,8 @@
'0.8.7f' => '0_8_7e_to_0_8_7f.php',
'0.8.7g' => '0_8_7f_to_0_8_7g.php',
'0.8.7h' => '0_8_7g_to_0_8_7h.php',
+ '0.8.7i' => '0_8_7h_to_0_8_7i.php',
+ '0.8.8' => '0_8_7i_to_0_8_8.php',
);
$old_cacti_version = db_fetch_cell('select cacti from version');
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/docs/CHANGELOG
new/cacti-0.8.8a/docs/CHANGELOG
--- old/cacti-0.8.8/docs/CHANGELOG 2012-04-02 02:01:14.000000000 +0200
+++ new/cacti-0.8.8a/docs/CHANGELOG 2012-04-23 03:34:16.000000000 +0200
@@ -1,5 +1,17 @@
Cacti CHANGELOG
+0.8.8a
+-bug#0002207: cannot export graph templates
+-bug#0002208: Graphs with CDEFs fail to generate
+-bug#0002209: External auth does not work behind a reverse proxy
+-bug#0002211: creating an index USING BTREE fails ony MySQL < 5.0.60
+-bug#0002213: CLI upgrade script is missing 0.8.7i as a target
+-bug#0002214: SQL error during non-PIA upgrade to 088 when giving a default
for a text field in plugin_realms
+-bug#0002216: use of define_syslog_variables() gone in PHP 5.4
+-bug#0002217: url_path should default to /cacti/
+-bug#0002221: Missing plugin directory causes endless loop in plugins.php
+-bug#0002222: tail_logfile hangs when cacti.log not readable, filling apache
log with fgets warnings
+
0.8.8
-bug#0002056: un-initialized datetime used for host status (was: Zero length
string != NULL)
-bug#0002081: In Graph Management, search display graph title breaks when
using pattern symbol "/"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/include/config.php
new/cacti-0.8.8a/include/config.php
--- old/cacti-0.8.8/include/config.php 2012-04-03 20:58:35.000000000 +0200
+++ new/cacti-0.8.8a/include/config.php 2012-04-23 04:00:14.000000000 +0200
@@ -36,7 +36,7 @@
ex: if your cacti install as at http://serverip/cacti/ this
would be set to /cacti/
*/
-//$url_path = "/";
+//$url_path = "/cacti/";
/* Default session name - Session name must contain alpha characters */
//$cacti_session_name = "Cacti";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/include/global.php
new/cacti-0.8.8a/include/global.php
--- old/cacti-0.8.8/include/global.php 2012-04-03 20:58:35.000000000 +0200
+++ new/cacti-0.8.8a/include/global.php 2012-04-23 04:00:14.000000000 +0200
@@ -43,7 +43,7 @@
$cacti_session_name = "Cacti";
/* define default url path */
-$url_path = "/";
+$url_path = "/cacti/";
/* Include configuration */
include(dirname(__FILE__) . "/config.php");
@@ -226,6 +226,6 @@
api_plugin_hook("config_insert");
/* current cacti version */
-$config["cacti_version"] = "0.8.8";
+$config["cacti_version"] = "0.8.8a";
?>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/include/global_arrays.php
new/cacti-0.8.8a/include/global_arrays.php
--- old/cacti-0.8.8/include/global_arrays.php 2012-04-03 20:58:35.000000000
+0200
+++ new/cacti-0.8.8a/include/global_arrays.php 2012-04-23 04:00:14.000000000
+0200
@@ -555,7 +555,9 @@
"0.8.7f" => "0020",
"0.8.7g" => "0021",
"0.8.7h" => "0022",
- "0.8.7i" => "0023"
+ "0.8.7i" => "0023",
+ "0.8.8" => "0024",
+ "0.8.8a" => "0024"
);
$hash_type_names = array(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/install/0_8_7i_to_0_8_8.php
new/cacti-0.8.8a/install/0_8_7i_to_0_8_8.php
--- old/cacti-0.8.8/install/0_8_7i_to_0_8_8.php 2012-04-03 20:58:36.000000000
+0200
+++ new/cacti-0.8.8a/install/0_8_7i_to_0_8_8.php 2012-04-23
04:00:14.000000000 +0200
@@ -35,8 +35,9 @@
db_install_execute("0.8.8", "ALTER TABLE `poller_output` DROP
PRIMARY KEY");
cacti_log(__FUNCTION__ . " table poller_output: dropping old
PRIMARY KEY", false, "UPGRADE");
}
- /* now the KEY we want to create is definitively NOT present */
- db_install_execute("0.8.8", "ALTER TABLE `poller_output` ADD PRIMARY
KEY (`local_data_id`, `rrd_name`, `time`) USING BTREE");
+ /* now the KEY we want to create is definitively NOT present
+ * MySQL < 5.00.60 requires a different syntax, this was fixed in MySQL
5.00.60, so take care */
+ db_install_execute("0.8.8", "ALTER TABLE `poller_output` ADD PRIMARY
KEY (`local_data_id`, `rrd_name`, `time`) /*!50060 USING BTREE */");
cacti_log(__FUNCTION__ . " upgrade table poller_output", false,
"UPGRADE");
/* speed up user management */
@@ -94,7 +95,7 @@
$sql = "CREATE TABLE IF NOT EXISTS `plugin_realms` (
`id` int(8) unsigned NOT NULL
auto_increment,
`plugin` varchar(32) NOT NULL
default '',
- `file` text NOT
NULL default '',
+ `file` text NOT
NULL,
`display` varchar(64) NOT NULL
default '',
PRIMARY KEY (`id`),
KEY `plugin` (`plugin`)
@@ -112,6 +113,10 @@
db_install_execute("0.8.8", "REPLACE INTO user_auth_realm VALUES
(101,1)");
/* create index on data_template_data on data_input_id */
- db_install_execute("0.8.8", "CREATE INDEX data_input_id ON
data_template_data (data_input_id)");
+ $_keys = array_rekey(db_fetch_assoc("SHOW KEYS FROM
`data_template_data`"), "Key_name", "Key_name");
+ if (!in_array("data_input_id", $_keys)) {
+ db_install_execute("0.8.8", "ALTER TABLE `data_template_data`
ADD KEY `data_input_id` (`data_input_id`)");
+ cacti_log(__FUNCTION__ . " upgrade table data_template_data",
false, "UPGRADE");
+ }
}
?>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/install/0_8_8_to_0_8_8a.php
new/cacti-0.8.8a/install/0_8_8_to_0_8_8a.php
--- old/cacti-0.8.8/install/0_8_8_to_0_8_8a.php 1970-01-01 01:00:00.000000000
+0100
+++ new/cacti-0.8.8a/install/0_8_8_to_0_8_8a.php 2012-04-23
04:00:14.000000000 +0200
@@ -0,0 +1,28 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2012 The Cacti Group |
+ | |
+ | This program is free software; you can redistribute it and/or |
+ | modify it under the terms of the GNU General Public License |
+ | as published by the Free Software Foundation; either version 2 |
+ | of the License, or (at your option) any later version. |
+ | |
+ | This program is distributed in the hope that it will be useful, |
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+ | GNU General Public License for more details. |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDTool-based Graphing Solution |
+ +-------------------------------------------------------------------------+
+ | This code is designed, written, and maintained by the Cacti Group. See |
+ | about.php and/or the AUTHORS file for specific developer information. |
+ +-------------------------------------------------------------------------+
+ | http://www.cacti.net/ |
+ +-------------------------------------------------------------------------+
+*/
+
+function upgrade_to_0_8_8a() {
+
+}
+?>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/install/index.php
new/cacti-0.8.8a/install/index.php
--- old/cacti-0.8.8/install/index.php 2012-04-03 20:58:35.000000000 +0200
+++ new/cacti-0.8.8a/install/index.php 2012-04-23 04:00:14.000000000 +0200
@@ -33,7 +33,7 @@
$cacti_versions = array("0.8", "0.8.1", "0.8.2", "0.8.2a", "0.8.3", "0.8.3a",
"0.8.4", "0.8.5", "0.8.5a",
"0.8.6", "0.8.6a", "0.8.6b", "0.8.6c", "0.8.6d", "0.8.6e", "0.8.6f",
"0.8.6g", "0.8.6h", "0.8.6i", "0.8.6j", "0.8.6k",
"0.8.7", "0.8.7a", "0.8.7b", "0.8.7c", "0.8.7d", "0.8.7e", "0.8.7f",
"0.8.7g", "0.8.7h", "0.8.7i",
- "0.8.8");
+ "0.8.8", "0.8.8a");
$old_cacti_version = db_fetch_cell("select cacti from version");
@@ -445,6 +445,9 @@
}elseif ($cacti_versions[$i] == "0.8.8") {
include ("0_8_7i_to_0_8_8.php");
upgrade_to_0_8_8();
+ }elseif ($cacti_versions[$i] == "0.8.8a") {
+ include ("0_8_8_to_0_8_8a.php");
+ upgrade_to_0_8_8a();
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/lib/functions.php
new/cacti-0.8.8a/lib/functions.php
--- old/cacti-0.8.8/lib/functions.php 2012-04-03 20:58:35.000000000 +0200
+++ new/cacti-0.8.8a/lib/functions.php 2012-04-23 04:00:14.000000000 +0200
@@ -211,6 +211,7 @@
$messages array in 'include/global_arrays.php'
@returns - the original $field_value */
function form_input_validate($field_value, $field_name, $regexp_match,
$allow_nulls, $custom_message = 3) {
+ global $messages;
/* write current values to the "field_values" array so we can retain
them */
$_SESSION["sess_field_values"][$field_name] = $field_value;
@@ -223,6 +224,7 @@
if ((!preg_match('/' . $regexp_match . '/', $field_value) ||
(($allow_nulls == false) && ($field_value === "")))) {
raise_message($custom_message);
+ cacti_log("Validation Error on field '".$field_name."', value
'".$field_value."': " . $messages[$custom_message]["message"], false);
$_SESSION["sess_error_fields"][$field_name] = $field_name;
}else{
@@ -523,8 +525,6 @@
$log_type = "note";
if (strlen($log_type)) {
- define_syslog_variables();
-
if ($config["cacti_server_os"] == "win32")
openlog("Cacti", LOG_NDELAY | LOG_PID,
LOG_USER);
else
@@ -565,7 +565,7 @@
function tail_file($file_name, $number_of_lines, $message_type = -1, $filter =
"", $line_size = 256) {
$file_array = array();
- if (file_exists($file_name)) {
+ if (file_exists($file_name) && is_readable($file_name)) {
$fp = fopen($file_name, "r");
/* reset back the number of bytes */
@@ -654,8 +654,10 @@
$file_array = array_slice($file_array, -$number_of_lines,
count($file_array));
fclose($fp);
- }else{
+ }elseif (! file_exists($file_name)) {
touch($file_name);
+ }else{
+ echo "Error $file_name is not readable";
}
return $file_array;
@@ -2163,6 +2165,18 @@
return str_replace($drop_char_match, $drop_char_replace,
urldecode($uri));
}
+/** cleans up a CDEF/VDEF string
+ * the CDEF/VDEF must have passed all magic string replacements beforehand
+ * @arg string $cdef - the CDEF/VDEF to be sanitized
+ * @returns string - the sanitized CDEF/VDEF
+ */
+function sanitize_cdef($cdef) {
+ static $drop_char_match = array('^', '$', '<', '>', '`', '\'', '"',
'|', '[', ']', '{', '}', ';', '!');
+ static $drop_char_replace = array( '', '', '', '', '', '', '',
'', '', '', '', '', '', '');
+
+ return str_replace($drop_char_match, $drop_char_replace, $cdef);
+}
+
function cacti_escapeshellcmd($string) {
global $config;
@@ -2199,10 +2213,17 @@
return substr($string, 1, (strlen($string)-2));
}
}else{
+ /* escapeshellarg takes care of different quotation for both
linux and windows,
+ * but unfortunately, it blanks out percent signs
+ * we want to keep them, e.g. for GPRINT format strings
+ * so we need to create our own escapeshellarg
+ * on windows, command injection requires to close any open
quotation first
+ * so we have to escape any quotation here */
if (substr_count($string, CACTI_ESCAPE_CHARACTER)) {
$string = str_replace(CACTI_ESCAPE_CHARACTER, "\\" .
CACTI_ESCAPE_CHARACTER, $string);
}
+ /* ... before we add our own quotation */
if ( $quote ) {
return CACTI_ESCAPE_CHARACTER . $string .
CACTI_ESCAPE_CHARACTER;
} else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/lib/rrd.php new/cacti-0.8.8a/lib/rrd.php
--- old/cacti-0.8.8/lib/rrd.php 2012-04-03 20:58:35.000000000 +0200
+++ new/cacti-0.8.8a/lib/rrd.php 2012-04-23 04:00:14.000000000 +0200
@@ -552,8 +552,20 @@
include_once($config["library_path"] . "/cdef.php");
include_once($config["library_path"] . "/graph_variables.php");
include($config["include_path"] . "/global_arrays.php");
+
+
+ /* prevent command injection
+ * This function prepares an rrdtool graph statement to be executed by
the web server.
