Skip to content
This repository has been archived by the owner on Jan 15, 2019. It is now read-only.

Commit

Permalink
Escape customvariables before inserting into db
Browse files Browse the repository at this point in the history 
Thanks to Stephane for the patch.
IssueID #116
  • Loading branch information
@andurin
andurin committed Jul 1, 2009
1 parent 2885a01 commit 695b0d8
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 211 deletions.
2 changes: 1 addition & 1 deletion module/idoutils/include/dbhandlers.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,5 +69,5 @@ int ndo2db_handle_commanddefinition(ndo2db_idi *);
int ndo2db_handle_timeperiodefinition(ndo2db_idi *);
int ndo2db_handle_contactdefinition(ndo2db_idi *);
int ndo2db_handle_contactgroupdefinition(ndo2db_idi *);

int ndo2db_save_custom_variables(ndo2db_idi *,int, int, char *);
#endif
278 changes: 68 additions & 210 deletions module/idoutils/src/dbhandlers.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2355,43 +2355,7 @@ int ndo2db_handle_hoststatusdata(ndo2db_idi *idi) {
free(es[x]);

/* save custom variables to db */
mbuf = idi->mbuf[NDO2DB_MBUF_CUSTOMVARIABLE];
for (x = 0; x < mbuf.used_lines; x++) {

if (mbuf.buffer[x] == NULL)
continue;

if ((ptr1 = strtok(mbuf.buffer[x], ":")) == NULL)
continue;
es[0] = strdup(ptr1);
if ((ptr2 = strtok(NULL, ":")) == NULL)
continue;
has_been_modified = atoi(ptr2);
ptr3 = strtok(NULL, "\n");
es[1] = strdup((ptr3 == NULL) ? "" : ptr3);

if (asprintf(
&buf,
"instance_id='%d', object_id='%lu', status_update_time=%s, has_been_modified='%d', varname='%s', varvalue='%s'",
idi->dbinfo.instance_id, object_id, ts[0], has_been_modified,
(es[0] == NULL) ? "" : es[0], (es[1] == NULL) ? "" : es[1])
== -1)
buf = NULL;

free(es[0]);
free(es[1]);

if (asprintf(&buf1, "INSERT INTO %s SET %s ON DUPLICATE KEY UPDATE %s",
ndo2db_db_tablenames[NDO2DB_DBTABLE_CUSTOMVARIABLESTATUS], buf,
buf) == -1)
buf1 = NULL;

result = ndo2db_db_query(idi, buf1);

dbi_result_free(idi->dbinfo.dbi_result);
free(buf);
free(buf1);
}
result=ndo2db_save_custom_variables(idi,NDO2DB_DBTABLE_CUSTOMVARIABLESTATUS,object_id,ts[0]);

/* free memory */
for (x = 0; x < 10; x++)
Expand Down Expand Up @@ -2637,43 +2601,7 @@ int ndo2db_handle_servicestatusdata(ndo2db_idi *idi) {
free(es[x]);

/* save custom variables to db */
mbuf = idi->mbuf[NDO2DB_MBUF_CUSTOMVARIABLE];
for (x = 0; x < mbuf.used_lines; x++) {

if (mbuf.buffer[x] == NULL)
continue;

if ((ptr1 = strtok(mbuf.buffer[x], ":")) == NULL)
continue;
es[0] = strdup(ptr1);
if ((ptr2 = strtok(NULL, ":")) == NULL)
continue;
has_been_modified = atoi(ptr2);
ptr3 = strtok(NULL, "\n");
es[1] = strdup((ptr3 == NULL) ? "" : ptr3);

if (asprintf(
&buf,
"instance_id='%d', object_id='%lu', status_update_time=%s, has_been_modified='%d', varname='%s', varvalue='%s'",
idi->dbinfo.instance_id, object_id, ts[0], has_been_modified,
(es[0] == NULL) ? "" : es[0], (es[1] == NULL) ? "" : es[1])
== -1)
buf = NULL;

free(es[0]);
free(es[1]);

if (asprintf(&buf1, "INSERT INTO %s SET %s ON DUPLICATE KEY UPDATE %s",
ndo2db_db_tablenames[NDO2DB_DBTABLE_CUSTOMVARIABLESTATUS], buf,
buf) == -1)
buf1 = NULL;

result = ndo2db_db_query(idi, buf1);

dbi_result_free(idi->dbinfo.dbi_result);
free(buf);
free(buf1);
}
result=ndo2db_save_custom_variables(idi,NDO2DB_DBTABLE_CUSTOMVARIABLESTATUS,object_id,ts[0]);

/* free memory */
for (x = 0; x < 11; x++)
Expand Down Expand Up @@ -2770,43 +2698,7 @@ int ndo2db_handle_contactstatusdata(ndo2db_idi *idi) {
free(buf1);

