diff options
| author | osmiy <osmiy@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2007-05-21 14:37:06 +0000 |
|---|---|---|
| committer | osmiy <osmiy@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2007-05-21 14:37:06 +0000 |
| commit | 22ea3729b7a5db9ae6dc213a2507eedde41264e1 (patch) | |
| tree | dcd6e7064af898782b920c4cad9a02aad88e8089 /frontends/php/include | |
| parent | b9225beae8d19c32dd4c0e0d818cf8e0114321e3 (diff) | |
- restored validation for hostname (Eugene)
git-svn-id: svn://svn.zabbix.com/trunk@4155 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include')
| -rw-r--r-- | frontends/php/include/defines.inc.php | 11 | ||||
| -rw-r--r-- | frontends/php/include/hosts.inc.php | 6 | ||||
| -rw-r--r-- | frontends/php/include/items.inc.php | 7 | ||||
| -rw-r--r-- | frontends/php/include/triggers.inc.php | 94 |
4 files changed, 73 insertions, 45 deletions
diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php index 87c02f65..fdae9bf1 100644 --- a/frontends/php/include/defines.inc.php +++ b/frontends/php/include/defines.inc.php @@ -379,6 +379,17 @@ define('SPACE', ' '); define('RARR', '⇒'); + define('ZBX_EREG_HOST_FORMAT', '([0-9a-zA-Z\_\.[:space:][.-.]\$]+)'); + define('ZBX_EREG_ITEM_KEY_FORMAT', '([]\[0-9a-zA-Z!\_\*\/\.\,\:\(\)\+ [.-.]\$]+)'); + + define('ZBX_EREG_SIMPLE_EXPRESSION_FORMAT', + '^\{'.ZBX_EREG_HOST_FORMAT.'\:('.ZBX_EREG_ITEM_KEY_FORMAT.'\.([a-z]{3,11})\(([#0-9a-zA-Z\_\/\.\,[:space:]]+)\)\}$'); + + define('ZBX_SIMPLE_EXPRESSION_HOST_ID', 1); + define('ZBX_SIMPLE_EXPRESSION_KEY_ID', 2); + define('ZBX_SIMPLE_EXPRESSION_FUNCTION_ID', 3); + define('ZBX_SIMPLE_EXPRESSION_PARAMETER_ID', 4); + global $_GET, $_POST, $_COOKIE, $_REQUEST; /* Support for PHP5. PHP5 does not have $HTTP_..._VARS */ diff --git a/frontends/php/include/hosts.inc.php b/frontends/php/include/hosts.inc.php index 64ae8f36..f7d7dd33 100644 --- a/frontends/php/include/hosts.inc.php +++ b/frontends/php/include/hosts.inc.php @@ -147,6 +147,12 @@ require_once "include/items.inc.php"; { global $ZBX_CURNODEID; + if( !eregi('^'.ZBX_EREG_HOST_FORMAT.'$', $host) ) + { + error("Hostname should contain '0-9a-zA-Z_. $'- characters only"); + return false; + } + /* Character '-' must be last in the list of symbols, otherwise it won't be accepted */ if ( !empty($dns) && !eregi('^([0-9a-zA-Z\_\.\$[.-.]]+)$', $dns)) { diff --git a/frontends/php/include/items.inc.php b/frontends/php/include/items.inc.php index 840a2eec..a78986fc 100644 --- a/frontends/php/include/items.inc.php +++ b/frontends/php/include/items.inc.php @@ -19,6 +19,7 @@ **/ ?> <?php + function item_type2str($type) { switch($type) @@ -147,6 +148,12 @@ if(($i = array_search(0,$applications)) !== FALSE) unset($applications[$i]); + if( !eregi('^'.ZBX_EREG_ITEM_KEY_FORMAT.'$', $key) ) + { + error("Key should contain '[]0-9a-zA-Z!_,:()+.*\ $'- characters only"); + return false; + } + if($delay<1) { error("Delay cannot be less than 1 second"); diff --git a/frontends/php/include/triggers.inc.php b/frontends/php/include/triggers.inc.php index 8f1975b4..f4834750 100644 --- a/frontends/php/include/triggers.inc.php +++ b/frontends/php/include/triggers.inc.php @@ -169,18 +169,33 @@ ' and host in ('.implode(',',$hosts).')'); } -define('ZBX_EREG_SIMPLE_EXPRESSION_FORMAT', - '^\{([0-9a-zA-Z\_\.[.-.]\$]+)\:([]\[0-9a-zA-Z!\_\*\/\.\,\:\(\)\+ [.-.]\$]+)\.([a-z]{3,11})\(([#0-9a-zA-Z\_\/\.