+ * We have to take care, that the attacker does not insert shell code.
+ * As some rrdtool parameters accept "Cacti variables", we have to
perform the
+ * variable substitution prior to vulnerability checks.
+ * We will enclose all parameters in quotes and substitute quotation
marks within
+ * those parameters.
+ */
- /* set the rrdtool default font */
+ /* rrdtool fetches the default font from it's execution environment
+ * you won't find that default font on the rrdtool statement itself!
+ * set the rrdtool default font via environment variable */
if (read_config_option("path_rrdtool_default_font")) {
putenv("RRD_DEFAULT_FONT=" .
read_config_option("path_rrdtool_default_font"));
}
@@ -695,24 +707,24 @@
case "2": /* autoscale-max, accepts a given lower limit
*/
$scale = "--alt-autoscale-max" . RRD_NL;
if ( is_numeric($graph["lower_limit"])) {
- $scale .= "--lower-limit=" .
$graph["lower_limit"] . RRD_NL;
+ $scale .= "--lower-limit=" .
cacti_escapeshellarg($graph["lower_limit"]) . RRD_NL;
}
break;
case "3": /* autoscale-min, accepts a given upper limit
*/
if (read_config_option("rrdtool_version") !=
"rrd-1.0.x") {
$scale = "--alt-autoscale-min" . RRD_NL;
if ( is_numeric($graph["upper_limit"]))
{
- $scale .= "--upper-limit=" .
$graph["upper_limit"] . RRD_NL;
+ $scale .= "--upper-limit=" .
cacti_escapeshellarg($graph["upper_limit"]) . RRD_NL;
}
}
break;
case "4": /* auto_scale with limits */
$scale = "--alt-autoscale" . RRD_NL;
if ( is_numeric($graph["upper_limit"])) {
- $scale .= "--upper-limit=" .
$graph["upper_limit"] . RRD_NL;
+ $scale .= "--upper-limit=" .
cacti_escapeshellarg($graph["upper_limit"]) . RRD_NL;
}
if ( is_numeric($graph["lower_limit"])) {
- $scale .= "--lower-limit=" .
$graph["lower_limit"] . RRD_NL;
+ $scale .= "--lower-limit=" .
cacti_escapeshellarg($graph["lower_limit"]) . RRD_NL;
}
break;
}
@@ -942,7 +954,7 @@
to a function that matches the digits
with letters. rrdtool likes letters instead
of numbers in DEF names; especially
with CDEF's. cdef's are created
the same way, except a 'cdef' is put on
the beginning of the hash */
- $graph_defs .= "DEF:" .
generate_graph_def_name(strval($i)) . "=\"$data_source_path\":\"" .
$graph_item["data_source_name"] . "\":" . $consolidation_functions[$graph_cf] .
RRD_NL;
+ $graph_defs .= "DEF:" .
generate_graph_def_name(strval($i)) . "=\"$data_source_path\":" .
cacti_escapeshellarg($graph_item["data_source_name"], true) . ":" .
$consolidation_functions[$graph_cf] . RRD_NL;
$cf_ds_cache{$graph_item["data_template_rrd_id"]}[$graph_cf] = "$i";
@@ -1258,9 +1270,10 @@
$cdef_string =
rrd_substitute_host_query_data($cdef_string, $graph, $graph_item);
/* make the initial "virtual" cdef name: 'cdef' +
[a,b,c,d...] */
- $cdef_graph_defs .= "CDEF:cdef" .
generate_graph_def_name(strval($i)) . "='";
- $cdef_graph_defs .= $cdef_string;
- $cdef_graph_defs .= "' \\\n";
+ $cdef_graph_defs .= "CDEF:cdef" .
generate_graph_def_name(strval($i)) . "=";
+ /* prohibit command injection and provide platform
specific quoting */
+ $cdef_graph_defs .=
cacti_escapeshellarg(sanitize_cdef($cdef_string), true);
+ $cdef_graph_defs .= " \\\n";
/* the CDEF cache is so we do not create duplicate
CDEF's on a graph */
$cdef_cache{$graph_item["cdef_id"]}{$graph_item["data_template_rrd_id"]}[$cf_id]
= "$i";
@@ -1650,7 +1663,7 @@
to a function that matches the digits
with letters. rrdtool likes letters instead
of numbers in DEF names; especially
with CDEF's. cdef's are created
the same way, except a 'cdef' is put on
the beginning of the hash */
- $xport_defs .= "DEF:" .
generate_graph_def_name(strval($i)) . "=\"$data_source_path\":\"" .
$xport_item["data_source_name"] . "\":" . $consolidation_functions[$xport_cf] .
RRD_NL;
+ $xport_defs .= "DEF:" .
generate_graph_def_name(strval($i)) . "=\"$data_source_path\":" .
cacti_escapeshellarg($xport_item["data_source_name"], true) . ":" .
$consolidation_functions[$xport_cf] . RRD_NL;
$cf_ds_cache{$xport_item["data_template_rrd_id"]}[$xport_cf] = "$i";
@@ -1944,9 +1957,10 @@
$cdef_string =
rrd_substitute_host_query_data($cdef_string, $graph, $xport_item);
/* make the initial "virtual" cdef name: 'cdef' +
[a,b,c,d...] */
- $cdef_xport_defs .= "CDEF:cdef" .
generate_graph_def_name(strval($i)) . "='";
- $cdef_xport_defs .= $cdef_string;
- $cdef_xport_defs .= "' \\\n";
+ $cdef_xport_defs .= "CDEF:cdef" .
generate_graph_def_name(strval($i)) . "=";
+ /* prohibit command injection and provide platform
specific quoting */
+ $cdef_xport_defs .=
cacti_escapeshellarg(sanitize_cdef($cdef_string), true);
+ $cdef_xport_defs .= " \\\n";
/* the CDEF cache is so we do not create duplicate
CDEF's on a graph */
$cdef_cache{$xport_item["cdef_id"]}{$xport_item["data_template_rrd_id"]}[$cf_id]
= "$i";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cacti-0.8.8/plugins.php new/cacti-0.8.8a/plugins.php
--- old/cacti-0.8.8/plugins.php 2012-04-03 20:58:35.000000000 +0200
+++ new/cacti-0.8.8a/plugins.php 2012-04-23 04:00:14.000000000 +0200
@@ -274,61 +274,63 @@
$path = $config['base_path'] . '/plugins/';
$dh = opendir($path);
- while (($file = readdir($dh)) !== false) {
- if ((is_dir("$path/$file")) &&
(file_exists("$path/$file/setup.php")) && (!in_array($file, $pluginslist))) {
- include_once("$path/$file/setup.php");
- if (!function_exists('plugin_' . $file . '_install') &&
function_exists($file . '_version')) {
- $function = $file . '_version';
- $cinfo[$file] = $function();
- if (!isset($cinfo[$file]['author']))
$cinfo[$file]['author'] = 'Unknown';
- if (!isset($cinfo[$file]['homepage']))
$cinfo[$file]['homepage'] = 'Not Stated';
- if (isset($cinfo[$file]['webpage']))
$cinfo[$file]['homepage'] = $cinfo[$file]['webpage'];
- if (!isset($cinfo[$file]['longname']))
$cinfo[$file]['longname'] = ucfirst($file);
- $cinfo[$file]['status'] = -2;
- if (in_array($file, $plugins)) {
- $cinfo[$file]['status'] = -1;
- }
- db_execute("REPLACE INTO $table (directory,
name, status, author, webpage, version)
- VALUES ('" .
- $file . "', '" .
- $cinfo[$file]['longname'] . "',
'" .
- $cinfo[$file]['status'] . "',
'" .
- $cinfo[$file]['author'] . "',
'" .
- $cinfo[$file]['homepage'] . "',
'" .
- $cinfo[$file]['version'] .
"')");
- $pluginslist[] = $file;
- } elseif (function_exists('plugin_' . $file .
'_install') && function_exists('plugin_' . $file . '_version')) {
- $function = $file . '_version';
- $cinfo[$file] = $function();
- $cinfo[$file]['status'] = 0;
- if (!isset($cinfo[$file]['author']))
$cinfo[$file]['author'] = 'Unknown';
- if (!isset($cinfo[$file]['homepage']))
$cinfo[$file]['homepage'] = 'Not Stated';
- if (isset($cinfo[$file]['webpage']))
$cinfo[$file]['homepage'] = $cinfo[$file]['webpage'];
- if (!isset($cinfo[$file]['longname']))
$cinfo[$file]['homepage'] = ucfirst($file);
+ if ($dh !== false) {
+ while (($file = readdir($dh)) !== false) {
+ if ((is_dir("$path/$file")) &&
(file_exists("$path/$file/setup.php")) && (!in_array($file, $pluginslist))) {
+ include_once("$path/$file/setup.php");
+ if (!function_exists('plugin_' . $file .
