aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/inc/functions.inc.php
blob: 1c12c2fc8795b71e86e8c345bf5924364cc2000c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

<?php

require_once 'conf/common.inc.php';

# global functions

function GET($index = NULL, $value = NULL) {
	global $CONFIG;
	# parse all values from $_GET when no index is given
	if ($index === NULL) {
		$arr = array();
		foreach($_GET as $i => $v) {
			$arr[$i] = GET($i);
		}
		return $arr;
	}

	if (!isset($_GET[$index]) or strlen($_GET[$index]) == 0)
		return NULL;

	if ($value === NULL)
		$value = $_GET[$index];

	$desc = array(
		'h'  => 'host',
		'p'  => 'plugin',
		'c'  => 'category',
		't'  => 'type',
		'pi' => 'plugin instance',
		'ti' => 'type instance',
		's'  => 'seconds',
		'x'  => 'x-axis',
		'y'  => 'y-axis',
	);

	switch($index) {
		case 'h': # host
		case 'pi': # plugin instance
		case 'ti': # type instance
			if (!preg_match('/^[\w\-.: ]+$/u', $value)) {
				error_log(sprintf('Invalid %s in $_GET["%s"]: "%s"', $desc[$index], $index, $value));
				return NULL;
			}
		break;
		case 'p': # plugin
			if ((!in_array($value, $CONFIG['allowed'])) && (!in_array($value, $CONFIG['overview']))) {
				return NULL;
			}
		case 'c': # category
		case 't': # type
			if (!preg_match('/^\w+$/u', $value)) {
				error_log(sprintf('Invalid %s in $_GET["%s"]: "%s"', $desc[$index], $index, $value));
				return NULL;
			}
		break;
		case 's': # seconds
		case 'x': # x-axis
		case 'y': # y-axis
			if (!is_numeric($value)) {
				error_log(sprintf('Invalid %s in $_GET["%s"]: "%s"', $desc[$index], $index, $value));
				return NULL;
			}
		break;
		default:
			return NULL;
		break;
	}

	return $value;
}

function validateRRDPath($base, $path) {
	$base = preg_replace('/\/$/', '', $base);

	# resolve possible symlink
	$base = realpath($base);

	$realpath = realpath(sprintf('%s/%s', $base, $path));

	if (strpos($realpath, $base) === false)
		return false;

	if (strpos($realpath, $base) !== 0)
		return false;

	if (!preg_match('/\.rrd$/', $realpath))
		return false;

	return $realpath;
}

function crc32hex($str) {
	return sprintf("%x",crc32($str));
}

function error_image() {
	header("Content-Type: image/png", true, 400);
	readfile('layout/error.png');
	exit;
}
generated by cgit v1.1 at 2024-11-16 03:15:22 +0000