diff options
Diffstat (limited to '')
-rw-r--r-- | detail.php | 9 | ||||
-rw-r--r-- | inc/html.inc.php | 98 | ||||
-rw-r--r-- | js/CGP.js | 2 | ||||
-rw-r--r-- | type/Base.class.php | 4 |
4 files changed, 61 insertions, 52 deletions
@@ -46,7 +46,10 @@ foreach($CONFIG['term'] as $key => $s) { | |||
46 | $args['s'] = $s; | 46 | $args['s'] = $s; |
47 | $selected = selected_timerange($seconds, $s); | 47 | $selected = selected_timerange($seconds, $s); |
48 | printf('<li><a %s href="%s%s">%s</a></li>'."\n", | 48 | printf('<li><a %s href="%s%s">%s</a></li>'."\n", |
49 | $selected, $CONFIG['weburl'], build_url('detail.php', $args), $key); | 49 | $selected, |
50 | htmlentities($CONFIG['weburl']), | ||
51 | htmlentities(build_url('detail.php', $args)), | ||
52 | htmlentities($key)); | ||
50 | } | 53 | } |
51 | print "</ul>\n"; | 54 | print "</ul>\n"; |
52 | 55 | ||
@@ -54,7 +57,9 @@ if ($CONFIG['graph_type'] == 'canvas') { | |||
54 | chdir($CONFIG['webdir']); | 57 | chdir($CONFIG['webdir']); |
55 | include $CONFIG['webdir'].'/graph.php'; | 58 | include $CONFIG['webdir'].'/graph.php'; |
56 | } else { | 59 | } else { |
57 | printf('<img src="%s%s">'."\n", $CONFIG['weburl'], build_url('graph.php', $_GET)); | 60 | printf("<img src=\"%s%s\">\n", |
61 | htmlentities($CONFIG['weburl']), | ||
62 | htmlentities(build_url('graph.php', $_GET))); | ||
58 | } | 63 | } |
59 | echo '</div>'; | 64 | echo '</div>'; |
60 | echo "</fieldset>\n"; | 65 | echo "</fieldset>\n"; |
diff --git a/inc/html.inc.php b/inc/html.inc.php index 69609d8..b8d2f82 100644 --- a/inc/html.inc.php +++ b/inc/html.inc.php | |||
@@ -11,14 +11,15 @@ function html_start() { | |||
11 | global $CONFIG; | 11 | global $CONFIG; |
12 | 12 | ||
13 | $path = htmlentities(breadcrumbs()); | 13 | $path = htmlentities(breadcrumbs()); |
14 | $html_weburl = htmlentities($CONFIG['weburl']); | ||
14 | 15 | ||
15 | echo <<<EOT | 16 | echo <<<EOT |
16 | <!DOCTYPE html> | 17 | <!DOCTYPE html> |
17 | <html> | 18 | <html> |
18 | <head> | 19 | <head> |
19 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> | 20 | <meta charset="utf-8"> |
20 | <title>CGP{$path}</title> | 21 | <title>CGP{$path}</title> |
21 | <link rel="stylesheet" href="{$CONFIG['weburl']}layout/style.css" type="text/css"> | 22 | <link rel="stylesheet" href="{$html_weburl}layout/style.css" type="text/css"> |
22 | <meta name="viewport" content="width=1050, initial-scale=1.0, maximum-scale=1.0, user-scalable=yes"> | 23 | <meta name="viewport" content="width=1050, initial-scale=1.0, maximum-scale=1.0, user-scalable=yes"> |
23 | 24 | ||
24 | EOT; | 25 | EOT; |
@@ -31,16 +32,16 @@ EOT; | |||
31 | 32 | ||
32 | if ($CONFIG['graph_type'] == 'canvas') { | 33 | if ($CONFIG['graph_type'] == 'canvas') { |
33 | echo <<<EOT | 34 | echo <<<EOT |
34 | <script type="text/javascript" src="{$CONFIG['weburl']}js/sprintf.js"></script> | 35 | <script type="text/javascript" src="{$html_weburl}js/sprintf.js"></script> |
35 | <script type="text/javascript" src="{$CONFIG['weburl']}js/strftime.js"></script> | 36 | <script type="text/javascript" src="{$html_weburl}js/strftime.js"></script> |
36 | <script type="text/javascript" src="{$CONFIG['weburl']}js/RrdRpn.js"></script> | 37 | <script type="text/javascript" src="{$html_weburl}js/RrdRpn.js"></script> |
37 | <script type="text/javascript" src="{$CONFIG['weburl']}js/RrdTime.js"></script> | 38 | <script type="text/javascript" src="{$html_weburl}js/RrdTime.js"></script> |
38 | <script type="text/javascript" src="{$CONFIG['weburl']}js/RrdGraph.js"></script> | 39 | <script type="text/javascript" src="{$html_weburl}js/RrdGraph.js"></script> |
39 | <script type="text/javascript" src="{$CONFIG['weburl']}js/RrdGfxCanvas.js"></script> | 40 | <script type="text/javascript" src="{$html_weburl}js/RrdGfxCanvas.js"></script> |
40 | <script type="text/javascript" src="{$CONFIG['weburl']}js/binaryXHR.js"></script> | 41 | <script type="text/javascript" src="{$html_weburl}js/binaryXHR.js"></script> |
41 | <script type="text/javascript" src="{$CONFIG['weburl']}js/rrdFile.js"></script> | 42 | <script type="text/javascript" src="{$html_weburl}js/rrdFile.js"></script> |
42 | <script type="text/javascript" src="{$CONFIG['weburl']}js/RrdDataFile.js"></script> | 43 | <script type="text/javascript" src="{$html_weburl}js/RrdDataFile.js"></script> |
43 | <script type="text/javascript" src="{$CONFIG['weburl']}js/RrdCmdLine.js"></script> | 44 | <script type="text/javascript" src="{$html_weburl}js/RrdCmdLine.js"></script> |
44 | 45 | ||
45 | EOT; | 46 | EOT; |
46 | } | 47 | } |
@@ -50,7 +51,7 @@ echo <<<EOT | |||
50 | <body> | 51 | <body> |
51 | 52 | ||
52 | <div id="header"> | 53 | <div id="header"> |
53 | <h1><a href="{$CONFIG['weburl']}">Collectd Graph Panel</a></h1> | 54 | <h1><a href="{$html_weburl}">Collectd Graph Panel</a></h1> |
54 | </div> | 55 | </div> |
55 | 56 | ||
56 | <div id="content"> | 57 | <div id="content"> |
@@ -74,27 +75,29 @@ function html_end() { | |||
74 | $version = 'v'.$version[0]; | 75 | $version = 'v'.$version[0]; |
75 | } | 76 | } |
76 | 77 | ||
78 | $html_weburl = htmlentities($CONFIG['weburl']); | ||
79 | |||
77 | echo <<<EOT | 80 | echo <<<EOT |
78 | </div> | 81 | </div> |
79 | <div id="footer"> | 82 | <div id="footer"> |
80 | <hr><span class="small"><a href="http://pommi.nethuis.nl/category/cgp/" rel="external">Collectd Graph Panel</a> ({$version}) is distributed under the <a href="{$CONFIG['weburl']}doc/LICENSE" rel="licence">GNU General Public License (GPLv3)</a></span> | 83 | <hr><span class="small"><a href="http://pommi.nethuis.nl/category/cgp/" rel="external">Collectd Graph Panel</a> ({$version}) is distributed under the <a href="{$html_weburl}doc/LICENSE" rel="licence">GNU General Public License (GPLv3)</a></span> |
81 | </div> | 84 | </div> |
82 | 85 | ||
83 | EOT; | 86 | EOT; |
84 | 87 | ||
85 | if ($CONFIG['graph_type'] == 'canvas') { | 88 | if ($CONFIG['graph_type'] == 'canvas') { |
86 | echo <<<EOT | 89 | echo <<<EOT |
87 | <script type="text/javascript" src="{$CONFIG['weburl']}js/CGP.js"></script> | 90 | <script type="text/javascript" src="{$html_weburl}js/CGP.js"></script> |
88 | 91 | ||
89 | EOT; | 92 | EOT; |
90 | if ($CONFIG['rrd_fetch_method'] == 'async') { | 93 | if ($CONFIG['rrd_fetch_method'] == 'async') { |
91 | echo <<<EOT | 94 | echo <<<EOT |
92 | <script type="text/javascript" src="{$CONFIG['weburl']}js/CGP-async.js"></script> | 95 | <script type="text/javascript" src="{$html_weburl}js/CGP-async.js"></script> |
93 | 96 | ||
94 | EOT; | 97 | EOT; |
95 | } else { | 98 | } else { |
96 | echo <<<EOT | 99 | echo <<<EOT |
97 | <script type="text/javascript" src="{$CONFIG['weburl']}js/CGP-sync.js"></script> | 100 | <script type="text/javascript" src="{$html_weburl}js/CGP-sync.js"></script> |
98 | 101 | ||
99 | EOT; | 102 | EOT; |
100 | } | 103 | } |
@@ -109,7 +112,11 @@ EOT; | |||
109 | function plugin_header($host, $plugin) { | 112 | function plugin_header($host, $plugin) { |
110 | global $CONFIG; | 113 | global $CONFIG; |
111 | 114 | ||
