rra-comments.patch

   1 ------------------------------------------------------------------------
   2 r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line
   3
   4 fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
   5 ------------------------------------------------------------------------
   6 Index: branches/0.8.8/lib/rrd.php
   7 ===================================================================
   8 --- branches/0.8.8/lib/rrd.php  (revision 7417)
   9 +++ branches/0.8.8/lib/rrd.php  (revision 7418)
  10 @@ -1343,20 +1343,20 @@
  11                 $need_rrd_nl = TRUE;
  12
  13                 if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
  14 +                       # perform variable substitution first (in case this will yield an empty results or brings command injection problems)
  15 +                       $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
  16 +                       # next, compute the argument of the COMMENT statement and perform injection counter measures
  17 +                       if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
  18 +                               $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
  19 +                       } else {
  20 +                               $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
  21 +                       }
  22 +
  23 +                       # create rrdtool specific command line
  24                         if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
  25 -                               $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
  26 -                               if (trim($comment_string) == 'COMMENT:"\n"') {
  27 -                                       $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
  28 -                               } else if (trim($comment_string) != "COMMENT:\"\"") {
  29 -                                       $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
  30 -                               }
  31 +                               $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
  32                         }else {
  33 -                               $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
  34 -                               if (trim($comment_string) == 'COMMENT:"\n"') {
  35 -                                       $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
  36 -                               } else if (trim($comment_string) != "COMMENT:\"\"") {
  37 -                                       $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
  38 -                               }
  39 +                               $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
  40                         }
  41                 }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
  42                         $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */