From 4a7283dda87138deeec4e725f4ce6942170e740b Mon Sep 17 00:00:00 2001 From: Mike McGrath Date: Dec 01 2009 15:19:47 +0000 Subject: official patches --- diff --git a/cacti.spec b/cacti.spec index 69195f6..1be25b8 100644 --- a/cacti.spec +++ b/cacti.spec @@ -1,6 +1,6 @@ Name: cacti Version: 0.8.7e -Release: 1%{?dist} +Release: 3%{?dist} Summary: An rrd based graphing tool Group: Applications/System @@ -11,6 +11,10 @@ Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz Source1: cacti-httpd.conf Source2: cacti.logrotate Source3: cacti.README.Fedora +Patch0: cli_add_graph.patch +Patch1: snmp_invalid_response.patch +Patch2: template_duplication.patch +Patch3: cross_site_fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -30,6 +34,10 @@ used to creating traffic graphs with MRTG. %prep %setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron @@ -105,6 +113,11 @@ fi %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib %changelog +* Tue Dec 1 2009 Mike McGrath - 0.8.7e-3 +- Pulling in some official patches +- #541279 +- #541962 + * Sun Aug 16 2009 Mike McGrath - 0.8.7e-1 - Upstream released new version diff --git a/cli_add_graph.patch b/cli_add_graph.patch new file mode 100644 index 0000000..b82d21a --- /dev/null +++ b/cli_add_graph.patch @@ -0,0 +1,11 @@ +--- ../tags/0.8.7e/cli/add_graphs.php 2009-06-28 12:34:31.000000000 -0400 ++++ 0.8.7/cli/add_graphs.php 2009-08-18 20:04:44.000000000 -0400 +@@ -570,7 +570,7 @@ + echo " 3|Fields = Verify all Fields\n"; + echo "List Options:\n"; + echo " --list-hosts\n"; +- echo " --list-graph-templates [--host_template=[ID]]\n"; ++ echo " --list-graph-templates [--host-template-id=[ID]]\n"; + echo " --list-input-fields --graph-template-id=[ID]\n"; + echo " --list-snmp-queries\n"; + echo " --list-query-types --snmp-query-id [ID]\n"; diff --git a/cross_site_fix.patch b/cross_site_fix.patch new file mode 100644 index 0000000..ddc9e2e --- /dev/null +++ b/cross_site_fix.patch @@ -0,0 +1,175 @@ +--- cacti-0.8.7e/graph.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-0.8.7e-patched/graph.php 2009-11-21 23:10:16.000000000 -0500 +@@ -35,6 +35,8 @@ + /* ================= input validation ================= */ + input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); + input_validate_input_number(get_request_var("local_graph_id")); ++input_validate_input_number(get_request_var("graph_end")); ++input_validate_input_number(get_request_var("graph_start")); + input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); + /* ==================================================== */ + +--- cacti-0.8.7e/include/top_graph_header.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-0.8.7e-patched/include/top_graph_header.php 2009-11-21 23:15:27.000000000 -0500 +@@ -58,7 +58,7 @@ + if ($_SESSION["custom"]) { + print "\r\n"; + }else{ +- print "\r\n"; ++ print "\r\n"; + } + } + ?> +@@ -113,7 +113,7 @@ + + + +- " height="2" border="0">
++ " height="2" border="0">
+ + + +@@ -144,7 +144,7 @@ + + + +- ++ +
+ + +--- cacti-0.8.7e/lib/html_form.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-0.8.7e-patched/lib/html_form.php 2009-11-21 23:15:40.000000000 -0500 +@@ -235,13 +235,21 @@ + + if (sizeof($items) > 0) { + foreach ($items as $item) { +- print $item["name"] . "
"; ++ print htmlspecialchars($item["name"],ENT_QUOTES) . "
"; + } + } + + break; ++ case 'font': ++ form_font_box($field_name, $field_array["value"], ++ ((isset($field_array["default"])) ? $field_array["default"] : ""), ++ $field_array["max_length"], ++ ((isset($field_array["size"])) ? $field_array["size"] : "40"), "text", ++ ((isset($field_array["form_id"])) ? $field_array["form_id"] : "")); ++ ++ break; + default: +- print "" . $field_array["value"] . ""; ++ print "" . htmlspecialchars($field_array["value"],ENT_QUOTES) . ""; + + form_hidden_box($field_name, $field_array["value"], ""); + +@@ -384,7 +392,7 @@ + $form_previous_value = $form_default_value; + } + +- print "\n"; ++ print "\n"; + } + + /* form_dropdown - draws a standard html dropdown box +@@ -568,7 +576,7 @@ + } + } + +- print ">". $array_display[$id]; ++ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES); + print "\n"; + } + +@@ -627,6 +635,65 @@ + print "\n"; + } + ++/* form_font_box - draws a standard html textbox and provides status of a fonts existence ++ @arg $form_name - the name of this form element ++ @arg $form_previous_value - the current value of this form element ++ @arg $form_default_value - the value of this form element to use if there is ++ no current value available ++ @arg $form_max_length - the maximum number of characters that can be entered ++ into this textbox ++ @arg $form_size - the size (width) of the textbox ++ @arg $type - the type of textbox, either 'text' or 'password' ++ @arg $current_id - used to determine if a current value for this form element ++ exists or not. a $current_id of '0' indicates that no current value exists, ++ a non-zero value indicates that a current value does exist */ ++function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) { ++ if (($form_previous_value == "") && (empty($current_id))) { ++ $form_previous_value = $form_default_value; ++ } ++ ++ print ""; ++ } else { ++ $extra_data = "
[" . "OK: FONT FOUND" . "]"; ++ } ++ } elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" || ++ read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files ++ if (is_file($form_previous_value)) { ++ $extra_data = "
[" . "OK: FILE FOUND" . "]"; ++ }else if (is_dir($form_previous_value)) { ++ $extra_data = "
[" . "ERROR: IS DIR" . "]"; ++ }else{ ++ $extra_data = "
[" . "ERROR: FILE NOT FOUND" . "]"; ++ } ++ } # will be used for future versions of rrdtool ++ } ++ ++ print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data; ++} ++ + /* form_confirm - draws a table presenting the user with some choice and allowing + them to either proceed (delete) or cancel + @arg $body_text - the text to prompt the user with on this form +--- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400 ++++ cacti-0.8.7e-patched/lib/timespan_settings.php 2009-11-21 23:15:49.000000000 -0500 +@@ -125,9 +125,9 @@ + if (isset($_POST["date1"])) { + /* the dates have changed, therefore, I am now custom */ + if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) { +- $timespan["current_value_date1"] = $_POST["date1"]; ++ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); + $timespan["begin_now"] =strtotime($timespan["current_value_date1"]); +- $timespan["current_value_date2"] = $_POST["date2"]; ++ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); + $timespan["end_now"]=strtotime($timespan["current_value_date2"]); + $_SESSION["sess_current_timespan"] = GT_CUSTOM; + $_SESSION["custom"] = 1; +@@ -135,8 +135,8 @@ + }else { + /* the default button wasn't pushed */ + if (!isset($_POST["button_clear_x"])) { +- $timespan["current_value_date1"] = $_POST["date1"]; +- $timespan["current_value_date2"] = $_POST["date2"]; ++ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]); ++ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]); + $timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"]; + $timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"]; + diff --git a/snmp_invalid_response.patch b/snmp_invalid_response.patch new file mode 100644 index 0000000..5b2dd20 --- /dev/null +++ b/snmp_invalid_response.patch @@ -0,0 +1,25 @@ +--- ../tags/0.8.7e/include/global_arrays.php 2009-06-28 12:34:31.000000000 -0400 ++++ 0.8.7/include/global_arrays.php 2009-08-18 20:04:44.000000000 -0400 +@@ -174,6 +174,10 @@ + "DES" => "DES (default)", + "AES128" => "AES"); + ++$banned_snmp_strings = array( ++ "End of MIB", ++ "No Such"); ++ + $logfile_options = array(1 => + "Logfile Only", + "Logfile and Syslog/Eventlog", +--- ../tags/0.8.7e/lib/snmp.php 2009-06-28 12:34:30.000000000 -0400 ++++ 0.8.7/lib/snmp.php 2009-08-18 20:04:44.000000000 -0400 +@@ -27,9 +27,6 @@ + define("SNMP_METHOD_PHP", 1); + define("SNMP_METHOD_BINARY", 2); + +-/* declare once, use many times */ +-$banned_snmp_strings = array("End of MIB", "No Such"); +- + /* we must use an apostrophe to escape community names under Unix in case the user uses + characters that the shell might interpret. the ucd-snmp binaries on Windows flip out when + you do this, but are perfectly happy with a quotation mark. */ diff --git a/template_duplication.patch b/template_duplication.patch new file mode 100644 index 0000000..cd6ff4b --- /dev/null +++ b/template_duplication.patch @@ -0,0 +1,234 @@ +diff -ruBbd 0.8.7e/cli/repair_templates.php 0.8.7/cli/repair_templates.php +--- 0.8.7e/cli/repair_templates.php 2009-08-18 22:03:22.000000000 -0400 ++++ 0.8.7/cli/repair_templates.php 2009-08-20 07:43:54.000000000 -0400 +@@ -0,0 +1,135 @@ ++This script is only meant to run at the command line."); ++} ++ ++$no_http_headers = true; ++ ++include(dirname(__FILE__) . "/../include/global.php"); ++include_once("../lib/utility.php"); ++include_once("../lib/template.php"); ++ ++/* process calling arguments */ ++$parms = $_SERVER["argv"]; ++array_shift($parms); ++ ++$execute = FALSE; ++ ++foreach($parms as $parameter) { ++ @list($arg, $value) = @explode("=", $parameter); ++ ++ switch ($arg) { ++ case "--execute": ++ $execute = TRUE; ++ break; ++ case "-h": ++ case "-v": ++ case "-V": ++ case "--version": ++ case "--help": ++ display_help(); ++ exit; ++ default: ++ print "ERROR: Invalid Parameter " . $parameter . "\n\n"; ++ display_help(); ++ exit; ++ } ++} ++ ++if ($execute) { ++ echo "NOTE: Repairing All Duplicated Templates\n"; ++} else { ++ echo "NOTE: Performing Check of Templates\n"; ++} ++ ++/* repair data templates first */ ++if ($execute) { ++ echo "NOTE: Repairing Data Templates\n"; ++} else { ++ echo "NOTE: Performing Check of Data Templates\n"; ++} ++ ++$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT data_template_id FROM data_template_rrd WHERE hash='' AND local_data_id=0"); ++if (sizeof($damaged_template_ids)) { ++ foreach($damaged_template_ids as $id) { $template_name = db_fetch_cell("SELECT name FROM data_template WHERE id=" . $id["data_template_id"]); ++ echo "NOTE: Data Template '$template_name' is Damaged and can be repaired\n"; ++ } ++ ++ $damaged_templates = db_fetch_assoc("SELECT * FROM data_template_rrd WHERE hash='' AND local_data_id=0"); ++ if (sizeof($damaged_templates)) { ++ echo "NOTE: -- Damaged Data Templates Objects Found is '" . sizeof($damaged_templates) . "'\n"; ++ if ($execute) { ++ foreach($damaged_templates as $template) { ++ $hash = get_hash_data_template($template["local_data_template_rrd_id"], "data_template_item"); ++ db_execute("UPDATE data_template_rrd SET hash='$hash' WHERE id=" . $template["id"]); ++ } ++ } ++ } ++} else { ++ echo "NOTE: No Damaged Data Templates Found\n"; ++} ++ ++/* reset the array */ ++$damaged_templates = array(); ++ ++/* repair graph templates */ ++if ($execute) { ++ echo "NOTE: Repairing Graph Templates\n"; ++} else { ++ echo "NOTE: Performing Check of Graph Templates\n"; ++} ++ ++$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT graph_template_id FROM graph_template_input WHERE hash=''"); ++if (sizeof($damaged_template_ids)) { ++ foreach($damaged_template_ids as $id) { ++ $template_name = db_fetch_cell("SELECT name FROM graph_templates WHERE id=" . $id["graph_template_id"]); ++ echo "NOTE: Graph Template '$template_name' is Damaged and can be repaired\n"; ++ } ++ ++ $damaged_templates = db_fetch_assoc("SELECT * FROM graph_template_input WHERE hash=''"); ++ if (sizeof($damaged_templates)) { ++ echo "NOTE: -- Damaged Graph Templates Objects Found is '" . sizeof($damaged_templates) . "'\n"; ++ if ($execute) { ++ foreach($damaged_templates as $template) { ++ $hash = get_hash_graph_template(0, "graph_template_input"); ++ db_execute("UPDATE graph_template_input SET hash='$hash' WHERE id=" . $template["id"]); ++ } ++ } ++ } ++} else { ++ echo "NOTE: No Damaged Graph Templates Found\n"; ++} ++ ++ ++/* display_help - displays the usage of the function */ ++function display_help () { ++ print "Cacti Database Template Repair Tool v1.0, Copyright 2004-2009 - The Cacti Group\n\n"; ++ print "usage: repair_templates.php --execute [--help]\n\n"; ++ print "--execute - Perform the repair\n"; ++ print "--help - display this help message\n"; ++} ++?