diff options
| author | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-01-31 16:09:35 +0000 |
|---|---|---|
| committer | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-01-31 16:09:35 +0000 |
| commit | d07f777ed2cf0103ed550166f9b0e783db064255 (patch) | |
| tree | fb331ae19aff60bdf2cea11bd99e34a99f45bc1d /frontends/php/include | |
| parent | 78776cf62621df9e12f0b791753174e638440efe (diff) | |
Getting rid of addslashes.
git-svn-id: svn://svn.zabbix.com/trunk@2592 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include')
| -rw-r--r-- | frontends/php/include/actions.inc.php | 13 | ||||
| -rw-r--r-- | frontends/php/include/audit.inc.php | 3 | ||||
| -rw-r--r-- | frontends/php/include/autoregistration.inc.php | 8 | ||||
| -rw-r--r-- | frontends/php/include/config.inc.php | 43 | ||||
| -rw-r--r-- | frontends/php/include/items.inc.php | 20 | ||||
| -rw-r--r-- | frontends/php/include/profiles.inc.php | 28 | ||||
| -rw-r--r-- | frontends/php/include/services.inc.php | 2 | ||||
| -rw-r--r-- | frontends/php/include/triggers.inc.php | 14 | ||||
| -rw-r--r-- | frontends/php/include/validate.inc.php | 21 |
9 files changed, 59 insertions, 93 deletions
diff --git a/frontends/php/include/actions.inc.php b/frontends/php/include/actions.inc.php index 621d9adc..9e443b6f 100644 --- a/frontends/php/include/actions.inc.php +++ b/frontends/php/include/actions.inc.php @@ -136,7 +136,7 @@ { if($row["actions"]&1 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=DBselect($sql); while($row2=DBfetch($result2)) { @@ -182,12 +182,12 @@ { if($row["actions"]&4 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=dbselect($sql); #enumerate triggers while($row2=dbfetch($result2)) { - $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".addslashes($action["subject"])."' and userid=".$action["userid"]." and good=".$action["good"]." and scope=".$action["scope"]." and recipient=".$action["recipient"]." and severity=".$action["severity"]; + $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".zbx_ads($action["subject"])."' and userid=".$action["userid"]." and good=".$action["good"]." and scope=".$action["scope"]." and recipient=".$action["recipient"]." and severity=".$action["severity"]; $result3=dbselect($sql); #enumerate actions while($row3=dbfetch($result3)) @@ -229,12 +229,12 @@ { if($row["actions"]&2 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=dbselect($sql); #enumerate triggers while($row2=dbfetch($result2)) { - $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".addslashes($action["subject"])."'"; + $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".zbx_ads($action["subject"])."'"; $result3=dbselect($sql); #enumerate actions while($row3=dbfetch($result3)) @@ -334,8 +334,7 @@ function add_action_condition($actionid, $conditiontype, $operator, $value) { - $value=addslashes($value); - $sql="insert into conditions (actionid,conditiontype,operator,value) values ($actionid,$conditiontype,$operator,'$value')"; + $sql="insert into conditions (actionid,conditiontype,operator,value) values ($actionid,$conditiontype,$operator,'".zbx_ads($value)."')"; $result=DBexecute($sql); return DBinsert_id($result,"conditions","conditionid"); } diff --git a/frontends/php/include/audit.inc.php b/frontends/php/include/audit.inc.php index 5364e121..20957b1c 100644 --- a/frontends/php/include/audit.inc.php +++ b/frontends/php/include/audit.inc.php @@ -23,10 +23,9 @@ { global $USER_DETAILS; - $details=addslashes($details); $userid=$USER_DETAILS["userid"]; $clock=time(); - $sql="insert into audit (userid,clock,action,resource,details) values ($userid,$clock,$action,$resource,'$details')"; + $sql="insert into audit (userid,clock,action,resource,details) values ($userid,$clock,$action,$resource,'".zbx_ads($details)."')"; return DBexecute($sql); } ?> diff --git a/frontends/php/include/autoregistration.inc.php b/frontends/php/include/autoregistration.inc.php index cbb7593f..f607dad7 100644 --- a/frontends/php/include/autoregistration.inc.php +++ b/frontends/php/include/autoregistration.inc.php @@ -29,9 +29,7 @@ return 0; } - $pattern=addslashes($pattern); - - $sql="insert into autoreg (pattern,priority,hostid) values ('$pattern',$priority,$hostid)"; + $sql="insert into autoreg (pattern,priority,hostid) values ('".zbx_ads($pattern)."',$priority,$hostid)"; $result=DBexecute($sql); if($result) { @@ -51,9 +49,7 @@ return 0; } - $pattern=addslashes($pattern); - - $sql="update autoreg set pattern='$pattern',priority=$priority,hostid=$hostid where id=$id"; + $sql="update autoreg set pattern='".zbx_ads($pattern)."',priority=$priority,hostid=$hostid where id=$id"; return DBexecute($sql); } diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php index 85e0077d..437c8b4f 100644 --- a/frontends/php/include/config.inc.php +++ b/frontends/php/include/config.inc.php @@ -690,10 +690,24 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! return $config; } + function show_infomsg() + { + global $INFO_MSG; + + if(is_array($INFO_MSG)) + { + echo "<p align=center class=\"info\">"; + while(list($key, $val)=each($INFO_MSG)) + { + echo $val."<br>"; + } + echo "</p>"; + } + } + function show_messages($bool=TRUE,$msg=NULL,$errmsg=NULL) { global $ERROR_MSG; - global $INFO_MSG; if(!$bool) { @@ -710,23 +724,18 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! $color="#223344"; } - echo "<p align=center>"; - echo "<font color='$color'>"; - if(isset($msg)) - echo "<b>[$msg]</b>"; - echo "</font>"; - echo "</p>"; - if(is_array($INFO_MSG)) + if(isset($msg)) { - echo "<p align=center class=\"info\">"; - while(list($key, $val)=each($INFO_MSG)) - { - echo $val."<br>"; - } + echo "<p align=center>"; + echo "<font color='$color'>"; + echo "<b>[$msg]</b>"; + echo "</font>"; echo "</p>"; } + show_infomsg(); + if(is_array($ERROR_MSG)) { echo "<p align=center class=\"error\">"; @@ -1458,7 +1467,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! if($files["image"]["error"]==0) if($files["image"]["size"]<1024*1024) { - $image=addslashes(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); + $image=zbx_ads(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); $sql="insert into images (name,imagetype,image) values ('$name',$imagetype,'$image')"; return DBexecute($sql); } @@ -1482,7 +1491,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! if($files["image"]["error"]==0) if($files["image"]["size"]<1024*1024) { - $image=addslashes(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); + $image=zbx_ads(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); $sql="update images set name='$name',imagetype='$imagetype',image='$image' where imageid='$imageid'"; return DBexecute($sql); } @@ -1797,7 +1806,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! { $ret = 0; - $description=addslashes($description); + $description=zbx_ads($description); $sql="select * from media_type where description='$description' and mediatypeid!