diff options
author | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-01-31 16:09:35 +0000 |
---|---|---|
committer | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-01-31 16:09:35 +0000 |
commit | d07f777ed2cf0103ed550166f9b0e783db064255 (patch) | |
tree | fb331ae19aff60bdf2cea11bd99e34a99f45bc1d /frontends/php | |
parent | 78776cf62621df9e12f0b791753174e638440efe (diff) | |
download | zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.tar.gz zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.tar.xz zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.zip |
Getting rid of addslashes.
git-svn-id: svn://svn.zabbix.com/trunk@2592 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php')
-rw-r--r-- | frontends/php/config.php | 6 | ||||
-rw-r--r-- | frontends/php/graphs.php | 6 | ||||
-rw-r--r-- | frontends/php/hosts.php | 6 | ||||
-rw-r--r-- | frontends/php/include/actions.inc.php | 13 | ||||
-rw-r--r-- | frontends/php/include/audit.inc.php | 3 | ||||
-rw-r--r-- | frontends/php/include/autoregistration.inc.php | 8 | ||||
-rw-r--r-- | frontends/php/include/config.inc.php | 43 | ||||
-rw-r--r-- | frontends/php/include/items.inc.php | 20 | ||||
-rw-r--r-- | frontends/php/include/profiles.inc.php | 28 | ||||
-rw-r--r-- | frontends/php/include/services.inc.php | 2 | ||||
-rw-r--r-- | frontends/php/include/triggers.inc.php | 14 | ||||
-rw-r--r-- | frontends/php/include/validate.inc.php | 21 | ||||
-rw-r--r-- | frontends/php/overview.php | 4 | ||||
-rw-r--r-- | frontends/php/users.php | 6 |
14 files changed, 73 insertions, 107 deletions
diff --git a/frontends/php/config.php b/frontends/php/config.php index ee2d7274..889497bd 100644 --- a/frontends/php/config.php +++ b/frontends/php/config.php @@ -105,7 +105,7 @@ if($result) { add_audit($action,AUDIT_RESOURCE_MEDIA_TYPE, - "Media type [".addslashes($_REQUEST["description"])."]"); + "Media type [".zbx_ads($_REQUEST["description"])."]"); unset($_REQUEST["form"]); } @@ -190,7 +190,7 @@ if($result) { add_audit($audit_action, AUDIT_RESOURCE_AUTOREGISTRATION, - "Autoregistration [".addslashes($_REQUEST["pattern"])."]"); + "Autoregistration [".zbx_ads($_REQUEST["pattern"])."]"); unset($_REQUEST["form"]); } @@ -202,7 +202,7 @@ if($result) { add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_AUTOREGISTRATION, - "Autoregistration [".addslashes($_REQUEST["pattern"])."]"); + "Autoregistration [".zbx_ads($_REQUEST["pattern"])."]"); } show_messages($result, S_AUTOREGISTRATION_DELETED, S_AUTOREGISTRATION_WAS_NOT_DELETED); } diff --git a/frontends/php/graphs.php b/frontends/php/graphs.php index d541ae43..aecac3c8 100644 --- a/frontends/php/graphs.php +++ b/frontends/php/graphs.php @@ -53,7 +53,7 @@ if($result) { add_audit(AUDIT_ACTION_ADD,AUDIT_RESOURCE_GRAPH, - "Graph [".addslashes($_REQUEST["name"])."]"); + "Graph [".zbx_ads($_REQUEST["name"])."]"); } show_messages($result, S_GRAPH_ADDED, S_CANNOT_ADD_GRAPH); } @@ -70,7 +70,7 @@ { add_audit(AUDIT_ACTION_ADD,AUDIT_RESOURCE_GRAPH, "Graph ID [".$_REQUEST["graphid"]."] Graph [". - addslashes($_REQUEST["name"])."]"); + zbx_ads($_REQUEST["name"])."]"); } show_messages($result, S_GRAPH_UPDATED, S_CANNOT_UPDATE_GRAPH); } @@ -82,7 +82,7 @@ if($result) { add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_GRAPH, - "Graph [".addslashes($graph["name"])."]"); + "Graph [".zbx_ads($graph["name"])."]"); } show_messages($result, S_GRAPH_DELETED, S_CANNOT_DELETE_GRAPH); unset($_REQUEST["graphid"]); diff --git a/frontends/php/hosts.php b/frontends/php/hosts.php index a022e569..cee75cbd 100644 --- a/frontends/php/hosts.php +++ b/frontends/php/hosts.php @@ -116,7 +116,7 @@ show_messages($result, $msg_ok, $msg_fail); if($result){ add_audit($audit_action,AUDIT_RESOURCE_HOST, - "Host [".addslashes($_REQUEST["host"])."] IP [".