Changes of Revision 24
| [-] | Changed | cacti.changes |
|
x 1 2 -------------------------------------------------------------------3 +Sat Mar 15 15:45:31 UTC 2014 - cs@linux-administrator.com4 +5 +- update spec6 +- added cacti-0.8.8b_COMMENT.patch 7 +8 +-------------------------------------------------------------------9 Wed Aug 7 19:46:08 UTC 2013 - cs@linux-administrator.com10 11 - udpate to release 0.8.8b12 |
||
| [-] | Changed | cacti.spec ^ |
|
17 1 2 Source2: %{name}-httpd.conf3 Source3: %{name}.logrotate4 Patch0: %{name}-%{version}-cacti-log-path.patch5 +Patch1: cacti-0.8.8b_COMMENT.patch6 Requires: http_daemon net-snmp rrdtool php 7 Recommends: mod_php_any8 Recommends: php-fpm9 10 %prep11 %setup -q12 %patch013 +%patch114 15 %build16 find . -iname \*.orig -exec rm {} \;17 |
||
| [+] | Added | cacti-0.8.8b_COMMENT.patch ^ |
| @@ -0,0 +1,41 @@ +--- lib/rrd.php 2013-10-22 14:42:51.990441850 -0500 ++++ lib/rrd.php 2013-12-23 18:10:18.282876688 -0600 +@@ -1343,20 +1343,20 @@ + $need_rrd_nl = TRUE; + + if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") { ++ # perform variable substitution first (in case this will yield an empty results or brings command injection problems) ++ $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item); ++ # next, compute the argument of the COMMENT statement and perform injection counter measures ++ if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care ++ $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]); ++ } else { ++ $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]); ++ } ++ ++ # create rrdtool specific command line + if (read_config_option("rrdtool_version") != "rrd-1.0.x") { +- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " "; +- if (trim($comment_string) == 'COMMENT:"\n"') { +- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work +- } else if (trim($comment_string) != "COMMENT:\"\"") { +- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item); +- } ++ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " "; + }else { +- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " "; +- if (trim($comment_string) == 'COMMENT:"\n"') { +- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work +- } else if (trim($comment_string) != "COMMENT:\"\"") { +- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item); +- } ++ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " "; + } + }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) { + $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */ +@@ -2097,3 +2097,4 @@ + } + + ?> ++ + | ||