diff options
Diffstat (limited to 'net-mgmt/cacti/files/patch-lib__rrd.php')
| -rw-r--r-- | net-mgmt/cacti/files/patch-lib__rrd.php | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/net-mgmt/cacti/files/patch-lib__rrd.php b/net-mgmt/cacti/files/patch-lib__rrd.php deleted file mode 100644 index 52a81c3ba6a0..000000000000 --- a/net-mgmt/cacti/files/patch-lib__rrd.php +++ /dev/null @@ -1,35 +0,0 @@ ---- ./lib/rrd.php.orig 2014-08-11 17:34:23.000000000 -0700 -+++ ./lib/rrd.php 2014-08-11 17:34:23.000000000 -0700 -@@ -1343,20 +1343,20 @@ - $need_rrd_nl = TRUE; - - if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") { -+ # perform variable substitution first (in case this will yield an empty results or brings command injection problems) -+ $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item); -+ # next, compute the argument of the COMMENT statement and perform injection counter measures -+ if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care -+ $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]); -+ } else { -+ $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]); -+ } -+ -+ # create rrdtool specific command line - if (read_config_option("rrdtool_version") != "rrd-1.0.x") { -- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " "; -- if (trim($comment_string) == 'COMMENT:"\n"') { -- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work -- } else if (trim($comment_string) != "COMMENT:\"\"") { -- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item); -- } -+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " "; - }else { -- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " "; -- if (trim($comment_string) == 'COMMENT:"\n"') { -- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work -- } else if (trim($comment_string) != "COMMENT:\"\"") { -- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item); -- } -+ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " "; - } - }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) { - $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */ |