aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* type/base: stop escaping characters manually since we use escapeshellarg()Pim van den Berg2014-07-231-10/+2
| | | | Closes #89
* Update html.inc.phpFrançois LASSERRE2014-07-231-6/+6
| | | Fix a link when no class selected.
* conf: replace [] by array() to support PHP < 5.4Pim van den Berg2014-07-221-1/+1
|
* graph: use filter_var instead of filter_input to allow overriding GET from ↵Pim van den Berg2014-07-211-2/+2
| | | | | | | detail.php In detail.php $_GET['x'] and $_GET['y'] are overridden. filter_input takes the original values. This results in NULL values.
* type/base: print shellcmd when rrd_graph('debug') is calledPim van den Berg2014-07-211-1/+1
|
* Better x and y validation, report 400 on errorsPeter Wu2014-07-212-8/+16
| | | | | | | | | Report 400 Bad Request on query errors instead of reporting 200 OK (which can be cached). Add some additional validation for the 'x' and 'y' parameters, to catch underflow (test with `x=-10` for example). Also fix a typo in the error message and include more details (the actual error).
* Fix overly permissive hostname validation, fix host checkPeter Wu2014-07-212-3/+3
| | | | | | | | | `[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that `\w` is a superset of it. Also check that the host parameter is actually non-empty, otherwise `collectd_plugins` will happily return results as the directory `$CONFIG['datadir'] . '/' . ''` trivially exists...
* Fix regex for strange datadirsPeter Wu2014-07-201-1/+4
| | | | | If a datadir would contain characters with a special meaning in regex (e.g. `/tmp/logs (new)`), then the function would blow up.
* Display a HTTP error if the command failedPeter Wu2014-07-201-1/+4
| | | | ... for instance, when using an overly large "s" parameter.
* Escape file argument for rrd_infoPeter Wu2014-07-201-2/+7
| | | | Also init info_array in case the output is empty.
* Use a more secure command line building methodPeter Wu2014-07-208-73/+100
| | | | | | | | | | | | | | | | | | | Previously, a command is built by string concatenation. Here, the distinction between a value and multiple params got lost. Solve this by using an array for shell arguments. As the escaping is now removed from the `rrd_gen_graph` function, the canvas style needs to manually add those quotes to make the JS code still work. That only supports double-quotes, so hopefully nobody creates a name with a double quote as that would break the fragile JS command line parser. Separate the rrdtool options from the rrdtool graph command to make the `$graph_type == 'canvas'` option work (it would otherwise not understand the `rrdtool graph - -a PNG` option). Merge the SVG and PNG cases as they are the same except for the Content-Type header. Fix a missing html escape in a debug style.
* security: Add missing input validation for pluginPeter Wu2014-07-201-1/+1
| | | | | | | This is a security bug. The contents of the file are not immediately disclosed, but it could disclose environment information to the attacker (when display_errors=1 and an ancient PHP version is used that does not check for '\0' in `file_exists()`).
* Fix type confusionPeter Wu2014-07-202-4/+8
| | | | | | | | | index.php expects that collectd_hosts() always return an array for array_diff. Since an empty array evaluates to FALSE anyway, do not change the type and just return the empty array. In base.php, if no files are returned, the loop is never called and three variables are not initialized. Do it now.
* Defensive programming: more urlencode/htmlentitiesPeter Wu2014-07-204-52/+61
| | | | | | | | | | | | | | | | | | Make build_url return an URL, not HTML. This separates presentation from data. plugin_header's return value is unused, remove the unnecessary return. At places where `printf("<tag att='%s'>", $x);` is used, it is now converted to `printf("<tag att=\"%s\">", htmlentities($x));` since the single quote is not escaped by default by htmlentities. In case the canvas style is used, JS should use `textContent` instead of `innerHTML` to avoid reading `&quot;` instead of `"`. Nobody (should) use(s) IE6 anymore, so it is a safe change. While at it, use the standard charset attribute of meta to specify the character set (UTF-8).
* graph: don't overwrite config rrdtool_opts by rrdtool_opts from json pluginPim van den Berg2014-07-162-5/+7
| | | | Closes #86
* type/default: optionally draw min/max spikes in a lighter color in graphsPim van den Berg2014-07-053-4/+8
| | | | Closes #73
* jsrrdgraph: RrdGraph.js: make HRULE support reference to variablePim van den Berg2014-07-051-1/+3
| | | | | | The value of HRULE could be a reference to for example a VDEF variable. Closes #85
* type/genericio: apply percentile on scaled valuePim van den Berg2014-07-051-1/+1
|
* Escape HTML in GET-provided hostnameNicolas Iooss2014-06-302-4/+4
| | | | | | | A malicious user can enter javascript code in "h" GET parameter and this code gets executed because this parameter is copied in the HTML output without any escaping. This patch escape the output before it is checked it is valid.
