diff --git a/aggregate_graphs.php b/aggregate_graphs.php index 33329cc61f..8cddd1105c 100644 --- a/aggregate_graphs.php +++ b/aggregate_graphs.php @@ -143,10 +143,10 @@ function form_save() { $save['gprint_prefix'] = get_request_var_post('gprint_prefix'); $save['total_prefix'] = get_request_var_post('total_prefix'); - $save['total'] = get_sanitize_request_var('total', FILTER_VALIDATE_INT); - $save['graph_type'] = get_sanitize_request_var('graph_type', FILTER_VALIDATE_INT); - $save['total_type'] = get_sanitize_request_var('total_type', FILTER_VALIDATE_INT); - $save['order_type'] = get_sanitize_request_var('order_type', FILTER_VALIDATE_INT); + $save['total'] = get_filter_request_var('total'); + $save['graph_type'] = get_filter_request_var('graph_type'); + $save['total_type'] = get_filter_request_var('total_type'); + $save['order_type'] = get_filter_request_var('order_type'); /* see if anything changed, if so, we will have to push out the aggregate */ if (!empty($aggregate_graph_id)) { @@ -256,8 +256,8 @@ function form_actions() { }elseif (get_request_var_post('drp_action') == '11') { /* dis-associate with aggregate */ api_aggregate_disassociate($selected_items); }elseif (preg_match('/^tr_([0-9]+)$/', get_request_var_post('drp_action'), $matches)) { /* place on tree */ - input_validate_input_number(get_request_var_post('tree_id')); - input_validate_input_number(get_request_var_post('tree_item_id')); + get_filter_request_var('tree_id'); + get_filter_request_var('tree_item_id'); for ($i=0;($i 0 || $_POST["aggregate_graph_id"] > 0) { + if (get_request_var('aggregate_template_id') > 0 || get_request_var('aggregate_graph_id') > 0) { form_save_aggregate(); } - if ($graph_item_types{$_POST["graph_type_id"]} == "LEGEND") { + if ($graph_item_types{get_request_var('graph_type_id')} == 'LEGEND') { /* this can be a major time saver when creating lots of graphs with the typical GPRINT LAST/AVERAGE/MAX legends */ $items = array( 0 => array( - "color_id" => "0", - "graph_type_id" => "9", - "consolidation_function_id" => "4", - "text_format" => "Current:", - "hard_return" => "" + 'color_id' => '0', + 'graph_type_id' => '9', + 'consolidation_function_id' => '4', + 'text_format' => 'Current:', + 'hard_return' => '' ), 1 => array( - "color_id" => "0", - "graph_type_id" => "9", - "consolidation_function_id" => "1", - "text_format" => "Average:", - "hard_return" => "" + 'color_id' => '0', + 'graph_type_id' => '9', + 'consolidation_function_id' => '1', + 'text_format' => 'Average:', + 'hard_return' => '' ), 2 => array( - "color_id" => "0", - "graph_type_id" => "9", - "consolidation_function_id" => "3", - "text_format" => "Maximum:", - "hard_return" => "on" + 'color_id' => '0', + 'graph_type_id' => '9', + 'consolidation_function_id' => '3', + 'text_format' => 'Maximum:', + 'hard_return' => 'on' )); } foreach ($items as $item) { /* generate a new sequence if needed */ - if (empty($_POST["sequence"])) { - $_POST["sequence"] = get_sequence($_POST["sequence"], "sequence", "graph_templates_item", "local_graph_id=" . $_POST["local_graph_id"]); + if (isempty_request_var('sequence')) { + set_request_var('sequence', get_sequence(get_request_var('sequence'), 'sequence', 'graph_templates_item', 'local_graph_id=' . get_request_var('local_graph_id'))); } - $save["id"] = $_POST["graph_template_item_id"]; - $save["graph_template_id"] = $_POST["graph_template_id"]; - $save["local_graph_template_item_id"] = $_POST["local_graph_template_item_id"]; - $save["local_graph_id"] = $_POST["local_graph_id"]; - $save["task_item_id"] = form_input_validate($_POST["task_item_id"], "task_item_id", "", true, 3); - $save["color_id"] = form_input_validate((isset($item["color_id"]) ? $item["color_id"] : $_POST["color_id"]), "color_id", "", true, 3); + $save['id'] = get_filter_request_var('graph_template_item_id'); + $save['graph_template_id'] = get_filter_request_var('graph_template_id'); + $save['local_graph_template_item_id'] = get_filter_request_var('local_graph_template_item_id'); + $save['local_graph_id'] = get_filter_request_var('local_graph_id'); + $save['task_item_id'] = form_input_validate(get_filter_request_var('task_item_id'), 'task_item_id', '', true, 3); + $save['color_id'] = form_input_validate((isset($item['color_id']) ? $item['color_id'] : get_filter_request_var('color_id')), 'color_id', '', true, 3); + /* if alpha is disabled, use invisible_alpha instead */ - if (!isset($_POST["alpha"])) {$_POST["alpha"] = $_POST["invisible_alpha"];} - $save["alpha"] = form_input_validate((isset($item["alpha"]) ? $item["alpha"] : $_POST["alpha"]), "alpha", "", true, 3); - $save["graph_type_id"] = form_input_validate((isset($item["graph_type_id"]) ? $item["graph_type_id"] : $_POST["graph_type_id"]), "graph_type_id", "", true, 3); - $save["cdef_id"] = form_input_validate($_POST["cdef_id"], "cdef_id", "", true, 3); - $save["consolidation_function_id"] = form_input_validate((isset($item["consolidation_function_id"]) ? $item["consolidation_function_id"] : $_POST["consolidation_function_id"]), "consolidation_function_id", "", true, 3); - $save["text_format"] = form_input_validate((isset($item["text_format"]) ? $item["text_format"] : $_POST["text_format"]), "text_format", "", true, 3); - $save["value"] = form_input_validate($_POST["value"], "value", "", true, 3); - $save["hard_return"] = form_input_validate(((isset($item["hard_return"]) ? $item["hard_return"] : (isset($_POST["hard_return"]) ? $_POST["hard_return"] : ""))), "hard_return", "", true, 3); - $save["gprint_id"] = form_input_validate($_POST["gprint_id"], "gprint_id", "", true, 3); - $save["sequence"] = $_POST["sequence"]; + if (!isset_request_var('alpha')) { + set_request_var('alpha', get_nfilter_request_var('invisible_alpha')); + } + + $save['alpha'] = form_input_validate((isset($item['alpha']) ? $item['alpha'] : get_nfilter_request_var('alpha')), 'alpha', '', true, 3); + $save['graph_type_id'] = form_input_validate((isset($item['graph_type_id']) ? $item['graph_type_id'] : get_filter_request_var('graph_type_id')), 'graph_type_id', '', true, 3); + $save['cdef_id'] = form_input_validate(get_filter_request_var('cdef_id'), 'cdef_id', '', true, 3); + $save['consolidation_function_id'] = form_input_validate((isset($item['consolidation_function_id']) ? $item['consolidation_function_id'] : get_filter_request_var('consolidation_function_id')), 'consolidation_function_id', '', true, 3); + $save['text_format'] = form_input_validate((isset($item['text_format']) ? $item['text_format'] : get_nfilter_request_var('text_format')), 'text_format', '', true, 3); + $save['value'] = form_input_validate(get_nfilter_request_var('value'), 'value', '', true, 3); + $save['hard_return'] = form_input_validate(((isset($item['hard_return']) ? $item['hard_return'] : (isset_request_var('hard_return') ? get_nfilter_request_var('hard_return') : ''))), 'hard_return', '', true, 3); + $save['gprint_id'] = form_input_validate(get_filter_request_var('gprint_id'), 'gprint_id', '', true, 3); + $save['sequence'] = get_filter_request_var('sequence'); if (!is_error_message()) { - $graph_template_item_id = sql_save($save, "graph_templates_item"); + $graph_template_item_id = sql_save($save, 'graph_templates_item'); if ($graph_template_item_id) { raise_message(1); @@ -133,14 +137,14 @@ function form_save() { } } - $_POST["sequence"] = 0; + set_request_var('sequence', 0); } if (is_error_message()) { - header("Location: " . $config['url_path'] . "aggregate_items.php?action=item_edit&graph_template_item_id=" . (empty($graph_template_item_id) ? $_POST["graph_template_item_id"] : $graph_template_item_id) . "&id=" . $_POST["local_graph_id"]); + header('Location: ' . $config['url_path'] . 