diff options
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/local/pkg/openntpd.inc | 2 | ||||
| -rw-r--r-- | usr/local/www/diag_dns.php | 13 | ||||
| -rwxr-xr-x | usr/local/www/diag_pkglogs.php | 6 | ||||
| -rw-r--r-- | usr/local/www/diag_smart.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/exec.php | 19 | ||||
| -rwxr-xr-x | usr/local/www/fbegin.inc | 2 | ||||
| -rw-r--r-- | usr/local/www/firewall_schedule_edit.php | 8 | ||||
| -rwxr-xr-x | usr/local/www/guiconfig.inc | 4 | ||||
| -rw-r--r-- | usr/local/www/interfaces_bridge_edit.php | 4 | ||||
| -rwxr-xr-x | usr/local/www/interfaces_groups.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/interfaces_groups_edit.php | 26 | ||||
| -rwxr-xr-x | usr/local/www/pkg_edit.php | 9 | ||||
| -rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 10 | ||||
| -rw-r--r-- | usr/local/www/shortcuts/pkg_upnp.inc | 4 | ||||
| -rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 78 | ||||
| -rwxr-xr-x | usr/local/www/status_services.php | 12 | ||||
| -rwxr-xr-x | usr/local/www/system_firmware_restorefullbackup.php | 4 | ||||
| -rwxr-xr-x | usr/local/www/system_gateways_edit.php | 6 | ||||
| -rw-r--r-- | usr/local/www/widgets/widgets/log.widget.php | 119 | ||||
| -rw-r--r-- | usr/local/www/widgets/widgets/rss.widget.php | 12 | ||||
| -rw-r--r-- | usr/local/www/widgets/widgets/services_status.widget.php | 2 |
21 files changed, 183 insertions, 162 deletions
diff --git a/usr/local/pkg/openntpd.inc b/usr/local/pkg/openntpd.inc index c4914b8..dcbb50a 100644 --- a/usr/local/pkg/openntpd.inc +++ b/usr/local/pkg/openntpd.inc @@ -21,7 +21,7 @@ EOD; function openntpd_get_iface_ip($iface) { $iface = convert_friendly_interface_to_real_interface_name($iface); - $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + $line = trim(shell_exec("ifconfig " . escapeshellarg($iface) . " | grep inet | grep -v inet6")); list($dummy, $ip, $dummy2, $dummy3) = explode(' ', $line); return $ip; diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php index 98271d1..0c41824 100644 --- a/usr/local/www/diag_dns.php +++ b/usr/local/www/diag_dns.php @@ -38,16 +38,17 @@ require("guiconfig.inc"); if ($_GET['host']) $_POST = $_GET; -if($_GET['createalias'] == "true") { - $host = trim($_POST['host']); +$host = trim($_POST['host'], " \t\n\r\0\x0B[];\"'"); +$host_esc = escapeshellarg($host); + +if($_GET['createalias'] == "true" && (is_hostname($host) || is_ipaddr($host))) { if($_GET['override']) $override = true; $a_aliases = &$config['aliases']['alias']; $type = "hostname"; $resolved = gethostbyname($host); if($resolved) { - $host = trim($_POST['host']); - $dig=`dig "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`; + $dig=`dig "{$host_esc}" A | grep "{$host_esc}" | grep -v ";" | awk '{ print $5 }'`; $resolved = explode("\n", $dig); $isfirst = true; foreach($resolved as $re) { @@ -93,8 +94,6 @@ if ($_POST) { $reqdfieldsn = explode(",", "Host"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - $host = trim($_POST['host'], " \t\n\r\0\x0B[]"); - $host_esc = escapeshellarg($host); if (!is_hostname($host) && !is_ipaddr($host)) { $input_errors[] = gettext("Host must be a valid hostname or IP address."); @@ -130,7 +129,7 @@ if ($_POST) { $type = "hostname"; $resolved = gethostbyname($host); if($resolved) { - $dig=`dig $host_esc A | grep $host_esc | grep -v ";" | awk '{ print $5 }'`; + $dig=`dig {$host_esc} A | grep {$host_esc} | grep -v ";" | awk '{ print $5 }'`; $resolved = explode("\n", $dig); } $hostname = $host; diff --git a/usr/local/www/diag_pkglogs.php b/usr/local/www/diag_pkglogs.php index f2f089d..4b4be59 100755 --- a/usr/local/www/diag_pkglogs.php +++ b/usr/local/www/diag_pkglogs.php @@ -73,9 +73,11 @@ if(!