$_REQUEST["ip"]."] ". + "Host [".zbx_ads($_REQUEST["host"])."] IP [".$_REQUEST["ip"]."] ". "Status [".$_REQUEST["status"]."]"); unset($_REQUEST["form"]); @@ -135,7 +135,7 @@ if($result) { add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_HOST, - "Host [".addslashes($host["host"])."]"); + "Host [".zbx_ads($host["host"])."]"); unset($_REQUEST["form"]); unset($_REQUEST["hostid"]); @@ -153,7 +153,7 @@ if(!$res) continue; $host=get_host_by_hostid($db_host["hostid"]); add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_HOST, - "Host [".addslashes($host["host"])."]"); + "Host [".zbx_ads($host["host"])."]"); } show_messages($result, S_HOST_DELETED, NULL); } diff --git a/frontends/php/include/actions.inc.php b/frontends/php/include/actions.inc.php index 621d9adc..9e443b6f 100644 --- a/frontends/php/include/actions.inc.php +++ b/frontends/php/include/actions.inc.php @@ -136,7 +136,7 @@ { if($row["actions"]&1 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=DBselect($sql); while($row2=DBfetch($result2)) { @@ -182,12 +182,12 @@ { if($row["actions"]&4 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=dbselect($sql); #enumerate triggers while($row2=dbfetch($result2)) { - $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".addslashes($action["subject"])."' and userid=".$action["userid"]." and good=".$action["good"]." and scope=".$action["scope"]." and recipient=".$action["recipient"]." and severity=".$action["severity"]; + $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".zbx_ads($action["subject"])."' and userid=".$action["userid"]." and good=".$action["good"]." and scope=".$action["scope"]." and recipient=".$action["recipient"]." and severity=".$action["severity"]; $result3=dbselect($sql); #enumerate actions while($row3=dbfetch($result3)) @@ -229,12 +229,12 @@ { if($row["actions"]&2 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=dbselect($sql); #enumerate triggers while($row2=dbfetch($result2)) { - $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".addslashes($action["subject"])."'"; + $sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".zbx_ads($action["subject"])."'"; $result3=dbselect($sql); #enumerate actions while($row3=dbfetch($result3)) @@ -334,8 +334,7 @@ function add_action_condition($actionid, $conditiontype, $operator, $value) { - $value=addslashes($value); - $sql="insert into conditions (actionid,conditiontype,operator,value) values ($actionid,$conditiontype,$operator,'$value')"; + $sql="insert into conditions (actionid,conditiontype,operator,value) values ($actionid,$conditiontype,$operator,'".zbx_ads($value)."')"; $result=DBexecute($sql); return DBinsert_id($result,"conditions","conditionid"); } diff --git a/frontends/php/include/audit.inc.php b/frontends/php/include/audit.inc.php index 5364e121..20957b1c 100644 --- a/frontends/php/include/audit.inc.php +++ b/frontends/php/include/audit.inc.php @@ -23,10 +23,9 @@ { global $USER_DETAILS; - $details=addslashes($details); $userid=$USER_DETAILS["userid"]; $clock=time(); - $sql="insert into audit (userid,clock,action,resource,details) values ($userid,$clock,$action,$resource,'$details')"; + $sql="insert into audit (userid,clock,action,resource,details) values ($userid,$clock,$action,$resource,'".zbx_ads($details)."')"; return DBexecute($sql); } ?> diff --git a/frontends/php/include/autoregistration.inc.php b/frontends/php/include/autoregistration.inc.php index cbb7593f..f607dad7 100644 --- a/frontends/php/include/autoregistration.inc.php +++ b/frontends/php/include/autoregistration.inc.php @@ -29,9 +29,7 @@ return 0; } - $pattern=addslashes($pattern); - - $sql="insert into autoreg (pattern,priority,hostid) values ('$pattern',$priority,$hostid)"; + $sql="insert into autoreg (pattern,priority,hostid) values ('".zbx_ads($pattern)."',$priority,$hostid)"; $result=DBexecute($sql); if($result) { @@ -51,9 +49,7 @@ return 0; } - $pattern=addslashes($pattern); - - $sql="update autoreg set pattern='$pattern',priority=$priority,hostid=$hostid where id=$id"; + $sql="update autoreg set pattern='".zbx_ads($pattern)."',priority=$priority,hostid=$hostid where id=$id"; return DBexecute($sql); } diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php index 85e0077d..437c8b4f 100644 --- a/frontends/php/include/config.inc.php +++ b/frontends/php/include/config.inc.php @@ -690,10 +690,24 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! return $config; } + function show_infomsg() + { + global $INFO_MSG; + + if(is_array($INFO_MSG)) + { + echo "<p align=center class=\"info\">"; + while(list($key, $val)=each($INFO_MSG)) + { + echo $val."<br>"; + } + echo "</p>"; + } + } + function show_messages($bool=TRUE,$msg=NULL,$errmsg=NULL) { global $ERROR_MSG; - global $INFO_MSG; if(!$bool) { @@ -710,23 +724,18 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! $color="#223344"; } - echo "<p align=center>"; - echo "<font color='$color'>"; - if(isset($msg)) - echo "<b>[$msg]</b>"; - echo "</font>"; - echo "</p>"; - if(is_array($INFO_MSG)) + if(isset($msg)) { - echo "<p align=center class=\"info\">"; - while(list($key, $val)=each($INFO_MSG)) - { - echo $val."<br>"; - } + echo "<p align=center>"; + echo "<font color='$color'>"; + echo "<b>[$msg]</b>"; + echo "</font>"; echo "</p>"; } + show_infomsg(); + if(is_array($ERROR_MSG)) { echo "<p align=center class=\"error\">"; @@ -1458,7 +1467,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! if($files["image"]["error"]==0) if($files["image"]["size"]<1024*1024) { - $image=addslashes(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); + $image=zbx_ads(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); $sql="insert into images (name,imagetype,image) values ('$name',$imagetype,'$image')"; return DBexecute($sql); } @@ -1482,7 +1491,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! if($files["image"]["error"]==0) if($files["image"]["size"]<1024*1024) { - $image=addslashes(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); + $image=zbx_ads(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"]))); $sql="update images set name='$name',imagetype='$imagetype',image='$image' where imageid='$imageid'"; return DBexecute($sql); } @@ -1797,7 +1806,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! { $ret = 0; - $description=addslashes($description); + $description=zbx_ads($description); $sql="select * from media_type where description='$description' and mediatypeid!