112 | return printf("<h2><a href='%shost.php?h=%s&p=%s'>%s</a></h2>\n", $CONFIG['weburl'], $host, $plugin, $plugin); | 115 | printf("<h2><a href=\"%shost.php?h=%s&p=%s\">%s</a></h2>\n", |
116 | htmlentities($CONFIG['weburl']), | ||
117 | urlencode($host), | ||
118 | urlencode($plugin), | ||
119 | htmlentities($plugin)); | ||
113 | } | 120 | } |
114 | 121 | ||
115 | function plugins_list($host, $selected_plugins = array()) { | 122 | function plugins_list($host, $selected_plugins = array()) { |
@@ -121,20 +128,21 @@ function plugins_list($host, $selected_plugins = array()) { | |||
121 | echo '<h2>Plugins</h2>'; | 128 | echo '<h2>Plugins</h2>'; |
122 | echo '<ul>'; | 129 | echo '<ul>'; |
123 | 130 | ||
124 | printf("<li><a %s href='%shost.php?h=%s'>overview</a></li>\n", | 131 | printf("<li><a %s href=\"%shost.php?h=%s\">overview</a></li>\n", |
125 | selected_overview($selected_plugins), | 132 | selected_overview($selected_plugins), |
126 | $CONFIG['weburl'], | 133 | htmlentities($CONFIG['weburl']), |
127 | $host | 134 | urlencode($host) |
128 | ); | 135 | ); |
129 | 136 | ||
130 | # first the ones defined as ordered | 137 | # first the ones defined as ordered |
131 | foreach($CONFIG['overview'] as $plugin) { | 138 | foreach($CONFIG['overview'] as $plugin) { |
132 | if (in_array($plugin, $plugins)) { | 139 | if (in_array($plugin, $plugins)) { |
133 | printf("<li><a %s href='%shost.php?h=%s&p=%s'>%4\$s</a></li>\n", | 140 | printf("<li><a %s href=\"%shost.php?h=%s&p=%s\">%s</a></li>\n", |
134 | selected_plugin($plugin, $selected_plugins), | 141 | selected_plugin($plugin, $selected_plugins), |
135 | $CONFIG['weburl'], | 142 | htmlentities($CONFIG['weburl']), |
136 | $host, | 143 | urlencode($host), |
137 | $plugin | 144 | urlencode($plugin), |
145 | htmlentities($plugin) | ||
138 | ); | 146 | ); |
139 | } | 147 | } |
140 | } | 148 | } |
@@ -142,11 +150,12 @@ function plugins_list($host, $selected_plugins = array()) { | |||
142 | # other plugins | 150 | # other plugins |
143 | foreach($plugins as $plugin) { | 151 | foreach($plugins as $plugin) { |
144 | if (!in_array($plugin, $CONFIG['overview'])) { | 152 | if (!in_array($plugin, $CONFIG['overview'])) { |
145 | printf("<li><a %s href='%shost.php?h=%s&p=%s'>%4\$s</a></li>\n", | 153 | printf("<li><a %s href=\"%shost.php?h=%s&p=%s\">%s</a></li>\n", |
146 | selected_plugin($plugin, $selected_plugins), | 154 | selected_plugin($plugin, $selected_plugins), |
147 | $CONFIG['weburl'], | 155 | htmlentities($CONFIG['weburl']), |
148 | $host, | 156 | urlencode($host), |
149 | $plugin | 157 | urlencode($plugin), |
158 | htmlentities($plugin) | ||
150 | ); | 159 | ); |
151 | } | 160 | } |
152 | } | 161 | } |
@@ -181,8 +190,8 @@ function host_summary($cat, $hosts) { | |||
181 | 190 | ||
182 | $rrd = new RRDTool($CONFIG['rrdtool']); | 191 | $rrd = new RRDTool($CONFIG['rrdtool']); |
183 | 192 | ||
184 | printf('<fieldset id="%s">', $cat); | 193 | printf('<fieldset id="%s">', htmlentities($cat)); |
185 | printf('<legend>%s</legend>', $cat); | 194 | printf('<legend>%s</legend>', htmlentities($cat)); |
186 | echo "<table class=\"summary\">\n"; | 195 | echo "<table class=\"summary\">\n"; |
187 | 196 | ||
188 | $row_style = array(0 => "even", 1 => "odd"); | 197 | $row_style = array(0 => "even", 1 => "odd"); |
@@ -193,7 +202,9 @@ function host_summary($cat, $hosts) { | |||
193 | 202 | ||
194 | printf('<tr class="%s">', $row_style[$host_counter % 2]); | 203 | printf('<tr class="%s">', $row_style[$host_counter % 2]); |
195 | printf('<th><a href="%shost.php?h=%s">%s</a></th>', | 204 | printf('<th><a href="%shost.php?h=%s">%s</a></th>', |