'aggregate_items.php?action=item_edit&graph_template_item_id=' . (empty($graph_template_item_id) ? get_filter_request_var('graph_template_item_id') : $graph_template_item_id) . '&id=' . get_filter_request_var('local_graph_id')); exit; }else{ - header("Location: " . $config['url_path'] . "aggregate_graphs.php?action=edit&id=" . $_POST["local_graph_id"]); + header('Location: ' . $config['url_path'] . 'aggregate_graphs.php?action=edit&id=' . get_filter_request_var('local_graph_id')); exit; } } @@ -154,44 +158,46 @@ function form_save() { function form_save_aggregate() { global $config; - if (!isset($_POST["save_component_item"])) { + if (!isset_request_var('save_component_item')) { return; } // two possible tables to save to - aggregate template or aggregate graph // with different key column combination - $save_to = "aggregate_graph_templates_item"; - $key_cols = array("aggregate_template_id", "graph_templates_item_id"); - $location_success = "aggregate_templates.php?action=edit&id=" . $_POST["aggregate_template_id"]; - $location_failure = "aggregate_items.php?action=item_edit&aggregate_template_id=" . $_POST["aggregate_template_id"] . "&id=" . $_POST["graph_template_item_id"]; - if ($_POST["aggregate_graph_id"] > 0) { - $save_to = "aggregate_graphs_graph_item"; - $key_cols = array("aggregate_graph_id", "graph_templates_item_id"); - $location_success = "aggregate_graphs.php?action=edit&id=" . $_POST["local_graph_id"]; - $location_failure = "aggregate_items.php?action=item_edit&aggregate_graph_id=" . $_POST["aggregate_graph_id"] . "&id=" . $_POST["graph_template_item_id"]; + $save_to = 'aggregate_graph_templates_item'; + $key_cols = array('aggregate_template_id', 'graph_templates_item_id'); + $location_success = 'aggregate_templates.php?action=edit&id=' . get_filter_request_var('aggregate_template_id'); + $location_failure = 'aggregate_items.php?action=item_edit&aggregate_template_id=' . get_filter_request_var('aggregate_template_id') . '&id=' . get_filter_request_var('graph_template_item_id'); + + if (get_filter_request_var('aggregate_graph_id') > 0) { + $save_to = 'aggregate_graphs_graph_item'; + $key_cols = array('aggregate_graph_id', 'graph_templates_item_id'); + $location_success = 'aggregate_graphs.php?action=edit&id=' . get_filter_request_var('local_graph_id'); + $location_failure = 'aggregate_items.php?action=item_edit&aggregate_graph_id=' . get_filter_request_var('aggregate_graph_id') . '&id=' . get_filter_request_var('graph_template_item_id'); } // only some properties can be saved here - $save = array(); - $save["t_graph_type_id"] = form_input_validate((isset($_POST["t_graph_type_id"]) ? $_POST["t_graph_type_id"] : ""), "t_graph_type_id", "", true, 3); - $save["graph_type_id"] = form_input_validate((($save["t_graph_type_id"]) ? $_POST["graph_type_id"] : 0), "graph_type_id", "", true, 3); - $save["t_cdef_id"] = form_input_validate((isset($_POST["t_cdef_id"]) ? $_POST["t_cdef_id"] : ""), "t_cdef_id", "", true, 3); - $save["cdef_id"] = form_input_validate((($save["t_cdef_id"]) ? $_POST["cdef_id"] : 0), "cdef_id", "", true, 3); + $save = array(); + $save['t_graph_type_id'] = form_input_validate((isset_request_var('t_graph_type_id') ? get_nfilter_request_var('t_graph_type_id') : ''), 't_graph_type_id', '', true, 3); + $save['graph_type_id'] = form_input_validate((($save['t_graph_type_id']) ? get_filter_request_var('graph_type_id') : 0), 'graph_type_id', '', true, 3); + $save['t_cdef_id'] = form_input_validate((isset_request_var('t_cdef_id') ? get_nfilter_request_var('t_cdef_id') : ''), 't_cdef_id', '', true, 3); + $save['cdef_id'] = form_input_validate((($save['t_cdef_id']) ? get_filter_request_var('cdef_id') : 0), 'cdef_id', '', true, 3); if (!is_error_message()) { // sql_save will not give usefull return values when row key is // composed from multiple columns. need to manualy build query - $sql_set = "SET "; + $sql_set = 'SET '; foreach ($save as $key => $value) { - $sql_set.= $key."='".addslashes($value)."', "; + $sql_set .= $key . "='" . addslashes($value) . "', "; } $sql_set = substr($sql_set, 0, -2); - $sql_where = "graph_templates_item_id = ".$_POST["graph_template_item_id"]." AND "; - if ($save_to == "aggregate_graph_templates_item") - $sql_where.= "aggregate_template_id=".addslashes($_POST["aggregate_template_id"]); - else - $sql_where.= "aggregate_graph_id=".addslashes($_POST["aggregate_graph_id"]); + $sql_where = 'graph_templates_item_id = ' . get_filter_request_var('graph_template_item_id') . ' AND '; + if ($save_to == 'aggregate_graph_templates_item') { + $sql_where .= 'aggregate_template_id=' . addslashes(get_filter_request_var('aggregate_template_id')); + }else{ + $sql_where .= 'aggregate_graph_id=' . addslashes(get_filter_request_var('aggregate_graph_id')); + } $sql = "UPDATE $save_to $sql_set WHERE $sql_where LIMIT 1"; $success = db_execute($sql); @@ -203,17 +209,17 @@ function form_save_aggregate() { // update existing graphs with the changest to this item if ($save_to == 'aggregate_graphs_graph_item') - push_out_aggregates(0, $_POST["local_graph_id"]); + push_out_aggregates(0, get_filter_request_var('local_graph_id')); elseif ($save_to == 'aggregate_graph_templates_item') - push_out_aggregates($_POST["aggregate_template_id"]); + push_out_aggregates(get_filter_request_var('aggregate_template_id')); } if (is_error_message()) { - header("Location: " . $config['url_path'] . $location_failure); + header('Location: ' . $config['url_path'] . $location_failure); exit; }else{ - header("Location: " . $config['url_path'] . $location_success); + header('Location: ' . $config['url_path'] . $location_success); exit; } } @@ -226,17 +232,17 @@ function item_movedown() { global $graph_item_types; /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); - input_validate_input_number(get_request_var("local_graph_id")); + get_filter_request_var('id'); + get_filter_request_var('local_graph_id'); /* ==================================================== */ - $arr = get_graph_group($_GET["id"]); - $next_id = get_graph_parent($_GET["id"], "next"); + $arr = get_graph_group(get_request_var('id')); + $next_id = get_graph_parent(get_request_var('id'), 'next'); - if ((!empty($next_id)) && (isset($arr{$_GET["id"]}))) { - move_graph_group($_GET["id"], $arr, $next_id, "next"); - }elseif (preg_match("/(GPRINT|VRULE|HRULE|COMMENT)/", $graph_item_types{db_fetch_cell("select graph_type_id from graph_templates_item where id=" . $_GET["id"])})) { - move_item_down("graph_templates_item", $_GET["id"], "local_graph_id=" . $_GET["local_graph_id"]); + if ((!empty($next_id)) && (isset($arr{get_request_var('id')}))) { + move_graph_group(get_request_var('id'), $arr, $next_id, 'next'); + }elseif (preg_match('/(GPRINT|VRULE|HRULE|COMMENT)/', $graph_item_types{db_fetch_cell('select graph_type_id from graph_templates_item where id=' . get_request_var('id'))})) { + move_item_down('graph_templates_item', get_request_var('id'), 'local_graph_id=' . get_request_var('local_graph_id')); } } @@ -244,68 +250,68 @@ function item_moveup() { global $graph_item_types; /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); - input_validate_input_number(get_request_var("local_graph_id")); + get_filter_request_var('id'); + get_filter_request_var('local_graph_id'); /* ==================================================== */ - $arr = get_graph_group($_GET["id"]); - $previous_id = get_graph_parent($_GET["id"], "previous"); + $arr = get_graph_group(get_request_var('id')); + $previous_id = get_graph_parent(get_request_var('id'), 'previous'); - if ((!empty($previous_id)) && (isset($arr{$_GET["id"]}))) { - move_graph_group($_GET["id"], $arr, $previous_id, "previous"); - }elseif (preg_match("/(GPRINT|VRULE|HRULE|COMMENT)/", $graph_item_types{db_fetch_cell("select graph_type_id from graph_templates_item where id=" . $_GET["id"])})) { - move_item_up("graph_templates_item", $_GET["id"], "local_graph_id=" . $_GET["local_graph_id"]); + if ((!empty($previous_id)) && (isset($arr{get_request_var('id')}))) { + move_graph_group(get_request_var('id'), $arr, $previous_id, 'previous'); + }elseif (preg_match('/(GPRINT|VRULE|HRULE|COMMENT)/', $graph_item_types{db_fetch_cell('select graph_type_id from graph_templates_item where id=' . get_request_var('id'))})) { + move_item_up('graph_templates_item', get_request_var('id'), 'local_graph_id=' . get_request_var('local_graph_id')); } } function item_remove() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); + get_filter_request_var('id'); /* ==================================================== */ - db_execute("DELETE FROM graph_templates_item WHERE id=" . $_GET["id"]); + db_execute('DELETE FROM graph_templates_item WHERE id=' . get_request_var('id')); } function item_edit() { global $config, $struct_graph_item, $graph_item_types, $consolidation_functions; /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); - input_validate_input_number(get_request_var("local_graph_id")); - input_validate_input_number(get_request_var("aggregate_graph_id")); - input_validate_input_number(get_request_var("aggregate_template_id")); + get_filter_request_var('id'); + get_filter_request_var('local_graph_id'); + get_filter_request_var('aggregate_graph_id'); + get_filter_request_var('aggregate_template_id'); /* ==================================================== */ /* remember these search fields in session vars so we don't have to keep passing them around */ - load_current_session_value("local_graph_id", "sess_local_graph_id", ""); + load_current_session_value('local_graph_id', 'sess_local_graph_id', ''); - $id = (!empty($_REQUEST["id"]) ? "&id=" . $_REQUEST["id"] : ""); + $id = (!isempty_request_var('id') ? '&id=' . get_request_var('id') : ''); /* this editor can work on aggregate template graph item or aggregate item */ - if (!empty($_REQUEST["aggregate_graph_id"])) { - $id_field = 'aggregate_graph_id'; + if (!isempty_request_var('aggregate_graph_id')) { + $id_field = 'aggregate_graph_id'; $table_name = 'aggregate_graphs_graph_item'; - $page_name = 'aggregate_graphs.php'; - }elseif (!empty($_REQUEST["aggregate_template_id"])) { - $id_field = 'aggregate_template_id'; + $page_name = 'aggregate_graphs.php'; + }elseif (!isempty_request_var('aggregate_template_id')) { + $id_field = 'aggregate_template_id'; $table_name = 'aggregate_graph_templates_item'; - $page_name = 'aggregate_templates.php'; + $page_name = 'aggregate_templates.php'; }else { /* TODO redirect somewhere and show an error message, rather than die */ die(); } - if (!empty($_REQUEST["id"])) { - $template_item = db_fetch_row("select * from graph_templates_item where id=" . get_request_var("id")); + if (!isempty_request_var('id')) { + $template_item = db_fetch_row('select * from graph_templates_item where id=' . get_request_var('id')); } /* override some template_item values from aggregate tables */ - $item_overrides = db_fetch_row("SELECT - * + $item_overrides = db_fetch_row("SELECT * FROM $table_name - WHERE $id_field= ".get_request_var($id_field)." - AND graph_templates_item_id=".get_request_var("id") + WHERE $id_field=" . get_request_var($id_field)." + AND graph_templates_item_id=" . get_request_var("id") ); + if (sizeof($item_overrides) == 0) { /* this item is not currently in aggregate tables * item editor will not work in this case, so let's @@ -316,14 +322,16 @@ function item_edit() { 'graph_templates_item_id' => get_request_var("id"), 'sequence' => $template_item['sequence'] ); + aggregate_graph_items_save(array($item_new), $table_name); - $item_overrides = db_fetch_row("SELECT - * + + $item_overrides = db_fetch_row("SELECT * FROM $table_name WHERE $id_field= ".get_request_var($id_field)." AND graph_templates_item_id=".get_request_var("id") ); } + foreach (array_keys($template_item) as $field_name) { if (!array_key_exists($field_name, $item_overrides)) continue; @@ -332,7 +340,7 @@ function item_edit() { $template_item[$field_name] = $item_overrides[$field_name]; } - html_start_box("Override Values for Graph Item", "100%", '', "3", "center", ""); + html_start_box('Override Values for Graph Item', '100%', '', '3', 'center', ''); $form_array = array(); @@ -340,95 +348,92 @@ function item_edit() { $form_array += array($field_name => $struct_graph_item[$field_name]); /* should we draw an override checkbox */ - if (array_key_exists("t_".$field_name, $item_overrides)) { - $form_array[$field_name]["sub_checkbox"] = array( - "name" => "t_" . $field_name, - "friendly_name" => "Override this Value
", - "value" => ($item_overrides["t_".$field_name] == "on" ? "on" : ""), - "on_change" => "toggleFieldEnabled(this);" + if (array_key_exists('t_' . $field_name, $item_overrides)) { + $form_array[$field_name]['sub_checkbox'] = array( + 'name' => 't_' . $field_name, + 'friendly_name' => 'Override this Value
