Hello community, here is the log from the commit of package cacti for openSUSE:Factory checked in at 2012-05-14 16:11:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cacti (Old) and /work/SRC/openSUSE:Factory/.cacti.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti", Maintainer is "crrodrig...@novell.com" Changes: -------- --- /work/SRC/openSUSE:Factory/cacti/cacti.changes 2012-05-07 22:45:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.cacti.new/cacti.changes 2012-05-14 16:11:11.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Apr 30 11:09:10 UTC 2012 - aldemir.akpi...@airties.com + +- New version 0.8.8a +- Fixed an rpmlint warning + +------------------------------------------------------------------- Old: ---- cacti-0.8.8-cacti-log-path.patch cacti-0.8.8-cacti-script.patch cacti-0.8.8.tar.bz2 New: ---- cacti-0.8.8a-cacti-log-path.patch cacti-0.8.8a-cacti-script.patch cacti-0.8.8a.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ --- /var/tmp/diff_new_pack.tNcjoa/_old 2012-05-14 16:11:12.000000000 +0200 +++ /var/tmp/diff_new_pack.tNcjoa/_new 2012-05-14 16:11:12.000000000 +0200 @@ -17,7 +17,7 @@ Name: cacti -Version: 0.8.8 +Version: 0.8.8a Release: 0.0 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0+ @@ -75,6 +75,7 @@ Requires: logrotate Requires: net-snmp Obsoletes: cacti-PA +Provides: cacti-PA BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %if 0%{?suse_version} ++++++ cacti-0.8.8-cacti-log-path.patch -> cacti-0.8.8a-cacti-log-path.patch ++++++ ++++++ cacti-0.8.8-cacti-script.patch -> cacti-0.8.8a-cacti-script.patch ++++++ ++++++ cacti-0.8.8.tar.bz2 -> cacti-0.8.8a.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/auth_login.php new/cacti-0.8.8a/auth_login.php --- old/cacti-0.8.8/auth_login.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/auth_login.php 2012-04-23 04:00:14.000000000 +0200 @@ -39,6 +39,13 @@ $username = str_replace("\\", "\\\\", $_SERVER["REMOTE_USER"]); }elseif (isset($_SERVER["REDIRECT_REMOTE_USER"])) { $username = str_replace("\\", "\\\\", $_SERVER["REDIRECT_REMOTE_USER"]); + }elseif (isset($_SERVER["HTTP_PHP_AUTH_USER"])) { + $username = str_replace("\\", "\\\\", $_SERVER["HTTP_PHP_AUTH_USER"]); + }elseif (isset($_SERVER["HTTP_REMOTE_USER"])) { + $username = str_replace("\\", "\\\\", $_SERVER["HTTP_REMOTE_USER"]); + }elseif (isset($_SERVER["HTTP_REDIRECT_REMOTE_USER"])) { + $username = str_replace("\\", "\\\\", $_SERVER["HTTP_REDIRECT_REMOTE_USER"]); + }else{ /* No user - Bad juju! */ $username = ""; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/cacti.sql new/cacti-0.8.8a/cacti.sql --- old/cacti-0.8.8/cacti.sql 2012-04-03 20:58:36.000000000 +0200 +++ new/cacti-0.8.8a/cacti.sql 2012-04-23 04:00:14.000000000 +0200 @@ -2172,7 +2172,7 @@ rrd_name varchar(19) NOT NULL default '', time datetime NOT NULL default '0000-00-00 00:00:00', output text NOT NULL, - PRIMARY KEY (local_data_id,rrd_name,time) USING BTREE + PRIMARY KEY (local_data_id,rrd_name,time) /*!50060 USING BTREE */ ) ENGINE=MyISAM; -- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/cli/upgrade_database.php new/cacti-0.8.8a/cli/upgrade_database.php --- old/cacti-0.8.8/cli/upgrade_database.