From 2387bd4a0813df773c92b301074ca6024ef1b4d4 Mon Sep 17 00:00:00 2001 From: cigamit Date: Sun, 7 Feb 2016 12:51:49 -0600 Subject: [PATCH] removing many $_GET, $_REQUEST, and $_POST variable usage There are still three steps to go in this overall. The first is to replace all the page filtering session storing and validation functions and the second is to propagate those changes into various areas of the lib directory that include the use of the various variables, lastly, developer mode will have to be enable to see if there are any variables used in the code that have not been sanitized. Note, at this point the develop branch should be thought of as slightly unstable --- aggregate_graphs.php | 16 +- aggregate_items.php | 361 ++++++++++++++++++----------------- aggregate_templates.php | 127 ++++++------ auth_changepassword.php | 18 +- auth_login.php | 19 +- auth_profile.php | 27 +-- automation_devices.php | 47 ++--- automation_graph_rules.php | 188 +++++++++--------- automation_networks.php | 32 ++-- automation_snmp.php | 72 +++---- automation_templates.php | 26 +-- automation_tree_rules.php | 234 ++++++++++++----------- cdef.php | 95 ++++----- color.php | 40 ++-- color_templates.php | 46 ++--- color_templates_items.php | 66 ++++--- data_input.php | 84 ++++---- data_queries.php | 168 +++++++++------- data_sources.php | 255 ++++++++++++------------- data_templates.php | 168 ++++++++-------- gprint_presets.php | 28 +-- graph.php | 82 ++++---- graph_image.php | 44 ++--- graph_json.php | 64 +++---- graph_realtime.php | 100 +++++----- graph_settings.php | 16 +- graph_templates.php | 128 +++++++------ graph_templates_inputs.php | 34 ++-- graph_templates_items.php | 134 +++++++------ graph_view.php | 194 +++++++++---------- graph_xport.php | 37 ++-- graphs.php | 265 ++++++++++++------------- graphs_items.php | 118 ++++++------ graphs_new.php | 96 +++++----- host.php | 149 ++++++++------- host_templates.php | 70 ++++--- include/global_session.php | 2 +- include/top_graph_header.php | 6 +- lib/html_utility.php | 46 +++-- logout.php | 4 +- managers.php | 78 ++++---- plugins.php | 26 +-- reports_admin.php | 22 ++- reports_user.php | 22 ++- rra.php | 33 ++-- rrdcleaner.php | 60 +++--- settings.php | 30 +-- templates_export.php | 24 +-- templates_import.php | 8 +- tree.php | 98 +++++----- user_admin.php | 180 ++++++++--------- user_domains.php | 80 ++++---- user_group_admin.php | 140 +++++++------- utilities.php | 83 ++++---- 54 files changed, 2381 insertions(+), 2209 deletions(-) diff --git a/aggregate_graphs.php b/aggregate_graphs.php index 33329cc61f..8cddd1105c 100644 --- a/aggregate_graphs.php +++ b/aggregate_graphs.php @@ -143,10 +143,10 @@ function form_save() { $save['gprint_prefix'] = get_request_var_post('gprint_prefix'); $save['total_prefix'] = get_request_var_post('total_prefix'); - $save['total'] = get_sanitize_request_var('total', FILTER_VALIDATE_INT); - $save['graph_type'] = get_sanitize_request_var('graph_type', FILTER_VALIDATE_INT); - $save['total_type'] = get_sanitize_request_var('total_type', FILTER_VALIDATE_INT); - $save['order_type'] = get_sanitize_request_var('order_type', FILTER_VALIDATE_INT); + $save['total'] = get_filter_request_var('total'); + $save['graph_type'] = get_filter_request_var('graph_type'); + $save['total_type'] = get_filter_request_var('total_type'); + $save['order_type'] = get_filter_request_var('order_type'); /* see if anything changed, if so, we will have to push out the aggregate */ if (!empty($aggregate_graph_id)) { @@ -256,8 +256,8 @@ function form_actions() { }elseif (get_request_var_post('drp_action') == '11') { /* dis-associate with aggregate */ api_aggregate_disassociate($selected_items); }elseif (preg_match('/^tr_([0-9]+)$/', get_request_var_post('drp_action'), $matches)) { /* place on tree */ - input_validate_input_number(get_request_var_post('tree_id')); - input_validate_input_number(get_request_var_post('tree_item_id')); + get_filter_request_var('tree_id'); + get_filter_request_var('tree_item_id'); for ($i=0;($i 0 || $_POST["aggregate_graph_id"] > 0) { + if (get_request_var('aggregate_template_id') > 0 || get_request_var('aggregate_graph_id') > 0) { form_save_aggregate(); } - if ($graph_item_types{$_POST["graph_type_id"]} == "LEGEND") { + if ($graph_item_types{get_request_var('graph_type_id')} == 'LEGEND') { /* this can be a major time saver when creating lots of graphs with the typical GPRINT LAST/AVERAGE/MAX legends */ $items = array( 0 => array( - "color_id" => "0", - "graph_type_id" => "9", - "consolidation_function_id" => "4", - "text_format" => "Current:", - "hard_return" => "" + 'color_id' => '0', + 'graph_type_id' => '9', + 'consolidation_function_id' => '4', + 'text_format' => 'Current:', + 'hard_return' => '' ), 1 => array( - "color_id" => "0", - "graph_type_id" => "9", - "consolidation_function_id" => "1", - "text_format" => "Average:", - "hard_return" => "" + 'color_id' => '0', + 'graph_type_id' => '9', + 'consolidation_function_id' => '1', + 'text_format' => 'Average:', + 'hard_return' => '' ), 2 => array( - "color_id" => "0", - "graph_type_id" => "9", - "consolidation_function_id" => "3", - "text_format" => "Maximum:", - "hard_return" => "on" + 'color_id' => '0', + 'graph_type_id' => '9', + 'consolidation_function_id' => '3', + 'text_format' => 'Maximum:', + 'hard_return' => 'on' )); } foreach ($items as $item) { /* generate a new sequence if needed */ - if (empty($_POST["sequence"])) { - $_POST["sequence"] = get_sequence($_POST["sequence"], "sequence", "graph_templates_item", "local_graph_id=" . $_POST["local_graph_id"]); + if (isempty_request_var('sequence')) { + set_request_var('sequence', get_sequence(get_request_var('sequence'), 'sequence', 'graph_templates_item', 'local_graph_id=' . get_request_var('local_graph_id'))); } - $save["id"] = $_POST["graph_template_item_id"]; - $save["graph_template_id"] = $_POST["graph_template_id"]; - $save["local_graph_template_item_id"] = $_POST["local_graph_template_item_id"]; - $save["local_graph_id"] = $_POST["local_graph_id"]; - $save["task_item_id"] = form_input_validate($_POST["task_item_id"], "task_item_id", "", true, 3); - $save["color_id"] = form_input_validate((isset($item["color_id"]) ? $item["color_id"] : $_POST["color_id"]), "color_id", "", true, 3); + $save['id'] = get_filter_request_var('graph_template_item_id'); + $save['graph_template_id'] = get_filter_request_var('graph_template_id'); + $save['local_graph_template_item_id'] = get_filter_request_var('local_graph_template_item_id'); + $save['local_graph_id'] = get_filter_request_var('local_graph_id'); + $save['task_item_id'] = form_input_validate(get_filter_request_var('task_item_id'), 'task_item_id', '', true, 3); + $save['color_id'] = form_input_validate((isset($item['color_id']) ? $item['color_id'] : get_filter_request_var('color_id')), 'color_id', '', true, 3); + /* if alpha is disabled, use invisible_alpha instead */ - if (!isset($_POST["alpha"])) {$_POST["alpha"] = $_POST["invisible_alpha"];} - $save["alpha"] = form_input_validate((isset($item["alpha"]) ? $item["alpha"] : $_POST["alpha"]), "alpha", "", true, 3); - $save["graph_type_id"] = form_input_validate((isset($item["graph_type_id"]) ? $item["graph_type_id"] : $_POST["graph_type_id"]), "graph_type_id", "", true, 