[packages/cacti] fix empty COMMENT errors (upstream fix)

Sat, 08 Feb 2014 11:10:35 -0800 

commit 5446c05d92d4ebd7db718897bc95f3bb8d7f6c9c
Author: Elan Ruusamäe <[email protected]>
Date:   Sat Feb 8 21:07:54 2014 +0200

    fix empty COMMENT errors (upstream fix)
    
    http://bugs.cacti.net/view.php?id=2379
    fix COMMENT handling, even in case COMMENT is empty, with or without HR
    and with variable substitution

 cacti.spec         |  4 +++-
 rra-comments.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)
---
diff --git a/cacti.spec b/cacti.spec
index df84dd9..a630656 100644
--- a/cacti.spec
+++ b/cacti.spec
@@ -5,7 +5,7 @@ Summary:        Cacti is a PHP frontend for rrdtool
 Summary(pl.UTF-8):     Cacti - frontend w PHP do rrdtoola
 Name:          cacti
 Version:       0.8.8b
-Release:       3
+Release:       4
 License:       GPL v2
 Group:         Applications/WWW
 Source0:       http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
@@ -24,6 +24,7 @@ Patch5:               %{name}-linux_memory.patch
 Patch6:                %{name}-log-verbosity.patch
 Patch7:                %{name}-ss_disk-array-indices.patch
 Patch8:                host_name-url.patch
+Patch9:                rra-comments.patch
 # http://www.cacti.net/download_patches.php
 #Patch100:     -
 ## Patch100-md5:       -
@@ -138,6 +139,7 @@ Dokumentacja do Cacti w formacie HTML.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p2
 
 mkdir -p sql
 mv *.sql sql
diff --git a/rra-comments.patch b/rra-comments.patch
new file mode 100644
index 0000000..c5becfe
--- /dev/null
+++ b/rra-comments.patch
@@ -0,0 +1,42 @@
+------------------------------------------------------------------------
+r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line
+
+fix COMMENT handling, even in case COMMENT is empty, with or without HR and 
with variable substitution
+------------------------------------------------------------------------
+Index: branches/0.8.8/lib/rrd.php
+===================================================================
+--- branches/0.8.8/lib/rrd.php (revision 7417)
++++ branches/0.8.8/lib/rrd.php (revision 7418)
+@@ -1343,20 +1343,20 @@
+               $need_rrd_nl = TRUE;
+ 
+               if ($graph_item_types{$graph_item["graph_type_id"]} == 
"COMMENT") {
++                      # perform variable substitution first (in case this 
will yield an empty results or brings command injection problems)
++                      $comment_arg = 
rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], 
$graph, $graph_item);
++                      # next, compute the argument of the COMMENT statement 
and perform injection counter measures
++                      if (trim($comment_arg) == '') { # an empty COMMENT must 
be treated with care
++                              $comment_arg = cacti_escapeshellarg(' ' . 
$hardreturn[$graph_item_id]);
++                      } else {
++                              $comment_arg = 
cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
++                      }
++
++                      # create rrdtool specific command line
+                       if (read_config_option("rrdtool_version") != 
"rrd-1.0.x") {
+-                              $comment_string = 
$graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", 
cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . 
$hardreturn[$graph_item_id])) . " ";
+-                              if (trim($comment_string) == 'COMMENT:"\n"') {
+-                                      $txt_graph_items .= 'COMMENT:" \n"'; # 
rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+-                              } else if (trim($comment_string) != 
"COMMENT:\"\"") {
+-                                      $txt_graph_items .= 
rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+-                              }
++                              $txt_graph_items .= 
$graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", 
$comment_arg) . " ";
+                       }else {
+-                              $comment_string = 
$graph_item_types{$graph_item["graph_type_id"]} . ":" . 
cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . 
$hardreturn[$graph_item_id]) . " ";
+-                              if (trim($comment_string) == 'COMMENT:"\n"') {
+-                                      $txt_graph_items .= 'COMMENT:" \n"'; # 
rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+-                              } else if (trim($comment_string) != 
"COMMENT:\"\"") {
+-                                      $txt_graph_items .= 
rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+-                              }
++                              $txt_graph_items .= 
$graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
+                       }
+               }elseif (($graph_item_types{$graph_item["graph_type_id"]} == 
"GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
+                       $graph_variables["text_format"][$graph_item_id] = 
str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* 
escape colons */
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/cacti.git/commitdiff/5446c05d92d4ebd7db718897bc95f3bb8d7f6c9c

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to