$apkg) { // If we aren't looking for a specific package, locate the first pa } } } elseif($apkg) { - $pkgwithlogging = true; $apkgid = get_pkg_id($apkg); - $i = $apkgid; + if ($apkgid != -1) { + $pkgwithlogging = true; + $i = $apkgid; + } } $pgtitle = array(gettext("Status"),gettext("Package logs")); diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php index d2309e6..73f3405 100644 --- a/usr/local/www/diag_smart.php +++ b/usr/local/www/diag_smart.php @@ -85,7 +85,7 @@ function update_email($email) if(!empty($email)) { // Put it in the smartd.conf file - shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . $email . "/' /usr/local/etc/smartd.conf"); + shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . escapeshellarg($email) . "/' /usr/local/etc/smartd.conf"); } // Nope else diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index eda1321..27fc237 100755 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -94,21 +94,22 @@ $pgtitle = array(gettext("Diagnostics"),gettext("Execute command")); include("head.inc"); ?> -<script language="javascript"> -<!-- +<script type="text/javascript"> +//<![CDATA[ // Create recall buffer array (of encoded strings). <?php if (isBlank( $_POST['txtRecallBuffer'] )) { - puts( " var arrRecallBuffer = new Array;" ); + puts( " var arrRecallBuffer = new Array;" ); } else { - puts( " var arrRecallBuffer = new Array(" ); - $arrBuffer = explode( "&", $_POST['txtRecallBuffer'] ); - for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) puts( " '" . htmlspecialchars($arrBuffer[$i]) . "'," ); - puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1]) . "'" ); - puts( " );" ); + puts( " var arrRecallBuffer = new Array(" ); + $arrBuffer = explode( "&", $_POST['txtRecallBuffer'] ); + for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) + puts( " '" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "'," ); + puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1], ENT_QUOTES | ENT_HTML401) . "'" ); + puts( " );" ); } ?> @@ -182,7 +183,7 @@ if (isBlank( $_POST['txtRecallBuffer'] )) { return true; } -//--> +//]]> </script> <style> <!-- diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index f43b476..6ec1dd0 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -153,7 +153,7 @@ if(count($config['interfaces']) > 1) { /* no use for UPnP in single-interface deployments remove to reduce user confusion */ - $services_menu[] = array(gettext("UPnP & NAT-PMP"), "/pkg_edit.php?xml=miniupnpd.xml&id=0"); + $services_menu[] = array(gettext("UPnP & NAT-PMP"), "/pkg_edit.php?xml=miniupnpd.xml"); } $services_menu[] = array(gettext("Wake on LAN"), "/services_wol.php"); $services_menu = msort(array_merge($services_menu, return_ext_menu("Services")),0); diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php index 98f9ce1..a197942 100644 --- a/usr/local/www/firewall_schedule_edit.php +++ b/usr/local/www/firewall_schedule_edit.php @@ -116,6 +116,14 @@ if ($_POST) { $timerangeFound = false; for ($x=0; $x<99; $x++){ if($_POST['schedule' . $x]) { + if (!preg_match('/^[0-9]+:[0-9]+$/', $_POST['starttime' . $x])) { + $input_errors[] = sprintf(gettext("Invalid start time - '%s'"), $_POST['starttime' . $x]); + continue; + } + if (!preg_match('/^[0-9]+:[0-9]+$/', $_POST['stoptime' . $x])) { + $input_errors[] = sprintf(gettext("Invalid start time - '%s'"), $_POST['stoptime' . $x]); + continue; + } $timerangeFound = true; $timeparts = array(); $firstprint = false; diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 77a1f0d..785dc75 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -595,7 +595,9 @@ function dump_clog($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert $grepline .= " | /usr/bin/egrep " . escapeshellarg(implode("|", $grepfor)); if(is_array($grepinvert)) $grepline .