Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When viewing realtime graphs, some input variables are not properly checked #3012

Closed
majed17 opened this issue Oct 7, 2019 · 14 comments
Closed
Assignees
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@majed17
Copy link

majed17 commented Oct 7, 2019

this was one 1.2.7 and still is on the later 1.2.x

2019/10/07  08:58:31 - CMDPHP Input Validation Not Performed for 'node' Backtrace:   (/graph_view.php[219]:top_graph_header(),  /lib/functions.php[3247]:include_once(),  /include/top_graph_header.php[28]:draw_navigation_text(),  /lib/functions.php[2484]:get_request_var(),  /lib/html_utility.php[369]:html_log_input_error(),  /lib/html_validate.php[44]:cacti_debug_backtrace())
--
2019/10/07 08:56:10 - CMDPHP Input Validation Not Performed for  'graph_nolegend' Backtrace:   (/graph_realtime.php[61]:load_current_session_value(),  /lib/html_utility.php[889]:get_request_var(),  /lib/html_utility.php[369]:html_log_input_error(),  /lib/html_validate.php[44]:cacti_debug_backtrace())
@netniV netniV self-assigned this Oct 7, 2019
@netniV netniV added the bug Undesired behaviour label Oct 7, 2019
@netniV netniV added this to the v1.2.8 milestone Oct 7, 2019
@netniV
Copy link
Member

netniV commented Oct 7, 2019

I've already made a change for the first mod, going to look at the second shortly, then post both.

@netniV netniV changed the title realtime graph bug issue Some graph routines are not properly validating incoming variables Oct 7, 2019
@netniV netniV added the resolved A fixed issue label Oct 7, 2019
@majed17
Copy link
Author

majed17 commented Oct 8, 2019

now realtime doesn't produce graphs...it produces the following error:
2019/10/08 12:44:44 - CMDPHP Validation Error, Variable:graph_nolegend, Value:false Backtrace: (/graph_realtime.php[43]:get_filter_request_var(), /lib/html_utility.php[484]:die_html_input_error(), /lib/html_validate.php[64]:cacti_debug_backtrace())

@netniV
Copy link
Member

netniV commented Oct 8, 2019

OK, I'll take another look at that. It's likely that the default is checking for integer values rather than the words "true" or "false".

@cigamit
Copy link
Member

cigamit commented Oct 12, 2019

Correct, graph_nolegend was resolved some time ago. The fix that was committed assumed integer. Performing proper validation in commit shortly.

cigamit added a commit that referenced this issue Oct 12, 2019
* Some graph routines are not properly validating incoming variables
* There is a second part to this.
@cigamit cigamit closed this as completed Oct 12, 2019
@majed17
Copy link
Author

majed17 commented Oct 14, 2019

now i get :
2019/10/14 17:27:54 - CMDPHP Input Validation Not Performed for 'node' Backtrace: (/graph_view.php[219]:top_graph_header(), /lib/functions.php[3253]:include_once(), /include/top_graph_header.php[28]:draw_navigation_text(), /lib/functions.php[2484]:get_request_var(), /lib/html_utility.php[369]:html_log_input_error(), /lib/html_validate.php[44]:cacti_debug_backtrace())

@netniV netniV reopened this Oct 14, 2019
@netniV
Copy link
Member

netniV commented Oct 14, 2019

I've reopened this, purely so it doesn't get forgotten as I'm not changing any code tonight. The changelog will not be adjusted, just more code added for this newer variable.

@majed17
Copy link
Author

majed17 commented Oct 16, 2019

now i get :

2019/10/16 08:41:42 - CMDPHP Validation Error, Variable:graph_nolegend, Value:false Backtrace: (/graph_realtime.php[43]:get_filter_request_var(), /lib/html_utility.php[484]:die_html_input_error(), /lib/html_validate.php[64]:cacti_debug_backtrace())

@netniV
Copy link
Member

netniV commented Oct 17, 2019

You haven't got the current graph_realtime.php as that line number does not match up.

@netniV
Copy link
Member

netniV commented Oct 17, 2019

In fact, I'm getting the same with the other message you posted, what version of cacti are you running?

@majed17
Copy link
Author

majed17 commented Oct 18, 2019

with your latest commit, i am getting nothing cranky any more. not to flatter, but my cacti has never had such a clean log. on monday morning, God willing, we'll see if anything new pops up!

@majed17
Copy link
Author

majed17 commented Oct 21, 2019

this is still present:

CMDPHP Input Validation Not Performed for 'node' Backtrace: (/graph_view.php[219]:top_graph_header(), /lib/functions.php[3253]:include_once(), /include/top_graph_header.php[28]:draw_navigation_text(), /lib/functions.php[2484]:get_request_var(), /lib/html_utility.php[369]:html_log_input_error(), /lib/html_validate.php[44]:cacti_debug_backtrace())

netniV added a commit that referenced this issue Oct 21, 2019
@netniV
Copy link
Member

netniV commented Oct 21, 2019

If you try that, it should now work.

@majed17
Copy link
Author

majed17 commented Oct 22, 2019

the "if" just reveals unthankfulness, and it turns out it just works !

@netniV
Copy link
Member

netniV commented Oct 22, 2019

Not sure I follow but glad it works.

@netniV netniV closed this as completed Oct 22, 2019
@netniV netniV changed the title Some graph routines are not properly validating incoming variables When viewing realtime graphs, some input variables are not properly checked Dec 7, 2019
@github-actions github-actions bot locked and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

3 participants