aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/inc
diff options
context:
space:
mode:
authorPim van den Berg2010-01-01 19:36:31 +0100
committerPim van den Berg2010-01-01 19:36:31 +0100
commitbc31ed0e4647a568a1596cc2e09664675479a70d (patch)
tree9670e334534e18a9588e18d3feabbcb3a67e734e /inc
parentadd swap_io support (diff)
downloadapt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.zip
apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.gz
apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.bz2
apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.xz
better validation of possible user input (get)
Diffstat (limited to 'inc')
-rw-r--r--inc/collectd.inc.php2
-rw-r--r--inc/functions.inc.php27
-rw-r--r--inc/html.inc.php13
3 files changed, 37 insertions, 5 deletions
diff --git a/inc/collectd.inc.php b/inc/collectd.inc.php
index 2a44fba..ab4340f 100644
--- a/inc/collectd.inc.php
+++ b/inc/collectd.inc.php
@@ -1,5 +1,7 @@
1<?php 1<?php
2 2
3# collectd related functions
4
3require_once 'conf/common.inc.php'; 5require_once 'conf/common.inc.php';
4 6
5# returns an array of all collectd hosts 7# returns an array of all collectd hosts
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
new file mode 100644
index 0000000..2906530
--- /dev/null
+++ b/inc/functions.inc.php
@@ -0,0 +1,27 @@
1<?php
2
3# global functions
4
5function validate_get($value, $type) {
6 switch($type) {
7 case 'host':
8 if (!preg_match('/^[\d\w\W]+$/', $value))
9 return NULL;
10 break;
11 case 'plugin':
12 case 'type':
13 if (!preg_match('/^\w+$/', $value))
14 return NULL;
15 break;
16 case 'pinstance':
17 case 'tinstance':
18 if (!preg_match('/^[\d\w-]+$/', $value))
19 return NULL;
20 break;
21 }
22
23 return $value;
24}
25
26
27?>
diff --git a/inc/html.inc.php b/inc/html.inc.php
index e93cc66..e38ca8e 100644
--- a/inc/html.inc.php
+++ b/inc/html.inc.php
@@ -1,7 +1,10 @@
1<?php 1<?php
2 2
3# html related functions
4
3require_once 'conf/common.inc.php'; 5require_once 'conf/common.inc.php';
4require_once 'inc/rrdtool.class.php'; 6require_once 'inc/rrdtool.class.php';
7require_once 'inc/functions.inc.php';
5require_once 'inc/collectd.inc.php'; 8require_once 'inc/collectd.inc.php';
6 9
7function html_start() { 10function html_start() {
@@ -78,15 +81,15 @@ function host_summary($hosts) {
78 81
79 82
80function breadcrumbs() { 83function breadcrumbs() {
81 if (isset($_GET['h'])) 84 if (validate_get($_GET['h'], 'host'))
82 $path = ' - '.ucfirst($_GET['h']); 85 $path = ' - '.ucfirst($_GET['h']);
83 if (isset($_GET['p'])) 86 if (validate_get($_GET['p'], 'plugin'))
84 $path .= ' - '.ucfirst($_GET['p']); 87 $path .= ' - '.ucfirst($_GET['p']);
85 if (isset($_GET['pi'])) 88 if (validate_get($_GET['pi'], 'pinstance'))
86 $path .= ' - '.$_GET['pi']; 89 $path .= ' - '.$_GET['pi'];
87 if (isset($_GET['t']) && isset($_GET['p']) && $_GET['t'] != $_GET['p']) 90 if (validate_get($_GET['t'], 'type') && validate_get($_GET['p'], 'plugin') && $_GET['t'] != $_GET['p'])
88 $path .= ' - '.$_GET['t']; 91 $path .= ' - '.$_GET['t'];
89 if (isset($_GET['ti'])) 92 if (validate_get($_GET['ti'], 'tinstance'))
90 $path .= ' - '.$_GET['ti']; 93 $path .= ' - '.$_GET['ti'];
91 94
92 return $path; 95 return $path;