', + 'value' => ($item_overrides['t_'.$field_name] == 'on' ? 'on' : ''), + 'on_change' => 'toggleFieldEnabled(this);' ); } - $form_array[$field_name]["value"] = (isset($template_item) ? $template_item[$field_name] : ""); - $form_array[$field_name]["form_id"] = (isset($template_item) ? $template_item["id"] : "0"); + $form_array[$field_name]['value'] = (isset($template_item) ? $template_item[$field_name] : ''); + $form_array[$field_name]['form_id'] = (isset($template_item) ? $template_item['id'] : '0'); } draw_edit_form( array( - "config" => array( - "post_to" => $config['url_path'] . "aggregate_items.php" + 'config' => array( + 'post_to' => $config['url_path'] . 'aggregate_items.php' ), - "fields" => $form_array + 'fields' => $form_array ) ); - form_hidden_box("local_graph_id", get_request_var("local_graph_id"), "0"); - form_hidden_box("graph_template_item_id", (isset($template_item) ? $template_item["id"] : "0"), ""); - form_hidden_box("local_graph_template_item_id", (isset($template_item) ? $template_item["local_graph_template_item_id"] : "0"), ""); - form_hidden_box("graph_template_id", (isset($template_item) ? $template_item["graph_template_id"] : "0"), ""); - form_hidden_box("sequence", (isset($template_item) ? $template_item["sequence"] : "0"), ""); - form_hidden_box("_graph_type_id", (isset($template_item) ? $template_item["graph_type_id"] : "0"), ""); - form_hidden_box("save_component_item", "1", ""); - form_hidden_box("invisible_alpha", $form_array["alpha"]["value"], "FF"); - form_hidden_box("rrdtool_version", read_config_option("rrdtool_version"), ""); - form_hidden_box("aggregate_graph_id", get_request_var("aggregate_graph_id"), "0"); - form_hidden_box("aggregate_template_id", get_request_var("aggregate_template_id"), "0"); + form_hidden_box('local_graph_id', get_request_var('local_graph_id'), '0'); + form_hidden_box('graph_template_item_id', (isset($template_item) ? $template_item['id'] : '0'), ''); + form_hidden_box('local_graph_template_item_id', (isset($template_item) ? $template_item['local_graph_template_item_id'] : '0'), ''); + form_hidden_box('graph_template_id', (isset($template_item) ? $template_item['graph_template_id'] : '0'), ''); + form_hidden_box('sequence', (isset($template_item) ? $template_item['sequence'] : '0'), ''); + form_hidden_box('_graph_type_id', (isset($template_item) ? $template_item['graph_type_id'] : '0'), ''); + form_hidden_box('save_component_item', '1', ''); + form_hidden_box('invisible_alpha', $form_array['alpha']['value'], 'FF'); + form_hidden_box('rrdtool_version', read_config_option('rrdtool_version'), ''); + form_hidden_box('aggregate_graph_id', get_request_var('aggregate_graph_id'), '0'); + form_hidden_box('aggregate_template_id', get_request_var('aggregate_template_id'), '0'); html_end_box(); - form_save_button($config['url_path'] . "$page_name?action=edit&id=" . get_request_var("local_graph_id")); + form_save_button($config['url_path'] . "$page_name?action=edit&id=" . get_request_var('local_graph_id')); -//Now we need some javascript to make it dynamic -?> - + // disable all items except those explicitly overriden + function setFieldsDisabled() { + $('tr[id*="row_"]').each(function() { + fieldName = this.id.substr(4); + cbName = 't_'+fieldName; + if ($('#'+cbName).size() > 0) { + $('#'+fieldName).prop('disabled', !$('#'+cbName).is(':checked')); + } else { + $('#'+fieldName).prop('disabled', true); + } + }); + } - + diff --git a/aggregate_templates.php b/aggregate_templates.php index f172ac58a2..de25c1cf20 100644 --- a/aggregate_templates.php +++ b/aggregate_templates.php @@ -32,13 +32,15 @@ ); /* set default action */ -if (!isset($_REQUEST['action'])) $_REQUEST['action'] = ''; +set_default_action(); -if ($_REQUEST['action'] == 'save' && $_REQUEST['id'] == 0 && isset($_REQUEST['_graph_template_id']) && $_REQUEST['_graph_template_id'] == 0) { - $_REQUEST['action'] = 'edit'; +if (get_request_var('action') == 'save') { + if (get_request_var('id') == 0 && isset_request_var('_graph_template_id') && get_request_var('_graph_template_id') == 0) { + set_request_var('action', 'edit'); + } } -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': aggregate_form_save(); break; @@ -65,7 +67,7 @@ */ function aggregate_form_save() { /* make sure we are saving aggregate template */ - if (!isset($_POST['save_component_template'])) { + if (!isset_request_var('save_component_template')) { header('Location: aggregate_templates.php?header=false&action=edit&id=' . get_request_var_post('id')); return null; } @@ -73,7 +75,7 @@ function aggregate_form_save() { $save1 = array(); /* updating existing template or creating a new one? */ - if (isset_request_var('id') && $_POST['id'] > 0) { + if (isset_request_var('id') && get_request_var('id') > 0) { $is_new = false; $save1['id'] = get_request_var_post('id'); } else { @@ -82,14 +84,14 @@ function aggregate_form_save() { } /* set some defaults for possibly disabled values */ - if (!isset_request_var('total')) $_POST['total'] = 0; - if (!isset_request_var('total_type')) $_POST['total_type'] = 0; - if (!isset_request_var('order_type')) $_POST['order_type'] = 0; - if (!isset_request_var('total_prefix')) $_POST['total_prefix'] = ''; + if (!isset_request_var('total')) set_request_var('total', 0); + if (!isset_request_var('total_type')) set_request_var('total_type', 0); + if (!isset_request_var('order_type')) set_request_var('order_type', 0); + if (!isset_request_var('total_prefix')) set_request_var('total_prefix', ''); /* populate aggregate template save array and validate posted values*/ $save1['name'] = form_input_validate(get_request_var_post('name'), 'name', '', false, 3); - $save1['graph_template_id'] = $_POST['_graph_template_id']; + $save1['graph_template_id'] = get_filter_request_var('_graph_template_id'); $save1['gprint_prefix'] = form_input_validate(get_request_var_post('gprint_prefix'), 'gprint_prefix', '', true, 3); $save1['graph_type'] = form_input_validate(get_request_var_post('graph_type'), 'graph_type', '', false, 3); $save1['total'] = form_input_validate(get_request_var_post('total'), 'total', '', false, 3); @@ -166,8 +168,9 @@ function aggregate_form_save() { /* save only if all posted form fields passed validation */ - if (!is_error_message()) + if (!is_error_message()) { sql_save($params_new, 'aggregate_graph_templates_graph', 'aggregate_template_id', false); + } /* save the template items now */ /* get existing item ids and sequences from graph template */ @@ -175,6 +178,7 @@ function aggregate_form_save() { db_fetch_assoc('SELECT id, sequence FROM graph_templates_item WHERE local_graph_id=0 AND graph_template_id=' . $save1['graph_template_id']), 'id', array('sequence') ); + /* get existing aggregate template items */ $aggregate_template_items_old = array_rekey( db_fetch_assoc('SELECT * FROM aggregate_graph_templates_item WHERE aggregate_template_id='.