/* echo the data to the log (append) */
--- cacti-0.8.8/utilities.php~ 2012-10-29 22:14:05.000000000 +0200
+++ cacti-0.8.8/utilities.php 2012-10-29 22:15:05.781005237 +0200
-@@ -798,12 +798,12 @@
+@@ -773,12 +773,12 @@ function utilities_clear_user_log() {
}
function utilities_view_logfile() {
-- global $colors, $log_tail_lines, $page_refresh_interval, $refresh;
-+ global $colors, $log_tail_lines, $page_refresh_interval, $config;
+- global $log_tail_lines, $page_refresh_interval, $refresh;
++ global $log_tail_lines, $page_refresh_interval, $config;
$logfile = read_config_option("path_cactilog");
}
/* helps determine output color */
-@@ -858,7 +858,7 @@
+@@ -1014,6 +1014,7 @@ function utilities_view_logfile() {
}
function utilities_clear_logfile() {
-- global $colors;
-+ global $config, $colors;
-
++ global $config;
load_current_session_value("refresh", "sess_logfile_refresh", read_config_option("log_refresh_interval"));
+ $refresh["seconds"] = get_request_var_request("refresh");
@@ -870,7 +870,7 @@
$logfile = read_config_option("path_cactilog");
Summary: Cacti is a PHP frontend for rrdtool
Summary(pl.UTF-8): Cacti - frontend w PHP do rrdtoola
Name: cacti
-Version: 0.8.8b
-Release: 5
+Version: 0.8.8c
+Release: 1
License: GPL v2
Group: Applications/WWW
Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
-# Source0-md5: acb40deae073ca22e5c01a8e3ba389fb
+# Source0-md5: 11e3955c9ea494879967e19aa935e682
Source2: %{name}.crontab
Source3: %{name}-apache.conf
Source4: %{name}-lighttpd.conf
Patch6: %{name}-log-verbosity.patch
Patch7: %{name}-ss_disk-array-indices.patch
Patch8: host_name-url.patch
-Patch9: rra-comments.patch
# http://www.cacti.net/download_patches.php
-Patch100: http://www.cacti.net/downloads/patches/%{version}/security.patch
-# Patch100-md5: bd18f265cca1f9713f88296f0be1ef56
+# Patch100: ..
URL: http://www.cacti.net/
BuildRequires: sed >= 4.0
Requires(postun): /usr/sbin/userdel
%patch6 -p1
%patch7 -p1
%patch8 -p1
-%patch9 -p2
mkdir -p sql
mv *.sql sql
--- cacti-0.8.7e/graph_view.php 2009-10-02 10:30:43.000000000 +0300
+++ cacti/graph_view.php 2009-10-07 12:42:04.032959475 +0300
-@@ -158,12 +158,18 @@
+@@ -30,6 +30,7 @@ include_once('./lib/timespan_settings.ph
+ define("MAX_DISPLAY_PAGES", 21);
+
+ /* ================= input validation ================= */
++input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
+ input_validate_input_number(get_request_var_request('branch_id'));
+ input_validate_input_number(get_request_var_request('hide'));
+ input_validate_input_number(get_request_var_request('tree_id'));
+@@ -41,6 +42,11 @@ input_validate_input_regex(get_request_v
+ input_validate_input_regex(get_request_var_request('nodeid'), '^([_a-z0-9]+)$');
+ /* ==================================================== */
+
++if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
++ // fill $host_id from $host_name. empty result is ok too, we'll list previous view then
++ $_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
++}
++
+ /* clean up action string */
+ if (isset($_REQUEST['action'])) {
+ $_REQUEST['action'] = sanitize_search_string(get_request_var_request('action'));
+@@ -162,6 +168,7 @@ case 'preview':
}
/* ================= input validation ================= */
+ input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
- input_validate_input_number(get_request_var_request("host_id"));
- input_validate_input_number(get_request_var_request("graph_template_id"));
- input_validate_input_number(get_request_var_request("page"));
- input_validate_input_number(get_request_var_request("rows"));
- /* ==================================================== */
-
-+ if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
-+ // fill $host_id from $host_name. empty result is ok too, we'll list previous view then
-+ $_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
-+ }
-+
- /* clean up search string */
- if (isset($_REQUEST["filter"])) {
- $_REQUEST["filter"] = sanitize_search_string(get_request_var_request("filter"));
-@@ -550,6 +556,7 @@
+ input_validate_input_number(get_request_var_request('host_id'));
+ input_validate_input_number(get_request_var_request('graph_template_id'));
+ input_validate_input_number(get_request_var_request('page'));
+@@ -600,6 +607,7 @@ case 'list':
}
/* ================= input validation ================= */
+ input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
- input_validate_input_number(get_request_var_request("host_id"));
- input_validate_input_number(get_request_var_request("graph_template_id"));
- /* ==================================================== */
-
+ input_validate_input_number(get_request_var_request('host_id'));
+ input_validate_input_number(get_request_var_request('graph_template_id'));
+ input_validate_input_number(get_request_var_request('rows'));
+++ /dev/null
-------------------------------------------------------------------------
-r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line
-
-fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
-------------------------------------------------------------------------
-Index: branches/0.8.8/lib/rrd.php
-===================================================================
---- branches/0.8.8/lib/rrd.php (revision 7417)
-+++ branches/0.8.8/lib/rrd.php (revision 7418)
-@@ -1343,20 +1343,20 @@
- $need_rrd_nl = TRUE;
-
- if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
-+ # perform variable substitution first (in case this will yield an empty results or brings command injection problems)
-+ $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
-+ # next, compute the argument of the COMMENT statement and perform injection counter measures
-+ if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
-+ $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
-+ } else {
-+ $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
-+ }
-+
-+ # create rrdtool specific command line
- if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
-- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
-- if (trim($comment_string) == 'COMMENT:"\n"') {
-- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
-- } else if (trim($comment_string) != "COMMENT:\"\"") {
-- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
-- }
-+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
- }else {
-- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
-- if (trim($comment_string) == 'COMMENT:"\n"') {
-- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
-- } else if (trim($comment_string) != "COMMENT:\"\"") {
-- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
-- }
-+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
- }
- }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
- $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */
projects / packages / cacti.git / commitdiff