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/cli/upgrade_database.php 2012-04-23 04:00:14.000000000 +0200 @@ -66,6 +66,8 @@ '0.8.7f' => '0_8_7e_to_0_8_7f.php', '0.8.7g' => '0_8_7f_to_0_8_7g.php', '0.8.7h' => '0_8_7g_to_0_8_7h.php', + '0.8.7i' => '0_8_7h_to_0_8_7i.php', + '0.8.8' => '0_8_7i_to_0_8_8.php', ); $old_cacti_version = db_fetch_cell('select cacti from version'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/docs/CHANGELOG new/cacti-0.8.8a/docs/CHANGELOG --- old/cacti-0.8.8/docs/CHANGELOG 2012-04-02 02:01:14.000000000 +0200 +++ new/cacti-0.8.8a/docs/CHANGELOG 2012-04-23 03:34:16.000000000 +0200 @@ -1,5 +1,17 @@ Cacti CHANGELOG +0.8.8a +-bug#0002207: cannot export graph templates +-bug#0002208: Graphs with CDEFs fail to generate +-bug#0002209: External auth does not work behind a reverse proxy +-bug#0002211: creating an index USING BTREE fails ony MySQL < 5.0.60 +-bug#0002213: CLI upgrade script is missing 0.8.7i as a target +-bug#0002214: SQL error during non-PIA upgrade to 088 when giving a default for a text field in plugin_realms +-bug#0002216: use of define_syslog_variables() gone in PHP 5.4 +-bug#0002217: url_path should default to /cacti/ +-bug#0002221: Missing plugin directory causes endless loop in plugins.php +-bug#0002222: tail_logfile hangs when cacti.log not readable, filling apache log with fgets warnings + 0.8.8 -bug#0002056: un-initialized datetime used for host status (was: Zero length string != NULL) -bug#0002081: In Graph Management, search display graph title breaks when using pattern symbol "/" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/include/config.php new/cacti-0.8.8a/include/config.php --- old/cacti-0.8.8/include/config.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/include/config.php 2012-04-23 04:00:14.000000000 +0200 @@ -36,7 +36,7 @@ ex: if your cacti install as at http://serverip/cacti/ this would be set to /cacti/ */ -//$url_path = "/"; +//$url_path = "/cacti/"; /* Default session name - Session name must contain alpha characters */ //$cacti_session_name = "Cacti"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/include/global.php new/cacti-0.8.8a/include/global.php --- old/cacti-0.8.8/include/global.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/include/global.php 2012-04-23 04:00:14.000000000 +0200 @@ -43,7 +43,7 @@ $cacti_session_name = "Cacti"; /* define default url path */ -$url_path = "/"; +$url_path = "/cacti/"; /* Include configuration */ include(dirname(__FILE__) . "/config.php"); @@ -226,6 +226,6 @@ api_plugin_hook("config_insert"); /* current cacti version */ -$config["cacti_version"] = "0.8.8"; +$config["cacti_version"] = "0.8.8a"; ?> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/include/global_arrays.php new/cacti-0.8.8a/include/global_arrays.php --- old/cacti-0.8.8/include/global_arrays.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/include/global_arrays.php 2012-04-23 04:00:14.000000000 +0200 @@ -555,7 +555,9 @@ "0.8.7f" => "0020", "0.8.7g" => "0021", "0.8.7h" => "0022", - "0.8.7i" => "0023" + "0.8.7i" => "0023", + "0.8.8" => "0024", + "0.8.8a" => "0024" ); $hash_type_names = array( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/install/0_8_7i_to_0_8_8.php new/cacti-0.8.8a/install/0_8_7i_to_0_8_8.php --- old/cacti-0.8.8/install/0_8_7i_to_0_8_8.php 2012-04-03 20:58:36.000000000 +0200 +++ new/cacti-0.8.8a/install/0_8_7i_to_0_8_8.php 2012-04-23 04:00:14.000000000 +0200 @@ -35,8 +35,9 @@ db_install_execute("0.8.8", "ALTER TABLE `poller_output` DROP PRIMARY KEY"); cacti_log(__FUNCTION__ . " table poller_output: dropping old PRIMARY KEY", false, "UPGRADE"); } - /* now the KEY we want to create is definitively NOT present */ - db_install_execute("0.8.8", "ALTER TABLE `poller_output` ADD PRIMARY KEY (`local_data_id`, `rrd_name`, `time`) USING BTREE"); + /* now the KEY we want to create is definitively NOT present + * MySQL < 5.00.60 requires a different syntax, this was fixed in MySQL 5.00.60, so take care */ + db_install_execute("0.8.8", "ALTER TABLE `poller_output` ADD PRIMARY KEY (`local_data_id`, `rrd_name`, `time`) /*!50060 USING BTREE */"); cacti_log(__FUNCTION__ . " upgrade table poller_output", false, "UPGRADE"); /* speed up user management */ @@ -94,7 +95,7 @@ $sql = "CREATE TABLE IF NOT EXISTS `plugin_realms` ( `id` int(8) unsigned NOT NULL auto_increment, `plugin` varchar(32) NOT NULL default '', - `file` text NOT NULL default '', + `file` text NOT NULL, `display` varchar(64) NOT NULL default '', PRIMARY KEY (`id`), KEY `plugin` (`plugin`) @@ -112,6 +113,10 @@ db_install_execute("0.8.8", "REPLACE INTO user_auth_realm VALUES (101,1)"); /* create index on data_template_data on data_input_id */ - db_install_execute("0.8.8", "CREATE INDEX data_input_id ON data_template_data (data_input_id)"); + $_keys = array_rekey(db_fetch_assoc("SHOW KEYS FROM `data_template_data`"), "Key_name", "Key_name"); + if (!in_array("data_input_id", $_keys)) { + db_install_execute("0.8.8", "ALTER TABLE `data_template_data` ADD KEY `data_input_id` (`data_input_id`)"); + cacti_log(__FUNCTION__ . " upgrade table data_template_data", false, "UPGRADE"); + } } ?> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/install/0_8_8_to_0_8_8a.php new/cacti-0.8.8a/install/0_8_8_to_0_8_8a.php --- old/cacti-0.8.8/install/0_8_8_to_0_8_8a.php 1970-01-01 01:00:00.000000000 +0100 +++ new/cacti-0.8.8a/install/0_8_8_to_0_8_8a.php 2012-04-23 04:00:14.000000000 +0200 @@ -0,0 +1,28 @@ +<?php +/* + +-------------------------------------------------------------------------+ + | Copyright (C) 2004-2012 The Cacti Group | + | | + | This program is free software; you can redistribute it and/or | + | modify it under the terms of the GNU General Public License | + | as published by the Free Software Foundation; either version 2 | + | of the License, or (at your option) any later version. | + | | + | This program is distributed in the hope that it will be useful, | + | but WITHOUT ANY WARRANTY; without even the implied warranty of | + | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | + | GNU General Public License for more details. | + +-------------------------------------------------------------------------+ + | Cacti: The Complete RRDTool-based Graphing Solution | + +-------------------------------------------------------------------------+ + | This code is designed, written, and maintained by the Cacti Group. See | + | about.php and/or the AUTHORS file for specific developer information. | + +-------------------------------------------------------------------------+ + | http://www.cacti.net/ | + +-------------------------------------------------------------------------+ +*/ + +function upgrade_to_0_8_8a() { + +} +?> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/install/index.php new/cacti-0.8.8a/install/index.php --- old/cacti-0.8.8/install/index.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/install/index.php 2012-04-23 04:00:14.000000000 +0200 @@ -33,7 +33,7 @@ $cacti_versions = array("0.8", "0.8.1", "0.8.2", "0.8.2a", "0.8.3", "0.8.3a", "0.8.4", "0.8.5", "0.8.5a", "0.8.6", "0.8.6a", "0.8.6b", "0.8.6c", "0.8.6d", "0.8.6e", "0.8.6f", "0.8.6g", "0.8.6h", "0.8.6i", "0.8.6j", "0.8.6k", "0.8.7", "0.8.7a", "0.8.7b", "0.8.7c", "0.8.7d", "0.8.7e", "0.8.7f", "0.8.7g", "0.8.7h", "0.8.7i", - "0.8.8"); + "0.8.8", "0.8.8a"); $old_cacti_version = db_fetch_cell("select cacti from version"); @@ -445,6 +445,9 @@ }elseif ($cacti_versions[$i] == "0.8.8") { include ("0_8_7i_to_0_8_8.php"); upgrade_to_0_8_8(); + }elseif ($cacti_versions[$i] == "0.8.8a") { + include ("0_8_8_to_0_8_8a.php"); + upgrade_to_0_8_8a(); } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/lib/functions.php new/cacti-0.8.8a/lib/functions.php --- old/cacti-0.8.8/lib/functions.