aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorPim van den Berg2015-05-25 12:02:35 +0200
committerPim van den Berg2015-05-25 12:11:31 +0200
commita213f092ab2abc7d0033044b074a327f28287507 (patch)
treeaff9cbcc286291d71f05a3bebbaf1b34b6c35c72
parentinc/functions: make type argument of validate_get function exactly the same a... (diff)
downloadapt-panopticon_cgp-a213f092ab2abc7d0033044b074a327f28287507.zip
apt-panopticon_cgp-a213f092ab2abc7d0033044b074a327f28287507.tar.gz
apt-panopticon_cgp-a213f092ab2abc7d0033044b074a327f28287507.tar.bz2
apt-panopticon_cgp-a213f092ab2abc7d0033044b074a327f28287507.tar.xz
inc/functions: merge functions GET and validate_get
And make sure all input from $_GET variables are parsed and validated.
Diffstat
-rw-r--r--detail.php17
-rw-r--r--graph.php20
-rw-r--r--host.php4
-rw-r--r--inc/functions.inc.php58
-rw-r--r--inc/html.inc.php10
5 files changed, 74 insertions, 35 deletions
diff --git a/detail.php b/detail.php
index b4ece36..8978350 100644
--- a/detail.php
+++ b/detail.php
@@ -15,12 +15,12 @@ if (empty($_GET['y']))
15if ($CONFIG['graph_type'] == 'hybrid') 15if ($CONFIG['graph_type'] == 'hybrid')
16 $CONFIG['graph_type'] = 'canvas'; 16 $CONFIG['graph_type'] = 'canvas';
17 17
18$host = validate_get(GET('h'), 'h'); 18$host = GET('h');
19$plugin = validate_get(GET('p'), 'p'); 19$plugin = GET('p');
20$pinstance = validate_get(GET('pi'), 'pi'); 20$pinstance = GET('pi');
21$category = validate_get(GET('c'), 'c'); 21$category = GET('c');
22$type = validate_get(GET('t'), 't'); 22$type = GET('t');
23$tinstance = validate_get(GET('ti'), 'ti'); 23$tinstance = GET('ti');
24$seconds = GET('s'); 24$seconds = GET('s');
25 25
26$selected_plugins = !$plugin ? $CONFIG['overview'] : array($plugin); 26$selected_plugins = !$plugin ? $CONFIG['overview'] : array($plugin);
@@ -40,7 +40,7 @@ plugins_list($host, $selected_plugins);
40echo '<div class="graphs">'; 40echo '<div class="graphs">';
41plugin_header($host, $plugin); 41plugin_header($host, $plugin);
42 42
43$args = $_GET; 43$args = GET();
44print '<ul class="time-range">' . "\n"; 44print '<ul class="time-range">' . "\n";
45foreach($CONFIG['term'] as $key => $s) { 45foreach($CONFIG['term'] as $key => $s) {
46 $args['s'] = $s; 46 $args['s'] = $s;
@@ -59,7 +59,8 @@ if ($CONFIG['graph_type'] == 'canvas') {
59} else { 59} else {
60 printf("<img src=\"%s%s\">\n", 60 printf("<img src=\"%s%s\">\n",
61 htmlentities($CONFIG['weburl']), 61 htmlentities($CONFIG['weburl']),
62 htmlentities(build_url('graph.php', $_GET))); 62 htmlentities(build_url('graph.php', GET()))
63 );
63} 64}
64echo '</div>'; 65echo '</div>';
65echo "</fieldset>\n"; 66echo "</fieldset>\n";
diff --git a/graph.php b/graph.php
index b546d02..67224b2 100644
--- a/graph.php
+++ b/graph.php
@@ -4,8 +4,8 @@ require_once 'conf/common.inc.php';
4require_once 'inc/functions.inc.php'; 4require_once 'inc/functions.inc.php';
5require_once 'inc/collectd.inc.php'; 5require_once 'inc/collectd.inc.php';
6 6
7$plugin = validate_get(GET('p'), 'p'); 7$plugin = GET('p');
8$type = validate_get(GET('t'), 't'); 8$type = GET('t');