=$mediatypeid"; $result=DBexecute($sql); if(DBnum_rows($result)>0) @@ -1823,7 +1832,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!! return 0; } - $description=addslashes($description); + $description=zbx_ads($description); $sql="select * from media_type where description='$description'"; $result=DBexecute($sql); if(DBnum_rows($result)>0) diff --git a/frontends/php/include/items.inc.php b/frontends/php/include/items.inc.php index b2e02deb..56e1c5e3 100644 --- a/frontends/php/include/items.inc.php +++ b/frontends/php/include/items.inc.php @@ -107,14 +107,7 @@ $delta=0; } - $key=addslashes($key); - $description=addslashes($description); - $logtimefmt=addslashes($logtimefmt); - $snmpv3_securityname=addslashes($snmpv3_securityname); - $snmpv3_authpassphrase=addslashes($snmpv3_authpassphrase); - $snmpv3_privpassphrase=addslashes($snmpv3_privpassphrase); - - $sql="insert into items (description,key_,hostid,delay,history,nextcheck,status,type,snmp_community,snmp_oid,value_type,trapper_hosts,snmp_port,units,multiplier,delta,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authpassphrase,snmpv3_privpassphrase,formula,trends,logtimefmt) values ('$description','$key',$hostid,$delay,$history,0,$status,$type,'$snmp_community','$snmp_oid',$value_type,'$trapper_hosts',$snmp_port,'$units',$multiplier,$delta,'$snmpv3_securityname',$snmpv3_securitylevel,'$snmpv3_authpassphrase','$snmpv3_privpassphrase','$formula',$trends,'$logtimefmt')"; + $sql="insert into items (description,key_,hostid,delay,history,nextcheck,status,type,snmp_community,snmp_oid,value_type,trapper_hosts,snmp_port,units,multiplier,delta,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authpassphrase,snmpv3_privpassphrase,formula,trends,logtimefmt) values ('".zbx_ads($description)."','".zbx_ads($key)."',".zbx_ads($hostid).",".zbx_ads($delay).",".zbx_ads($history).",0,".zbx_ads($status).",".zbx_ads($type).",'".zbx_ads($snmp_community)."','".zbx_ads($snmp_oid)."',".zbx_ads($value_type).",'".zbx_ads($trapper_hosts)."',".zbx_ads($snmp_port).",'".zbx_ads($units)."',".zbx_ads($multiplier).",".zbx_ads($delta).",'".zbx_ads($snmpv3_securityname)."',".zbx_ads($snmpv3_securitylevel).",'".zbx_ads($snmpv3_authpassphrase)."','".zbx_ads($snmpv3_privpassphrase)."','".zbx_ads($formula)."',".zbx_ads($trends).",'".zbx_ads($logtimefmt)."')"; $result=DBexecute($sql); if($result) { @@ -167,17 +160,10 @@ $delta=0; } - $key=addslashes($key); - $description=addslashes($description); - $logtimefmt=addslashes($logtimefmt); - $snmpv3_securityname=addslashes($snmpv3_securityname); - $snmpv3_authpassphrase=addslashes($snmpv3_authpassphrase); - $snmpv3_privpassphrase=addslashes($snmpv3_privpassphrase); - - $sql="update items set lastlogsize=0 where itemid=$itemid and key_<>'$key'"; + $sql="update items set lastlogsize=0 where itemid=".zbx_ads($itemid)." and key_<>'".zbx_ads($key)."'"; DBexecute($sql); - $sql="update items set description='$description',key_='$key',hostid=$hostid,delay=$delay,history=$history,nextcheck=0,status=$status,type=$type,snmp_community='$snmp_community',snmp_oid='$snmp_oid',value_type=$value_type,trapper_hosts='$trapper_hosts',snmp_port=$snmp_port,units='$units',multiplier=$multiplier,delta=$delta,snmpv3_securityname='$snmpv3_securityname',snmpv3_securitylevel=$snmpv3_securitylevel,snmpv3_authpassphrase='$snmpv3_authpassphrase',snmpv3_privpassphrase='$snmpv3_privpassphrase',formula='$formula',trends=$trends,logtimefmt='$logtimefmt' where itemid=$itemid"; + $sql="update items set description='".zbx_ads($description)."',key_='".zbx_ads($key)."',hostid=".zbx_ads($hostid).",delay=".zbx_ads($delay).",history=".zbx_ads($history).",nextcheck=0,status=".zbx_ads($status).",type=".zbx_ads($type).",snmp_community='".zbx_ads($snmp_community)."',snmp_oid='".zbx_ads($snmp_oid)."',value_type=".zbx_ads($value_type).",trapper_hosts='".zbx_ads($trapper_hosts)."',snmp_port=".zbx_ads($snmp_port).",units='".zbx_ads($units)."',multiplier=".zbx_ads($multiplier).",delta=".zbx_ads($delta).",snmpv3_securityname='".zbx_ads($snmpv3_securityname)."',snmpv3_securitylevel=".zbx_ads($snmpv3_securitylevel).",snmpv3_authpassphrase='".zbx_ads($snmpv3_authpassphrase)."',snmpv3_privpassphrase='".zbx_ads($snmpv3_privpassphrase)."',formula='".zbx_ads($formula)."',trends=".zbx_ads($trends).",logtimefmt='".zbx_ads($logtimefmt)."' where itemid=".zbx_ads($itemid); $result=DBexecute($sql); if($result) { diff --git a/frontends/php/include/profiles.inc.php b/frontends/php/include/profiles.inc.php index db66663a..e94ff270 100644 --- a/frontends/php/include/profiles.inc.php +++ b/frontends/php/include/profiles.inc.php @@ -38,19 +38,7 @@ return 0; } - $devicetype=addslashes($devicetype); - $name=addslashes($name); - $os=addslashes($os); - $serialno=addslashes($serialno); - $tag=addslashes($tag); - $macaddress=addslashes($macaddress); - $hardware=addslashes($hardware); - $software=addslashes($software); - $contact=addslashes($contact); - $location=addslashes($location); - $notes=addslashes($notes); - - $sql="insert into hosts_profiles (hostid,devicetype,name,os,serialno,tag,macaddress,hardware,software,contact,location,notes) values ($hostid,'$devicetype','$name','$os','$serialno','$tag','$macaddress','$hardware','$software','$contact','$location','$notes')"; + $sql="insert into hosts_profiles (hostid,devicetype,name,os,serialno,tag,macaddress,hardware,software,contact,location,notes) values (".zbx_ads($hostid).",'".zbx_ads($devicetype)."','".zbx_ads($name)."','".zbx_ads($os)."','".zbx_ads($serialno)."','".zbx_ads($tag)."','".zbx_ads($macaddress)."','".zbx_ads($hardware)."','".zbx_ads($software)."','".zbx_ads($contact)."','".zbx_ads($location)."','".zbx_ads($notes)."')"; $result=DBexecute($sql); return $result; @@ -75,19 +63,7 @@ return 0; } - $devicetype=addslashes($devicetype); - $name=addslashes($name); - $os=addslashes($os); - $serialno=addslashes($serialno); - $tag=addslashes($tag); - $macaddress=addslashes($macaddress); - $hardware=addslashes($hardware); - $software=addslashes($software); - $contact=addslashes($contact); - $location=addslashes($location); - $notes=addslashes($notes); - - $sql="update hosts_profiles set devicetype='$devicetype',name='$name',os='$os',serialno='$serialno',tag='$tag',macaddress='$macaddress',hardware='$hardware',software='$software',contact='$contact',location='$location',notes='$notes' where hostid=$hostid"; + $sql="update hosts_profiles set devicetype='".zbx_ads($devicetype)."',name='".zbx_ads($name)."',os='".zbx_ads($os)."',serialno='".zbx_ads($serialno)."',tag='".zbx_ads($tag)."',macaddress='".zbx_ads($macaddress)."',hardware='".zbx_ads($hardware)."',software='".zbx_ads($software)."',contact='".zbx_ads($contact)."',location='".zbx_ads($location)."',notes='".zbx_ads($notes)."' where hostid=".zbx_ads($hostid); $result=DBexecute($sql); return $result; diff --git a/frontends/php/include/services.inc.php b/frontends/php/include/services.inc.php index 2d791c69..7a63d508 100644 --- a/frontends/php/include/services.inc.php +++ b/frontends/php/include/services.inc.php @@ -42,7 +42,7 @@ // { $description=expand_trigger_description($triggerid); // } - $description=addslashes($description); + $description=zbx_ads($description); $sql="insert into services (name,triggerid,status,algorithm,showsla,goodsla,sortorder) values ('$description',$triggerid,0,$algorithm,$showsla,$goodsla,$sortorder)"; } else diff --git a/frontends/php/include/triggers.inc.php b/frontends/php/include/triggers.inc.php index be904fbf..7e3d3fd3 100644 --- a/frontends/php/include/triggers.inc.php +++ b/frontends/php/include/triggers.inc.php @@ -27,8 +27,7 @@ return 0; } - $comments=addslashes($comments); - $sql="update triggers set comments='$comments' where triggerid=$triggerid"; + $sql="update triggers set comments='".zbx_ads($comments)."' where triggerid=".zbx_ads($triggerid); return DBexecute($sql); } @@ -110,8 +109,7 @@ // return 0; // } -# $description=addslashes($description); - $sql="insert into triggers (description,priority,status,comments,url,value,error) values ('$description',$priority,$status,'$comments','$url',2,'Trigger just added. No status update so far.')"; + $sql="insert into triggers (description,priority,status,comments,url,value,error) values ('".zbx_ads($description)."',".zbx_ads($priority).",".zbx_ads($status).",'".zbx_ads($comments)."','".zbx_ads($url)."',2,'Trigger just added. No status update so far.')"; # echo $sql,"<br>"; $result=DBexecute($sql); if(!$result) @@ -124,7 +122,7 @@ add_alarm($triggerid,2); $expression=implode_exp($expression,$triggerid); - $sql="update triggers set expression='$expression' where triggerid=$triggerid"; + $sql="update triggers set expression='".zbx_ads($expression)."' where triggerid=".zbx_ads($triggerid); # echo $sql,"<br>"; DBexecute($sql); reset_items_nextcheck($triggerid); @@ -339,7 +337,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid"; { if($row["triggers"]&3 == 0) continue; #get triggers - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=DBselect($sql); // Loop: triggers while($row2=DBfetch($result2)) @@ -424,7 +422,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid"; if($row["triggers"]&1 == 0) continue; - $sql="insert into triggers (description,priority,status,comments,url,value,expression) values ('".addslashes($trigger["description"])."',".$trigger["priority"].",".$trigger["status"].",'".addslashes($trigger["comments"])."','".addslashes($trigger["url"])."',2,'$expression_old')"; + $sql="insert into triggers (description,priority,status,comments,url,value,expression) values ('".zbx_ads($trigger["description"])."',".$trigger["priority"].",".$trigger["status"].",'".zbx_ads($trigger["comments"])."','".zbx_ads($trigger["url"])."',2,'$expression_old')"; $result4=DBexecute($sql); $triggerid_new=DBinsert_id($result4,"triggers","triggerid"); @@ -491,7 +489,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid"; { if($row["triggers"]&4 == 0) continue; - $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; + $sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"]; $result2=DBselect($sql); while($row2=DBfetch($result2)) { diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php index 35196f9d..ff0279d2 100644 --- a/frontends/php/include/validate.inc.php +++ b/frontends/php/include/validate.inc.php @@ -19,6 +19,12 @@ **/ ?> <?php + function zbx_adds($var) + { + if(!get_magic_quotes_gpc()) return addslashes($var); + else return $var; + } + function BETWEEN($min,$max) { return "({}>=$min&&{}<=$max)&&"; @@ -73,7 +79,7 @@ { if(!isset($fields[$key])) { -//// echo "Unset: $key<br>"; + echo "Unset: $key<br>"; unset($_REQUEST[$key]); } } @@ -103,6 +109,7 @@ if(($flags&P_ACT)&&(isset($_REQUEST[$field]))) { // info("Unset:".$field); + echo "Unset:".$field."<br>"; unset($_REQUEST[$field]); } } @@ -112,6 +119,8 @@ { foreach($_REQUEST as $key => $val) { +// info("Unset:".$_REQUEST[$key]); + echo "Unset:".$_REQUEST[$key]."<br>"; unset($_REQUEST[$key]); } } @@ -122,15 +131,13 @@ $ret = TRUE; - return $ret; - $critical = FALSE; foreach($fields as $field => $checks) { list($type,$opt,$flags,$validation,$exception)=$checks; -// info("Field: $field"); +// echo "Field: $field<br>"; if($exception==NULL) $except=FALSE; else $except=calc_exp($fields,$field,$exception); @@ -241,10 +248,6 @@ } } } - - if(isset($_REQUEST[$field])&&!get_magic_quotes_gpc()) { - $_REQUEST[$field]=addslashes($_REQUEST[$field]); - } } unset_not_in_list($fields); unset_if_zero($fields); @@ -258,7 +261,7 @@ { unset_action_vars($fields); } - show_messages(); + show_infomsg(); return $ret; } ?> diff --git a/frontends/php/overview.php b/frontends/php/overview.php index 657405d2..25b5411d 100644 --- a/frontends/php/overview.php +++ b/frontends/php/overview.php @@ -224,14 +224,14 @@ $_REQUEST["sort"]="order by i.description"; } // $sql="select distinct description from items order by 1;"; - $sql="select distinct t.description from hosts h,items i,hosts_groups hg,triggers t,functions f where h.status=".HOST_STATUS_MONITORED." and t.status=".TRIGGER_STATUS_ENABLED." and h.hostid=i.hostid and hg.groupid=".$_REQUEST["groupid"]." and hg.hostid=h.hostid and t.triggerid=f.triggerid and f.itemid=i.itemid order by 1"; + $sql="select distinct t.description from hosts h,items i,hosts_groups hg,triggers t,functions f where h.status=".HOST_STATUS_MONITORED." and t.status=".TRIGGER_STATUS_ENABLED." and h.hostid=i.hostid and hg.groupid=".zbx_ads($_REQUEST["groupid"])." and hg.hostid=h.hostid and t.triggerid=f.triggerid and f.itemid=i.itemid order by 1"; $result=DBselect($sql); while($row=DBfetch($result)) { $rows=array(nbsp($row["description"])); foreach($hosts as $hostid) { - $sql="select t.status,t.value,t.lastchange from triggers t,functions f,items i where f.triggerid=t.triggerid and i.itemid=f.itemid and t.status=".TRIGGER_STATUS_ENABLED." and i.hostid=$hostid and t.description='".addslashes($row["description"])."'"; + $sql="select t.status,t.value,t.lastchange from triggers t,functions f,items i where f.triggerid=t.triggerid and i.itemid=f.itemid and t.status=".TRIGGER_STATUS_ENABLED." and i.hostid=".zbx_ads($hostid)." and t.description='".zbx_ads($row["description"])."'"; $result2=DBselect($sql); if(DBnum_rows($result2)==1) { diff --git a/frontends/php/users.php b/frontends/php/users.php index 308ef3bb..bc709a24 100644 --- a/frontends/php/users.php +++ b/frontends/php/users.php @@ -96,9 +96,9 @@ } if($result){ add_audit($action,AUDIT_RESOURCE_USER, - "User alias [".addslashes($_REQUEST["alias"]). - "] name [".addslashes($_REQUEST["name"])."] surname [". - addslashes($_REQUEST["surname"])."]]"); + "User alias [".zbx_ads($_REQUEST["alias"]). + "] name [".zbx_ads($_REQUEST["name"])."] surname [". + zbx_ads($_REQUEST["surname"])."]]"); unset($_REQUEST["form"]); } } |