$id), @@ -186,6 +190,7 @@ function aggregate_form_save() { $items_changed = false; $items_to_save = array(); + foreach($graph_templates_items as $item_id => $data) { $item_new = array(); $item_new['aggregate_template_id'] = $id; @@ -230,7 +235,6 @@ function aggregate_get_graph_items($table, $id) { } - /* ------------------------ The 'actions' function ------------------------ */ @@ -242,7 +246,7 @@ function aggregate_form_actions() { include_once($config['base_path'] . '/api_aggregate.php'); /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('drp_action')); + get_filter_request_var('drp_action'); /* ==================================================== */ /* if we are to save this form, instead of display it */ @@ -322,11 +326,11 @@ function aggregate_template_edit() { global $image_types, $struct_aggregate_template; /* ================= input validation ================= */ - input_validate_input_number(get_request_var('id')); + get_filter_request_var('id'); /* ==================================================== */ - if (!empty($_GET['id'])) { - $template = db_fetch_row('SELECT * FROM aggregate_graph_templates WHERE id=' . $_GET['id']); + if (!isempty_request_var('id')) { + $template = db_fetch_row('SELECT * FROM aggregate_graph_templates WHERE id=' . get_request_var('id')); $header_label = '[edit: ' . $template['name'] . ']'; }else{ $header_label = '[new]'; @@ -335,7 +339,7 @@ function aggregate_template_edit() { /* populate the graph template id if it's set */ if (isset_request_var('graph_template_id') && !isset($template)) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var('graph_template_id')); + get_filter_request_var('graph_template_id'); /* ==================================================== */ $template['graph_template_id'] = get_request_var_post('graph_template_id'); $template['id'] = 0; @@ -359,14 +363,13 @@ function aggregate_template_edit() { draw_aggregate_template_graph_config($template['id'], $template['graph_template_id']); } - form_hidden_box('id', (isset($template['id']) ? $template['id'] : '0'), '0'); form_hidden_box('save_component_template', '1', ''); form_save_button('aggregate_templates.php', 'return', 'id'); ?> + + + + + + + + + - - '; + + +
+ Search + + + + Templates + - - - - - - - - - - - -
- Search - - - - Templates - - - - - - - - - - -
+ + $filter_html .= ' + 		+ + + + +
+ +
+ + + '; print $filter_html; @@ -588,11 +593,11 @@ function aggregate_template() { /* form the 'where' clause for our main sql query */ $sql_where = ''; - if (strlen($_REQUEST['filter'])) { - $sql_where = "WHERE (pgt.name LIKE '%%" . $_REQUEST['filter'] . "%%' OR gt.name LIKE '%%" . $_REQUEST['filter'] . "%%')"; + if (get_request_var('filter') != '') { + $sql_where = "WHERE (pgt.name LIKE '%" . get_request_var('filter') . "%' OR gt.name LIKE '%" . get_request_var('filter') . "%')"; } - if ($_REQUEST['has_graphs'] == 'true') { + if (get_request_var('has_graphs') == 'true') { $sql_where .= (strlen($sql_where) ? ' AND ':'WHERE ') . 'graphs.graphs>0'; } @@ -624,7 +629,7 @@ function aggregate_template() { LEFT JOIN graph_templates AS gt ON gt.id=pgt.graph_template_id $sql_where - ORDER BY " . $_REQUEST['sort_column'] . ' ' . $_REQUEST['sort_direction'] . + ORDER BY " . get_request_var('sort_column') . ' ' . get_request_var('sort_direction') . ' LIMIT ' . (get_request_var('rows')*(get_request_var('page')-1)) . ',' . get_request_var('rows')); $nav = html_nav_bar('aggregate_templates.php', MAX_DISPLAY_PAGES, get_request_var('page'), get_request_var('rows'), $total_rows, 5, 'Aggregate Templates', 'page', 'main'); @@ -637,7 +642,7 @@ function aggregate_template() { 'graphs.graphs' => array('display' => 'Graphs', 'align' => 'right', 'sort' => 'DESC'), 'graph_template_name' => array('display' => 'Graph Template', 'align' => 'left', 'sort' => 'ASC')); - html_header_sort_checkbox($display_text, $_REQUEST['sort_column'], $_REQUEST['sort_direction'], false); + html_header_sort_checkbox($display_text, get_request_var('sort_column'), get_request_var('sort_direction'), false); if (sizeof($template_list)) { foreach ($template_list as $template) { diff --git a/auth_changepassword.php b/auth_changepassword.php index dcd973b06e..2d38d98a67 100644 --- a/auth_changepassword.php +++ b/auth_changepassword.php @@ -72,9 +72,9 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'changepassword': - if ($user['password'] != md5($_POST['current_password'])) { + if ($user['password'] != md5(get_nfilter_request_var('current_password'))) { $bad_password = true; $errorMessage = "Your current password is not correct. Please try again."; } @@ -97,7 +97,7 @@ $errorMessage = "You can not use a previously entered password!"; } - if ($bad_password == false && get_request_var_post('password') == $_POST['confirm'] && $_POST['password'] != '') { + if ($bad_password == false && get_request_var_post('password') == get_nfilter_request_var('confirm') && get_nfilter_request_var('password') != '') { // Password change is good to go if (read_config_option('secpass_expirepass') > 0) { db_execute("UPDATE user_auth SET lastchange = " . time() . " WHERE id = " . intval($_SESSION['sess_user_id']) . " AND realm = 0 AND enabled = 'on'"); @@ -127,18 +127,18 @@ $realm_id = $user_auth_realm_filenames['index.php']; $has_console = db_fetch_cell('SELECT realm_id FROM user_auth_realm WHERE user_id = ? AND realm_id = ?', array($_SESSION['sess_user_id'], $realm_id)); - if (basename($_POST['ref']) == 'auth_changepassword.php' || basename($_POST['ref']) == '') { + if (basename(get_nfilter_request_var('ref')) == 'auth_changepassword.php' || basename(get_nfilter_request_var('ref')) == '') { if ($has_console) { - $_POST['ref'] = 'index.php'; + set_request_var('ref', 'index.php'); }else{ - $_POST['ref'] = 'graph_view.php'; + set_request_var('ref', 'graph_view.php'); } } if (!empty($has_console)) { switch ($user['login_opts']) { case '1': /* referer */ - header('Location: ' . sanitize_uri($_POST['ref'])); break; + header('Location: ' . sanitize_uri(get_nfilter_request_var('ref'))); break; case '2': /* default console page */ header('Location: index.php'); break; case '3': /* default graph page */ @@ -164,7 +164,7 @@ if ($bad_password && $errorMessage == "") { $errorMessage = "Your new passwords do not match, please retype."; -}elseif ($_REQUEST['action'] == 'force') { +}elseif (get_request_var('action') == 'force') { $errorMessage = "*** Forced password change ***"; } @@ -192,7 +192,7 @@ Change Password
- +

Please enter your current password and your new
Cacti password.