= " | /usr/bin/egrep -v " . escapeshellarg(implode("|", $grepinvert)); - if(file_exists($logfile) && filesize($logfile) == 0) { + if (is_dir($logfile)) { + $logarr = array("File $logfile is a directory."); + } elseif(file_exists($logfile) && filesize($logfile) == 0) { $logarr = array("Log file started."); } else { if($config['system']['disablesyslogclog']) { diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 8ef6043..5037af7 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -271,12 +271,14 @@ function show_source_port_range() { <td width="78%" class="vtable"> <select name="members[]" multiple="multiple" class="formselect" size="3"> <?php + $members_array = explode(',', $pconfig['members']); foreach ($ifacelist as $ifn => $ifinfo) { echo "<option value=\"{$ifn}\""; - if (stristr($pconfig['members'], $ifn)) + if (in_array($ifn, $members_array)) echo " selected=\"selected\""; echo ">{$ifinfo}</option>"; } + unset($members_array); ?> </select> <br/> diff --git a/usr/local/www/interfaces_groups.php b/usr/local/www/interfaces_groups.php index 1dd8f31..fba583e 100755 --- a/usr/local/www/interfaces_groups.php +++ b/usr/local/www/interfaces_groups.php @@ -106,10 +106,11 @@ include("head.inc"); <td class="listr" ondblclick="document.location='interfaces_groups_edit.php?id=<?=$i;?>';"> <?php $members_arr = explode(" ", $ifgroupentry['members']); - $iflist = get_configured_interface_with_descr(); + $iflist = get_configured_interface_with_descr(false, true); $memberses_arr = array(); foreach ($members_arr as $memb) $memberses_arr[] = $iflist[$memb] ? $iflist[$memb] : $memb; + unset($iflist); $memberses = implode(", ", $memberses_arr); echo $memberses; if(count($members_arr) < 10) { diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index a5960be..d692c73 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -58,9 +58,11 @@ if (isset($id) && $a_ifgroups[$id]) { $pconfig['ifname'] = $a_ifgroups[$id]['ifname']; $pconfig['members'] = $a_ifgroups[$id]['members']; $pconfig['descr'] = html_entity_decode($a_ifgroups[$id]['descr']); - } +$iflist = get_configured_interface_with_descr(); +$iflist_disabled = get_configured_interface_with_descr(false, true); + if ($_POST) { unset($input_errors); @@ -74,8 +76,7 @@ if ($_POST) { if (preg_match("/([^a-zA-Z])+/", $_POST['ifname'], $match)) $input_errors[] = gettext("Only letters A-Z are allowed as the group name."); - $ifaces = get_configured_interface_with_descr(); - foreach ($ifaces as $gif => $gdescr) { + foreach ($iflist as $gif => $gdescr) { if ($gdescr == $_POST['ifname'] || $gif == $_POST['ifname']) $input_errors[] = "The specified group name is already used by an interface. Please choose another name."; } @@ -200,7 +201,6 @@ var addRowTo = (function() { <?php $innerHTML="\"<input type='hidden' value='\" + totalrows +\"' name='\" + rowname[i] + \"_row-\" + totalrows + \"' /><select size='1' name='\" + rowname[i] + totalrows + \"'>\" +\""; - $iflist = get_configured_interface_with_descr(); foreach ($iflist as $ifnam => $ifdescr) $innerHTML .= "<option value='{$ifnam}'>{$ifdescr}<\/option>"; $innerHTML .= "<\/select>\";"; @@ -251,7 +251,7 @@ function removeRow(el) { <tr> <td valign="top" class="vncellreq"><?=gettext("Group Name");?></td> <td class="vtable"> - <input class="formfld unknown" name="ifname" id="ifname" value="<?=htmlspecialchars($pconfig['ifname']);?>" /> + <input class="formfld unknown" name="ifname" id="ifname" maxlength="15" value="<?=htmlspecialchars($pconfig['ifname']);?>" /> <br /> <?=gettext("No numbers or spaces are allowed. Only characters in a-zA-Z");?> </td> @@ -288,12 +288,20 @@ function removeRow(el) { <td class="vtable"> <select name="members<?php echo $tracker; ?>" class="formselect" id="members<?php echo $tracker; ?>"> <?php + $found = false; foreach ($iflist as $ifnam => $ifdescr) { echo "<option value=\"{$ifnam}\""; - if ($ifnam == $members) + if ($ifnam == $members) { + $found = true; echo " selected=\"selected\""; + } echo ">{$ifdescr}</option>"; } + + if ($found === false) + foreach ($iflist_disabled as $ifnam => $ifdescr) + if ($ifnam == $members) + echo "<option value=\"{$ifnam}\" selected=\"selected\">{$ifdescr}</option>"; ?