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/lib/functions.php 2012-04-23 04:00:14.000000000 +0200 @@ -211,6 +211,7 @@ $messages array in 'include/global_arrays.php' @returns - the original $field_value */ function form_input_validate($field_value, $field_name, $regexp_match, $allow_nulls, $custom_message = 3) { + global $messages; /* write current values to the "field_values" array so we can retain them */ $_SESSION["sess_field_values"][$field_name] = $field_value; @@ -223,6 +224,7 @@ if ((!preg_match('/' . $regexp_match . '/', $field_value) || (($allow_nulls == false) && ($field_value === "")))) { raise_message($custom_message); + cacti_log("Validation Error on field '".$field_name."', value '".$field_value."': " . $messages[$custom_message]["message"], false); $_SESSION["sess_error_fields"][$field_name] = $field_name; }else{ @@ -523,8 +525,6 @@ $log_type = "note"; if (strlen($log_type)) { - define_syslog_variables(); - if ($config["cacti_server_os"] == "win32") openlog("Cacti", LOG_NDELAY | LOG_PID, LOG_USER); else @@ -565,7 +565,7 @@ function tail_file($file_name, $number_of_lines, $message_type = -1, $filter = "", $line_size = 256) { $file_array = array(); - if (file_exists($file_name)) { + if (file_exists($file_name) && is_readable($file_name)) { $fp = fopen($file_name, "r"); /* reset back the number of bytes */ @@ -654,8 +654,10 @@ $file_array = array_slice($file_array, -$number_of_lines, count($file_array)); fclose($fp); - }else{ + }elseif (! file_exists($file_name)) { touch($file_name); + }else{ + echo "Error $file_name is not readable"; } return $file_array; @@ -2163,6 +2165,18 @@ return str_replace($drop_char_match, $drop_char_replace, urldecode($uri)); } +/** cleans up a CDEF/VDEF string + * the CDEF/VDEF must have passed all magic string replacements beforehand + * @arg string $cdef - the CDEF/VDEF to be sanitized + * @returns string - the sanitized CDEF/VDEF + */ +function sanitize_cdef($cdef) { + static $drop_char_match = array('^', '$', '<', '>', '`', '\'', '"', '|', '[', ']', '{', '}', ';', '!'); + static $drop_char_replace = array( '', '', '', '', '', '', '', '', '', '', '', '', '', ''); + + return str_replace($drop_char_match, $drop_char_replace, $cdef); +} + function cacti_escapeshellcmd($string) { global $config; @@ -2199,10 +2213,17 @@ return substr($string, 1, (strlen($string)-2)); } }else{ + /* escapeshellarg takes care of different quotation for both linux and windows, + * but unfortunately, it blanks out percent signs + * we want to keep them, e.g. for GPRINT format strings + * so we need to create our own escapeshellarg + * on windows, command injection requires to close any open quotation first + * so we have to escape any quotation here */ if (substr_count($string, CACTI_ESCAPE_CHARACTER)) { $string = str_replace(CACTI_ESCAPE_CHARACTER, "\\" . CACTI_ESCAPE_CHARACTER, $string); } + /* ... before we add our own quotation */ if ( $quote ) { return CACTI_ESCAPE_CHARACTER . $string . CACTI_ESCAPE_CHARACTER; } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/lib/rrd.php new/cacti-0.8.8a/lib/rrd.php --- old/cacti-0.8.8/lib/rrd.