diff options
-rw-r--r-- | detail.php | 11 | ||||
-rw-r--r-- | graph.php | 11 | ||||
-rw-r--r-- | host.php | 4 | ||||
-rw-r--r-- | inc/collectd.inc.php | 2 | ||||
-rw-r--r-- | inc/functions.inc.php | 27 | ||||
-rw-r--r-- | inc/html.inc.php | 13 | ||||
-rw-r--r-- | plugin.php | 5 |
7 files changed, 55 insertions, 18 deletions
@@ -1,6 +1,7 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | require_once 'conf/common.inc.php'; | 3 | require_once 'conf/common.inc.php'; |
4 | require_once 'inc/functions.inc.php'; | ||
4 | require_once 'inc/html.inc.php'; | 5 | require_once 'inc/html.inc.php'; |
5 | require_once 'inc/collectd.inc.php'; | 6 | require_once 'inc/collectd.inc.php'; |
6 | 7 | ||
@@ -10,11 +11,11 @@ if (empty($_GET['x'])) | |||
10 | if (empty($_GET['y'])) | 11 | if (empty($_GET['y'])) |
11 | $_GET['y'] = $CONFIG['detail-heigth']; | 12 | $_GET['y'] = $CONFIG['detail-heigth']; |
12 | 13 | ||
13 | $host = $_GET['h']; | 14 | $host = validate_get($_GET['h'], 'host'); |
14 | $plugin = $_GET['p']; | 15 | $plugin = validate_get($_GET['p'], 'plugin'); |
15 | $pinstance = $_GET['pi']; | 16 | $pinstance = validate_get($_GET['pi'], 'pinstance'); |
16 | $type = $_GET['t']; | 17 | $type = validate_get($_GET['t'], 'type'); |
17 | $tinstance = $_GET['ti']; | 18 | $tinstance = validate_get($_GET['ti'], 'tinstance'); |
18 | $width = $_GET['x']; | 19 | $width = $_GET['x']; |
19 | $heigth = $_GET['y']; | 20 | $heigth = $_GET['y']; |
20 | $seconds = $_GET['s']; | 21 | $seconds = $_GET['s']; |
@@ -1,21 +1,24 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | require_once 'conf/common.inc.php'; | 3 | require_once 'conf/common.inc.php'; |
4 | require_once 'inc/functions.inc.php'; | ||
4 | 5 | ||
6 | $plugin = validate_get($_GET['p'], 'plugin'); | ||
5 | $width = empty($_GET['x']) ? $CONFIG['width'] : $_GET['x']; | 7 | $width = empty($_GET['x']) ? $CONFIG['width'] : $_GET['x']; |
6 | $heigth = empty($_GET['y']) ? $CONFIG['heigth'] : $_GET['y']; | 8 | $heigth = empty($_GET['y']) ? $CONFIG['heigth'] : $_GET['y']; |
7 | 9 | ||
8 | if (!preg_match('/^[a-z]+$/', $_GET['p'])) { | 10 | if (validate_get($_GET['h'], 'host') === NULL) { |
9 | die_img('Error: plugin contains unknown characters.'); | 11 | die_img('Error: plugin contains unknown characters.'); |
10 | exit; | 12 | exit; |
11 | } | 13 | } |
12 | 14 | ||
13 | if (!file_exists($CONFIG['webdir'].'/plugin/'.$_GET['p'].'.php')) { | 15 | if (!file_exists($CONFIG['webdir'].'/plugin/'.$plugin.'.php')) { |
14 | die_img(sprintf('Error: plugin not available (%s).', $_GET['p'])); | 16 | die_img(sprintf('Error: plugin not available (%s).', $plugin)); |
15 | exit; | 17 | exit; |
16 | } | 18 | } |
17 | 19 | ||
18 | include $CONFIG['webdir'].'/plugin/'.$_GET['p'].'.php'; | 20 | # load plugin |
21 | include $CONFIG['webdir'].'/plugin/'.$plugin.'.php'; | ||
19 | 22 | ||
20 | 23 | ||
21 | function die_img($msg) { | 24 | function die_img($msg) { |
@@ -4,8 +4,8 @@ require_once 'conf/common.inc.php'; | |||
4 | require_once 'inc/html.inc.php'; | 4 | require_once 'inc/html.inc.php'; |
5 | require_once 'inc/collectd.inc.php'; | 5 | require_once 'inc/collectd.inc.php'; |
6 | 6 | ||
7 | $host = $_GET['h']; | 7 | $host = validate_get($_GET['h'], 'host'); |
8 | $splugin = $_GET['p']; | 8 | $splugin = validate_get($_GET['p'], 'plugin'); |
9 | 9 | ||
10 | html_start(); | 10 | html_start(); |
11 | 11 | ||
diff --git a/inc/collectd.inc.php b/inc/collectd.inc.php index 2a44fba..ab4340f 100644 --- a/inc/collectd.inc.php +++ b/inc/collectd.inc.php | |||