=$mediatypeid"; $result=DBexecute($sql); if(DBnum_rows($result)>0) @@ -1823,7 +1832,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! return 0; } - $description=addslashes($description); + $description=zbx_ads($description); $sql="select * from media_type where description='$description'"; $result=DBexecute($sql); if(DBnum_rows($result)>0) diff --git a/frontends/php/include/items.inc.php b/frontends/php/include/items.inc.php index b2e02deb..56e1c5e3 100644 --- a/frontends/php/include/items.inc.php +++ b/frontends/php/include/items.inc.php @@ -107,14 +107,7 @@ $delta=0; } - $key=addslashes($key); - $description=addslashes($description); - $logtimefmt=addslashes($logtimefmt); - $snmpv3_securityname=addslashes($snmpv3_securityname); - $snmpv3_authpassphrase=addslashes($snmpv3_authpassphrase); - $snmpv3_privpassphrase=addslashes($snmpv3_privpassphrase); - - $sql="insert into items (description,key_,hostid,delay,history,nextcheck,status,type,snmp_community,snmp_oid,value_type,trapper_hosts,snmp_port,units,multiplier,delta,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authpassphrase,snmpv3_privpassphrase,formula,trends,logtimefmt) values ('$description','$key',$hostid,$delay,$history,0,$status,$type,'$snmp_community','$snmp_oid',$value_type,'$trapper_hosts',$snmp_port,'$units',$multiplier,$delta,'$snmpv3_securityname',$snmpv3_securitylevel,'$snmpv3_authpassphrase','$snmpv3_privpassphrase','$formula',$trends,'$logtimefmt')"; + $sql="insert into items (description,key_,hostid,delay,history,nextcheck,status,type,snmp_community,snmp_oid,value_type,trapper_hosts,snmp_port,units,multiplier,delta,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authpassphrase,snmpv3_privpassphrase,formula,trends,logtimefmt) values ('".zbx_ads($description)."','".zbx_ads($key)."',".zbx_ads($hostid).",".zbx_ads($delay).",".zbx_ads($history).",0,".zbx_ads($status).",".zbx_ads($type).",'".zbx_ads($snmp_community)."','".zbx_ads($snmp_oid)."',".zbx_ads($value_type).",'".zbx_ads($trapper_hosts)."',".zbx_ads($snmp_port).",'".zbx_ads($units)."',".zbx_ads($multiplier).",".zbx_ads($delta).",'".zbx_ads($snmpv3_securityname)."',".zbx_ads($snmpv3_securitylevel).",'".zbx_ads($snmpv3_authpassphrase)."','".zbx_ads($snmpv3_privpassphrase)."','".zbx_ads($formula)."',".zbx_ads($trends).",'".zbx_ads($logtimefmt)."')"; $result=DBexecute($sql); if($result) { @@ -167,17 +160,10 @@ $delta=0; } - $key=addslashes($key); - $description=addslashes($description); - $logtimefmt=addslashes($logtimefmt); - $snmpv3_securityname=addslashes($snmpv3_securityname); - $snmpv3_authpassphrase=addslashes($snmpv3_authpassphrase); - $snmpv3_privpassphrase=addslashes($snmpv3_privpassphrase); - - $sql="update items set lastlogsize=0 where itemid=$itemid and key_<>'$key'"; + $sql="update items set lastlogsize=0 where itemid=".zbx_ads($itemid)." and key_<>'".zbx_ads($key)."'"; DBexecute($sql); - $sql="update items set description='$description',key_='$key',hostid=$hostid,delay=$delay,history=$history,nextcheck=0,status=$status,type=$type,snmp_community='$snmp_community',snmp_oid='$snmp_oid',value_type=$value_type,trapper_hosts='$trapper_hosts',snmp_port=$snmp_port,units='$units',multiplier=$multiplier,delta=$delta,snmpv3_securityname='$snmpv3_securityname',snmpv3_securitylevel=$snmpv3_securitylevel,snmpv3_authpassphrase='$snmpv3_authpassphrase',snmpv3_privpassphrase='$snmpv3_privpassphrase',formula='$formula',trends=$trends,logtimefmt='$logtimefmt' where itemid=$itemid"; + $sql="update items set description='".zbx_ads($description)."',key_='".zbx_ads($key)."',hostid=".zbx_ads($hostid).",delay=".zbx_ads($delay).",history=".zbx_ads($history).",nextcheck=0,status=".zbx_ads($status).",type=".zbx_ads($type).",snmp_community='".zbx_ads($snmp_community)."',snmp_oid='".zbx_ads($snmp_oid)."',value_type=".zbx_ads($value_type).",trapper_hosts='".zbx_ads($trapper_hosts)."',snmp_port=".zbx_ads($snmp_port).",units='".zbx_ads($units)."',multiplier=".zbx_ads($multiplier).",delta=".zbx_ads($delta).",snmpv3_securityname='".zbx_ads($snmpv3_securityname)."',snmpv3_securitylevel=".zbx_ads($snmpv3_securitylevel).",snmpv3_authpassphrase='".zbx_ads($snmpv3_authpassphrase)."',snmpv3_privpassphrase='".zbx_ads($snmpv3_privpassphrase)."',formula='".zbx_ads($formula)."',trends=".zbx_ads($trends).",logtimefmt='".zbx_ads($logtimefmt)."' where