[Nagvis-checkins] SF.net Git: nagvis: Added options to prevent ids/ ips problems with ajax urls on bulk updates

Sun, 02 Aug 2009 12:26:58 -0700 

Module: nagvis
Branch: nagvis-1.4
Commit: 9738019a7b163e832b576d2c42badadd07b6b11a
URL:    
http://nagvis.git.sourceforge.net/git/gitweb.cgi?p=nagvis/nagvis/commit/?id=9738019a7b163e832b576d2c42badadd07b6b11a

Author: Lars Michelsen <[email protected]>
Date:   Sun Aug  2 21:26:25 2009 +0200

Added options to prevent ids/ips problems with ajax urls on bulk updates

---

 .../en_US/nagvis_config_format_description.html    |    6 ++++
 nagvis/etc/nagvis.ini.php-sample                   |    8 +++++
 nagvis/nagvis/includes/classes/GlobalMainCfg.php   |   10 +++++++
 nagvis/nagvis/includes/js/frontend.js              |   29 ++++++++++++-------
 4 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/nagvis/docs/en_US/nagvis_config_format_description.html 
b/nagvis/docs/en_US/nagvis_config_format_description.html
index 07b877e..b2cc917 100644
--- a/nagvis/docs/en_US/nagvis_config_format_description.html
+++ b/nagvis/docs/en_US/nagvis_config_format_description.html
@@ -258,6 +258,12 @@
                <td> interval </td><td> 5 </td><td> The interval in seconds in 
which the worker will check for objects which need to be updated. </td>

                </tr>

                <tr>

+               <td> requestmaxparams</td><td>0</td><td>The maximum number of 
parameters used in ajax http requests Some intrusion detection/prevention 
systems have a problem with too many parameters in the url. Give 0 for no 
limit.</td>

+               </tr>

+               <tr>

+               <td> requestmaxlength</td><td>1900</td><td>The maxium length of 
http request urls during ajax http requests. Some intrusion 
detection/prevention systems have a problem with too long queries.</td>

+               </tr>

+               <tr>

                <td> updateobjectstates </td><td> 15 </td><td> The retention 
time of the states in seconds in the frontend. The state information will be 
refreshed after this time is over on next worker interval. </td>

                </tr>

                </table>

diff --git a/nagvis/etc/nagvis.ini.php-sample b/nagvis/etc/nagvis.ini.php-sample
index e497d71..8730355 100644
--- a/nagvis/etc/nagvis.ini.php-sample
+++ b/nagvis/etc/nagvis.ini.php-sample
@@ -141,6 +141,14 @@
 ; The interval in seconds in which the worker will check for objects which need
 ; to be updated
 ;interval=10
+; The maximum number of parameters used in ajax http requests
+; Some intrusion detection/prevention systems have a problem with
+; too many parameters in the url. Give 0 for no limit.
+;requestmaxparams=0
+; The maxium length of http request urls during ajax http requests
+; Some intrusion detection/prevention systems have a problem with
+; too long queries
+;requestmaxlength=1900
 ; The retention time of the states in the frontend in seconds. The state 
 ; information will be refreshed after this time
 ;updateobjectstates=30
diff --git a/nagvis/nagvis/includes/classes/GlobalMainCfg.php 
b/nagvis/nagvis/includes/classes/GlobalMainCfg.php
index 989d704..90b5312 100644
--- a/nagvis/nagvis/includes/classes/GlobalMainCfg.php
+++ b/nagvis/nagvis/includes/classes/GlobalMainCfg.php
@@ -400,6 +400,14 @@ class GlobalMainCfg {
                                'updateobjectstates' => Array('must' => 0,
                                        'editable' => 1,
                                        'default' => '30',
+                                       'match' => MATCH_INTEGER),
+                               'requestmaxparams' => Array('must' => 0,
+                                       'editable' => 1,
+                                       'default' => 0,
+                                       'match' => MATCH_INTEGER),
+                               'requestmaxlength' => Array('must' => 0,
+                                       'editable' => 1,
+                                       'default' => 1900,
                                        'match' => MATCH_INTEGER)),
                        'internal' => Array(
                                'version' => Array('must' => 1,
@@ -982,6 +990,8 @@ class GlobalMainCfg {
                
                $arr['worker_interval'] = $this->getValue('worker', 'interval');
                $arr['worker_update_object_states'] = $this->getValue('worker', 
'updateobjectstates');
+               $arr['worker_request_max_params'] = $this->getValue('worker', 
'requestmaxparams');
+               $arr['worker_request_max_length'] = $this->getValue('worker', 
'requestmaxlength');
                
                return json_encode($arr);
        }
diff --git a/nagvis/nagvis/includes/js/frontend.js 
b/nagvis/nagvis/includes/js/frontend.js
index 51fbf45..ba51fd6 100644
--- a/nagvis/nagvis/includes/js/frontend.js
+++ b/nagvis/nagvis/includes/js/frontend.js
@@ -160,7 +160,7 @@ function setMapHoverUrls() {
        }
        