3); - $save["cdef_id"] = form_input_validate($_POST["cdef_id"], "cdef_id", "", true, 3); - $save["consolidation_function_id"] = form_input_validate((isset($item["consolidation_function_id"]) ? $item["consolidation_function_id"] : $_POST["consolidation_function_id"]), "consolidation_function_id", "", true, 3); - $save["text_format"] = form_input_validate((isset($item["text_format"]) ? $item["text_format"] : $_POST["text_format"]), "text_format", "", true, 3); - $save["value"] = form_input_validate($_POST["value"], "value", "", true, 3); - $save["hard_return"] = form_input_validate(((isset($item["hard_return"]) ? $item["hard_return"] : (isset($_POST["hard_return"]) ? $_POST["hard_return"] : ""))), "hard_return", "", true, 3); - $save["gprint_id"] = form_input_validate($_POST["gprint_id"], "gprint_id", "", true, 3); - $save["sequence"] = $_POST["sequence"]; + if (!isset_request_var('alpha')) { + set_request_var('alpha', get_nfilter_request_var('invisible_alpha')); + } + + $save['alpha'] = form_input_validate((isset($item['alpha']) ? $item['alpha'] : get_nfilter_request_var('alpha')), 'alpha', '', true, 3); + $save['graph_type_id'] = form_input_validate((isset($item['graph_type_id']) ? $item['graph_type_id'] : get_filter_request_var('graph_type_id')), 'graph_type_id', '', true, 3); + $save['cdef_id'] = form_input_validate(get_filter_request_var('cdef_id'), 'cdef_id', '', true, 3); + $save['consolidation_function_id'] = form_input_validate((isset($item['consolidation_function_id']) ? $item['consolidation_function_id'] : get_filter_request_var('consolidation_function_id')), 'consolidation_function_id', '', true, 3); + $save['text_format'] = form_input_validate((isset($item['text_format']) ? $item['text_format'] : get_nfilter_request_var('text_format')), 'text_format', '', true, 3); + $save['value'] = form_input_validate(get_nfilter_request_var('value'), 'value', '', true, 3); + $save['hard_return'] = form_input_validate(((isset($item['hard_return']) ? $item['hard_return'] : (isset_request_var('hard_return') ? get_nfilter_request_var('hard_return') : ''))), 'hard_return', '', true, 3); + $save['gprint_id'] = form_input_validate(get_filter_request_var('gprint_id'), 'gprint_id', '', true, 3); + $save['sequence'] = get_filter_request_var('sequence'); if (!is_error_message()) { - $graph_template_item_id = sql_save($save, "graph_templates_item"); + $graph_template_item_id = sql_save($save, 'graph_templates_item'); if ($graph_template_item_id) { raise_message(1); @@ -133,14 +137,14 @@ function form_save() { } } - $_POST["sequence"] = 0; + set_request_var('sequence', 0); } if (is_error_message()) { - header("Location: " . $config['url_path'] . "aggregate_items.php?action=item_edit&graph_template_item_id=" . (empty($graph_template_item_id) ? $_POST["graph_template_item_id"] : $graph_template_item_id) . "&id=" . $_POST["local_graph_id"]); + header('Location: ' . $config['url_path'] . 'aggregate_items.php?action=item_edit&graph_template_item_id=' . (empty($graph_template_item_id) ? get_filter_request_var('graph_template_item_id') : $graph_template_item_id) . '&id=' . get_filter_request_var('local_graph_id')); exit; }else{ - header("Location: " . $config['url_path'] . "aggregate_graphs.php?action=edit&id=" . $_POST["local_graph_id"]); + header('Location: ' . $config['url_path'] . 'aggregate_graphs.php?action=edit&id=' . get_filter_request_var('local_graph_id')); exit; } } @@ -154,44 +158,46 @@ function form_save() { function form_save_aggregate() { global $config; - if (!isset($_POST["save_component_item"])) { + if (!isset_request_var('save_component_item')) { return; } // two possible tables to save to - aggregate template or aggregate graph // with different key column combination - $save_to = "aggregate_graph_templates_item"; - $key_cols = array("aggregate_template_id", "graph_templates_item_id"); - $location_success = "aggregate_templates.php?action=edit&id=" . $_POST["aggregate_template_id"]; - $location_failure = "aggregate_items.php?action=item_edit&aggregate_template_id=" . $_POST["aggregate_template_id"] . "&id=" . $_POST["graph_template_item_id"]; - if ($_POST["aggregate_graph_id"] > 0) { - $save_to = "aggregate_graphs_graph_item"; - $key_cols = array("aggregate_graph_id", "graph_templates_item_id"); - $location_success = "aggregate_graphs.php?action=edit&id=" . $_POST["local_graph_id"]; - $location_failure = "aggregate_items.php?action=item_edit&aggregate_graph_id=" . $_POST["aggregate_graph_id"] . "&id=" . $_POST["graph_template_item_id"]; + $save_to = 'aggregate_graph_templates_item'; + $key_cols = array('aggregate_template_id', 'graph_templates_item_id'); + $location_success = 'aggregate_templates.php?action=edit&id=' . get_filter_request_var('aggregate_template_id'); + $location_failure = 'aggregate_items.php?action=item_edit&aggregate_template_id=' . get_filter_request_var('aggregate_template_id') . '&id=' . get_filter_request_var('graph_template_item_id'); + + if (get_filter_request_var('aggregate_graph_id') > 0) { + $save_to = 'aggregate_graphs_graph_item'; + $key_cols = array('aggregate_graph_id', 'graph_templates_item_id'); + $location_success = 'aggregate_graphs.php?action=edit&id=' . get_filter_request_var('local_graph_id'); + $location_failure = 'aggregate_items.php?action=item_edit&aggregate_graph_id=' . get_filter_request_var('aggregate_graph_id') . '&id=' . get_filter_request_var('graph_template_item_id'); } // only some properties can be saved here - $save = array(); - $save["t_graph_type_id"] = form_input_validate((isset($_POST["t_graph_type_id"]) ? $_POST["t_graph_type_id"] : ""), "t_graph_type_id", "", true, 3); - $save["graph_type_id"] = form_input_validate((($save["t_graph_type_id"]) ? $_POST["graph_type_id"] : 0), "graph_type_id", "", true, 3); - $save["t_cdef_id"] = form_input_validate((isset($_POST["t_cdef_id"]) ? $_POST["t_cdef_id"] : ""), "t_cdef_id", "", true, 3); - $save["cdef_id"] = form_input_validate((($save["t_cdef_id"]) ? $_POST["cdef_id"] : 0), "cdef_id", "", true, 3); + $save = array(); + $save['t_graph_type_id'] = form_input_validate((isset_request_var('t_graph_type_id') ? get_nfilter_request_var('t_graph_type_id') : ''), 't_graph_type_id', '', true, 3); + $save['graph_type_id'] = form_input_validate((($save['t_graph_type_id']) ? get_filter_request_var('graph_type_id') : 0), 'graph_type_id', '', true, 3); + $save['t_cdef_id'] = form_input_validate((isset_request_var('t_cdef_id') ? get_nfilter_request_var('t_cdef_id') : ''), 't_cdef_id', '', true, 3); + $save['cdef_id'] = form_input_validate((($save['t_cdef_id']) ? get_filter_request_var('cdef_id') : 0), 'cdef_id', '', true, 3); if (!is_error_message()) { // sql_save will not give usefull return values when row key is // composed from multiple columns. need to manualy build query - $sql_set = "SET "; + $sql_set = 'SET '; foreach ($save as $key => $value) { - $sql_set.= $key."='".addslashes($value)."', "; + $sql_set .= $key . "='" . addslashes($value) . "', "; } $sql_set = substr($sql_set, 0, -2); - $sql_where = "graph_templates_item_id = ".$_POST["graph_template_item_id"]." AND "; - if ($save_to == "aggregate_graph_templates_item") - $sql_where.= "aggregate_template_id=".addslashes($_POST["aggregate_template_id"]); - else - $sql_where.