diff options
author | Pim van den Berg | 2010-01-01 19:36:31 +0100 |
---|---|---|
committer | Pim van den Berg | 2010-01-01 19:36:31 +0100 |
commit | bc31ed0e4647a568a1596cc2e09664675479a70d (patch) | |
tree | 9670e334534e18a9588e18d3feabbcb3a67e734e /inc | |
parent | add swap_io support (diff) | |
download | apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.zip apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.gz apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.bz2 apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.xz |
better validation of possible user input (get)
Diffstat (limited to 'inc')
-rw-r--r-- | inc/collectd.inc.php | 2 | ||||
-rw-r--r-- | inc/functions.inc.php | 27 | ||||
-rw-r--r-- | inc/html.inc.php | 13 |
3 files changed, 37 insertions, 5 deletions
diff --git a/inc/collectd.inc.php b/inc/collectd.inc.php index 2a44fba..ab4340f 100644 --- a/inc/collectd.inc.php +++ b/inc/collectd.inc.php | |||
@@ -1,5 +1,7 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | # collectd related functions | ||
4 | |||
3 | require_once 'conf/common.inc.php'; | 5 | require_once 'conf/common.inc.php'; |
4 | 6 | ||
5 | # returns an array of all collectd hosts | 7 | # returns an array of all collectd hosts |
diff --git a/inc/functions.inc.php b/inc/functions.inc.php new file mode 100644 index 0000000..2906530 --- /dev/null +++ b/inc/functions.inc.php | |||
@@ -0,0 +1,27 @@ | |||
1 | <?php | ||
2 | |||
3 | # global functions | ||
4 | |||
5 | function validate_get($value, $type) { | ||
6 | switch($type) { | ||
7 | case 'host': | ||
8 | if (!preg_match('/^[\d\w\W]+$/', $value)) | ||
9 | return NULL; | ||
10 | break; | ||
11 | case 'plugin': | ||
12 | case 'type': | ||
13 | if (!preg_match('/^\w+$/', $value)) | ||
14 | return NULL; | ||
15 | break; | ||
16 | case 'pinstance': | ||
17 | case 'tinstance': | ||
18 | if (!preg_match('/^[\d\w-]+$/', $value)) | ||
19 | return NULL; | ||
20 | break; | ||
21 | } | ||
22 | |||
23 | return $value; | ||
24 | } | ||
25 | |||
26 | |||
27 | ?> | ||
diff --git a/inc/html.inc.php b/inc/html.inc.php index e93cc66..e38ca8e 100644 --- a/inc/html.inc.php +++ b/inc/html.inc.php | |||
@@ -1,7 +1,10 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | # html related functions | ||
4 | |||
3 | require_once 'conf/common.inc.php'; | 5 | require_once 'conf/common.inc.php'; |
4 | require_once 'inc/rrdtool.class.php'; | 6 | require_once 'inc/rrdtool.class.php'; |
7 | require_once 'inc/functions.inc.php'; | ||
5 | require_once 'inc/collectd.inc.php'; | 8 | require_once 'inc/collectd.inc.php'; |
6 | 9 | ||
7 | function html_start() { | 10 | function html_start() { |
@@ -78,15 +81,15 @@ function host_summary($hosts) { | |||
78 | 81 | ||
79 | 82 | ||
80 | function breadcrumbs() { | 83 | function breadcrumbs() { |
81 | if (isset($_GET['h'])) | 84 | if (validate_get($_GET['h'], 'host')) |
82 | $path = ' - '.ucfirst($_GET['h']); | 85 | $path = ' - '.ucfirst($_GET['h']); |
83 | if (isset($_GET['p'])) | 86 | if (validate_get($_GET['p'], 'plugin')) |
84 | $path .= ' - '.ucfirst($_GET['p']); | 87 | $path .= ' - '.ucfirst($_GET['p']); |
85 | if (isset($_GET['pi'])) | 88 | if (validate_get($_GET['pi'], 'pinstance')) |
86 | $path .= ' - '.$_GET['pi']; | 89 | $path .= ' - '.$_GET['pi']; |
87 | if (isset($_GET['t']) && isset($_GET['p']) && $_GET['t'] != $_GET['p']) | 90 | if (validate_get($_GET['t'], 'type') && validate_get($_GET['p'], 'plugin') && $_GET['t'] != $_GET['p']) |
88 | $path .= ' - '.$_GET['t']; | 91 | $path .= ' - '.$_GET['t']; |
89 | if (isset($_GET['ti'])) | 92 | if (validate_get($_GET['ti'], 'tinstance')) |
90 | $path .= ' - '.$_GET['ti']; | 93 | $path .= ' - '.$_GET['ti']; |
91 | 94 | ||
92 | return $path; | 95 | return $path; |