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/lib/rrd.php 2012-04-23 04:00:14.000000000 +0200 @@ -552,8 +552,20 @@ include_once($config["library_path"] . "/cdef.php"); include_once($config["library_path"] . "/graph_variables.php"); include($config["include_path"] . "/global_arrays.php"); + + + /* prevent command injection + * This function prepares an rrdtool graph statement to be executed by the web server. + * We have to take care, that the attacker does not insert shell code. + * As some rrdtool parameters accept "Cacti variables", we have to perform the + * variable substitution prior to vulnerability checks. + * We will enclose all parameters in quotes and substitute quotation marks within + * those parameters. + */ - /* set the rrdtool default font */ + /* rrdtool fetches the default font from it's execution environment + * you won't find that default font on the rrdtool statement itself! + * set the rrdtool default font via environment variable */ if (read_config_option("path_rrdtool_default_font")) { putenv("RRD_DEFAULT_FONT=" . read_config_option("path_rrdtool_default_font")); } @@ -695,24 +707,24 @@ case "2": /* autoscale-max, accepts a given lower limit */ $scale = "--alt-autoscale-max" . RRD_NL; if ( is_numeric($graph["lower_limit"])) { - $scale .= "--lower-limit=" . $graph["lower_limit"] . RRD_NL; + $scale .= "--lower-limit=" . cacti_escapeshellarg($graph["lower_limit"]) . RRD_NL; } break; case "3": /* autoscale-min, accepts a given upper limit */ if (read_config_option("rrdtool_version") != "rrd-1.0.x") { $scale = "--alt-autoscale-min" . RRD_NL; if ( is_numeric($graph["upper_limit"])) { - $scale .= "--upper-limit=" . $graph["upper_limit"] . RRD_NL; + $scale .= "--upper-limit=" . cacti_escapeshellarg($graph["upper_limit"]) . RRD_NL; } } break; case "4": /* auto_scale with limits */ $scale = "--alt-autoscale" . RRD_NL; if ( is_numeric($graph["upper_limit"])) { - $scale .= "--upper-limit=" . $graph["upper_limit"] . RRD_NL; + $scale .= "--upper-limit=" . cacti_escapeshellarg($graph["upper_limit"]) . RRD_NL; } if ( is_numeric($graph["lower_limit"])) { - $scale .= "--lower-limit=" . $graph["lower_limit"] . RRD_NL; + $scale .= "--lower-limit=" . cacti_escapeshellarg($graph["lower_limit"]) . RRD_NL; } break; } @@ -942,7 +954,7 @@ to a function that matches the digits with letters. rrdtool likes letters instead of numbers in DEF names; especially with CDEF's. cdef's are created the same way, except a 'cdef' is put on the beginning of the hash */ - $graph_defs .= "DEF:" . generate_graph_def_name(strval($i)) . "=\"$data_source_path\":\"" . $graph_item["data_source_name"] . "\":" . $consolidation_functions[$graph_cf] . RRD_NL; + $graph_defs .= "DEF:" . generate_graph_def_name(strval($i)) . "=\"$data_source_path\":" . cacti_escapeshellarg($graph_item["data_source_name"], true) . ":" . $consolidation_functions[$graph_cf] . RRD_NL; $cf_ds_cache{$graph_item["data_template_rrd_id"]}[$graph_cf] = "$i"; @@ -1258,9 +1270,10 @@ $cdef_string = rrd_substitute_host_query_data($cdef_string, $graph, $graph_item); /* make the initial "virtual" cdef name: 'cdef' + [a,b,c,d...] */ - $cdef_graph_defs .= "CDEF:cdef" . generate_graph_def_name(strval($i)) . "='"; - $cdef_graph_defs .= $cdef_string; - $cdef_graph_defs .= "' \\\n"; + $cdef_graph_defs .= "CDEF:cdef" . generate_graph_def_name(strval($i)) . "="; + /* prohibit command injection and provide platform specific quoting */ + $cdef_graph_defs .= cacti_escapeshellarg(sanitize_cdef($cdef_string), true); + $cdef_graph_defs .