= "aggregate_graph_id=".addslashes($_POST["aggregate_graph_id"]); + $sql_where = 'graph_templates_item_id = ' . get_filter_request_var('graph_template_item_id') . ' AND '; + if ($save_to == 'aggregate_graph_templates_item') { + $sql_where .= 'aggregate_template_id=' . addslashes(get_filter_request_var('aggregate_template_id')); + }else{ + $sql_where .= 'aggregate_graph_id=' . addslashes(get_filter_request_var('aggregate_graph_id')); + } $sql = "UPDATE $save_to $sql_set WHERE $sql_where LIMIT 1"; $success = db_execute($sql); @@ -203,17 +209,17 @@ function form_save_aggregate() { // update existing graphs with the changest to this item if ($save_to == 'aggregate_graphs_graph_item') - push_out_aggregates(0, $_POST["local_graph_id"]); + push_out_aggregates(0, get_filter_request_var('local_graph_id')); elseif ($save_to == 'aggregate_graph_templates_item') - push_out_aggregates($_POST["aggregate_template_id"]); + push_out_aggregates(get_filter_request_var('aggregate_template_id')); } if (is_error_message()) { - header("Location: " . $config['url_path'] . $location_failure); + header('Location: ' . $config['url_path'] . $location_failure); exit; }else{ - header("Location: " . $config['url_path'] . $location_success); + header('Location: ' . $config['url_path'] . $location_success); exit; } } @@ -226,17 +232,17 @@ function item_movedown() { global $graph_item_types; /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); - input_validate_input_number(get_request_var("local_graph_id")); + get_filter_request_var('id'); + get_filter_request_var('local_graph_id'); /* ==================================================== */ - $arr = get_graph_group($_GET["id"]); - $next_id = get_graph_parent($_GET["id"], "next"); + $arr = get_graph_group(get_request_var('id')); + $next_id = get_graph_parent(get_request_var('id'), 'next'); - if ((!empty($next_id)) && (isset($arr{$_GET["id"]}))) { - move_graph_group($_GET["id"], $arr, $next_id, "next"); - }elseif (preg_match("/(GPRINT|VRULE|HRULE|COMMENT)/", $graph_item_types{db_fetch_cell("select graph_type_id from graph_templates_item where id=" . $_GET["id"])})) { - move_item_down("graph_templates_item", $_GET["id"], "local_graph_id=" . $_GET["local_graph_id"]); + if ((!empty($next_id)) && (isset($arr{get_request_var('id')}))) { + move_graph_group(get_request_var('id'), $arr, $next_id, 'next'); + }elseif (preg_match('/(GPRINT|VRULE|HRULE|COMMENT)/', $graph_item_types{db_fetch_cell('select graph_type_id from graph_templates_item where id=' . get_request_var('id'))})) { + move_item_down('graph_templates_item', get_request_var('id'), 'local_graph_id=' . get_request_var('local_graph_id')); } } @@ -244,68 +250,68 @@ function item_moveup() { global $graph_item_types; /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); - input_validate_input_number(get_request_var("local_graph_id")); + get_filter_request_var('id'); + get_filter_request_var('local_graph_id'); /* ==================================================== */ - $arr = get_graph_group($_GET["id"]); - $previous_id = get_graph_parent($_GET["id"], "previous"); + $arr = get_graph_group(get_request_var('id')); + $previous_id = get_graph_parent(get_request_var('id'), 'previous'); - if ((!empty($previous_id)) && (isset($arr{$_GET["id"]}))) { - move_graph_group($_GET["id"], $arr, $previous_id, "previous"); - }elseif (preg_match("/(GPRINT|VRULE|HRULE|COMMENT)/", $graph_item_types{db_fetch_cell("select graph_type_id from graph_templates_item where id=" . $_GET["id"])})) { - move_item_up("graph_templates_item", $_GET["id"], "local_graph_id=" . $_GET["local_graph_id"]); + if ((!empty($previous_id)) && (isset($arr{get_request_var('id')}))) { + move_graph_group(get_request_var('id'), $arr, $previous_id, 'previous'); + }elseif (preg_match('/(GPRINT|VRULE|HRULE|COMMENT)/', $graph_item_types{db_fetch_cell('select graph_type_id from graph_templates_item where id=' . get_request_var('id'))})) { + move_item_up('graph_templates_item', get_request_var('id'), 'local_graph_id=' . get_request_var('local_graph_id')); } } function item_remove() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); + get_filter_request_var('id'); /* ==================================================== */ - db_execute("DELETE FROM graph_templates_item WHERE id=" . $_GET["id"]); + db_execute('DELETE FROM graph_templates_item WHERE id=' . get_request_var('id')); } function item_edit() { global $config, $struct_graph_item, $graph_item_types, $consolidation_functions; /* ================= input validation ================= */ - input_validate_input_number(get_request_var("id")); - input_validate_input_number(get_request_var("local_graph_id")); - input_validate_input_number(get_request_var("aggregate_graph_id")); - input_validate_input_number(get_request_var("aggregate_template_id")); + get_filter_request_var('id'); + get_filter_request_var('local_graph_id'); + get_filter_request_var('aggregate_graph_id'); + get_filter_request_var('aggregate_template_id'); /* ==================================================== */ /* remember these search fields in session vars so we don't have to keep passing them around */ - load_current_session_value("local_graph_id", "sess_local_graph_id", ""); + load_current_session_value('local_graph_id', 'sess_local_graph_id', ''); - $id = (!empty($_REQUEST["id"]) ? "&id=" . $_REQUEST["id"] : ""); + $id = (!isempty_request_var('id') ? '&id=' . get_request_var('id') : ''); /* this editor can work on aggregate template graph item or aggregate item */ - if (!empty($_REQUEST["aggregate_graph_id"])) { - $id_field = 'aggregate_graph_id'; + if (!isempty_request_var('aggregate_graph_id')) { + $id_field = 'aggregate_graph_id'; $table_name = 'aggregate_graphs_graph_item'; - $page_name = 'aggregate_graphs.php'; - }elseif (!empty($_REQUEST["aggregate_template_id"])) { - $id_field = 'aggregate_template_id'; + $page_name = 'aggregate_graphs.php'; + }elseif (!isempty_request_var('aggregate_template_id')) { + $id_field = 'aggregate_template_id'; $table_name = 'aggregate_graph_templates_item'; - $page_name = 'aggregate_templates.php'; + $page_name = 'aggregate_templates.php'; }else { /* TODO redirect somewhere and show an error message, rather than die */ die(); } - if (!empty($_REQUEST["id"])) { - $template_item = db_fetch_row("select * from graph_templates_item where id=" . get_request_var("id")); + if (!isempty_request_var('id')) { + $template_item = db_fetch_row('select * from graph_templates_item where id=' . get_request_var('id')); } /* override some template_item values from aggregate tables */ - $item_overrides = db_fetch_row("SELECT - * + $item_overrides = db_fetch_row("SELECT * FROM $table_name - WHERE $id_field= ".get_request_var($id_field)." - AND graph_templates_item_id=".get_request_var("id") + WHERE $id_field=" . get_request_var($id_field)." + AND graph_templates_item_id=" . get_request_var("id") ); + if (sizeof($item_overrides) == 0) { /* this item is not currently in aggregate tables * item editor will not work in this case, so let's @@ -316,14 +322,16 @@ function item_edit() { 'graph_templates_item_id' => get_request_var("id"), 'sequence' => $template_item['sequence'] ); + aggregate_graph_items_save(array($item_new), $table_name); - $item_overrides = db_fetch_row("SELECT - * + + $item_overrides = db_fetch_row("SELECT * FROM $table_name WHERE $id_field= ".get_request_var($id_field)." AND graph_templates_item_id=".get_request_var("id") ); } + foreach (array_keys($template_item) as $field_name) { if (!array_key_exists($field_name, $item_overrides)) continue; @@ -332,7 +340,7 @@ function item_edit() { $template_item[$field_name] = $item_overrides[$field_name]; } - html_start_box("Override Values for Graph Item", "100%", '', "3", "center", ""); + html_start_box('Override Values for Graph Item', '100%', '', '3', 'center', ''); $form_array = array(); @@ -340,95 +348,92 @@ function item_edit() { $form_array += array($field_name => $struct_graph_item[$field_name]); /* should we draw an override checkbox */ - if (array_key_exists("t_".$field_name, $item_overrides)) { - $form_array[$field_name]["sub_checkbox"] = array( - "name" => "t_" . $field_name, - "friendly_name" => "Override this Value
", - "value" => ($item_overrides["t_".$field_name] == "on" ? "on" : ""), - "on_change" => "toggleFieldEnabled(this);" + if (array_key_exists('t_' . $field_name, $item_overrides)) { + $form_array[$field_name]['sub_checkbox'] = array( + 'name' => 't_' . $field_name, + 'friendly_name' => 'Override this Value
', + 'value' => ($item_overrides['t_'.$field_name] == 'on' ? 'on' : ''), + 'on_change' => 'toggleFieldEnabled(this);' ); } - $form_array[$field_name]["value"] = (isset($template_item) ? $template_item[$field_name] : ""); - $form_array[$field_name]["form_id"] = (isset($template_item) ? $template_item["id"] : "0"); + $form_array[$field_name]['value'] = (isset($template_item) ? $template_item[$field_name] : ''); + $form_array[$field_name]['form_id'] = (isset($template_item) ? $template_item['id'] : '0'); } draw_edit_form( array( - "config" => array( - "post_to" => $config['url_path'] . "aggregate_items.php" + 'config' => array( + 'post_to' => $config['url_path'] . 'aggregate_items.php' ), - "fields" => $form_array + 'fields' => $form_array ) ); - form_hidden_box("local_graph_id", get_request_var("local_graph_id"), "0"); - form_hidden_box("graph_template_item_id", (isset($template_item) ? $template_item["id"] : "0"), ""); - form_hidden_box("local_graph_template_item_id", (isset($template_item) ? $template_item["local_graph_template_item_id"] : "0"), ""); - form_hidden_box("graph_template_id", (isset($template_item) ? $template_item["graph_template_id"] : "0"), ""); - form_hidden_box("sequence", (isset($template_item) ? $template_item["sequence"] : "0"), ""); - form_hidden_box("_graph_type_id", (isset($template_item) ? $template_item["graph_type_id"] : "0"), ""); - form_hidden_box("save_component_item", "1", ""); - form_hidden_box("invisible_alpha", $form_array["alpha"]["value"], "FF"); - form_hidden_box("rrdtool_version", read_config_option("rrdtool_version"), ""); - form_hidden_box("aggregate_graph_id", get_request_var("aggregate_graph_id"), "0"); - form_hidden_box("aggregate_template_id", get_request_var("aggregate_template_id"), "0"); + form_hidden_box('local_graph_id', get_request_var('local_graph_id'), '0'); + form_hidden_box('graph_template_item_id', (isset($template_item) ? $template_item['id'] : '0'), ''); + form_hidden_box('local_graph_template_item_id', (isset($template_item) ? $template_item['local_graph_template_item_id'] : '0'), ''); + form_hidden_box('graph_template_id', (isset($template_item) ? $template_item['graph_template_id'] : '0'), ''); + form_hidden_box('sequence', (isset($template_item) ? $template_item['sequence'] : '0'), ''); + form_hidden_box('_graph_type_id', (isset($template_item) ? $template_item['graph_type_id'] : '0'), ''); + form_hidden_box('save_component_item', '1', ''); + form_hidden_box('invisible_alpha', $form_array['alpha']['value'], 'FF'); + form_hidden_box('rrdtool_version', read_config_option('rrdtool_version'), ''); + form_hidden_box('aggregate_graph_id', get_request_var('aggregate_graph_id'), '0'); + form_hidden_box('aggregate_template_id', get_request_var('aggregate_template_id'), '0'); html_end_box(); - form_save_button($config['url_path'] . "$page_name?action=edit&id=" . get_request_var("local_graph_id")); + form_save_button($config['url_path'] . "$page_name?action=edit&id=" . get_request_var('local_graph_id')); -//Now we need some javascript to make it dynamic -?> - + // disable all items except those explicitly overriden + function setFieldsDisabled() { + $('tr[id*="row_"]').each(function() { + fieldName = this.id.substr(4); + cbName = 't_'+fieldName; + if ($('#'+cbName).size() > 0) { + $('#'+fieldName).prop('disabled', !$('#'+cbName).is(':checked')); + } else { + $('#'+fieldName).prop('disabled', true); + } + }); + } - + diff --git a/aggregate_templates.php b/aggregate_templates.php index f172ac58a2..de25c1cf20 100644 --- a/aggregate_templates.php +++ b/aggregate_templates.php @@ -32,13 +32,15 @@ ); /* set default action */ -if (!isset($_REQUEST['action'])) $_REQUEST['action'] = ''; +set_default_action(); -if ($_REQUEST['action'] == 'save' && $_REQUEST['id'] == 0 && isset($_REQUEST['_graph_template_id']) && $_REQUEST['_graph_template_id'] == 0) { - $_REQUEST['action'] = 'edit'; +if (get_request_var('action') == 'save') { + if (get_request_var('id') == 0 && isset_request_var('_graph_template_id') && get_request_var('_graph_template_id') == 0) { + set_request_var('action', 'edit'); + } } -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': aggregate_form_save(); break; @@ -65,7 +67,7 @@ */ function aggregate_form_save() { /* make sure we are saving aggregate template */ - if (!isset($_POST['save_component_template'])) { + if (!isset_request_var('save_component_template')) { header('Location: aggregate_templates.php?header=false&action=edit&id=' . get_request_var_post('id')); return null; } @@ -73,7 +75,7 @@ function aggregate_form_save() { $save1 = array(); /* updating existing template or creating a new one? */ - if (isset_request_var('id') && $_POST['id'] > 0) { + if (isset_request_var('id') && get_request_var('id') > 0) { $is_new = false; $save1['id'] = get_request_var_post('id'); } else { @@ -82,14 +84,14 @@ function aggregate_form_save() { } /* set some defaults for possibly disabled values */ - if (!isset_request_var('total')) $_POST['total'] = 0; - if (!isset_request_var('total_type')) $_POST['total_type'] = 0; - if (!isset_request_var('order_type')) $_POST['order_type'] = 0; - if (!isset_request_var('total_prefix')) $_POST['total_prefix'] = ''; + if (!isset_request_var('total')) set_request_var('total', 0); + if (!isset_request_var('total_type')) set_request_var('total_type', 0); + if (!isset_request_var('order_type')) set_request_var('order_type', 0); + if (!isset_request_var('total_prefix')) set_request_var('total_prefix', ''); /* populate aggregate template save array and validate posted values*/ $save1['name'] = form_input_validate(get_request_var_post('name'), 'name', '', false, 3); - $save1['graph_template_id'] = $_POST['_graph_template_id']; + $save1['graph_template_id'] = get_filter_request_var('_graph_template_id'); $save1['gprint_prefix'] = form_input_validate(get_request_var_post('gprint_prefix'), 'gprint_prefix', '', true, 3); $save1['graph_type'] = form_input_validate(get_request_var_post('graph_type'), 'graph_type', '', false, 3); $save1['total'] = form_input_validate(get_request_var_post('total'), 'total', '', false, 3); @@ -166,8 +168,9 @@ function aggregate_form_save() { /* save only if all posted form fields passed validation */ - if (!is_error_message()) + if (!is_error_message()) { sql_save($params_new, 'aggregate_graph_templates_graph', 'aggregate_template_id', false); + } /* save the template items now */ /* get existing item ids and sequences from graph template */ @@ -175,6 +178,7 @@ function aggregate_form_save() { db_fetch_assoc('SELECT id, sequence FROM graph_templates_item WHERE local_graph_id=0 AND graph_template_id=' . $save1['graph_template_id']), 'id', array('sequence') ); + /* get existing aggregate template items */ $aggregate_template_items_old = array_rekey( db_fetch_assoc('SELECT * FROM aggregate_graph_templates_item WHERE aggregate_template_id='.$id), @@ -186,6 +190,7 @@ function aggregate_form_save() { $items_changed = false; $items_to_save = array(); + foreach($graph_templates_items as $item_id => $data) { $item_new = array(); $item_new['aggregate_template_id'] = $id; @@ -230,7 +235,6 @@ function aggregate_get_graph_items($table, $id) { } - /* ------------------------ The 'actions' function ------------------------ */ @@ -242,7 +246,7 @@ function aggregate_form_actions() { include_once($config['base_path'] . '/api_aggregate.php'); /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('drp_action')); + get_filter_request_var('drp_action'); /* ==================================================== */ /* if we are to save this form, instead of display it */ @@ -322,11 +326,11 @@ function aggregate_template_edit() { global $image_types, $struct_aggregate_template; /* ================= input validation ================= */ - input_validate_input_number(get_request_var('id')); + get_filter_request_var('id'); /* ==================================================== */ - if (!empty($_GET['id'])) { - $template = db_fetch_row('SELECT * FROM aggregate_graph_templates WHERE id=' . $_GET['id']); + if (!isempty_request_var('id')) { + $template = db_fetch_row('SELECT * FROM aggregate_graph_templates WHERE id=' . get_request_var('id')); $header_label = '[edit: ' . $template['name'] . ']'; }else{ $header_label = '[new]'; @@ -335,7 +339,7 @@ function aggregate_template_edit() { /* populate the graph template id if it's set */ if (isset_request_var('graph_template_id') && !isset($template)) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var('graph_template_id')); + get_filter_request_var('graph_template_id'); /* ==================================================== */ $template['graph_template_id'] = get_request_var_post('graph_template_id'); $template['id'] = 0; @@ -359,14 +363,13 @@ function aggregate_template_edit() { draw_aggregate_template_graph_config($template['id'], $template['graph_template_id']); } - form_hidden_box('id', (isset($template['id']) ? $template['id'] : '0'), '0'); form_hidden_box('save_component_template', '1', ''); form_save_button('aggregate_templates.php', 'return', 'id'); ?> + + + + + + + + + - - '; + + +
+ Search + + + + Templates + - - - - - - - - - - - -
- Search - - - - Templates - - - - - - - - - - -
+ + $filter_html .= ' + 		+ + + + +
+ +
+ + + '; print $filter_html; @@ -588,11 +593,11 @@ function aggregate_template() { /* form the 'where' clause for our main sql query */ $sql_where = ''; - if (strlen($_REQUEST['filter'])) { - $sql_where = "WHERE (pgt.name LIKE '%%" . $_REQUEST['filter'] . "%%' OR gt.name LIKE '%%" . $_REQUEST['filter'] . "%%')"; + if (get_request_var('filter') != '') { + $sql_where = "WHERE (pgt.name LIKE '%" . get_request_var('filter') . "%' OR gt.name LIKE '%" . get_request_var('filter') . "%')"; } - if ($_REQUEST['has_graphs'] == 'true') { + if (get_request_var('has_graphs') == 'true') { $sql_where .= (strlen($sql_where) ? ' AND ':'WHERE ') . 'graphs.graphs>0'; } @@ -624,7 +629,7 @@ function aggregate_template() { LEFT JOIN graph_templates AS gt ON gt.id=pgt.graph_template_id $sql_where - ORDER BY " . $_REQUEST['sort_column'] . ' ' . $_REQUEST['sort_direction'] . + ORDER BY " . get_request_var('sort_column') . ' ' . get_request_var('sort_direction') . ' LIMIT ' . (get_request_var('rows')*(get_request_var('page')-1)) . ',' . get_request_var('rows')); $nav = html_nav_bar('aggregate_templates.php', MAX_DISPLAY_PAGES, get_request_var('page'), get_request_var('rows'), $total_rows, 5, 'Aggregate Templates', 'page', 'main'); @@ -637,7 +642,7 @@ function aggregate_template() { 'graphs.graphs' => array('display' => 'Graphs', 'align' => 'right', 'sort' => 'DESC'), 'graph_template_name' => array('display' => 'Graph Template', 'align' => 'left', 'sort' => 'ASC')); - html_header_sort_checkbox($display_text, $_REQUEST['sort_column'], $_REQUEST['sort_direction'], false); + html_header_sort_checkbox($display_text, get_request_var('sort_column'), get_request_var('sort_direction'), false); if (sizeof($template_list)) { foreach ($template_list as $template) { diff --git a/auth_changepassword.php b/auth_changepassword.php index dcd973b06e..2d38d98a67 100644 --- a/auth_changepassword.php +++ b/auth_changepassword.php @@ -72,9 +72,9 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'changepassword': - if ($user['password'] != md5($_POST['current_password'])) { + if ($user['password'] != md5(get_nfilter_request_var('current_password'))) { $bad_password = true; $errorMessage = "Your current password is not correct. Please try again."; } @@ -97,7 +97,7 @@ $errorMessage = "You can not use a previously entered password!"; } - if ($bad_password == false && get_request_var_post('password') == $_POST['confirm'] && $_POST['password'] != '') { + if ($bad_password == false && get_request_var_post('password') == get_nfilter_request_var('confirm') && get_nfilter_request_var('password') != '') { // Password change is good to go if (read_config_option('secpass_expirepass') > 0) { db_execute("UPDATE user_auth SET lastchange = " . time() . " WHERE id = " . intval($_SESSION['sess_user_id']) . " AND realm = 0 AND enabled = 'on'"); @@ -127,18 +127,18 @@ $realm_id = $user_auth_realm_filenames['index.php']; $has_console = db_fetch_cell('SELECT realm_id FROM user_auth_realm WHERE user_id = ? AND realm_id = ?', array($_SESSION['sess_user_id'], $realm_id)); - if (basename($_POST['ref']) == 'auth_changepassword.php' || basename($_POST['ref']) == '') { + if (basename(get_nfilter_request_var('ref')) == 'auth_changepassword.php' || basename(get_nfilter_request_var('ref')) == '') { if ($has_console) { - $_POST['ref'] = 'index.php'; + set_request_var('ref', 'index.php'); }else{ - $_POST['ref'] = 'graph_view.php'; + set_request_var('ref', 'graph_view.php'); } } if (!empty($has_console)) { switch ($user['login_opts']) { case '1': /* referer */ - header('Location: ' . sanitize_uri($_POST['ref'])); break; + header('Location: ' . sanitize_uri(get_nfilter_request_var('ref'))); break; case '2': /* default console page */ header('Location: index.php'); break; case '3': /* default graph page */ @@ -164,7 +164,7 @@ if ($bad_password && $errorMessage == "") { $errorMessage = "Your new passwords do not match, please retype."; -}elseif ($_REQUEST['action'] == 'force') { +}elseif (get_request_var('action') == 'force') { $errorMessage = "*** Forced password change ***"; } @@ -192,7 +192,7 @@ Change Password
- +

Please enter your current password and your new
Cacti password.

diff --git a/auth_login.php b/auth_login.php index 57eece56e9..c6f599fdcd 100644 --- a/auth_login.php +++ b/auth_login.php @@ -23,16 +23,13 @@ */ /* set default action */ -if (isset($_REQUEST['action'])) { - $action = $_REQUEST['action']; -}else{ - $action = ''; -} +set_default_action(); /* Get the username */ if (read_config_option('auth_method') == '2') { /* Get the Web Basic Auth username and set action so we login right away */ - $action = 'login'; + set_request_var('action', 'login'); + if (isset($_SERVER['PHP_AUTH_USER'])) { $username = str_replace("\\", "\\\\", $_SERVER['PHP_AUTH_USER']); }elseif (isset($_SERVER['REMOTE_USER'])) { @@ -54,7 +51,7 @@ exit; } }else{ - if ($action == 'login') { + if (get_nfilter_request_var('action') == 'login') { /* LDAP and Builtin get username from Form */ $username = get_request_var_post('login_username'); }else{ @@ -73,7 +70,7 @@ $ldap_error_message = ''; $realm = 0; -if ($action == 'login') { +if (get_nfilter_request_var('action') == 'login') { if (get_request_var_post('realm') == 'local') { $auth_method = 1; }else{ @@ -210,7 +207,7 @@ } /* remember this user */ - if (isset($_POST['remember_me']) && read_config_option('auth_cache_enabled') == 'on') { + if (isset_request_var('remember_me') && read_config_option('auth_cache_enabled') == 'on') { set_auth_cookie($user); } @@ -463,7 +460,7 @@ function domains_ldap_search_dn($username, $realm) { 'ldap_error_message' => $ldap_error_message, 'username' => $username, 'user_enabled' => $user_enabled, - 'action' => $action)); + 'action' => get_nfilter_request_var('action'))); ?>

Enter your Username and Password below

@@ -541,7 +538,7 @@ function domains_ldap_search_dn($username, $realm) { if ($ldap_error) {?> + if (get_nfilter_request_var('action') == 'login') {?> Invalid User Name/Password Please Retype diff --git a/auth_profile.php b/auth_profile.php index f26996c6ca..a235078ea1 100644 --- a/auth_profile.php +++ b/auth_profile.php @@ -28,7 +28,7 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': form_save(); @@ -66,8 +66,8 @@ function form_save() { global $settings_graphs; // Save the users profile information - if (isset($_POST['full_name']) && isset($_POST['email_address']) && isset($_SESSION['sess_user_id'])) { - db_execute_prepared("UPDATE user_auth SET full_name = ?, email_address = ? WHERE id = ?", array($_POST['full_name'], $_POST['email_address'], $_SESSION['sess_user_id'])); + if (isset_request_var('full_name') && isset_request_var('email_address') && isset($_SESSION['sess_user_id'])) { + db_execute_prepared("UPDATE user_auth SET full_name = ?, email_address = ? WHERE id = ?", array(get_nfilter_request_var('full_name'), get_nfilter_request_var('email_address'), $_SESSION['sess_user_id'])); } // Save the users graph settings if they have permission @@ -76,37 +76,38 @@ function form_save() { while (list($field_name, $field_array) = each($tab_fields)) { /* Check every field with a numeric default value and reset it to default if the inputted value is not numeric */ if (isset($field_array['default']) && is_numeric($field_array['default']) && !is_numeric(get_request_var_post($field_name))) { - $_POST[$field_name] = $field_array['default']; + set_request_var($field_name, $field_array['default']); } + if ($field_array['method'] == 'checkbox') { - if (isset($_POST[$field_name])) { + if (isset_request_var($field_name)) { db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, 'on')", array($_SESSION['sess_user_id'], $field_name)); }else{ db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, '')", array($_SESSION['sess_user_id'], $field_name)); } }elseif ($field_array['method'] == 'checkbox_group') { while (list($sub_field_name, $sub_field_array) = each($field_array['items'])) { - if (isset($_POST[$sub_field_name])) { + if (isset_request_var($sub_field_name)) { db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, 'on')", array($_SESSION['sess_user_id'], $sub_field_name)); }else{ db_execute_prepared("REPLACE INTO settings_graphs (user_id,name,value) VALUES (?, ?, '')", array($_SESSION['sess_user_id'], $sub_field_name)); } } }elseif ($field_array['method'] == 'textbox_password') { - if ($_POST[$field_name] != $_POST[$field_name.'_confirm']) { + if (get_nfilter_request_var($field_name) != get_nfilter_request_var($field_name.'_confirm')) { raise_message(4); break; - }elseif (isset($_POST[$field_name])) { - db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) VALUES (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_request_var_post($field_name))); + }elseif (isset_request_var($field_name)) { + db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) VALUES (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_nfilter_request_var($field_name))); } }elseif ((isset($field_array['items'])) && (is_array($field_array['items']))) { while (list($sub_field_name, $sub_field_array) = each($field_array['items'])) { - if (isset($_POST[$sub_field_name])) { + if (isset_request_var($sub_field_name)) { db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) values (?, ?, ?)', array($_SESSION['sess_user_id'], $sub_field_name, get_request_var_post($sub_field_name))); } } - }else if (isset($_POST[$field_name])) { - db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) values (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_request_var_post($field_name))); + }else if (isset_request_var($field_name)) { + db_execute_prepared('REPLACE INTO settings_graphs (user_id, name, value) values (?, ?, ?)', array($_SESSION['sess_user_id'], $field_name, get_nfilter_request_var($field_name))); } } } @@ -132,7 +133,7 @@ function settings() { return; } - if ($_REQUEST['action'] == 'edit') { + if (get_request_var('action') == 'edit') { if (isset($_SERVER['HTTP_REFERER'])) { $timespan_sel_pos = strpos($_SERVER['HTTP_REFERER'],'&predefined_timespan'); if ($timespan_sel_pos) { diff --git a/automation_devices.php b/automation_devices.php index f5a4522eee..c3a156aedd 100644 --- a/automation_devices.php +++ b/automation_devices.php @@ -28,10 +28,12 @@ 1 => 'Add Device' ); -if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'purge') { - input_validate_input_number(get_request_var('network')); +set_default_action(); + +if (get_request_var('action') == 'purge') { + get_filter_request_var('network'); - db_execute('TRUNCATE TABLE automation_devices' . ($_REQUEST['network'] > 0 ? 'WHERE network_id=' . $_REQUEST['network']:'')); + db_execute('TRUNCATE TABLE automation_devices' . (get_request_var('network') > 0 ? 'WHERE network_id=' . get_request_var('network'):'')); header('Location: automation_devices.php?header=false'); @@ -49,48 +51,47 @@ ORDER BY name'), 'id', 'name'); /* ================= input validation ================= */ -input_validate_input_number(get_request_var('page')); -input_validate_input_number(get_request_var('rows')); +get_filter_request_var('page'); +get_filter_request_var('rows'); /* ==================================================== */ /* clean up status string */ -if (isset($_REQUEST['status'])) { - $_REQUEST['status'] = sanitize_search_string(get_request_var('status')); +if (isset_request_var('status')) { + set_request_var('status', sanitize_search_string(get_request_var('status'))); } /* clean up network string */ -if (isset($_REQUEST['network'])) { - $_REQUEST['network'] = sanitize_search_string(get_request_var('network')); +if (isset_request_var('network')) { + set_request_var('network', sanitize_search_string(get_request_var('network'))); } /* clean up snmp string */ -/* clean up snmp string */ -if (isset($_REQUEST['snmp'])) { - $_REQUEST['snmp'] = sanitize_search_string(get_request_var('snmp')); +if (isset_request_var('snmp')) { + set_request_var('snmp', sanitize_search_string(get_request_var('snmp'))); } /* clean up os string */ -if (isset($_REQUEST['os'])) { - $_REQUEST['os'] = sanitize_search_string(get_request_var('os')); +if (isset_request_var('os')) { + set_request_var('os', sanitize_search_string(get_request_var('os'))); } /* clean up filter string */ -if (isset($_REQUEST['filter'])) { - $_REQUEST['filter'] = sanitize_search_string(get_request_var('filter')); +if (isset_request_var('filter')) { + set_request_var('filter', sanitize_search_string(get_request_var('filter'))); } /* clean up sort_column */ -if (isset($_REQUEST['sort_column'])) { - $_REQUEST['sort_column'] = sanitize_search_string(get_request_var('sort_column')); +if (isset_request_var('sort_column')) { + set_request_var('sort_column', sanitize_search_string(get_request_var('sort_column'))); } /* clean up search string */ -if (isset($_REQUEST['sort_direction'])) { - $_REQUEST['sort_direction'] = sanitize_search_string(get_request_var('sort_direction')); +if (isset_request_var('sort_direction')) { + set_request_var('sort_direction', sanitize_search_string(get_request_var('sort_direction'))); } /* if the user pushed the 'clear' button */ -if (isset($_REQUEST['clear'])) { +if (isset_request_var('clear')) { kill_session_var('sess_autom_current_page'); kill_session_var('sess_autom_status'); kill_session_var('sess_autom_network'); @@ -166,7 +167,7 @@ $sql_where .= (strlen($sql_where) ? ' AND ':'WHERE ') . "(hostname LIKE '%$filter%' OR ip LIKE '%$filter%')"; } -if (isset($_REQUEST['export'])) { +if (isset_request_var('export')) { $result = db_fetch_assoc("SELECT * FROM automation_devices $sql_where order by INET_ATON(ip)"); header('Content-type: application/csv'); @@ -325,7 +326,7 @@ - '> + '> diff --git a/automation_graph_rules.php b/automation_graph_rules.php index 285a926199..e25824684c 100644 --- a/automation_graph_rules.php +++ b/automation_graph_rules.php @@ -37,7 +37,7 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': save(); @@ -49,17 +49,17 @@ case 'item_movedown': automation_graph_rules_item_movedown(); - header('Location: automation_graph_rules.php?action=edit&id=' . $_GET['id']); + header('Location: automation_graph_rules.php?action=edit&id=' . get_filter_request_var('id')); break; case 'item_moveup': automation_graph_rules_item_moveup(); - header('Location: automation_graph_rules.php?action=edit&id=' . $_GET['id']); + header('Location: automation_graph_rules.php?action=edit&id=' . get_filter_request_var('id')); break; case 'item_remove': automation_graph_rules_item_remove(); - header('Location: automation_graph_rules.php?action=edit&id=' . $_GET['id']); + header('Location: automation_graph_rules.php?action=edit&id=' . get_filter_request_var('id')); break; case 'item_edit': top_header(); @@ -88,16 +88,16 @@ -------------------------- */ function save() { - if (isset($_POST['save_component_automation_graph_rule'])) { + if (isset_request_var('save_component_automation_graph_rule')) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); + get_filter_request_var('id'); /* ==================================================== */ $save['id'] = get_request_var_post('id'); $save['name'] = form_input_validate(get_request_var_post('name'), 'name', '', false, 3); $save['snmp_query_id'] = form_input_validate(get_request_var_post('snmp_query_id'), 'snmp_query_id', '^[0-9]+$', false, 3); - $save['graph_type_id'] = (isset($_POST['graph_type_id'])) ? form_input_validate($_POST['graph_type_id'], 'graph_type_id', '^[0-9]+$', false, 3) : 0; - $save['enabled'] = (isset($_POST['enabled']) ? 'on' : ''); + $save['graph_type_id'] = (isset_request_var('graph_type_id')) ? form_input_validate(get_nfilter_request_var('graph_type_id'), 'graph_type_id', '^[0-9]+$', false, 3) : 0; + $save['enabled'] = (isset_request_var('enabled') ? 'on' : ''); if (!is_error_message()) { $rule_id = sql_save($save, 'automation_graph_rules'); @@ -108,24 +108,24 @@ function save() { } } - if ((is_error_message()) || (empty($_POST["id"]))) { - header('Location: automation_graph_rules.php?header=false&action=edit&id=' . (empty($rule_id) ? get_request_var_post('id') : $rule_id)); + if ((is_error_message()) || (isempty_request_var('id'))) { + header('Location: automation_graph_rules.php?header=false&action=edit&id=' . (empty($rule_id) ? get_nfilter_request_var('id') : $rule_id)); }else{ header('Location: automation_graph_rules.php?header=false'); } - }elseif (isset($_POST['save_component_automation_graph_rule_item'])) { + }elseif (isset_request_var('save_component_automation_graph_rule_item')) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); - input_validate_input_number(get_request_var_post('item_id')); + get_filter_request_var('id'); + get_filter_request_var('item_id'); /* ==================================================== */ $save = array(); $save['id'] = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3); $save['rule_id'] = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3); $save['sequence'] = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3); $save['operation'] = form_input_validate(get_request_var_post('operation'), 'operation', '^[-0-9]+$', true, 3); - $save['field'] = form_input_validate(((isset($_POST['field']) && $_POST['field'] != '0') ? $_POST['field'] : ''), 'field', '', true, 3); - $save['operator'] = form_input_validate((isset($_POST['operator']) ? $_POST['operator'] : ''), 'operator', '^[0-9]+$', true, 3); - $save['pattern'] = form_input_validate((isset($_POST['pattern']) ? $_POST['pattern'] : ''), 'pattern', '', true, 3); + $save['field'] = form_input_validate(((isset_request_var('field') && get_nfilter_request_var('field') != '0') ? get_nfilter_request_var('field') : ''), 'field', '', true, 3); + $save['operator'] = form_input_validate((isset_request_var('operator') ? get_nfilter_request_var('operator') : ''), 'operator', '^[0-9]+$', true, 3); + $save['pattern'] = form_input_validate((isset_request_var('pattern') ? get_nfilter_request_var('pattern') : ''), 'pattern', '', true, 3); if (!is_error_message()) { $item_id = sql_save($save, 'automation_graph_rule_items'); @@ -142,21 +142,21 @@ function save() { }else{ header('Location: automation_graph_rules.php?header=false&action=edit&id=' . get_request_var_post('id') . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION); } - }elseif (isset($_POST['save_component_automation_match_item'])) { + }elseif (isset_request_var('save_component_automation_match_item')) { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); - input_validate_input_number(get_request_var_post('item_id')); + get_filter_request_var('id'); + get_filter_request_var('item_id'); /* ==================================================== */ unset($save); - $save['id'] = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3); - $save['rule_id'] = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3); + $save['id'] = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3); + $save['rule_id'] = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3); $save['rule_type'] = AUTOMATION_RULE_TYPE_GRAPH_MATCH; - $save['sequence'] = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3); + $save['sequence'] = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3); $save['operation'] = form_input_validate(get_request_var_post('operation'), 'operation', '^[-0-9]+$', true, 3); - $save['field'] = form_input_validate(((isset($_POST['field']) && $_POST['field'] != '0') ? $_POST['field'] : ''), 'field', '', true, 3); - $save['operator'] = form_input_validate((isset($_POST['operator']) ? $_POST['operator'] : ''), 'operator', '^[0-9]+$', true, 3); - $save['pattern'] = form_input_validate((isset($_POST['pattern']) ? $_POST['pattern'] : ''), 'pattern', '', true, 3); + $save['field'] = form_input_validate(((isset_request_var('field') && get_nfilter_request_var('field') != '0') ? get_nfilter_request_var('field') : ''), 'field', '', true, 3); + $save['operator'] = form_input_validate((isset_request_var('operator') ? get_nfilter_request_var('operator') : ''), 'operator', '^[0-9]+$', true, 3); + $save['pattern'] = form_input_validate((isset_request_var('pattern') ? get_nfilter_request_var('pattern') : ''), 'pattern', '', true, 3); if (!is_error_message()) { $item_id = sql_save($save, 'automation_match_rule_items'); @@ -197,8 +197,8 @@ function automation_graph_rules_form_actions() { db_execute('DELETE FROM automation_match_rule_items WHERE ' . array_to_sql_or($selected_items, 'rule_id')); }elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DUPLICATE) { /* duplicate */ for ($i=0;($i \n"; print "\n"; print "\n"; @@ -1030,7 +1045,7 @@ function setSNMP() { FROM (graph_templates, host_graph) WHERE graph_templates.id = host_graph.graph_template_id AND host_graph.host_id = ? - ORDER BY graph_templates.name', array($_REQUEST['id'])); + ORDER BY graph_templates.name', array(get_request_var('id'))); $available_graph_templates = db_fetch_assoc_prepared('SELECT graph_templates.id, graph_templates.name @@ -1039,7 +1054,7 @@ function setSNMP() { ON snmp_query_graph.graph_template_id = graph_templates.id WHERE snmp_query_graph.name IS NULL AND graph_templates.id NOT IN (SELECT graph_template_id FROM host_graph WHERE host_id = ?) - ORDER BY graph_templates.name', array($_REQUEST['id'])); + ORDER BY graph_templates.name', array(get_request_var('id'))); $i = 0; if (sizeof($selected_graph_templates)) { @@ -1049,14 +1064,14 @@ function setSNMP() { form_alternate_row("gt$i", true); /* get status information for this graph template */ - $is_being_graphed = (sizeof(db_fetch_assoc_prepared('SELECT id FROM graph_local WHERE graph_template_id = ? AND host_id = ?', array($item['id'], $_REQUEST['id']))) > 0) ? true : false; + $is_being_graphed = (sizeof(db_fetch_assoc_prepared('SELECT id FROM graph_local WHERE graph_template_id = ? AND host_id = ?', array($item['id'], get_request_var('id')))) > 0) ? true : false; ?>
Data Query Debug InformationHide
) - Is Being Graphed (Edit)" : "Not Being Graphed");?> + Is Being Graphed (Edit)" : "Not Being Graphed");?> ' data-id=''> @@ -1102,7 +1117,7 @@ function setSNMP() { FROM (snmp_query, host_snmp_query) WHERE snmp_query.id = host_snmp_query.snmp_query_id AND host_snmp_query.host_id = ? - ORDER BY snmp_query.name', array($_REQUEST['id'])); + ORDER BY snmp_query.name', array(get_request_var('id'))); $available_data_queries = db_fetch_assoc('SELECT snmp_query.id, @@ -1113,7 +1128,7 @@ function setSNMP() { $keeper = array(); if (sizeof($available_data_queries)) { foreach ($available_data_queries as $item) { - if (sizeof(db_fetch_assoc_prepared('SELECT snmp_query_id FROM host_snmp_query WHERE host_id = ? AND snmp_query_id = ?', array($_REQUEST['id'], $item['id']))) > 0) { + if (sizeof(db_fetch_assoc_prepared('SELECT snmp_query_id FROM host_snmp_query WHERE host_id = ? AND snmp_query_id = ?', array(get_request_var('id'), $item['id']))) > 0) { /* do nothing */ } else { array_push($keeper, $item); @@ -1131,8 +1146,8 @@ function setSNMP() { form_alternate_row("dg$i", true); /* get status information for this data query */ - $num_dq_items = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ?', array($_REQUEST['id'], $item['id']))); - $num_dq_rows = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ? GROUP BY snmp_index', array($_REQUEST['id'], $item['id']))); + $num_dq_items = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ?', array(get_request_var('id'), $item['id']))); + $num_dq_rows = sizeof(db_fetch_assoc_prepared('SELECT snmp_index FROM host_snmp_cache WHERE host_id = ? AND snmp_query_id = ? GROUP BY snmp_index', array(get_request_var('id'), $item['id']))); $status = 'success'; @@ -1199,10 +1214,10 @@ function host() { global $device_actions, $item_rows; /* ================= input validation ================= */ - input_validate_input_number(get_request_var('host_template_id')); - input_validate_input_number(get_request_var('page')); - input_validate_input_number(get_request_var('host_status')); - input_validate_input_number(get_request_var('rows')); + get_filter_request_var('host_template_id'); + get_filter_request_var('page'); + get_filter_request_var('host_status'); + get_filter_request_var('rows'); /* ==================================================== */ /* clean up search string */ @@ -1373,7 +1388,7 @@ function clearFilter() {
- '> + '> @@ -1404,7 +1419,7 @@ function clearFilter() { /* Show all items */ }elseif (get_request_var('host_template_id') == '0') { $sql_where .= (strlen($sql_where) ? ' AND host.host_template_id=0' : ' WHERE host.host_template_id=0'); - }elseif (!empty($_REQUEST['host_template_id'])) { + }elseif (!isempty_request_var('host_template_id')) { $sql_where .= (strlen($sql_where) ? ' AND host.host_template_id=' . get_request_var('host_template_id') : ' WHERE host.host_template_id=' . get_request_var('host_template_id')); } diff --git a/host_templates.php b/host_templates.php index 77cac7387e..1b2aa16f7f 100644 --- a/host_templates.php +++ b/host_templates.php @@ -35,7 +35,7 @@ /* set default action */ set_default_action(); -switch ($_REQUEST['action']) { +switch (get_request_var('action')) { case 'save': form_save(); @@ -45,24 +45,32 @@ break; case 'item_add_gt': + get_filter_request_var('host_template_id'); + template_item_add_gt(); - header('Location: host_templates.php?header=false&action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?header=false&action=edit&id=' . get_request_var('host_template_id')); break; case 'item_remove_gt': + get_filter_request_var('host_template_id'); + template_item_remove_gt(); - header('Location: host_templates.php?action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?action=edit&id=' . get_request_var('host_template_id')); break; case 'item_add_dq': + get_filter_request_var('host_template_id'); + template_item_add_dq(); - header('Location: host_templates.php?header=false&action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?header=false&action=edit&id=' . get_request_var('host_template_id')); break; case 'item_remove_dq': + get_filter_request_var('host_template_id'); + template_item_remove_dq(); - header('Location: host_templates.php?action=edit&id=' . $_REQUEST['host_template_id']); + header('Location: host_templates.php?action=edit&id=' . get_request_var('host_template_id')); break; case 'edit': top_header(); @@ -86,13 +94,13 @@ function form_save() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('id')); - input_validate_input_number(get_request_var_post('host_template_id')); - input_validate_input_number(get_request_var_post('snmp_query_id')); - input_validate_input_number(get_request_var_post('graph_template_id')); + get_filter_request_var('id'); + get_filter_request_var('host_template_id'); + get_filter_request_var('snmp_query_id'); + get_filter_request_var('graph_template_id'); /* ==================================================== */ - if (isset($_POST['save_component_template'])) { + if (isset_request_var('save_component_template')) { $save['id'] = get_request_var_post('id'); $save['hash'] = get_hash_host_template(get_request_var_post('id')); $save['name'] = form_input_validate(get_request_var_post('name'), 'name', '', false, 3); @@ -117,8 +125,8 @@ function form_save() { function template_item_add_dq() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('host_template_id')); - input_validate_input_number(get_request_var_post('snmp_query_id')); + get_filter_request_var('host_template_id'); + get_filter_request_var('snmp_query_id'); /* ==================================================== */ db_execute_prepared('REPLACE INTO host_template_snmp_query @@ -128,8 +136,8 @@ function template_item_add_dq() { function template_item_add_gt() { /* ================= input validation ================= */ - input_validate_input_number(get_request_var_post('host_template_id')); - input_validate_input_number(get_request_var_post('graph_template_id')); + get_filter_request_var('host_template_id'); + get_filter_request_var('graph_template_id'); /* ==================================================== */ db_execute_prepared('REPLACE INTO host_template_graph @@ -158,7 +166,7 @@ function form_actions() { db_execute('UPDATE host SET host_template_id=0 WHERE ' . array_to_sql_or($selected_items, 'host_template_id')); }elseif (get_request_var_post('drp_action') == '2') { /* duplicate */ for ($i=0;($i) - '> + '> ) - '> + '> - > + > @@ -538,7 +546,7 @@ function template() { - '> + '>