cacti: Update to 0.8.8b.

[people/teissler/ipfire-2.x.git] / src / patches / cacti / cacti-0.8.8b-rra-comments.patch
diff --git a/src/patches/cacti/cacti-0.8.8b-rra-comments.patch b/src/patches/cacti/cacti-0.8.8b-rra-comments.patch

new file mode 100644 (file)

index 0000000..c5becfe
--- /dev/null
+++ b/src/patches/cacti/cacti-0.8.8b-rra-comments.patch
@@ -0,0 +1,42 @@
+------------------------------------------------------------------------
+r7418 | gandalf | 2013-08-13 13:32:49 -0600 (Tue, 13 Aug 2013) | 1 line
+
+fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
+------------------------------------------------------------------------
+Index: branches/0.8.8/lib/rrd.php
+===================================================================
+--- branches/0.8.8/lib/rrd.php (revision 7417)
++++ branches/0.8.8/lib/rrd.php (revision 7418)
+@@ -1343,20 +1343,20 @@
+               $need_rrd_nl = TRUE;
+ 
+               if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
++                      # perform variable substitution first (in case this will yield an empty results or brings command injection problems)
++                      $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
++                      # next, compute the argument of the COMMENT statement and perform injection counter measures
++                      if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
++                              $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
++                      } else {
++                              $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
++                      }
++
++                      # create rrdtool specific command line
+                       if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
+-                              $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
+-                              if (trim($comment_string) == 'COMMENT:"\n"') {
+-                                      $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+-                              } else if (trim($comment_string) != "COMMENT:\"\"") {
+-                                      $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+-                              }
++                              $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
+                       }else {
+-                              $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
+-                              if (trim($comment_string) == 'COMMENT:"\n"') {
+-                                      $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+-                              } else if (trim($comment_string) != "COMMENT:\"\"") {
+-                                      $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+-                              }
++                              $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
+                       }
+               }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
+                       $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */