better validation of possible user input (get)

author: Pim van den Berg 2010-01-01 19:36:31 +0100
committer: Pim van den Berg 2010-01-01 19:36:31 +0100
commit: bc31ed0e4647a568a1596cc2e09664675479a70d (patch)
tree: 9670e334534e18a9588e18d3feabbcb3a67e734e /inc
parent: add swap_io support (diff)
download: apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.zip
apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.gz
apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.bz2
apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.xz
3 files changed, 37 insertions, 5 deletions
diff --git a/inc/collectd.inc.php b/inc/collectd.inc.php
index 2a44fba..ab4340f 100644
--- a/inc/collectd.inc.php
+++ b/inc/collectd.inc.php
@@ -1,5 +1,7 @@
 <?php
+# collectd related functions
 require_once 'conf/common.inc.php';
 # returns an array of all collectd hosts
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
new file mode 100644
index 0000000..2906530
--- /dev/null
+++ b/inc/functions.inc.php
@@ -0,0 +1,27 @@
+<?php
+# global functions
+function validate_get($value, $type) {
+        switch($type) {
+                case 'host':
+                        if (!preg_match('/^[\d\w\W]+$/', $value))
+                                return NULL;
+                break;
+                case 'plugin':
+                case 'type':
+                        if (!preg_match('/^\w+$/', $value))
+                                return NULL;
+                break;
+                case 'pinstance':
+                case 'tinstance':
+                        if (!preg_match('/^[\d\w-]+$/', $value))
+                                return NULL;
+                break;
+        }
+        return $value;
+}
+?>
diff --git a/inc/html.inc.php b/inc/html.inc.php
index e93cc66..e38ca8e 100644
--- a/inc/html.inc.php
+++ b/inc/html.inc.php
@@ -1,7 +1,10 @@
 <?php
+# html related functions
 require_once 'conf/common.inc.php';
 require_once 'inc/rrdtool.class.php';
+require_once 'inc/functions.inc.php';
 require_once 'inc/collectd.inc.php';
 function html_start() {
@@ -78,15 +81,15 @@ function host_summary($hosts) {
 function breadcrumbs() {
-        if (isset($_GET['h']))
+        if (validate_get($_GET['h'], 'host'))
                $path = ' - '.ucfirst($_GET['h']);
-        if (isset($_GET['p']))
+        if (validate_get($_GET['p'], 'plugin'))
                $path .= ' - '.ucfirst($_GET['p']);
-        if (isset($_GET['pi']))
+        if (validate_get($_GET['pi'], 'pinstance'))
                $path .= ' - '.$_GET['pi'];
-        if (isset($_GET['t']) && isset($_GET['p']) && $_GET['t'] != $_GET['p'])
+        if (validate_get($_GET['t'], 'type') && validate_get($_GET['p'], 'plugin') && $_GET['t'] != $_GET['p'])
                $path .= ' - '.$_GET['t'];
-        if (isset($_GET['ti']))
+        if (validate_get($_GET['ti'], 'tinstance'))
                $path .= ' - '.$_GET['ti'];
        return $path;
author	Pim van den Berg	2010-01-01 19:36:31 +0100
committer	Pim van den Berg	2010-01-01 19:36:31 +0100
commit	bc31ed0e4647a568a1596cc2e09664675479a70d (patch)
tree	9670e334534e18a9588e18d3feabbcb3a67e734e /inc
parent	add swap_io support (diff)
download	apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.zip apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.gz apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.bz2 apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.xz

diff --git a/inc/collectd.inc.php b/inc/collectd.inc.php index 2a44fba..ab4340f 100644 --- a/inc/collectd.inc.php +++ b/inc/collectd.inc.php
@@ -1,5 +1,7 @@
1	<?php	1	<?php
2		2
		3	# collectd related functions
		4
3	require_once 'conf/common.inc.php';	5	require_once 'conf/common.inc.php';
4		6
5	# returns an array of all collectd hosts	7	# returns an array of all collectd hosts


diff --git a/inc/functions.inc.php b/inc/functions.inc.php new file mode 100644 index 0000000..2906530 --- /dev/null +++ b/inc/functions.inc.php
@@ -0,0 +1,27 @@
		1	<?php
		2
		3	# global functions
		4
		5	function validate_get($value, $type) {
		6	switch($type) {
		7	case 'host':
		8	if (!preg_match('/^[\d\w\W]+$/', $value))
		9	return NULL;
		10	break;
		11	case 'plugin':
		12	case 'type':
		13	if (!preg_match('/^\w+$/', $value))
		14	return NULL;
		15	break;
		16	case 'pinstance':
		17	case 'tinstance':
		18	if (!preg_match('/^[\d\w-]+$/', $value))
		19	return NULL;
		20	break;
		21	}
		22
		23	return $value;
		24	}
		25
		26
		27	?>


diff --git a/inc/html.inc.php b/inc/html.inc.php index e93cc66..e38ca8e 100644 --- a/inc/html.inc.php +++ b/inc/html.inc.php
@@ -1,7 +1,10 @@
1	<?php	1	<?php
2		2
		3	# html related functions
		4
3	require_once 'conf/common.inc.php';	5	require_once 'conf/common.inc.php';
4	require_once 'inc/rrdtool.class.php';	6	require_once 'inc/rrdtool.class.php';
		7	require_once 'inc/functions.inc.php';
5	require_once 'inc/collectd.inc.php';	8	require_once 'inc/collectd.inc.php';
6		9
7	function html_start() {	10	function html_start() {
@@ -78,15 +81,15 @@ function host_summary($hosts) {
78		81
79		82
80	function breadcrumbs() {	83	function breadcrumbs() {
81	if (isset($_GET['h']))	84	if (validate_get($_GET['h'], 'host'))
82	$path = ' - '.ucfirst($_GET['h']);	85	$path = ' - '.ucfirst($_GET['h']);
83	if (isset($_GET['p']))	86	if (validate_get($_GET['p'], 'plugin'))
84	$path .= ' - '.ucfirst($_GET['p']);	87	$path .= ' - '.ucfirst($_GET['p']);
85	if (isset($_GET['pi']))	88	if (validate_get($_GET['pi'], 'pinstance'))
86	$path .= ' - '.$_GET['pi'];	89	$path .= ' - '.$_GET['pi'];
87	if (isset($_GET['t']) && isset($_GET['p']) && $_GET['t'] != $_GET['p'])	90	if (validate_get($_GET['t'], 'type') && validate_get($_GET['p'], 'plugin') && $_GET['t'] != $_GET['p'])
88	$path .= ' - '.$_GET['t'];	91	$path .= ' - '.$_GET['t'];
89	if (isset($_GET['ti']))	92	if (validate_get($_GET['ti'], 'tinstance'))
90	$path .= ' - '.$_GET['ti'];	93	$path .= ' - '.$_GET['ti'];
91		94
92	return $path;	95	return $path;