itemid=".zbx_ads($itemid); $result=DBexecute($sql); if($result) { diff --git a/frontends/php/include/profiles.inc.php b/frontends/php/include/profiles.inc.php index db66663a..e94ff270 100644 --- a/frontends/php/include/profiles.inc.php +++ b/frontends/php/include/profiles.inc.php @@ -38,19 +38,7 @@ return 0; } - $devicetype=addslashes($devicetype); - $name=addslashes($name); - $os=addslashes($os); - $serialno=addslashes($serialno); - $tag=addslashes($tag); - $macaddress=addslashes($macaddress); - $hardware=addslashes($hardware); - $software=addslashes($software); - $contact=addslashes($contact); - $location=addslashes($location); - $notes=addslashes($notes); - - $sql="insert into hosts_profiles (hostid,devicetype,name,os,serialno,tag,macaddress,hardware,software,contact,location,notes) values ($hostid,'$devicetype','$name','$os','$serialno','$tag','$macaddress','$hardware','$software','$contact','$location','$notes')"; + $sql="insert into hosts_profiles (hostid,devicetype,name,os,serialno,tag,macaddress,hardware,software,contact,location,notes) values (".zbx_ads($hostid).",'".zbx_ads($devicetype)."','".zbx_ads($name)."','".zbx_ads($os)."','".zbx_ads($serialno)."','".zbx_ads($tag)."','".zbx_ads($macaddress)."','".zbx_ads($hardware)."','".zbx_ads($software)."','".zbx_ads($contact)."','".zbx_ads($location)."','".zbx_ads($notes)."')"; $result=DBexecute($sql); return $result; @@ -75,19 +63,7 @@ return 0; } - $devicetype=addslashes($devicetype); - $name=addslashes($name); - $os=addslashes($os); - $serialno=addslashes($serialno); - $tag=addslashes($tag); - $macaddress=addslashes($macaddress); - $hardware=addslashes($hardware); - $software=addslashes($software); - $contact=addslashes($contact); - $location=addslashes($location); - $notes=addslashes($notes); - - $sql="update hosts_profiles set devicetype='$devicetype',name='$name',os='$os',serialno='$serialno',tag='$tag',macaddress='$macaddress',hardware='$hardware',software='$software',contact='$contact',location='$location',notes='$notes' where hostid=$hostid"; + $sql="update hosts_profiles set devicetype='".zbx_ads($devicetype)."',name='".zbx_ads($name)."',os='".zbx_ads($os)."',serialno='".zbx_ads($serialno)."',tag='".zbx_ads($tag)."',macaddress='".zbx_ads($macaddress)."',hardware='".zbx_ads($hardware)."',software='".zbx_ads($software)."',contact='".zbx_ads($contact)."',location='".zbx_ads($location)."',notes='".zbx_ads($notes)."' where hostid=".zbx_ads($hostid); $result=DBexecute($sql); return $result; diff --git a/frontends/php/include/services.inc.php b/frontends/php/include/services.inc.php index 2d791c69..7a63d508 100644 --- a/frontends/php/include/services.inc.php +++ b/frontends/php/include/services.inc.php @@ -42,7 +42,7 @@ // { $description=expand_trigger_description($triggerid); // } - $description=addslashes($description); + $description=zbx_ads($description); $sql="insert into services (name,triggerid,status,algorithm,showsla,goodsla,sortorder) values ('$description',$triggerid,0,$algorithm,$showsla,$goodsla,$sortorder)"; } else diff --git a/frontends/php/include/triggers.inc.php b/frontends/php/include/triggers.inc.php index be904fbf..7e3d3fd3 100644 --- a/frontends/php/include/triggers.inc.php +++ b/frontends/php/include/triggers.inc.php @@ -27,8 +27,7 @@ return 0; } - $comments=addslashes($comments); - $sql="update triggers set comments='$comments' where triggerid=$triggerid"; + $sql="update triggers set comments='".zbx_ads($comments)."' where triggerid=".zbx_ads($triggerid); return DBexecute($sql); } @@ -110,8 +109,7 @@ // return 0; // } -# $description=addslashes($description); - $sql="insert into triggers (description,priority,status,comments,url,value,error) values ('$description',$priority,$status,'$comments','$url',2,'Trigger just added. No status update so far.')"; + $sql="insert into triggers (description,priority,status,comments,url,value,error) values ('".zbx_ads($description)."',".zbx_ads($priority).",".zbx_ads($status).",'".zbx_ads($comments)."','".zbx_ads($url)."',2,'Trigger just added. No status update so far.')"; # echo $sql,"<br>"; $result=DBexecute($sql); if(!$result) @@ -124,7 +122,7 @@ add_alarm($triggerid,2); $expression=implode_exp($expression,$triggerid); - $sql="update triggers set expression='$expression' where triggerid=$triggerid"; + $sql="update triggers set expression='".zbx_ads($expression)."' where triggerid=".zbx_ads($triggerid); # echo $sql,"<br>"; DBexecute($sql); reset_items_nextcheck($triggerid); @@ -339,7 +337,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid"; { if($row["triggers"]&3 == 0) continue; #get triggers - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=DBselect($sql); // Loop: triggers while($row2=DBfetch($result2)) @@ -424,7 +422,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid"; if($row["triggers"]&1 == 0) continue; - $sql="insert into triggers (description,priority,status,comments,url,value,expression) values ('".addslashes($trigger["description"])."',".$trigger["priority"].",".$trigger["status"].",'".addslashes($trigger["comments"])."','".addslashes($trigger["url"])."',2,'$expression_old')"; + $sql="insert into triggers (description,priority,status,comments,url,value,expression) values ('".zbx_ads($trigger["description"])."',".$trigger["priority"].",".$trigger["status"].",'".zbx_ads($trigger["comments"])."','".zbx_ads($trigger["url"])."',2,'$expression_old')"; $result4=DBexecute($sql); $triggerid_new=DBinsert_id($result4,"triggers","triggerid"); @@ -491,7 +489,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid"; { if($row["triggers"]&4 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=DBselect($sql); while($row2=DBfetch($result2)) { diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php index 35196f9d..ff0279d2 100644 --- a/frontends/php/include/validate.inc.php +++ b/frontends/php/include/validate.inc.php @@ -19,6 +19,12 @@ **/ ?> <?php + function zbx_adds($var) + { + if(!get_magic_quotes_gpc()) return addslashes($var); + else return $var; + } + function BETWEEN($min,$max) { return "({}>=$min&&{}<=$max)&&"; @@ -73,7 +79,7 @@ { if(!isset($fields[$key])) { -//// echo "Unset: $key<br>"; + echo "Unset: $key<br>"; unset($_REQUEST[$key]); } } @@ -103,6 +109,7 @@ if(($flags&P_ACT)&&(isset($_REQUEST[$field]))) { // info("Unset:".$field); + echo "Unset:".$field."<br>"; unset($_REQUEST[$field]); } } @@ -112,6 +119,8 @@ { foreach($_REQUEST as $key => $val) { +// info("Unset:".$_REQUEST[$key]); + echo "Unset:".$_REQUEST[$key]."<br>"; unset($_REQUEST[$key]); } } @@ -122,15 +131,13 @@ $ret = TRUE; - return $ret; - $critical = FALSE; foreach($fields as $field => $checks) { list($type,$opt,$flags,$validation,$exception)=$checks; -// info("Field: $field"); +// echo "Field: $field<br>"; if($exception==NULL) $except=FALSE; else $except=calc_exp($fields,$field,$exception); @@ -241,10 +248,6 @@ } } } - - if(isset($_REQUEST[$field])&&!get_magic_quotes_gpc()) { - $_REQUEST[$field]=addslashes($_REQUEST[$field]); - } } unset_not_in_list($fields); unset_if_zero($fields); @@ -258,7 +261,7 @@ { unset_action_vars($fields); } - show_messages(); + show_infomsg(); return $ret; } ?> |