diff --git a/auth_login.php b/auth_login.php index 57eece56e9..c6f599fdcd 100644 --- a/auth_login.php +++ b/auth_login.php @@ -23,16 +23,13 @@ */ /* set default action */ -if (isset($_REQUEST['action'])) { - $action = $_REQUEST['action']; -}else{ - $action = ''; -} +set_default_action(); /* Get the username */ if (read_config_option('auth_method') == '2') { /* Get the Web Basic Auth username and set action so we login right away */ - $action = 'login'; + set_request_var('action', 'login'); + if (isset($_SERVER['PHP_AUTH_USER'])) { $username = str_replace("\\", "\\\\", $_SERVER['PHP_AUTH_USER']); }elseif (isset($_SERVER['REMOTE_USER'])) { @@ -54,7 +51,7 @@ exit; } }else{ - if ($action == 'login') { + if (get_nfilter_request_var('action') == 'login') { /* LDAP and Builtin get username from Form */ $username = get_request_var_post('login_username'); }else{ @@ -73,7 +70,7 @@ $ldap_error_message = ''; $realm = 0; -if ($action == 'login') { +if (get_nfilter_request_var('action') == 'login') { if (get_request_var_post('realm') == 'local') { $auth_method = 1; }else{ @@ -210,7 +207,7 @@ } /* remember this user */ - if (isset($_POST['remember_me']) && read_config_option('auth_cache_enabled') == 'on') { + if (isset_request_var('remember_me') && read_config_option('auth_cache_enabled') == 'on') { set_auth_cookie($user); } @@ -463,7 +460,7 @@ function domains_ldap_search_dn($username, $realm) { 'ldap_error_message' => $ldap_error_message, 'username' => $username, 'user_enabled' => $user_enabled, - 'action' => $action)); + 'action' => get_nfilter_request_var('action'))); ?>

Enter your Username and Password below

@@ -541,7 +538,7 @@ function domains_ldap_search_dn($username, $realm) { if ($ldap_error) {?> + if (get_nfilter_request_var('action') == 'login') {?> Invalid User Name/Password Please Retype diff --git a/auth_profile.php b/auth_profile.php index f26996c6ca..a235078ea1 100644 --- a/auth_profile.php +++ b/auth_profile.php @@ -28,7 +28,7 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': form_save(); @@ -66,8 +66,8 @@ function form_save() { global $settings_graphs; // Save the users profile information - if (isset($_POST['full_name']) && isset($_POST['email_address']) && isset($_SESSION['sess_user_id'])) { - db_execute_prepared("UPDATE user_auth SET full_name = ?, email_address = ? WHERE id = ?", array($_POST['full_name'], $_POST['email_address'], $_SESSION['sess_user_id'])); + if (isset_request_var('full_name') && isset_request_var('email_address') && isset($_SESSION['sess_user_id'])) { + db_execute_prepared("UPDATE user_auth SET full_name = ?, email_address = ? WHERE id = ?", array(get_nfilter_request_var('full_name'), get_nfilter_request_var('email_address'), $_SESSION['sess_user_id'])); } // Save the users graph settings if they have permission @@ -76,37 +76,38 @@ function form_save() { while (list($field_name, $field_array) = each($tab_fields)) { /* Check every field with a numeric default value and reset it to default if the inputted value is not numeric */ if (isset($field_array['default']) && is_numeric($field_array['default']) && !is_numeric(get_request_var_post($field_name))) { - $_POST[$field_name] = $field_array['default']; + set_request_var($field_name, $field_array['default']); } + if ($field_array['method'] == 'checkbox') { - if (isset($_POST[$field_name])) { + if (isset_request_var($field_name)) { db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, 'on')", array($_SESSION['sess_user_id'], $field_name)); }else{ db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, '')", array($_SESSION['sess_user_id'], $field_name)); } }elseif ($field_array['method'] == 'checkbox_group') { while (list($sub_field_name, $sub_field_array) = each($field_array['items'])) { - if (isset($_POST[$sub_field_name])) { + if (isset_request_var($sub_field_name)) { db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, 'on')", array($_SESSION['sess_user_id'], $sub_field_name)); }else{ db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, '')", array($_SESSION['sess_user_id'], $sub_field_name)); } } }elseif ($field_array['method'] == 'textbox_password') { - if ($_POST[$field_name] != $_POST[$field_name.'_confirm']) { + if (get_nfilter_request_var($field_name) != get_nfilter_request_var($field_name.'_confirm')) { raise_message(4); break; - }elseif (isset($_POST[$field_name])) { - db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) VALUES (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_request_var_post($field_name))); + }elseif (isset_request_var($field_name)) { + db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) VALUES (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_nfilter_request_var($field_name))); } }elseif ((isset($field_array['items'])) && (is_array($field_array['items']))) { while (list($sub_field_name, $sub_field_array) = each($field_array['items'])) { - if (isset($_POST[$sub_field_name])) { + if (isset_request_var($sub_field_name)) { db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) values (?, ?, ?)', array($_SESSION['sess_user_id'], $sub_field_name, get_request_var_post($sub_field_name))); } } - }else if (isset($_POST[$field_name])) { - db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) values (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_request_var_post($field_name))); + }else if (isset_request_var($field_name)) { + db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) values (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_nfilter_request_var($field_name))); } } } @@ -132,7 +133,7 @@ function settings() { return; } - if ($_REQUEST['action'] == 'edit') { + if (get_request_var('action') == 'edit') { if (isset($_SERVER['HTTP_REFERER'])) { $timespan_sel_pos = strpos($_SERVER['HTTP_REFERER'],'&predefined_timespan'); if ($timespan_sel_pos) { diff --git a/automation_devices.php b/automation_devices.php index f5a4522eee..c3a156aedd 100644 --- a/automation_devices.php +++ b/automation_devices.php @@ -28,10 +28,12 @@ 1 => 'Add Device' ); -if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'purge') { - input_validate_input_number(get_request_var('network')); +set_default_action(); + +if (get_request_var('action') == 'purge') { + get_filter_request_var('network'); - db_execute('TRUNCATE TABLE automation_devices' . ($_REQUEST['network'] > 0 ? 'WHERE network_id=' . $_REQUEST['network']:'')); + db_execute('TRUNCATE TABLE automation_devices' . (get_request_var('network') > 0 ? 'WHERE network_id=' . get_request_var('network'):'')); header('Location: automation_devices.php?header=false'); @@ -49,48 +51,47 @@ ORDER BY name'), 'id', 'name'); /* ================= input validation ================= */ -input_validate_input_number(get_request_var('page')); -input_validate_input_number(get_request_var('rows')); +get_filter_request_var('page'); +get_filter_request_var('rows'); /* ==================================================== */ /* clean up status string */ -if (isset($_REQUEST['status'])) { - $_REQUEST['status'] = sanitize_search_string(get_request_var('status')); +if (isset_request_var('status')) { + set_request_var('status', sanitize_search_string(get_request_var('status'))); } /* clean up network string */ -if (isset($_REQUEST['network'])) { - $_REQUEST['network'] = sanitize_search_string(get_request_var('network')); +if (isset_request_var('network')) { + set_request_var('network', sanitize_search_string(get_request_var('network'))); } /* clean up snmp string */ -/* clean up snmp string */ -if (isset($_REQUEST['snmp'])) { - $_REQUEST['snmp'] = sanitize_search_string(get_request_var('snmp')); +if (isset_request_var('snmp')) { + set_request_var('snmp', sanitize_search_string(get_request_var('snmp'))); } /* clean up os string */ -if (isset($_REQUEST['os'])) { - $_REQUEST['os'] = sanitize_search_string(get_request_var('os')); +if (isset_request_var('os')) { + set_request_var('os', sanitize_search_string(get_request_var('os'))); } /* clean up filter string */ -if (isset($_REQUEST['filter'])) { - $_REQUEST['filter'] = sanitize_search_string(get_request_var('filter')); +if (isset_request_var('filter')) { + set_request_var('filter', sanitize_search_string(get_request_var('filter'))); } /* clean up sort_column */ -if (isset($_REQUEST['sort_column'])) { - $_REQUEST['sort_column'] = sanitize_search_string(get_request_var('sort_column')); +if (isset_request_var('sort_column')) { + set_request_var('sort_column', sanitize_search_string(get_request_var('sort_column'))); } /* clean up search string */ -if (isset($_REQUEST['sort_direction'])) { - $_REQUEST['sort_direction'] = sanitize_search_string(get_request_var('sort_direction')); +if (isset_request_var('sort_direction')) { + set_request_var('sort_direction', sanitize_search_string(get_request_var('sort_direction'))); } /* if the user pushed the 'clear' button */ -if (isset($_REQUEST['clear'])) { +if (isset_request_var('clear')) { kill_session_var('sess_autom_current_page'); kill_session_var('sess_autom_status'); kill_session_var('sess_autom_network'); @@ -166,7 +167,7 @@ $sql_where .