diff options
| -rw-r--r-- | src/etc/inc/rrd.inc | 17 | ||||
| -rw-r--r-- | src/usr/local/www/status_rrd_graph.php | 28 | ||||
| -rw-r--r-- | src/usr/local/www/status_rrd_graph_img.php | 58 |
3 files changed, 56 insertions, 47 deletions
diff --git a/src/etc/inc/rrd.inc b/src/etc/inc/rrd.inc index 11a626e..ff1d3e1 100644 --- a/src/etc/inc/rrd.inc +++ b/src/etc/inc/rrd.inc @@ -54,6 +54,23 @@ /* include all configuration functions */ +global $rrd_graph_list; +$rrd_graph_list = array("eighthour", "day", "week", "month", "quarter", "year", "fouryear"); +global $rrd_period_list; +$rrd_period_list = array("absolute" => gettext("Absolute Timespans"), "current" => gettext("Current Period"), "previous" => gettext("Previous Period")); +global $rrd_graph_length_list; +$rrd_graph_length_list = array( + "eighthour" => 28800, + "day" => 86400, + "week" => 604800, + "month" => 2678400, + "quarter" => 7948800, + "year" => 31622400, + "fouryear" => 126230400); +global $rrd_style_list; +$rrd_style_list = array('inverse' => gettext('Inverse'), + 'absolute' => gettext('Absolute')); + function dump_rrd_to_xml($rrddatabase, $xmldumpfile) { $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; unlink_if_exists($xmldumpfile); diff --git a/src/usr/local/www/status_rrd_graph.php b/src/usr/local/www/status_rrd_graph.php index 4a3134d..15fbcfb 100644 --- a/src/usr/local/www/status_rrd_graph.php +++ b/src/usr/local/www/status_rrd_graph.php @@ -67,6 +67,8 @@ require_once("filter.inc"); require("shaper.inc"); require_once("rrd.inc"); +global $rrd_graph_list, $rrd_period_list, $rrd_graph_length_list, $rrd_style_list; + unset($input_errors); /* if the rrd graphs are not enabled redirect to settings page */ if (!isset($config['rrd']['enable'])) { @@ -236,9 +238,6 @@ if ($end < $start) { $seconds = $end - $start; -$styles = array('inverse' => gettext('Inverse'), - 'absolute' => gettext('Absolute')); - /* sort names reverse so WAN comes first */ rsort($databases); @@ -286,17 +285,6 @@ foreach ($databases as $database) { $ui_databases = array_merge($dbheader, $databases); $custom_databases = array_merge($dbheader_custom, $databases); -$graphs = array("eighthour", "day", "week", "month", "quarter", "year", "fouryear"); -$periods = array("absolute" => gettext("Absolute Timespans"), "current" => gettext("Current Period"), "previous" => gettext("Previous Period")); -$graph_length = array( - "eighthour" => 28800, - "day" => 86400, - "week" => 604800, - "month" => 2678400, - "quarter" => 7948800, - "year" => 31622400, - "fouryear" => 126230400); - switch ($curcat) { case "vpnusers": $curcattext = gettext("VPN Users"); @@ -330,12 +318,12 @@ if ($captiveportal && is_array($config['captiveportal'])) { } function get_dates($curperiod, $graph) { - global $graph_length; + global $rrd_graph_length_list; $now = time(); $end = $now; if ($curperiod == "absolute") { - $start = $end - $graph_length[$graph]; + $start = $end - $rrd_graph_length_list[$graph]; } else { $curyear = date('Y', $now); $curmonth = date('m', $now); @@ -561,14 +549,14 @@ $group->add(new Form_Select( 'style', 'Style', $curstyle, - $styles + $rrd_style_list ))->setHelp('Style'); $group->add(new Form_Select( 'period', 'Period', $curperiod, - $periods + $rrd_period_list ))->setHelp('Period'); if ($curcat == 'custom') { @@ -631,7 +619,7 @@ if ($curcat == 'custom') { $form->add($section); print($form); - foreach ($graphs as $graph) { + foreach ($rrd_graph_list as $graph) { /* check which databases are valid for our category */ foreach ($ui_databases as $curdatabase) { if (!preg_match("/($curcat)/i", $curdatabase)) { @@ -716,7 +704,7 @@ if ($curcat == 'custom') { //alert('updating'); var randomid = Math.floor(Math.random()*11); <?php - foreach ($graphs as $graph) { + foreach ($rrd_graph_list as $graph) { /* check which databases are valid for our category */ foreach ($ui_databases as $curdatabase) { if (!stristr($curdatabase, $curcat)) { diff --git a/src/usr/local/www/status_rrd_graph_img.php b/src/usr/local/www/status_rrd_graph_img.php index 32d3d4d..40cbe45 100644 --- a/src/usr/local/www/status_rrd_graph_img.php +++ b/src/usr/local/www/status_rrd_graph_img.php @@ -61,26 +61,33 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("rrd.inc"); -global $g; +global $g, $rrd_graph_list, $rrd_period_list, $rrd_graph_length_list; +$rrddbpath = "/var/db/rrd/"; +$rrdtmppath = "/tmp/"; $pgtitle = array(gettext("System"), gettext("RRD Graphs"), gettext("Image viewer")); if ($_GET['database']) { $curdatabase = basename($_GET['database']); - $curdatabase = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($curdatabase, ENT_QUOTES | ENT_HTML401)); + $curdatabase = str_replace(array("<", ">", ";", "&", "'", '"', '|'), "", htmlspecialchars_decode($curdatabase, ENT_QUOTES | ENT_HTML401)); + /* Ensure the file is valid and exists */ + if (!file_exists("{$rrddbpath}{$curdatabase}")) { + $curdatabase = "wan-traffic.rrd"; + } } else { $curdatabase = "wan-traffic.rrd"; } -if ($_GET['style']) { +/* Validate the passed style */ +if ($_GET['style'] && array_key_exists($_GET['style'], $rrd_style_list)) { $curstyle = $_GET['style']; } else { $curstyle = "inverse"; } -/* this is used for temp name */ -if ($_GET['graph']) { - $curgraph = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['graph'], ENT_QUOTES | ENT_HTML401)); +/* This is used for temp name. Check the graph against our known list of valid graphs. */ +if ($_GET['graph'] && in_array($_GET['graph'], $rrd_graph_list)) { + $curgraph = htmlspecialchars_decode($_GET['graph'], ENT_QUOTES | ENT_HTML401); } else { $curgraph = "custom"; } @@ -160,8 +167,6 @@ $search = array("-", ".rrd", $curif); $replace = array(" :: ", "", $friendly); $prettydb = ucwords(str_replace($search, $replace, $curdatabase)); -$rrddbpath = "/var/db/rrd/"; -$rrdtmppath = "/tmp/"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $uptime = "/usr/bin/uptime"; $sed = "/usr/bin/sed"; @@ -180,7 +185,6 @@ switch ($havg) { default: $step = 0; break; } -$rrddbpath = "/var/db/rrd/"; chdir($rrddbpath); $databases = glob("*.rrd"); rsort($databases); @@ -346,7 +350,7 @@ function timeDiff($time, $opt = array()) { if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for traffic stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step --vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; @@ -498,7 +502,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba } elseif (strstr($curdatabase, "-throughput.rrd")) { /* define graphcmd for throughput stats */ /* this gathers all interface statistics, the database does not actually exist */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -624,7 +628,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for packets stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"packets/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -749,7 +753,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for packets stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"snr/channel/rate\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -781,7 +785,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for vpn users stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -799,7 +803,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for states stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start -$seconds -e -$average --step $step "; $graphcmd .= "--vertical-label \"states, ip\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -852,7 +856,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-processor.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for processor stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, number\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -903,7 +907,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-memory.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for memory usage stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, percent\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -954,7 +958,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-mbuf.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for mbuf usage stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, percent\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -997,7 +1001,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-queues.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for queue stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -1029,7 +1033,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for queuedrop stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"drops / sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -1062,7 +1066,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-quality.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* make a link quality graphcmd */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " \\ --start $start --end $end --step $step \\ --title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" \\ --color SHADEA#eeeeee --color SHADEB#eeeeee \\ @@ -1097,7 +1101,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\""; } elseif ((strstr($curdatabase, "spamd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* graph a spamd statistics graph */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " \\ --start $start --end $end --step $step \\ --title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" \\ --color SHADEA#eeeeee --color SHADEB#eeeeee \\ @@ -1134,7 +1138,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba GPRINT:consmax:MAX:\"Max\\:%6.2lf\\n\" \\ COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-cellular.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"signal\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -1152,7 +1156,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for online Captive Portal users stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"Captive Portal Users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -1170,7 +1174,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for online Captive Portal users stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"Captive Portal Users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -1191,7 +1195,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "ntpd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for ntpd (was: mbuf) usage stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"time\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; @@ -1234,7 +1238,7 @@ if ((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif ((strstr($curdatabase, "-dhcpd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for dhcpd stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd = "$rrdtool graph " . escapeshellarg("{$rrdtmppath}{$curdatabase}-{$curgraph}.png") . " "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"DHCP Leases\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; |