> </select> </td> @@ -336,6 +344,10 @@ function removeRow(el) { //]]> </script> -<?php include("fend.inc"); ?> +<?php + unset($iflist); + unset($iflist_disabled); + include("fend.inc"); +?> </body> </html> diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 0e8cb96..d00ebd0 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -65,11 +65,14 @@ function domTT_title($title_msg){ $xml = htmlspecialchars($_GET['xml']); if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); -if($xml == "") { - print_info_box_np(gettext("ERROR: No package defined.")); +$xml_fullpath = realpath('/usr/local/pkg/' . $xml); + +if ($xml == "" || $xml_fullpath === false || + substr($xml_fullpath, 0, strlen('/usr/local/pkg/')) != '/usr/local/pkg/') { + print_info_box_np(gettext("ERROR: No valid package defined.")); die; } else { - $pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui"); + $pkg = parse_xml_config_pkg($xml_fullpath, "packagegui"); } if($pkg['include_file'] <> "") { diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 9465153..e547074 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -108,11 +108,11 @@ if ($_POST) { </tr> <?php if ((empty($_GET['mode']) && $_GET['id']) || (!empty($_GET['mode']) && (!empty($_GET['pkg']) || $_GET['mode'] == 'reinstallall') && ($_GET['mode'] != 'installedinfo' && $_GET['mode'] != 'showlog'))): if (empty($_GET['mode']) && $_GET['id']) { - $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401)); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401)); $pkgmode = 'installed'; } else if (!empty($_GET['mode']) && !empty($_GET['pkg'])) { - $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); - $pkgmode = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401)); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); + $pkgmode = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401)); } else if ($_GET['mode'] == 'reinstallall') { $pkgmode = 'reinstallall'; } @@ -191,7 +191,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth"); ob_flush(); if ($_GET) { - $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); switch($_GET['mode']) { case 'showlog': if (strpos($pkgname, ".")) { @@ -213,7 +213,7 @@ if ($_GET) { break; } } else if ($_POST) { - $pkgid = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401)); + $pkgid = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401)); /* All other cases make changes, so mount rw fs */ conf_mount_rw(); diff --git a/usr/local/www/shortcuts/pkg_upnp.inc b/usr/local/www/shortcuts/pkg_upnp.inc index 05402a2..2b068a7 100644 --- a/usr/local/www/shortcuts/pkg_upnp.inc +++ b/usr/local/www/shortcuts/pkg_upnp.inc @@ -3,9 +3,9 @@ global $shortcuts; $shortcuts['upnp'] = array(); -$shortcuts['upnp']['main'] = "pkg_edit.php?xml=miniupnpd.xml&id=0"; +$shortcuts['upnp']['main'] = "pkg_edit.php?xml=miniupnpd.xml"; $shortcuts['upnp']['log'] = "diag_logs_routing.php"; $shortcuts['upnp']['status'] = "status_upnp.php"; $shortcuts['upnp']['service'] = "miniupnpd"; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index b139d5a..78cbbdb 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -44,6 +44,7 @@ $pgtitle = array(gettext("System"),gettext("RRD Graphs"),gettext("Image viewer") if ($_GET['database']) { $curdatabase = basename($_GET['database']); + $curdatabase = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($curdatabase, ENT_QUOTES | ENT_HTML401)); } else { $curdatabase = "wan-traffic.rrd"; } @@ -56,7 +57,7 @@ if ($_GET['style']) { /* this is used for temp name */ if ($_GET['graph']) { - $curgraph = $_GET['graph']; + $curgraph = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['graph'], ENT_QUOTES | ENT_HTML401)); } else { $curgraph = "custom"; } @@ -64,9 +65,6 @@ if ($_GET['graph']) { $now = time(); if (is_numeric($_GET['start'])) { - if($start < ($now - (3600 * 24 * 365 * 5))) { - $start = $now - (8 * 3600); - } $start = $_GET['start']; } else { $start = $now - (8 * 3600); @@ -329,7 +327,7 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; $graphcmd .= "--start $start --end $end --step $step --vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:$curif-in_bytes_pass=$rrddbpath$curdatabase:inpass:AVERAGE:step=$step "; $graphcmd .= "DEF:$curif-out_bytes_pass=$rrddbpath$curdatabase:outpass:AVERAGE:step=$step "; @@ -474,7 +472,7 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "GPRINT:\"$curif-out6_bits_block:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_out6_t_block:AVERAGE:%7.2lf %sB o\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif(strstr($curdatabase, "-throughput.rrd")) { /* define graphcmd for throughput stats */ @@ -483,7 +481,7 @@ elseif(strstr($curdatabase, "-throughput.rrd")) { $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $iflist = get_configured_interface_list(); @@ -602,7 +600,7 @@ elseif(strstr($curdatabase, "-throughput.rrd")) { $graphcmd .= "GPRINT:\"tput-out_bits_block:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"tput-bytes_out_t_block:AVERAGE:%7.2lf %sB o\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for packets stats */ @@ -610,7 +608,7 @@ elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdat $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"packets/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-in_pps_pass=$rrddbpath$curdatabase:inpass:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"$curif-out_pps_pass=$rrddbpath$curdatabase:outpass:AVERAGE:step=$step\" "; @@ -728,7 +726,7 @@ elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdat $graphcmd .= "GPRINT:\"$curif-out6_pps_block:LAST:%7.2lf %S pps\" "; $graphcmd .= "GPRINT:\"$curif-pps_out6_t_block:AVERAGE:%7.2lf %s pkts\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for packets stats */ @@ -736,7 +734,7 @@ elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"snr/channel/rate\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-snr=$rrddbpath$curdatabase:snr:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"$curif-rate=$rrddbpath$curdatabase:rate:AVERAGE:step=$step\" "; @@ -761,7 +759,7 @@ elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "GPRINT:\"$curif-channel:AVERAGE:%7.2lf \" "; $graphcmd .= "GPRINT:\"$curif-channel:LAST:%7.2lf\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for vpn users stats */ @@ -769,7 +767,7 @@ elseif((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-users=$rrddbpath$curdatabase:users:AVERAGE:step=$step\" "; $graphcmd .= "LINE2:\"$curif-users#{$colorvpnusers[0]}:$curif-users\" "; @@ -780,7 +778,7 @@ elseif((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "GPRINT:\"$curif-users:AVERAGE:%7.2lf \" "; $graphcmd .= "GPRINT:\"$curif-users:LAST:%7.2lf \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for states stats */ @@ -788,7 +786,7 @@ elseif((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "--start -$seconds -e -$average --step $step "; $graphcmd .= "--vertical-label \"states, ip\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-pfrate=$rrddbpath$curdatabase:pfrate:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"$curif-pfstates=$rrddbpath$curdatabase:pfstates:AVERAGE:step=$step\" "; @@ -834,7 +832,7 @@ elseif((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "GPRINT:\"$curif-dstip:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"$curif-dstip:LAST:%7.2lf %s \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-processor.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for processor stats */ @@ -842,7 +840,7 @@ elseif((strstr($curdatabase, "-processor.rrd")) && (file_exists("$rrddbpath$curd $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, number\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"user=$rrddbpath$curdatabase:user:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"nice=$rrddbpath$curdatabase:nice:AVERAGE:step=$step\" "; @@ -886,7 +884,7 @@ elseif((strstr($curdatabase, "-processor.rrd")) && (file_exists("$rrddbpath$curd $graphcmd .