* jsrrdgraph: Fix graph width to look like rrdtool.Manuel Luis Sanmartín Rozada2014-06-281-2/+1
|
* jsrrdgraph: Fix errors in second axis.Manuel Luis Sanmartín Rozada2014-06-281-2/+2
|
* rm plugin.phpPim van den Berg2014-06-281-17/+0
| | | | | Forgotten in commit: v0.3-77-gbf56a64 [remove ajax js code]
* Merge remote-tracking branch 'feandil/time_range'Pim van den Berg2014-06-281-0/+1
|\
| * Use config time_range for canvas graphsVincent Brillault2014-06-281-0/+1
| |
* | Keep the list of plugins sortedVincent Brillault2014-06-281-0/+1
|/
* type/base: replace array_merge by + sign to merge a fallback arrayPim van den Berg2014-06-281-2/+2
| | | | | | | array_merge resets the index, while in case of $this->colors and $this->legend, we'd like to keep the index. An irq plugin sample: array(1 => 1, 'ERR' => 'ERR') must not become array(0 => 1, 'ERR' => 'ERR') after an array_merge.
* Merge remote-tracking branch 'dhchen/master'Pim van den Berg2014-06-242-17/+24
|\
| * Add support for multiple types dbDao-hui Chen2014-06-112-17/+24
| |
* | Merge remote-tracking branch 'feandil/for_upstream_lvm'Pim van den Berg2014-06-241-0/+15
|\ \
| * | Add LVM pluginVincent Brillault2014-06-231-0/+15
| |/
* | add percentile support to network traffic graphsPim van den Berg2014-06-244-0/+19
|/ | | | | | | Set $CONFIG['percentile'] to a number and a XXth percentile line + legend will be added to all network traffic (if_octets) graphs. Closes #81
* plugin/tcpconns: fix missing port number in rrd titlePim van den Berg2014-06-041-1/+1
| | | | Closes #78
* graph.php: fix undefined index 'type' in $plugin_json[$type]Pim van den Berg2014-05-241-0/+3
| | | | | | | When type wasn't set in the plugin json, a "PHP Notice: Undefined index" would pop up. Just default to 'default' when type isn't set. Closes #76 #77
* plugin: fix typo in temperature typeNicolas Iooss2014-05-212-2/+2
|
* detail.php: fix canvas graphsPim van den Berg2014-05-191-1/+1
| | | | | | Include graph.php instead of non-existing plugin/$plugin.php. Closes #75
* Add base on all df pluginsPoil2014-05-183-3/+6
|
* Add base option (1GB=1024Mo)Poil2014-05-183-1/+8
|
* plugin/libvirt: show (v)CPU time in millisecondsPim van den Berg2014-05-171-4/+6
|
* plugin/uptime: fix legend format (.1lf -> %.1lf)Pim van den Berg2014-05-141-1/+1
| | | | Closes: #72
* inc/html.inc.php: fix canvas graphsPim van den Berg2014-05-141-1/+1
| | | | Include graph.php instead of non-existing plugin/$plugin.php.
* plugin/memory: add cachePim van den Berg2014-05-141-0/+4
| | | | Closes: https://github.com/pommi/CGP/issues/71
* plugin/processes: add wait, idlePim van den Berg2014-05-121-0/+8
| | | | Closes: https://github.com/pommi/CGP/issues/69
* graph.php: use JSON plugins instead of including PHP plugin filesPim van den Berg2014-05-1296-2792/+2248
| | | | | | | | | | | | A couple of big changes here. A lot of logic moved to graph.php. The PHP plugin files have been rewritten to JSON. In these JSON files *everything* is optional. Also *NOT* having a JSON plugin file won't block you from having a graph. The JSON will just make the graphs prettier (by having a title, y-axis title, legend, colors, etc..). The Collectd types.db file is parsed and used to determine RRD content. When things are not defined in the JSON it will fallback to a default.
* type/base: set default title to "Plugin Type (PluginInstance) (Category)"Pim van den Berg2014-05-121-1/+13
|
* type/base: always use rainbow_colors and overwrite them afterwardsPim van den Berg2014-05-031-3/+4
| | | | | | Since the previous commit [type/base: show tinstances not defined in $this->order in graph] all type instances that are not defined in the plugin, are colored black. This way you always have nice colors.
* type/base: show tinstances not defined in $this->order in graphPim van den Berg2014-05-031-6/+5
| | | | | | Previously if $this->order was defined in a graph, only type instances that were defined in $this->order showed up in the graph. Now it merges $this->order and the type instances.
* rename ds_names and dsname to legendPim van den Berg2014-05-0345-150/+150
| | | | This had nothing to do with an RRD data source.
* type/base: set default values for rrd_title and rrd_formatPim van den Berg2014-05-031-1/+2
|
* move collectd_flush function to base classPim van den Berg2014-05-0353-169/+75
|
* type: move generic functions to base classPim van den Berg2014-05-035-300/+306
|