aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/graph.php (unfollow)
Commit message (Collapse)AuthorFilesLines
2014-07-25support php versions without json support and show a warning messagePim van den Berg1-1/+1
2014-07-21graph: use filter_var instead of filter_input to allow overriding GET from ↵Pim van den Berg1-2/+2
detail.php In detail.php $_GET['x'] and $_GET['y'] are overridden. filter_input takes the original values. This results in NULL values.
2014-07-21Better x and y validation, report 400 on errorsPeter Wu1-7/+15
Report 400 Bad Request on query errors instead of reporting 200 OK (which can be cached). Add some additional validation for the 'x' and 'y' parameters, to catch underflow (test with `x=-10` for example). Also fix a typo in the error message and include more details (the actual error).
2014-07-20Use a more secure command line building methodPeter Wu1-1/+10
Previously, a command is built by string concatenation. Here, the distinction between a value and multiple params got lost. Solve this by using an array for shell arguments. As the escaping is now removed from the `rrd_gen_graph` function, the canvas style needs to manually add those quotes to make the JS code still work. That only supports double-quotes, so hopefully nobody creates a name with a double quote as that would break the fragile JS command line parser. Separate the rrdtool options from the rrdtool graph command to make the `$graph_type == 'canvas'` option work (it would otherwise not understand the `rrdtool graph - -a PNG` option). Merge the SVG and PNG cases as they are the same except for the Content-Type header. Fix a missing html escape in a debug style.
2014-07-20security: Add missing input validation for pluginPeter Wu1-1/+1
This is a security bug. The contents of the file are not immediately disclosed, but it could disclose environment information to the attacker (when display_errors=1 and an ancient PHP version is used that does not check for '\0' in `file_exists()`).
2014-07-16graph: don't overwrite config rrdtool_opts by rrdtool_opts from json pluginPim van den Berg1-1/+1
Closes #86
2014-06-24add percentile support to network traffic graphsPim van den Berg1-0/+3
Set $CONFIG['percentile'] to a number and a XXth percentile line + legend will be added to all network traffic (if_octets) graphs. Closes #81
2014-05-24graph.php: fix undefined index 'type' in $plugin_json[$type]Pim van den Berg1-0/+3
When type wasn't set in the plugin json, a "PHP Notice: Undefined index" would pop up. Just default to 'default' when type isn't set. Closes #76 #77
2014-05-18Add base option (1GB=1024Mo)Poil1-0/+3
2014-05-12graph.php: use JSON plugins instead of including PHP plugin filesPim van den Berg1-8/+77
A couple of big changes here. A lot of logic moved to graph.php. The PHP plugin files have been rewritten to JSON. In these JSON files *everything* is optional. Also *NOT* having a JSON plugin file won't block you from having a graph. The JSON will just make the graphs prettier (by having a title, y-axis title, legend, colors, etc..). The Collectd types.db file is parsed and used to determine RRD content. When things are not defined in the JSON it will fallback to a default.
2013-12-29graph: add configurable limit to graph width/heightPim van den Berg1-0/+5
Closes: https://github.com/pommi/CGP/pull/34
2013-12-29fix heigth -> height typoPim van den Berg1-1/+1
2011-04-21resolve php noticesKarol Nowacki1-2/+2
Including a lot of undefined $_GET values.
2010-06-05remove php gd dependencyPim van den Berg1-16/+4
Image error messages were shown using PHP GD. People who haven't installed PHP GD don't understand what is going on when an image is not shown. It is replaced by a static image referring to the error log for more information.
2010-01-01better validation of possible user input (get)Pim van den Berg1-4/+7
2009-12-31rewrite of type classesPim van den Berg1-10/+4
A constructor is added to the Type_Default class. The constructor will parse GET values (such as host, plugin, pinstance, type, tinstance, seconds), create an array of all needed rrd files to generate a graph and substract identifiers from these rrd files. Because of the constructor (and related functions) it is not needed to define an array of tinstances to be grouped and shown in one graph. Also $obj->args don't have to be defined per plugin. This will result in smaller plugin files. The type classes are based on the fact that a plugin has multiple type instances OR multiple rrd data sources. This is called the source and is retrieved by rrd_get_sources in each rrd_gen_graph function. Also variables in function rrd_gen_graph have been renamed to better ones.
2009-09-29make width and heigth of graphs configurablePim van den Berg1-2/+2
These configuration options have been added: - width - heigth - detail-width - detail-heigth