'_install') && function_exists($file . '_version')) {
+ $function = $file . '_version';
+ $cinfo[$file] = $function();
+ if (!isset($cinfo[$file]['author']))
$cinfo[$file]['author'] = 'Unknown';
+ if (!isset($cinfo[$file]['homepage']))
$cinfo[$file]['homepage'] = 'Not Stated';
+ if (isset($cinfo[$file]['webpage']))
$cinfo[$file]['homepage'] = $cinfo[$file]['webpage'];
+ if (!isset($cinfo[$file]['longname']))
$cinfo[$file]['longname'] = ucfirst($file);
+ $cinfo[$file]['status'] = -2;
+ if (in_array($file, $plugins)) {
+ $cinfo[$file]['status'] = -1;
+ }
+ db_execute("REPLACE INTO $table
(directory, name, status, author, webpage, version)
+ VALUES ('" .
+ $file . "', '" .
+
$cinfo[$file]['longname'] . "', '" .
+ $cinfo[$file]['status']
. "', '" .
+ $cinfo[$file]['author']
. "', '" .
+
$cinfo[$file]['homepage'] . "', '" .
+
$cinfo[$file]['version'] . "')");
+ $pluginslist[] = $file;
+ } elseif (function_exists('plugin_' . $file .
'_install') && function_exists('plugin_' . $file . '_version')) {
+ $function = $file .
'_version';
+ $cinfo[$file] = $function();
+ $cinfo[$file]['status'] = 0;
+ if (!isset($cinfo[$file]['author']))
$cinfo[$file]['author'] = 'Unknown';
+ if (!isset($cinfo[$file]['homepage']))
$cinfo[$file]['homepage'] = 'Not Stated';
+ if (isset($cinfo[$file]['webpage']))
$cinfo[$file]['homepage'] = $cinfo[$file]['webpage'];
+ if (!isset($cinfo[$file]['longname']))
$cinfo[$file]['homepage'] = ucfirst($file);
- /* see if it's been installed as old, if so,
remove from oldplugins array and session */
- $oldplugins = read_config_option("oldplugins");
- if (substr_count($oldplugins, $file)) {
- $oldplugins = str_replace($file, "",
$oldplugins);
- $oldplugins = str_replace(",,", ",",
$oldplugins);
- $oldplugins = trim($oldplugins, ",");
- set_config_option('oldplugins',
$oldplugins);
-
$_SESSION['sess_config_array']['oldplugins'] = $oldplugins;
- }
+ /* see if it's been installed as old,
if so, remove from oldplugins array and session */
+ $oldplugins =
read_config_option("oldplugins");
+ if (substr_count($oldplugins, $file)) {
+ $oldplugins =
str_replace($file, "", $oldplugins);
+ $oldplugins = str_replace(",,",
",", $oldplugins);
+ $oldplugins = trim($oldplugins,
",");
+ set_config_option('oldplugins',
$oldplugins);
+
$_SESSION['sess_config_array']['oldplugins'] = $oldplugins;
+ }
- db_execute("REPLACE INTO $table (directory,
name, status, author, webpage, version)
- VALUES ('" .
- $file . "', '" .
- $cinfo[$file]['longname'] . "',
'" .
- $cinfo[$file]['status'] . "',
'" .
- $cinfo[$file]['author'] . "',
'" .
- $cinfo[$file]['homepage'] . "',
'" .
- $cinfo[$file]['version'] .
"')");
- $pluginslist[] = $file;
+ db_execute("REPLACE INTO $table
(directory, name, status, author, webpage, version)
+ VALUES ('" .
+ $file . "', '" .
+
$cinfo[$file]['longname'] . "', '" .
+ $cinfo[$file]['status']
. "', '" .
+ $cinfo[$file]['author']
. "', '" .
+
$cinfo[$file]['homepage'] . "', '" .
+
$cinfo[$file]['version'] . "')");
+ $pluginslist[] = $file;
+ }
}
}
+ closedir($dh);
}
- closedir($dh);
return $table;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