\,[:space:]]+)\)\}$'); - -define('ZBX_SIMPLE_EXPRESSION_HOST_ID', 1); -define('ZBX_SIMPLE_EXPRESSION_KEY_ID', 2); -define('ZBX_SIMPLE_EXPRESSION_FUNCTION_ID', 3); -define('ZBX_SIMPLE_EXPRESSION_PARAMETER_ID', 4); // Does expression match server:key.function(param) ? function validate_simple_expression($expression) { global $ZBX_CURNODEID; + $allowed_functions['min'] = 'ticks'; + $allowed_functions['max'] = 'ticks'; + $allowed_functions['delta'] = 'ticks'; + $allowed_functions['avg'] = 'ticks'; + $allowed_functions['sum'] = 'ticks'; + $allowed_functions['last'] = 'float'; + $allowed_functions['diff'] = 'float'; + $allowed_functions['count'] = 'float'; + $allowed_functions['prev'] = 'float'; + $allowed_functions['change'] = 'float'; + $allowed_functions['abschange'] = 'float'; + $allowed_functions['nodata'] = 'float'; + $allowed_functions['time'] = 'float'; + $allowed_functions['dayofweek'] = 'float'; + $allowed_functions['date'] = 'float'; + $allowed_functions['now'] = 'float'; + $allowed_functions['fuzzytime'] = 'float'; + $allowed_functions['str'] = true; + $allowed_functions['logseverity'] = true; + $allowed_functions['logsource'] = true; + $allowed_functions['regexp'] = true; + // echo "Validating simple:$expression<br>"; if (eregi(ZBX_EREG_SIMPLE_EXPRESSION_FORMAT, $expression, $arr)) { @@ -189,64 +204,54 @@ define('ZBX_SIMPLE_EXPRESSION_PARAMETER_ID', 4); $function = &$arr[ZBX_SIMPLE_EXPRESSION_FUNCTION_ID]; $parameter = &$arr[ZBX_SIMPLE_EXPRESSION_PARAMETER_ID]; - $sql="select count(*) as cnt from hosts h,items i where h.host=".zbx_dbstr($host). - " and i.key_=".zbx_dbstr($key)." and h.hostid=i.hostid ". - " and ".DBid2nodeid('h.hostid').'='.$ZBX_CURNODEID; - $row=DBfetch(DBselect($sql)); + $row=DBfetch(DBselect('select count(*) as cnt from hosts h where h.host='.zbx_dbstr($host). + ' and '.DBid2nodeid('h.hostid').'='.$ZBX_CURNODEID + )); + if($row["cnt"]==0) + { + error('No such host ('.$host.')'); + return -1; + } + elseif($row["cnt"]!=1) + { + error('Too many hosts ('.$host.')'); + return -1; + } + + $row=DBfetch(DBselect('select count(*) as cnt from hosts h,items i where h.host='.zbx_dbstr($host). + ' and i.key_='.zbx_dbstr($key).' and h.hostid=i.hostid '. + ' and '.DBid2nodeid('h.hostid').'='.$ZBX_CURNODEID + )); if($row["cnt"]==0) { - error("No such host ($host) or monitored parameter ($key)"); + error('No such monitored parameter ('.$key.') for host ('.$host.')'); return -1; } elseif($row["cnt"]!=1) { - error("Too many hosts ($host) with parameter ($key)"); + error('Too many monitored parameter ('.$key.') for host ('.$host.')'); return -1; } - if( ($function!="last")&& - ($function!="diff")&& - ($function!="min") && - ($function!="max") && - ($function!="avg") && - ($function!="sum") && - ($function!="count") && - ($function!="prev")&& - ($function!="delta")&& - ($function!="change")&& - ($function!="abschange")&& - ($function!="nodata")&& - ($function!="time")&& - ($function!="dayofweek")&& - ($function!="date")&& - ($function!="now")&& - ($function!="str")&& - ($function!="fuzzytime")&& - ($function!="logseverity")&& - ($function!="logsource")&& - ($function!="regexp") - ) + if( !isset($allowed_functions[$function]) ) { - error("Unknown function [$function]"); + error('Unknown function ['.$function.']'); return -1; } - if(in_array($function,array("last","diff","count", - "prev","change","abschange","nodata","time","dayofweek", - "date","now","fuzzytime")) + if( 'float' == $allowed_functions[$function] && (validate_float($parameter)!=0) ) { - error("[$parameter] is not a float"); + error('['.$parameter.'] is not a float'); return -1; } - if(in_array($function,array("min","max","avg","sum", - "delta")) + if( 'ticks' == $allowed_functions[$function] && (validate_ticks($parameter)!=0) ) { - error("[$parameter] is not a float"); + error('['.$parameter.'] is not a float'); return -1; } } @@ -254,7 +259,7 @@ define('ZBX_SIMPLE_EXPRESSION_PARAMETER_ID', 4); else if($expression!="{TRIGGER.VALUE}") { - error("Expression [$expression] does not match to [server:key.func(param)]"); + error('Expression ['.$expression.'] does not match to [server:key.func(param)]'); return -1; } return 0; @@ -292,7 +297,6 @@ define('ZBX_SIMPLE_EXPRESSION_PARAMETER_ID', 4); // Replace all <float> <sign> <float> <K|M|G> with 0 // echo "Expression:$expression<br>"; $arr=""; -// The minus sing '-' must be the last one in the list, otherwise it won't work! if (eregi('^((.)*)([0-9\.]+[A-Z]{0,1})[ ]*([\&\|\>\<\=\+\*\/\#[.-.]]{1})[ ]*([0-9\.]+[A-Z]{0,1})((.)*)$', $expression, $arr)) { // echo "OK<br>"; |