9$width = GET('x') ? filter_var(GET('x'), FILTER_VALIDATE_INT, array( 9$width = GET('x') ? filter_var(GET('x'), FILTER_VALIDATE_INT, array(
10 'min_range' => 10, 10 'min_range' => 10,
11 'max_range' => $CONFIG['max-width'] 11 'max_range' => $CONFIG['max-width']
@@ -18,12 +18,12 @@ $height = GET('y') ? filter_var(GET('y'), FILTER_VALIDATE_INT, array(
18if ($width === NULL || $height === NULL) { 18if ($width === NULL || $height === NULL) {
19 error_log(sprintf('Invalid image dimension, x="%s", y="%s"', 19 error_log(sprintf('Invalid image dimension, x="%s", y="%s"',
20 urlencode(GET('x')), 20 urlencode(GET('x')),
21 urlencode(GET('y')))); 21 urlencode(GET('y'))
22 ));
22 error_image(); 23 error_image();
23} 24}
24 25
25if (validate_get(GET('h'), 'h') === NULL) { 26if (GET('h') === NULL) {
26 error_log('Invalid host: "' . urlencode(GET('h')) . '"');
27 error_image(); 27 error_image();
28} 28}
29 29
@@ -31,7 +31,7 @@ $typesdb = parse_typesdb_file($CONFIG['typesdb']);
31 31
32if ($plugin == 'aggregation') { 32if ($plugin == 'aggregation') {
33 $pi = explode("-", GET('pi')); 33 $pi = explode("-", GET('pi'));
34 $plugin = $_GET['p'] = validate_get($pi[0], 'p'); 34 $plugin = $_GET['p'] = GET('p', $pi[0]);
35} 35}
36 36
37# plugin json 37# plugin json
@@ -49,19 +49,19 @@ if (!isset($plugin_json[$type]['type']))
49switch ($plugin_json[$type]['type']) { 49switch ($plugin_json[$type]['type']) {
50 case 'stacked': 50 case 'stacked':
51 require_once 'type/GenericStacked.class.php'; 51 require_once 'type/GenericStacked.class.php';
52 $obj = new Type_GenericStacked($CONFIG, $_GET); 52 $obj = new Type_GenericStacked($CONFIG, GET());
53 break; 53 break;
54 case 'io': 54 case 'io':
55 require_once 'type/GenericIO.class.php'; 55 require_once 'type/GenericIO.class.php';
56 $obj = new Type_GenericIO($CONFIG, $_GET); 56 $obj = new Type_GenericIO($CONFIG, GET());
57 break; 57 break;
58 case 'uptime': 58 case 'uptime':
59 require_once 'type/Uptime.class.php'; 59 require_once 'type/Uptime.class.php';
60 $obj = new Type_Uptime($CONFIG, $_GET); 60 $obj = new Type_Uptime($CONFIG, GET());
61 break; 61 break;
62 default: 62 default:
63 require_once 'type/Default.class.php'; 63 require_once 'type/Default.class.php';
64 $obj = new Type_Default($CONFIG, $_GET); 64 $obj = new Type_Default($CONFIG, GET());
65 break; 65 break;
66} 66}
67 67
diff --git a/host.php b/host.php
index 2ba662d..f411b78 100644
--- a/host.php
+++ b/host.php
@@ -4,8 +4,8 @@ require_once 'conf/common.inc.php';
4require_once 'inc/html.inc.php'; 4require_once 'inc/html.inc.php';
5require_once 'inc/collectd.inc.php'; 5require_once 'inc/collectd.inc.php';
6 6
7$host = validate_get(GET('h'), 'h'); 7$host = GET('h');
8$plugin = validate_get(GET('p'), 'p'); 8$plugin = GET('p');
9 9
10$selected_plugins = !$plugin ? $CONFIG['overview'] : array($plugin); 10$selected_plugins = !$plugin ? $CONFIG['overview'] : array($plugin);
11 11
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
index f667772..9e56868 100644
--- a/inc/functions.inc.php
+++ b/inc/functions.inc.php
@@ -2,28 +2,66 @@
2 2
3# global functions 3# global functions
4 4
5function GET($index) { 5function GET($index = NULL, $value = NULL) {
6 if (isset($_GET[$index])) 6 # parse all values from $_GET when no index is given
7 return $_GET[$index]; 7 if ($index === NULL) {
8 return null; 8 $arr = array();
9} 9 foreach($_GET as $i => $v) {
10 $arr[$i] = GET($i);
11 }
12 return $arr;
13 }
14
15 if (!isset($_GET[$index]))
16 return NULL;
17
18 if ($value === NULL)
19 $value = $_GET[$index];
10 20
11function validate_get($value, $type) { 21 $desc = array(
12 switch($type) { 22 'h' => 'host',
23 'p' => 'plugin',
24 'c' => 'category',
25 't' => 'type',
26 'pi' => 'plugin instance',
27 'ti' => 'type instance',
28 's' => 'seconds',
29 'x' => 'x-axis',
30 'y' => 'y-axis',
31 );
32
33 switch($index) {
13 case 'h': # host 34 case 'h': # host
14 if (!preg_match('/^[\w-.]+$/u', $value)) 35 if (!preg_match('/^[\w-.]+$/u', $value)) {
36 error_log(sprintf('Invalid %s in $_GET["%s"]: "%s"', $desc[$index], $index, $value));
15 return NULL; 37 return NULL;
38 }
16 break; 39 break;
17 case 'p': # plugin 40 case 'p': # plugin
18 case 'c': # category 41 case 'c': # category
19 case 't': # type 42 case 't': # type
20 if (!preg_match('/^\w+$/u', $value)) 43 if (!preg_match('/^\w+$/u', $value)) {
44 error_log(sprintf('Invalid %s in $_GET["%s"]: "%s"', $desc[$index], $index, $value));
21 return NULL; 45 return NULL;
46 }
22 break; 47 break;
23 case 'pi': # plugin instance 48 case 'pi': # plugin instance
24 case 'ti': # type instance 49 case 'ti': # type instance
25 if (!preg_match('/^[\w-]+$/u', $value)) 50 if (!preg_match('/^[\w-]+$/u', $value)) {
51 error_log(sprintf('Invalid %s in $_GET["%s"]: "%s"', $desc[$index], $index, $value));
52 return NULL;
53 }
54 break;
55 case 's': # seconds
56 case 'x': # x-axis
57 case 'y': # y-axis
58 if (!is_numeric($value)) {
59 error_log(sprintf('Invalid %s in $_GET["%s"]: "%s"', $desc[$index], $index, $value));
26 return NULL; 60 return NULL;
61 }
62 break;
63 default:
64 return NULL;
27 break; 65 break;
28 } 66 }
29 67
diff --git a/inc/html.inc.php b/inc/html.inc.php
index 3998f54..98081ce 100644
--- a/inc/html.inc.php
+++ b/inc/html.inc.php
@@ -313,15 +313,15 @@ function host_summary($cat, $hosts) {
313 313
314function breadcrumbs() { 314function breadcrumbs() {
315 $path = ''; 315 $path = '';
316 if (validate_get(GET('h'), 'h')) 316 if (GET('h'))
317 $path .= ' - '.ucfirst(GET('h')); 317 $path .= ' - '.ucfirst(GET('h'));
318 if (validate_get(GET('p'), 'p')) 318 if (GET('p'))
319 $path .= ' - '.ucfirst(GET('p')); 319 $path .= ' - '.ucfirst(GET('p'));
320 if (validate_get(GET('pi'), 'pi')) 320 if (GET('pi'))
321 $path .= ' - '.GET('pi'); 321 $path .= ' - '.GET('pi');
322 if (validate_get(GET('t'), 't') && validate_get(GET('p'), 'p') && GET('t') != GET('p')) 322 if (GET('t') && GET('p') && GET('t') != GET('p'))
323 $path .= ' - '.GET('t'); 323 $path .= ' - '.GET('t');
324 if (validate_get(GET('ti'), 'ti')) 324 if (GET('ti'))
325 $path .= ' - '.GET('ti'); 325 $path .= ' - '.GET('ti');
326 326
327 return $path; 327 return $path;
generated by cgit v1.1 at 2025-11-06 14:29:11 +0000