> +diff -ruBbd 0.8.7e/docs/README 0.8.7/docs/README +--- 0.8.7e/docs/README 2009-08-18 21:57:30.000000000 -0400 ++++ 0.8.7/docs/README 2009-08-18 21:58:09.000000000 -0400 +@@ -90,6 +90,9 @@ + table + poller_reindex_hosts.php - Cause data query reindex on hosts + rebuild_poller_cache.php - Rebuilds the poller cache ++ repair_templates.php - Certain templates, when created using the "duplicate" ++ function in Cacti, do not import/export well. This utility repairs ++ those templates. + + + +diff -ruBbd 0.8.7e/lib/export.php 0.8.7/lib/export.php +--- 0.8.7e/lib/export.php 2009-08-18 21:56:47.000000000 -0400 ++++ 0.8.7/lib/export.php 2009-08-18 21:57:50.000000000 -0400 +@@ -811,7 +811,9 @@ + } + + function xml_character_encode($text) { +- ++ if (function_exists("htmlspecialchars")) { ++ return htmlspecialchars($text, ENT_QUOTES, "UTF-8"); ++ } else { + $text = str_replace("&", "&", $text); + $text = str_replace(">", ">", $text); + $text = str_replace("<", "<", $text); +@@ -819,6 +821,7 @@ + $text = str_replace("\'", "'", $text); + + return $text; ++ } + } + + ?> +diff -ruBbd 0.8.7e/lib/import.php 0.8.7/lib/import.php +--- 0.8.7e/lib/import.php 2009-08-18 21:56:59.000000000 -0400 ++++ 0.8.7/lib/import.php 2009-08-18 21:57:55.000000000 -0400 +@@ -36,10 +36,6 @@ + return $info_array; + } + +- if (isset($xml_array["name"])) { +- $xml_array["name"] = htmlspecialchars($xml_array["name"]); +- } +- + while (list($hash, $hash_array) = each($xml_array)) { + /* parse information from the hash */ + $parsed_hash = parse_xml_hash($hash); +@@ -115,7 +111,7 @@ + $_graph_template_id = db_fetch_cell("select id from graph_templates where hash='$hash'"); + $save["id"] = (empty($_graph_template_id) ? "0" : $_graph_template_id); + $save["hash"] = $hash; +- $save["name"] = htmlspecialchars($xml_array["name"]); ++ $save["name"] = $xml_array["name"]; + $graph_template_id = sql_save($save, "graph_templates"); + + $hash_cache["graph_template"][$hash] = $graph_template_id; +@@ -914,9 +910,13 @@ + } + + function xml_character_decode($text) { ++ if (function_exists("html_entity_decode")) { ++ return html_entity_decode($text, ENT_QUOTES, "UTF-8"); ++ } else { + $trans_tbl = get_html_translation_table(HTML_ENTITIES); + $trans_tbl = array_flip($trans_tbl); + return strtr($text, $trans_tbl); ++ } + } + + ?> +diff -ruBbd 0.8.7e/lib/utility.php 0.8.7/lib/utility.php +--- 0.8.7e/lib/utility.php 2009-08-18 21:57:08.000000000 -0400 ++++ 0.8.7/lib/utility.php 2009-08-18 21:58:00.000000000 -0400 +@@ -346,6 +346,7 @@ + $save["name"] = $graph_template_input["name"]; + $save["description"] = $graph_template_input["description"]; + $save["column_name"] = $graph_template_input["column_name"]; ++ $save["hash"] = get_hash_graph_template(0, "graph_template_input"); + + $graph_template_input_id = sql_save($save, "graph_template_input"); + +@@ -436,6 +437,11 @@ + $save["local_data_id"] = (isset($local_data_id) ? $local_data_id : 0); + $save["local_data_template_rrd_id"] = (isset($data_template_rrd["local_data_template_rrd_id"]) ? $data_template_rrd["local_data_template_rrd_id"] : 0); + $save["data_template_id"] = (!empty($_local_data_id) ? $data_template_rrd["data_template_id"] : $data_template_id); ++ if ($save["local_data_id"] == 0) { ++ $save["hash"] = get_hash_data_template($data_template_rrd["local_data_template_rrd_id"], "data_template_item"); ++ } else { ++ $save["hash"] = ''; ++ } + + while (list($field, $array) = each($struct_data_source_item)) { + $save{$field} = $data_template_rrd{$field};