196 | $CONFIG['weburl'],$host, $host); | 205 | htmlentities($CONFIG['weburl']), |
206 | urlencode($host), | ||
207 | htmlentities($host)); | ||
197 | 208 | ||
198 | if ($CONFIG['showload']) { | 209 | if ($CONFIG['showload']) { |
199 | require_once 'type/Default.class.php'; | 210 | require_once 'type/Default.class.php'; |
@@ -308,11 +319,10 @@ function graphs_from_plugin($host, $plugin, $overview=false) { | |||
308 | $_GET['s'] = $time; | 319 | $_GET['s'] = $time; |
309 | include $CONFIG['webdir'].'/graph.php'; | 320 | include $CONFIG['webdir'].'/graph.php'; |
310 | } else { | 321 | } else { |
311 | printf('<a href="%s%s"><img src="%s%s"></a>'."\n", | 322 | printf('<a href="%1$s%2$s"><img src="%1$s%3$s"></a>'."\n", |
312 | $CONFIG['weburl'], | 323 | htmlentities($CONFIG['weburl']), |
313 | build_url('detail.php', $items, $time), | 324 | htmlentities(build_url('detail.php', $items, $time)), |
314 | $CONFIG['weburl'], | 325 | htmlentities(build_url('graph.php', $items, $time)) |
315 | build_url('graph.php', $items, $time) | ||
316 | ); | 326 | ); |
317 | } | 327 | } |
318 | } | 328 | } |
@@ -328,17 +338,11 @@ function build_url($base, $items, $s=NULL) { | |||
328 | if (!is_numeric($s)) | 338 | if (!is_numeric($s)) |
329 | $s = $CONFIG['time_range']['default']; | 339 | $s = $CONFIG['time_range']['default']; |
330 | 340 | ||
331 | $i=0; | 341 | // Remove all empty values |
332 | foreach ($items as $key => $value) { | 342 | $items = array_filter($items, 'strlen'); |
333 | # don't include empty values | ||
334 | if ($value == 'NULL') | ||
335 | continue; | ||
336 | 343 | ||
337 | $base .= sprintf('%s%s=%s', $i==0 ? '?' : '&', $key, $value); | ||
338 | $i++; | ||
339 | } | ||
340 | if (!isset($items['s'])) | 344 | if (!isset($items['s'])) |
341 | $base .= '&s='.$s; | 345 | $items['s'] = $s; |
342 | 346 | ||
343 | return $base; | 347 | return "$base?" . http_build_query($items, '', '&'); |
344 | } | 348 | } |
@@ -66,7 +66,7 @@ function prepare_draw(id) { | |||
66 | RrdGraph.prototype.mousex = 0; | 66 | RrdGraph.prototype.mousex = 0; |
67 | RrdGraph.prototype.mousedown = false; | 67 | RrdGraph.prototype.mousedown = false; |
68 | 68 | ||
69 | var cmdline = document.getElementById(id).innerHTML; | 69 | var cmdline = document.getElementById(id).textContent; |
70 | var gfx = new RrdGfxCanvas(id); | 70 | var gfx = new RrdGfxCanvas(id); |
71 | var fetch = new RrdDataFile(); | 71 | var fetch = new RrdDataFile(); |
72 | var rrdcmdline = null; | 72 | var rrdcmdline = null; |
diff --git a/type/Base.class.php b/type/Base.class.php index b74c1b1..ff9a235 100644 --- a/type/Base.class.php +++ b/type/Base.class.php | |||
@@ -203,14 +203,14 @@ class Type_Base { | |||
203 | case 'cmd': | 203 | case 'cmd': |
204 | print '<pre>'; | 204 | print '<pre>'; |
205 | foreach ($graphdata as $d) { | 205 | foreach ($graphdata as $d) { |
206 | printf("%s \\\n", $d); | 206 | printf("%s \\\n", htmlentities($d)); |
207 | } | 207 | } |
208 | print '</pre>'; | 208 | print '</pre>'; |
209 | break; | 209 | break; |
210 | case 'canvas': | 210 | case 'canvas': |
211 | printf('<canvas id="%s" class="rrd">', sha1(serialize($graphdata))); | 211 | printf('<canvas id="%s" class="rrd">', sha1(serialize($graphdata))); |
212 | foreach ($graphdata as $d) { | 212 | foreach ($graphdata as $d) { |
213 | printf("%s\n", $d); | 213 | printf("%s\n", htmlentities($d)); |
214 | } | 214 | } |
215 | print '</canvas>'; | 215 | print '</canvas>'; |
216 | break; | 216 | break; |