/* save custom variables to db */
mbuf = idi->mbuf[NDO2DB_MBUF_CUSTOMVARIABLE];
for (x = 0; x < mbuf.used_lines; x++) {

if (mbuf.buffer[x] == NULL)
continue;

if ((ptr1 = strtok(mbuf.buffer[x], ":")) == NULL)
continue;
es[0] = strdup(ptr1);
if ((ptr2 = strtok(NULL, ":")) == NULL)
continue;
has_been_modified = atoi(ptr2);
ptr3 = strtok(NULL, "\n");
es[1] = strdup((ptr3 == NULL) ? "" : ptr3);

if (asprintf(
&buf,
"instance_id='%d', object_id='%lu',status_update_time=%s, has_been_modified='%d', varname='%s', varvalue='%s'",
idi->dbinfo.instance_id, object_id, ts[0], has_been_modified,
(es[0] == NULL) ? "" : es[0], (es[1] == NULL) ? "" : es[1])
== -1)
buf = NULL;

free(es[0]);
free(es[1]);

if (asprintf(&buf1, "INSERT INTO %s SET %s ON DUPLICATE KEY UPDATE %s",
ndo2db_db_tablenames[NDO2DB_DBTABLE_CUSTOMVARIABLESTATUS], buf,
buf) == -1)
buf1 = NULL;

result = ndo2db_db_query(idi, buf1);

dbi_result_free(idi->dbinfo.dbi_result);
free(buf);
free(buf1);
}
result=ndo2db_save_custom_variables(idi,NDO2DB_DBTABLE_CUSTOMVARIABLESTATUS,object_id,ts[0]);

/* free memory */
for (x = 0; x < 3; x++)
Expand Down Expand Up @@ -3647,44 +3539,7 @@ int ndo2db_handle_hostdefinition(ndo2db_idi *idi) {
}

/* save custom variables to db */
mbuf = idi->mbuf[NDO2DB_MBUF_CUSTOMVARIABLE];
for (x = 0; x < mbuf.used_lines; x++) {

if (mbuf.buffer[x] == NULL)
continue;

if ((ptr1 = strtok(mbuf.buffer[x], ":")) == NULL)
continue;
es[0] = strdup(ptr1);
if ((ptr2 = strtok(NULL, ":")) == NULL)
continue;
has_been_modified = atoi(ptr2);
ptr3 = strtok(NULL, "\n");
es[1] = strdup((ptr3 == NULL) ? "" : ptr3);

if (asprintf(
&buf,
"instance_id='%d', object_id='%lu', config_type='%d', has_been_modified='%d', varname='%s', varvalue='%s'",
idi->dbinfo.instance_id, object_id,
idi->current_object_config_type, has_been_modified, (es[0]
==NULL) ? "" : es[0], (es[1] == NULL) ? "" : es[1])
== -1)
buf = NULL;

free(es[0]);
free(es[1]);

if (asprintf(&buf1, "INSERT INTO %s SET %s ON DUPLICATE KEY UPDATE %s",
ndo2db_db_tablenames[NDO2DB_DBTABLE_CUSTOMVARIABLES], buf, buf)
== -1)
buf1 = NULL;

result = ndo2db_db_query(idi, buf1);

dbi_result_free(idi->dbinfo.dbi_result);
free(buf);
free(buf1);
}
result=ndo2db_save_custom_variables(idi,NDO2DB_DBTABLE_CUSTOMVARIABLES,object_id,NULL);

return NDO_OK;
}
Expand Down Expand Up @@ -4099,44 +3954,7 @@ int ndo2db_handle_servicedefinition(ndo2db_idi *idi) {
}

/* save custom variables to db */
mbuf = idi->mbuf[NDO2DB_MBUF_CUSTOMVARIABLE];
for (x = 0; x < mbuf.used_lines; x++) {

if (mbuf.buffer[x] == NULL)
continue;

if ((ptr1 = strtok(mbuf.buffer[x], ":")) == NULL)
continue;
es[0] = strdup(ptr1);
if ((ptr2 = strtok(NULL, ":")) == NULL)
continue;
has_been_modified = atoi(ptr2);
ptr3 = strtok(NULL, "\n");
es[1] = strdup((ptr3 == NULL) ? "" : ptr3);

if (asprintf(
&buf,
"instance_id='%d', object_id='%lu', config_type='%d', has_been_modified='%d', varname='%s', varvalue='%s'",
idi->dbinfo.instance_id, object_id,
idi->current_object_config_type, has_been_modified, (es[0]
==NULL) ? "" : es[0], (es[1] == NULL) ? "" : es[1])
== -1)
buf = NULL;

free(es[0]);
free(es[1]);

if (asprintf(&buf1, "INSERT INTO %s SET %s ON DUPLICATE KEY UPDATE %s",
ndo2db_db_tablenames[NDO2DB_DBTABLE_CUSTOMVARIABLES], buf, buf)
== -1)
buf1 = NULL;

result = ndo2db_db_query(idi, buf1);

dbi_result_free(idi->dbinfo.dbi_result);
free(buf);
free(buf1);
}
result=ndo2db_save_custom_variables(idi,NDO2DB_DBTABLE_CUSTOMVARIABLES,object_id,NULL);

return NDO_OK;
}
Expand Down Expand Up @@ -5102,46 +4920,86 @@ int ndo2db_handle_contactdefinition(ndo2db_idi *idi) {
}

/* save custom variables to db */
mbuf = idi->mbuf[NDO2DB_MBUF_CUSTOMVARIABLE];
for (x = 0; x < mbuf.used_lines; x++) {
result=ndo2db_save_custom_variables(idi,NDO2DB_DBTABLE_CUSTOMVARIABLES,contact_id,NULL);

if (mbuf.buffer[x] == NULL)
return NDO_OK;
}

int ndo2db_save_custom_variables(ndo2db_idi *idi,int table_idx, int o_id, char *ts ){
char *buf=NULL;
char *buf1=NULL;
ndo2db_mbuf mbuf;
char *es[1];
char *ptr1=NULL;
char *ptr2=NULL;
char *ptr3=NULL;
int result=NDO_OK;
int has_been_modified=0;
int x=0;

/* save custom variables to db */
mbuf=idi->mbuf[NDO2DB_MBUF_CUSTOMVARIABLE];
for(x=0;x<mbuf.used_lines;x++){

if(mbuf.buffer[x]==NULL)
continue;

if ((ptr1 = strtok(mbuf.buffer[x], ":")) == NULL)
if((ptr1=strtok(mbuf.buffer[x],":"))==NULL)
continue;
es[0] = strdup(ptr1);
if ((ptr2 = strtok(NULL, ":")) == NULL)

es[0]=strdup(ptr1);

if((ptr2=strtok(NULL,":"))==NULL)
continue;
has_been_modified = atoi(ptr2);
ptr3 = strtok(NULL, "\n");
es[1] = strdup((ptr3 == NULL) ? "" : ptr3);

if (asprintf(
&buf,
"instance_id='%d', object_id='%lu', config_type='%d', has_been_modified='%d', varname='%s', varvalue='%s'",
idi->dbinfo.instance_id, contact_id,
idi->current_object_config_type, has_been_modified, (es[0]
==NULL) ? "" : es[0], (es[1] == NULL) ? "" : es[1])
== -1)
buf = NULL;
has_been_modified=atoi(ptr2);
ptr3=strtok(NULL,"\n");
buf1=strdup((ptr3==NULL)?"":ptr3);
es[1]=ndo2db_db_escape_string(idi,buf1);
free(buf1);

if (table_idx==NDO2DB_DBTABLE_CUSTOMVARIABLES) {
if(asprintf(&buf,"instance_id='%d', object_id='%lu', config_type='%d', has_been_modified='%d', varname='%s', varvalue='%s'"
,idi->dbinfo.instance_id
,o_id
,idi->current_object_config_type
,has_been_modified
,(es[0]==NULL)?"":es[0]
,(es[1]==NULL)?"":es[1]
)==-1)
buf=NULL;
}
if (table_idx==NDO2DB_DBTABLE_CUSTOMVARIABLESTATUS) {
if(asprintf(&buf,"instance_id='%d', object_id='%lu',status_update_time=%s, has_been_modified='%d', varname='%s', varvalue='%s'"
,idi->dbinfo.instance_id
,o_id
,(ts==NULL)?"NULL":ts
,has_been_modified
,(es[0]==NULL)?"":es[0]
,(es[1]==NULL)?"":es[1]
)==-1)
buf=NULL;
}

free(es[0]);
free(es[1]);

if (asprintf(&buf1, "INSERT INTO %s SET %s ON DUPLICATE KEY UPDATE %s",
ndo2db_db_tablenames[NDO2DB_DBTABLE_CUSTOMVARIABLES], buf, buf)
== -1)
buf1 = NULL;
if(asprintf(&buf1,"INSERT INtO %s SET %s ON DUPLICATE KEY UPDATE %s"
,ndo2db_db_tablenames[table_idx]
,buf
,buf
)==-1)
buf1=NULL;

result = ndo2db_db_query(idi, buf1);
result=ndo2db_db_query(idi,buf1);

dbi_result_free(idi->dbinfo.dbi_result);
free(buf);
free(buf1);
}

return NDO_OK;
return result;

}

int ndo2db_handle_contactgroupdefinition(ndo2db_idi *idi) {
Expand Down

0 comments on commit 695b0d8

Please sign in to comment.