= (strlen($sql_where) ? ' AND ':'WHERE ') . "(hostname LIKE '%$filter%' OR ip LIKE '%$filter%')"; } -if (isset($_REQUEST['export'])) { +if (isset_request_var('export')) { $result = db_fetch_assoc("SELECT * FROM automation_devices $sql_where order by INET_ATON(ip)"); header('Content-type: application/csv'); @@ -325,7 +326,7 @@ - '> + '> diff --git a/automation_graph_rules.php b/automation_graph_rules.php index 285a926199..e25824684c 100644 --- a/automation_graph_rules.php +++ b/automation_graph_rules.php @@ -37,7 +37,7 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': save(); @@ -49,17 +49,17 @@ case 'item_movedown': automation_graph_rules_item_movedown(); - header('Location: automation_graph_rules.php?action=edit&id=' . $_GET['id']); + header('Location: automation_graph_rules.php?action=edit&id=' . get_filter_request_var('id')); break; case 'item_moveup': automation_graph_rules_item_moveup(); - header('Location: automation_graph_rules.php?action=edit&id=' . $_GET['id']); + header('Location: automation_graph_rules.php?action=edit&id=' . get_filter_request_var('id')); break; case 'item_remove': automation_graph_rules_item_remove(); - header('Location: automation_graph_rules.php?action=edit&id=' . $_GET['id']); + header('Location: automation_graph_rules.php?action=edit&id=' . get_filter_request_var('id')); break; case 'item_edit': top_header(); @@ -88,16 +88,16 @@ -------------------------- */ function save() { - if (isset($_POST['save_component_automation_graph_rule'])) { + if (isset_request_var('save_component_automation_graph_rule')) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); + get_filter_request_var('id'); /* ==================================================== */ $save['id'] = get_request_var_post('id'); $save['name'] = form_input_validate(get_request_var_post('name'), 'name', '', false, 3); $save['snmp_query_id'] = form_input_validate(get_request_var_post('snmp_query_id'), 'snmp_query_id', '^[0-9]+$', false, 3); - $save['graph_type_id'] = (isset($_POST['graph_type_id'])) ? form_input_validate($_POST['graph_type_id'], 'graph_type_id', '^[0-9]+$', false, 3) : 0; - $save['enabled'] = (isset($_POST['enabled']) ? 'on' : ''); + $save['graph_type_id'] = (isset_request_var('graph_type_id')) ? form_input_validate(get_nfilter_request_var('graph_type_id'), 'graph_type_id', '^[0-9]+$', false, 3) : 0; + $save['enabled'] = (isset_request_var('enabled') ? 'on' : ''); if (!is_error_message()) { $rule_id = sql_save($save, 'automation_graph_rules'); @@ -108,24 +108,24 @@ function save() { } } - if ((is_error_message()) || (empty($_POST["id"]))) { - header('Location: automation_graph_rules.php?header=false&action=edit&id=' . (empty($rule_id) ? get_request_var_post('id') : $rule_id)); + if ((is_error_message()) || (isempty_request_var('id'))) { + header('Location: automation_graph_rules.php?header=false&action=edit&id=' . (empty($rule_id) ? get_nfilter_request_var('id') : $rule_id)); }else{ header('Location: automation_graph_rules.php?header=false'); } - }elseif (isset($_POST['save_component_automation_graph_rule_item'])) { + }elseif (isset_request_var('save_component_automation_graph_rule_item')) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); - input_validate_input_number(get_request_var_post('item_id')); + get_filter_request_var('id'); + get_filter_request_var('item_id'); /* ==================================================== */ $save = array(); $save['id'] = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3); $save['rule_id'] = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3); $save['sequence'] = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3); $save['operation'] = form_input_validate(get_request_var_post('operation'), 'operation', '^[-0-9]+$', true, 3); - $save['field'] = form_input_validate(((isset($_POST['field']) && $_POST['field'] != '0') ? $_POST['field'] : ''), 'field', '', true, 3); - $save['operator'] = form_input_validate((isset($_POST['operator']) ? $_POST['operator'] : ''), 'operator', '^[0-9]+$', true, 3); - $save['pattern'] = form_input_validate((isset($_POST['pattern']) ? $_POST['pattern'] : ''), 'pattern', '', true, 3); + $save['field'] = form_input_validate(((isset_request_var('field') && get_nfilter_request_var('field') != '0') ? get_nfilter_request_var('field') : ''), 'field', '', true, 3); + $save['operator'] = form_input_validate((isset_request_var('operator') ? get_nfilter_request_var('operator') : ''), 'operator', '^[0-9]+$', true, 3); + $save['pattern'] = form_input_validate((isset_request_var('pattern') ? get_nfilter_request_var('pattern') : ''), 'pattern', '', true, 3); if (!is_error_message()) { $item_id = sql_save($save, 'automation_graph_rule_items'); @@ -142,21 +142,21 @@ function save() { }else{ header('Location: automation_graph_rules.php?header=false&action=edit&id=' . get_request_var_post('id') . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION); } - }elseif (isset($_POST['save_component_automation_match_item'])) { + }elseif (isset_request_var('save_component_automation_match_item')) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); - input_validate_input_number(get_request_var_post('item_id')); + get_filter_request_var('id'); + get_filter_request_var('item_id'); /* ==================================================== */ unset($save); - $save['id'] = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3); - $save['rule_id'] = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3); + $save['id'] = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3); + $save['rule_id'] = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3); $save['rule_type'] = AUTOMATION_RULE_TYPE_GRAPH_MATCH; - $save['sequence'] = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3); + $save['sequence'] = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3); $save['operation'] = form_input_validate(get_request_var_post('operation'), 'operation', '^[-0-9]+$', true, 3); - $save['field'] = form_input_validate(((isset($_POST['field']) && $_POST['field'] != '0') ? $_POST['field'] : ''), 'field', '', true, 3); - $save['operator'] = form_input_validate((isset($_POST['operator']) ? $_POST['operator'] : ''), 'operator', '^[0-9]+$', true, 3); - $save['pattern'] = form_input_validate((isset($_POST['pattern']) ? $_POST['pattern'] : ''), 'pattern', '', true, 3); + $save['field'] = form_input_validate(((isset_request_var('field') && get_nfilter_request_var('field') != '0') ? get_nfilter_request_var('field') : ''), 'field', '', true, 3); + $save['operator'] = form_input_validate((isset_request_var('operator') ? get_nfilter_request_var('operator') : ''), 'operator', '^[0-9]+$', true, 3); + $save['pattern'] = form_input_validate((isset_request_var('pattern') ? get_nfilter_request_var('pattern') : ''), 'pattern', '', true, 3); if (!is_error_message()) { $item_id = sql_save($save, 'automation_match_rule_items'); @@ -197,8 +197,8 @@ function automation_graph_rules_form_actions() { db_execute('DELETE FROM automation_match_rule_items WHERE ' . array_to_sql_or($selected_items, 'rule_id')); }elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DUPLICATE) { /* duplicate */ for ($i=0;($i \n"; print "\n"; print "\n"; @@ -1030,7 +1045,7 @@ function setSNMP() { FROM (graph_templates, host_graph) WHERE graph_templates.id = host_graph.graph_template_id AND host_graph.host_id = ? - ORDER BY graph_templates.name', array($_REQUEST['id'])); + ORDER BY graph_templates.name', array(get_request_var('id'))); $available_graph_templates = db_fetch_assoc_prepared('SELECT graph_templates.id, graph_templates.name @@ -1039,7 +1054,7 @@ function setSNMP() { ON snmp_query_graph.graph_template_id = graph_templates.id WHERE snmp_query_graph.name IS NULL AND graph_templates.id NOT IN (SELECT graph_template_id FROM host_graph WHERE host_id = ?) - ORDER BY graph_templates.name', array($_REQUEST['id'])); + ORDER BY graph_templates.name', array(get_request_var('id'))); $i = 0; if (sizeof($selected_graph_templates)) { @@ -1049,14 +1064,14 @@ function setSNMP() { form_alternate_row("gt$i", true); /* get status information for this graph template */ - $is_being_graphed = (sizeof(db_fetch_assoc_prepared('SELECT id FROM graph_local WHERE graph_template_id = ? AND host_id = ?', array($item['id'], $_REQUEST['id']))) > 0) ? true : false; + $is_being_graphed = (sizeof(db_fetch_assoc_prepared('SELECT id FROM graph_local WHERE graph_template_id = ? AND host_id = ?', array($item['id'], get_request_var('id')))) > 0) ? true : false; ?>
Data Query Debug InformationHide
) - Is Being Graphed (Edit)" : "Not Being Graphed");?> + Is Being Graphed (Edit)" : "Not Being Graphed");?> ' data-id=''> @@ -1102,7 +1117,7 @@ function setSNMP() { FROM (snmp_query, host_snmp_query) WHERE snmp_query.id = host_snmp_query.snmp_query_id AND host_snmp_query.host_id = ? - ORDER BY snmp_query.name', array($_REQUEST['id'])); + ORDER BY snmp_query.name', array(get_request_var('id'))); $available_data_queries = db_fetch_assoc('SELECT snmp_query.id, @@ -1113,7 +1128,7 @@ function setSNMP() { $keeper = array(); if (sizeof($available_data_queries)) { foreach ($available_data_queries as $item) { - if (sizeof(db_fetch_assoc_prepared('SELECT snmp_query_id FROM host_snmp_query WHERE host_id = ? AND snmp_query_id = ?', array($_REQUEST['id'], $item['id']))) > 0) { + if (sizeof(db_fetch_assoc_prepared('SELECT snmp_query_id FROM host_snmp_query WHERE host_id = ? AND snmp_query_id = ?', array(get_request_var('id'), $item['id']))) > 0) { /* do nothing */ } else { array_push($keeper, $item); @@ -1131,8 +1146,8 @@ function setSNMP() { form_alternate_row("dg$i", true); /* get status information for this data query */ - $num_dq_items = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ?', array($_REQUEST['id'], $item['id']))); - $num_dq_rows = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ? GROUP BY snmp_index', array($_REQUEST['id'], $item['id']))); + $num_dq_items = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ?', array(get_request_var('id'), $item['id']))); + $num_dq_rows = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ? GROUP BY snmp_index', array(get_request_var('id'), $item['id']))); $status = 'success'; @@ -1199,10 +1214,10 @@ function host() { global $device_actions, $item_rows; /* ================= input validation ================= */ - input_validate_input_number(get_request_var('host_template_id')); - input_validate_input_number(get_request_var('page')); - input_validate_input_number(get_request_var('host_status')); - input_validate_input_number(get_request_var('rows')); + get_filter_request_var('host_template_id'); + get_filter_request_var('page'); + get_filter_request_var('host_status'); + get_filter_request_var('rows'); /* ==================================================== */ /* clean up search string */ @@ -1373,7 +1388,7 @@ function clearFilter() {
- '> + '> @@ -1404,7 +1419,7 @@ function clearFilter() { /* Show all items */ }elseif (get_request_var('host_template_id') == '0') { $sql_where .= (strlen($sql_where) ? ' AND host.host_template_id=0' : ' WHERE host.host_template_id=0'); - }elseif (!empty($_REQUEST['host_template_id'])) { + }elseif (!isempty_request_var('host_template_id')) { $sql_where .= (strlen($sql_where) ? ' AND host.host_template_id=' . get_request_var('host_template_id') : ' WHERE host.host_template_id=' . get_request_var('host_template_id')); } diff --git a/host_templates.php b/host_templates.php index 77cac7387e..1b2aa16f7f 100644 --- a/host_templates.php +++ b/host_templates.php @@ -35,7 +35,7 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': form_save(); @@ -45,24 +45,32 @@ break; case 'item_add_gt': + get_filter_request_var('host_template_id'); + template_item_add_gt(); - header('Location: host_templates.php?header=false&action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?header=false&action=edit&id=' . get_request_var('host_template_id')); break; case 'item_remove_gt': + get_filter_request_var('host_template_id'); + template_item_remove_gt(); - header('Location: host_templates.php?action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?action=edit&id=' . get_request_var('host_template_id')); break; case 'item_add_dq': + get_filter_request_var('host_template_id'); + template_item_add_dq(); - header('Location: host_templates.php?header=false&action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?header=false&action=edit&id=' . get_request_var('host_template_id')); break; case 'item_remove_dq': + get_filter_request_var('host_template_id'); + template_item_remove_dq(); - header('Location: host_templates.php?action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?action=edit&id=' . get_request_var('host_template_id')); break; case 'edit': top_header(); @@ -86,13 +94,13 @@ function form_save() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); - input_validate_input_number(get_request_var_post('host_template_id')); - input_validate_input_number(get_request_var_post('snmp_query_id')); - input_validate_input_number(get_request_var_post('graph_template_id')); + get_filter_request_var('id'); + get_filter_request_var('host_template_id'); + get_filter_request_var('snmp_query_id'); + get_filter_request_var('graph_template_id'); /* ==================================================== */ - if (isset($_POST['save_component_template'])) { + if (isset_request_var('save_component_template')) { $save['id'] = get_request_var_post('id'); $save['hash'] = get_hash_host_template(get_request_var_post('id')); $save['name'] = form_input_validate(get_request_var_post('name'), 'name', '', false, 3); @@ -117,8 +125,8 @@ function form_save() { function template_item_add_dq() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('host_template_id')); - input_validate_input_number(get_request_var_post('snmp_query_id')); + get_filter_request_var('host_template_id'); + get_filter_request_var('snmp_query_id'); /* ==================================================== */ db_execute_prepared('REPLACE INTO host_template_snmp_query @@ -128,8 +136,8 @@ function template_item_add_dq() { function template_item_add_gt() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('host_template_id')); - input_validate_input_number(get_request_var_post('graph_template_id')); + get_filter_request_var('host_template_id'); + get_filter_request_var('graph_template_id'); /* ==================================================== */ db_execute_prepared('REPLACE INTO host_template_graph @@ -158,7 +166,7 @@ function form_actions() { db_execute('UPDATE host SET host_template_id=0 WHERE ' . array_to_sql_or($selected_items, 'host_template_id')); }elseif (get_request_var_post('drp_action') == '2') { /* duplicate */ for ($i=0;($i) - '> + '> ) - '> + '> - > + > @@ -538,7 +546,7 @@ function template() { - '> + '>