= "GPRINT:\"processes:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"processes:LAST:%7.2lf %s \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-memory.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for memory usage stats */ @@ -894,7 +892,7 @@ elseif((strstr($curdatabase, "-memory.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, percent\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"active=$rrddbpath$curdatabase:active:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"inactive=$rrddbpath$curdatabase:inactive:AVERAGE:step=$step\" "; @@ -938,7 +936,7 @@ elseif((strstr($curdatabase, "-memory.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "GPRINT:\"wire:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"wire:LAST:%7.2lf %S \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-mbuf.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for mbuf usage stats */ @@ -946,7 +944,7 @@ elseif((strstr($curdatabase, "-mbuf.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, percent\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} clusters - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} clusters - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"current=$rrddbpath$curdatabase:current:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"cache=$rrddbpath$curdatabase:cache:AVERAGE:step=$step\" "; @@ -982,7 +980,7 @@ elseif((strstr($curdatabase, "-mbuf.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "GPRINT:\"max:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"max:LAST:%7.2lf %S \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-queues.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for queue stats */ @@ -990,7 +988,7 @@ elseif((strstr($curdatabase, "-queues.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; if ($altq) { $a_queues =& $altq->get_queue_list(); @@ -1011,7 +1009,7 @@ elseif((strstr($curdatabase, "-queues.rrd")) && (file_exists("$rrddbpath$curdata if($t > 7) { $t = 0; } } $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for queuedrop stats */ @@ -1019,7 +1017,7 @@ elseif((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"drops / sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; if ($altq) { $a_queues =& $altq->get_queue_list(); @@ -1041,13 +1039,13 @@ elseif((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$cur if($t > 7) { $t = 0; } } $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-quality.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* make a link quality graphcmd, we only have WAN for now, others too follow */ $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ --start $start --end $end --step $step \\ - --title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" \\ + --title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" \\ --color SHADEA#eeeeee --color SHADEB#eeeeee \\ --vertical-label \"ms / %\" \\ --height 200 --width 620 \\ @@ -1077,13 +1075,13 @@ elseif((strstr($curdatabase, "-quality.rrd")) && (file_exists("$rrddbpath$curdat GPRINT:loss:LAST:\"\tLast\: %3.1lf %%\\n\" \\ AREA:loss10#$colorqualityloss:\"Packet loss\\n\" \\ LINE1:delay#$colorqualityrtt[5]:\"Delay average\\n\" \\ - COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\""; + COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\""; } elseif((strstr($curdatabase, "spamd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* graph a spamd statistics graph */ $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ --start $start --end $end --step $step \\ - --title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" \\ + --title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" \\ --color SHADEA#eeeeee --color SHADEB#eeeeee \\ --vertical-label=\"Conn / Time, sec.