= " \\\n"; /* the CDEF cache is so we do not create duplicate CDEF's on a graph */ $cdef_cache{$graph_item["cdef_id"]}{$graph_item["data_template_rrd_id"]}[$cf_id] = "$i"; @@ -1650,7 +1663,7 @@ to a function that matches the digits with letters. rrdtool likes letters instead of numbers in DEF names; especially with CDEF's. cdef's are created the same way, except a 'cdef' is put on the beginning of the hash */ - $xport_defs .= "DEF:" . generate_graph_def_name(strval($i)) . "=\"$data_source_path\":\"" . $xport_item["data_source_name"] . "\":" . $consolidation_functions[$xport_cf] . RRD_NL; + $xport_defs .= "DEF:" . generate_graph_def_name(strval($i)) . "=\"$data_source_path\":" . cacti_escapeshellarg($xport_item["data_source_name"], true) . ":" . $consolidation_functions[$xport_cf] . RRD_NL; $cf_ds_cache{$xport_item["data_template_rrd_id"]}[$xport_cf] = "$i"; @@ -1944,9 +1957,10 @@ $cdef_string = rrd_substitute_host_query_data($cdef_string, $graph, $xport_item); /* make the initial "virtual" cdef name: 'cdef' + [a,b,c,d...] */ - $cdef_xport_defs .= "CDEF:cdef" . generate_graph_def_name(strval($i)) . "='"; - $cdef_xport_defs .= $cdef_string; - $cdef_xport_defs .= "' \\\n"; + $cdef_xport_defs .= "CDEF:cdef" . generate_graph_def_name(strval($i)) . "="; + /* prohibit command injection and provide platform specific quoting */ + $cdef_xport_defs .= cacti_escapeshellarg(sanitize_cdef($cdef_string), true); + $cdef_xport_defs .= " \\\n"; /* the CDEF cache is so we do not create duplicate CDEF's on a graph */ $cdef_cache{$xport_item["cdef_id"]}{$xport_item["data_template_rrd_id"]}[$cf_id] = "$i"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cacti-0.8.8/plugins.php new/cacti-0.8.8a/plugins.php --- old/cacti-0.8.8/plugins.php 2012-04-03 20:58:35.000000000 +0200 +++ new/cacti-0.8.8a/plugins.php 2012-04-23 04:00:14.000000000 +0200 @@ -274,61 +274,63 @@ $path = $config['base_path'] . '/plugins/'; $dh = opendir($path); - while (($file = readdir($dh)) !== false) { - if ((is_dir("$path/$file")) && (file_exists("$path/$file/setup.php")) && (!in_array($file, $pluginslist))) { - include_once("$path/$file/setup.php"); - if (!function_exists('plugin_' . $file . '_install') && function_exists($file . '_version')) { - $function = $file . '_version'; - $cinfo[$file] = $function(); - if (!isset($cinfo[$file]['author'])) $cinfo[$file]['author'] = 'Unknown'; - if (!isset($cinfo[$file]['homepage'])) $cinfo[$file]['homepage'] = 'Not Stated'; - if (isset($cinfo[$file]['webpage'])) $cinfo[$file]['homepage'] = $cinfo[$file]['webpage']; - if (!isset($cinfo[$file]['longname'])) $cinfo[$file]['longname'] = ucfirst($file); - $cinfo[$file]['status'] = -2; - if (in_array($file, $plugins)) { - $cinfo[$file]['status'] = -1; - } - db_execute("REPLACE INTO $table (directory, name, status, author, webpage, version) - VALUES ('" . - $file . "', '" . - $cinfo[$file]['longname'] . "', '" . - $cinfo[$file]['status'] . "', '" . - $cinfo[$file]['author'] . "', '" . - $cinfo[$file]['homepage'] . "', '" . - $cinfo[$file]['version'] . "')"); - $pluginslist[] = $file; - } elseif (function_exists('plugin_' . $file . '_install') && function_exists('plugin_' . $file . '_version')) { - $function = $file . '_version'; - $cinfo[$file] = $function(); - $cinfo[$file]['status'] = 0; - if (!isset($cinfo[$file]['author'])) $cinfo[$file]['author'] = 'Unknown'; - if (!isset($cinfo[$file]['homepage'])) $cinfo[$file]['homepage'] = 'Not Stated'; - if (isset($cinfo[$file]['webpage'])) $cinfo[$file]['homepage'] = $cinfo[$file]['webpage']; - if (!isset($cinfo[$file]['longname'])) $cinfo[$file]['homepage'] = ucfirst($file); + if ($dh !