| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also fix some typos and white-space issues. Reported at
https://github.com/pommi/CGP/issues/88
|
| |
|
|
| |
Closes #92
|
| | |
|
| |
|
|
| |
Closes #89
|
| |
|
| |
Fix a link when no class selected.
|
| | |
|
| |
|
|
|
|
|
| |
detail.php
In detail.php $_GET['x'] and $_GET['y'] are overridden. filter_input
takes the original values. This results in NULL values.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Report 400 Bad Request on query errors instead of reporting 200 OK
(which can be cached).
Add some additional validation for the 'x' and 'y' parameters, to catch
underflow (test with `x=-10` for example). Also fix a typo in the error
message and include more details (the actual error).
|
| |
|
|
|
|
|
|
|
| |
`[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that
`\w` is a superset of it.
Also check that the host parameter is actually non-empty, otherwise
`collectd_plugins` will happily return results as the directory
`$CONFIG['datadir'] . '/' . ''` trivially exists...
|
| |
|
|
|
| |
If a datadir would contain characters with a special meaning in regex
(e.g. `/tmp/logs (new)`), then the function would blow up.
|
| |
|
|
| |
... for instance, when using an overly large "s" parameter.
|
| |
|
|
| |
Also init info_array in case the output is empty.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, a command is built by string concatenation. Here, the
distinction between a value and multiple params got lost. Solve this
by using an array for shell arguments. As the escaping is now removed
from the `rrd_gen_graph` function, the canvas style needs to manually
add those quotes to make the JS code still work. That only supports
double-quotes, so hopefully nobody creates a name with a double quote
as that would break the fragile JS command line parser.
Separate the rrdtool options from the rrdtool graph command to make the
`$graph_type == 'canvas'` option work (it would otherwise not understand
the `rrdtool graph - -a PNG` option).
Merge the SVG and PNG cases as they are the same except for the
Content-Type header.
Fix a missing html escape in a debug style.
|
| |
|
|
|
|
|
| |
This is a security bug. The contents of the file are not
immediately disclosed, but it could disclose environment information
to the attacker (when display_errors=1 and an ancient PHP version
is used that does not check for '\0' in `file_exists()`).
|
| |
|
|
|
|
|
|
|
| |
index.php expects that collectd_hosts() always return an array for
array_diff. Since an empty array evaluates to FALSE anyway, do not
change the type and just return the empty array.
In base.php, if no files are returned, the loop is never called and
three variables are not initialized. Do it now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make build_url return an URL, not HTML. This separates presentation
from data.
plugin_header's return value is unused, remove the unnecessary return.
At places where `printf("<tag att='%s'>", $x);` is used, it is now
converted to `printf("<tag att=\"%s\">", htmlentities($x));` since
the single quote is not escaped by default by htmlentities.
In case the canvas style is used, JS should use `textContent` instead
of `innerHTML` to avoid reading `"` instead of `"`. Nobody (should)
use(s) IE6 anymore, so it is a safe change.
While at it, use the standard charset attribute of meta to specify
the character set (UTF-8).
|
| |
|
|
| |
Closes #86
|
| |
|
|
| |
Closes #73
|
| |
|
|
|
|
| |
The value of HRULE could be a reference to for example a VDEF variable.
Closes #85
|
| | |
|
| |
|
|
|
|
|
| |
A malicious user can enter javascript code in "h" GET parameter and this
code gets executed because this parameter is copied in the HTML output
without any escaping. This patch escape the output before it is checked
it is valid.
|
| | |
|
| | |
|
| |
|
|
|
| |
Forgotten in commit:
v0.3-77-gbf56a64 [remove ajax js code]
|
| |\ |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
| |
array_merge resets the index, while in case of $this->colors and
$this->legend, we'd like to keep the index. An irq plugin sample:
array(1 => 1, 'ERR' => 'ERR') must not become
array(0 => 1, 'ERR' => 'ERR') after an array_merge.
|
| |\ |
|
| | | |
|
| |\ \ |
|
| | |/ |
|
| |/
|
|
|
|
|
| |
Set $CONFIG['percentile'] to a number and a XXth percentile line + legend
will be added to all network traffic (if_octets) graphs.
Closes #81
|
| |
|
|
| |
Closes #78
|
| |
|
|
|
|
|
| |
When type wasn't set in the plugin json, a "PHP Notice: Undefined index"
would pop up. Just default to 'default' when type isn't set.
Closes #76 #77
|
| | |
|
| |
|
|
|
|
| |
Include graph.php instead of non-existing plugin/$plugin.php.
Closes #75
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Closes: #72
|
| |
|
|
| |
Include graph.php instead of non-existing plugin/$plugin.php.
|
| |
|
|
| |
Closes: https://github.com/pommi/CGP/issues/71
|