        // Get the needed templates via bulk request
-       aTemplateObjects = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getHoverUrl',
 aUrlParts, 1900, true);
+       aTemplateObjects = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getHoverUrl',
 aUrlParts, oWorkerProperties.worker_request_max_length, true);
        
        // Set the code to global object oHoverTemplates
        if(aTemplateObjects.length > 0) {
@@ -226,7 +226,7 @@ function getHoverTemplates(aObjs) {
        }
        
        // Get the needed templates via bulk request
-       aTemplateObjects = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getHoverTemplate',
 aUrlParts, 1900, true);
+       aTemplateObjects = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getHoverTemplate',
 aUrlParts, oWorkerProperties.worker_request_max_length, true);
        
        // Set the code to global object oHoverTemplates
        if(aTemplateObjects.length > 0) {
@@ -274,7 +274,7 @@ function getContextTemplates(aObjs) {
        }
        
        // Get the needed templates via bulk request
-       aTemplateObjects = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getContextTemplate',
 aUrlParts, 1900, true);
+       aTemplateObjects = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getContextTemplate',
 aUrlParts, oWorkerProperties.worker_request_max_length, true);
        
        // Set the code to global object oContextTemplates
        if(aTemplateObjects.length > 0) {
@@ -546,7 +546,6 @@ function refreshMapObject(objectId) {
                }
        }
        
-       var aUrlParts = [];
        var name = aMapObjects[iIndex].conf.name;
        
        var type = aMapObjects[iIndex].conf.type;
@@ -562,11 +561,8 @@ function refreshMapObject(objectId) {
                sUrlPart = sUrlPart + '&n2[]=';
        }
        
-       // Append part to array of parts
-       aUrlParts.push(sUrlPart);
-       
        // Get the updated objectsupdateMapObjects via bulk request
-       var o = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getObjectStates&ty=state',
 aUrlParts, 1900, false);
+       var o = 
getSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getObjectStates&ty=state'
 + sUrlPart, false);
        var bStateChanged = false;
        if(o.length > 0) {
                bStateChanged = updateObjects(o, aMapObjects, 'map');
@@ -1164,7 +1160,12 @@ function runWorker(iCount, sType) {
                                // Create the ajax request for bulk update, 
handle shape updates
                                var aUrlParts = [];
                                var aShapesToUpdate = [];
-                               for(var i = 0, len = arrObj.length; i < len; 
i++) {
+                               var iUrlParams = 0;
+                               var iUrlLength = 0;
+                               
+                               // Only continue with the loop when below param 
limit
+                               // and below maximum length
+                               for(var i = 0, len = arrObj.length; i < len && 
(oWorkerProperties.worker_request_max_params == 0 || 
(oWorkerProperties.worker_request_max_params != 0 && iUrlParams < 
oWorkerProperties.worker_request_max_params)) && iUrlLength < 
oWorkerProperties.worker_request_max_length; i++) {
                                        var type = 
aMapObjects[arrObj[i]].conf.type;
                                        
                                        // Seperate shapes from rest
@@ -1188,6 +1189,12 @@ function runWorker(iCount, sType) {
                                                                sUrlPart = 
sUrlPart + '&n2[]=';
                                                        }
                                                        
+                                                       // Adding 4 params 
above code, count them here
+                                                       iUrlParams += 4;
+                                                       
+                                                       // Also count the length
+                                                       iUrlLength += 
sUrlPart.length
+                                                       
                                                        // Append part to array 
of parts
                                                        
aUrlParts.push(sUrlPart);
                                                }
@@ -1195,7 +1202,7 @@ function runWorker(iCount, sType) {
                                }
                                
                                // Get the updated objectsupdateMapObjects via 
bulk request
-                               var o = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getObjectStates&ty=state',
 aUrlParts, 1900, false);
+                               var o = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getObjectStates&ty=state',
 aUrlParts, oWorkerProperties.worker_request_max_length, false);
                                var bStateChanged = false;
                                if(o.length > 0) {
                                        bStateChanged = updateObjects(o, 
aMapObjects, sType);
@@ -1269,7 +1276,7 @@ function runWorker(iCount, sType) {
                                }
                                
                                // Get the updated objectsupdateMapObjects via 
bulk request
-                               var o = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getObjectStates&ty=state',
 aUrlParts, 1900, false);
+                               var o = 
getBulkSyncRequest(oGeneralProperties.path_htmlbase+'/nagvis/ajax_handler.php?action=getObjectStates&ty=state',
 aUrlParts, oWorkerProperties.worker_request_max_length, false);
                                var bStateChanged = false;
                                if(o.length > 0) {
                                        bStateChanged = updateObjects(o, aMaps, 
sType);


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Nagvis-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nagvis-checkins

Reply via email to