== false) { + while (($file = readdir($dh)) !== false) { + if ((is_dir("$path/$file")) && (file_exists("$path/$file/setup.php")) && (!in_array($file, $pluginslist))) { + include_once("$path/$file/setup.php"); + if (!function_exists('plugin_' . $file . '_install') && function_exists($file . '_version')) { + $function = $file . '_version'; + $cinfo[$file] = $function(); + if (!isset($cinfo[$file]['author'])) $cinfo[$file]['author'] = 'Unknown'; + if (!isset($cinfo[$file]['homepage'])) $cinfo[$file]['homepage'] = 'Not Stated'; + if (isset($cinfo[$file]['webpage'])) $cinfo[$file]['homepage'] = $cinfo[$file]['webpage']; + if (!isset($cinfo[$file]['longname'])) $cinfo[$file]['longname'] = ucfirst($file); + $cinfo[$file]['status'] = -2; + if (in_array($file, $plugins)) { + $cinfo[$file]['status'] = -1; + } + db_execute("REPLACE INTO $table (directory, name, status, author, webpage, version) + VALUES ('" . + $file . "', '" . + $cinfo[$file]['longname'] . "', '" . + $cinfo[$file]['status'] . "', '" . + $cinfo[$file]['author'] . "', '" . + $cinfo[$file]['homepage'] . "', '" . + $cinfo[$file]['version'] . "')"); + $pluginslist[] = $file; + } elseif (function_exists('plugin_' . $file . '_install') && function_exists('plugin_' . $file . '_version')) { + $function = $file . '_version'; + $cinfo[$file] = $function(); + $cinfo[$file]['status'] = 0; + if (!isset($cinfo[$file]['author'])) $cinfo[$file]['author'] = 'Unknown'; + if (!isset($cinfo[$file]['homepage'])) $cinfo[$file]['homepage'] = 'Not Stated'; + if (isset($cinfo[$file]['webpage'])) $cinfo[$file]['homepage'] = $cinfo[$file]['webpage']; + if (!isset($cinfo[$file]['longname'])) $cinfo[$file]['homepage'] = ucfirst($file); - /* see if it's been installed as old, if so, remove from oldplugins array and session */ - $oldplugins = read_config_option("oldplugins"); - if (substr_count($oldplugins, $file)) { - $oldplugins = str_replace($file, "", $oldplugins); - $oldplugins = str_replace(",,", ",", $oldplugins); - $oldplugins = trim($oldplugins, ","); - set_config_option('oldplugins', $oldplugins); - $_SESSION['sess_config_array']['oldplugins'] = $oldplugins; - } + /* see if it's been installed as old, if so, remove from oldplugins array and session */ + $oldplugins = read_config_option("oldplugins"); + if (substr_count($oldplugins, $file)) { + $oldplugins = str_replace($file, "", $oldplugins); + $oldplugins = str_replace(",,", ",", $oldplugins); + $oldplugins = trim($oldplugins, ","); + set_config_option('oldplugins', $oldplugins); + $_SESSION['sess_config_array']['oldplugins'] = $oldplugins; + } - db_execute("REPLACE INTO $table (directory, name, status, author, webpage, version) - VALUES ('" . - $file . "', '" . - $cinfo[$file]['longname'] . "', '" . - $cinfo[$file]['status'] . "', '" . - $cinfo[$file]['author'] . "', '" . - $cinfo[$file]['homepage'] . "', '" . - $cinfo[$file]['version'] . "')"); - $pluginslist[] = $file; + db_execute("REPLACE INTO $table (directory, name, status, author, webpage, version) + VALUES ('" . + $file . "', '" . + $cinfo[$file]['longname'] . "', '" . + $cinfo[$file]['status'] . "', '" . + $cinfo[$file]['author'] . "', '" . + $cinfo[$file]['homepage'] . "', '" . + $cinfo[$file]['version'] . "')"); + $pluginslist[] = $file; + } } } + closedir($dh); } - closedir($dh); return $table; } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org