@@ -1,5 +1,7 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | # collectd related functions | ||
4 | |||
3 | require_once 'conf/common.inc.php'; | 5 | require_once 'conf/common.inc.php'; |
4 | 6 | ||
5 | # returns an array of all collectd hosts | 7 | # returns an array of all collectd hosts |
diff --git a/inc/functions.inc.php b/inc/functions.inc.php new file mode 100644 index 0000000..2906530 --- /dev/null +++ b/inc/functions.inc.php | |||
@@ -0,0 +1,27 @@ | |||
1 | <?php | ||
2 | |||
3 | # global functions | ||
4 | |||
5 | function validate_get($value, $type) { | ||
6 | switch($type) { | ||
7 | case 'host': | ||
8 | if (!preg_match('/^[\d\w\W]+$/', $value)) | ||
9 | return NULL; | ||
10 | break; | ||
11 | case 'plugin': | ||
12 | case 'type': | ||
13 | if (!preg_match('/^\w+$/', $value)) | ||
14 | return NULL; | ||
15 | break; | ||
16 | case 'pinstance': | ||
17 | case 'tinstance': | ||
18 | if (!preg_match('/^[\d\w-]+$/', $value)) | ||
19 | return NULL; | ||
20 | break; | ||
21 | } | ||
22 | |||
23 | return $value; | ||
24 | } | ||
25 | |||
26 | |||
27 | ?> | ||
diff --git a/inc/html.inc.php b/inc/html.inc.php index e93cc66..e38ca8e 100644 --- a/inc/html.inc.php +++ b/inc/html.inc.php | |||
@@ -1,7 +1,10 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | # html related functions | ||
4 | |||
3 | require_once 'conf/common.inc.php'; | 5 | require_once 'conf/common.inc.php'; |
4 | require_once 'inc/rrdtool.class.php'; | 6 | require_once 'inc/rrdtool.class.php'; |
7 | require_once 'inc/functions.inc.php'; | ||
5 | require_once 'inc/collectd.inc.php'; | 8 | require_once 'inc/collectd.inc.php'; |
6 | 9 | ||
7 | function html_start() { | 10 | function html_start() { |
@@ -78,15 +81,15 @@ function host_summary($hosts) { | |||
78 | 81 | ||
79 | 82 | ||
80 | function breadcrumbs() { | 83 | function breadcrumbs() { |
81 | if (isset($_GET['h'])) | 84 | if (validate_get($_GET['h'], 'host')) |
82 | $path = ' - '.ucfirst($_GET['h']); | 85 | $path = ' - '.ucfirst($_GET['h']); |
83 | if (isset($_GET['p'])) | 86 | if (validate_get($_GET['p'], 'plugin')) |
84 | $path .= ' - '.ucfirst($_GET['p']); | 87 | $path .= ' - '.ucfirst($_GET['p']); |
85 | if (isset($_GET['pi'])) | 88 | if (validate_get($_GET['pi'], 'pinstance')) |
86 | $path .= ' - '.$_GET['pi']; | 89 | $path .= ' - '.$_GET['pi']; |
87 | if (isset($_GET['t']) && isset($_GET['p']) && $_GET['t'] != $_GET['p']) | 90 | if (validate_get($_GET['t'], 'type') && validate_get($_GET['p'], 'plugin') && $_GET['t'] != $_GET['p']) |
88 | $path .= ' - '.$_GET['t']; | 91 | $path .= ' - '.$_GET['t']; |
89 | if (isset($_GET['ti'])) | 92 | if (validate_get($_GET['ti'], 'tinstance')) |
90 | $path .= ' - '.$_GET['ti']; | 93 | $path .= ' - '.$_GET['ti']; |
91 | 94 | ||
92 | return $path; | 95 | return $path; |
@@ -1,10 +1,11 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | require_once 'conf/common.inc.php'; | 3 | require_once 'conf/common.inc.php'; |
4 | require_once 'inc/functions.inc.php'; | ||
4 | require_once 'inc/html.inc.php'; | 5 | require_once 'inc/html.inc.php'; |
5 | 6 | ||
6 | $host = $_GET['h']; | 7 | $host = validate_get($_GET['h'], 'host'); |
7 | $plugin = $_GET['p']; | 8 | $plugin = validate_get($_GET['p'], 'plugin'); |
8 | 9 | ||
9 | if ($_GET['a'] == 'del') { | 10 | if ($_GET['a'] == 'del') { |
10 | plugin_header($host, $plugin, 1); | 11 | plugin_header($host, $plugin, 1); |