\" \\ --height 200 --width 620 --no-gridfit \\ @@ -1116,14 +1114,14 @@ elseif((strstr($curdatabase, "spamd.rrd")) && (file_exists("$rrddbpath$curdataba GPRINT:consmin:MIN:\"Min\\:%6.2lf\\t\" \\ GPRINT:consavg:AVERAGE:\"Avg\\:%6.2lf\\t\" \\ GPRINT:consmax:MAX:\"Max\\:%6.2lf\\n\" \\ - COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-cellular.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"signal\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-rssi=$rrddbpath$curdatabase:rssi:AVERAGE:step=$step\" "; $graphcmd .= "LINE2:\"$curif-rssi#{$colorwireless[0]}:$curif-rssi\" "; @@ -1134,7 +1132,7 @@ elseif((strstr($curdatabase, "-cellular.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "GPRINT:\"$curif-rssi:AVERAGE:%7.2lf \" "; $graphcmd .= "GPRINT:\"$curif-rssi:LAST:%7.2lf \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for online Captive Portal users stats */ @@ -1145,7 +1143,7 @@ elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--base=1000 "; $graphcmd .= "--lower-limit=0 "; $graphcmd .= "--slope-mode "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-loggedinusers=$rrddbpath$curdatabase:loggedinusers:AVERAGE:step=$step\" "; $graphcmd .= "CDEF:\"$curif-totalusers_t=PREV,UN,0,PREV,IF,$curif-loggedinusers,+\" "; @@ -1153,7 +1151,7 @@ elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "AREA:\"$curif-totalusers_d#{$colorcaptiveportalusers[0]}:Total logged in users\" "; $graphcmd .= "GPRINT:\"$curif-totalusers_d:MAX:%8.0lf \\n\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for online Captive Portal users stats */ @@ -1161,7 +1159,7 @@ elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"Captive Portal Users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--base=1000 "; $graphcmd .= "--lower-limit=0 "; $graphcmd .= "--slope-mode "; @@ -1175,7 +1173,7 @@ elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "GPRINT:\"$curif-concurrentusers:AVERAGE:%8.0lf \" "; $graphcmd .= "GPRINT:\"$curif-concurrentusers:MAX:%8.0lf \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } else { $data = false; @@ -1186,14 +1184,14 @@ else { if (file_exists("$rrdtmppath$curdatabase-$curgraph.png")) { if((time() - filemtime("$rrdtmppath$curdatabase-$curgraph.png")) >= 15 ) { if($data) - exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); + $_gb = exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); $graphcmdoutput = implode(" ", $graphcmdoutput) . $graphcmd; flush(); usleep(500); } } else { if($data) - exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); + $_gb = exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); $graphcmdoutput = implode(" ", $graphcmdoutput) . $graphcmd; flush(); usleep(500); @@ -1202,14 +1200,14 @@ if(($graphcmdreturn <> 0) || (! $data)) { log_error(sprintf(gettext('Failed to create graph with error code %1$s, the error is: %2$s'),$graphcmdreturn,$graphcmdoutput)); if(strstr($curdatabase, "queues")) { log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase)); - exec("/bin/rm -f $rrddbpath$curif$queues"); + unlink_if_exists($rrddbpath . $curif . $queues); flush(); usleep(500); enable_rrd_graphing(); } if(strstr($curdatabase, "queuesdrop")) { log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase)); - exec("/bin/rm -f $rrddbpath$curdatabase"); + unlink_if_exists($rrddbpath . $curdatabase); flush(); usleep(500); enable_rrd_graphing(); diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 731b79b..61268d6 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -41,16 +41,20 @@ require_once("guiconfig.inc"); require_once("service-utils.inc"); require_once("shortcuts.inc"); -if (!empty($_GET['service'])) { +$service_name = ''; +if (isset($_GET['service'])) + $service_name = htmlspecialchars($_GET['service']); + +if (!empty($service_name)) { switch ($_GET['mode']) { case "restartservice": - $savemsg = service_control_restart($_GET['service'], $_GET); + $savemsg = service_control_restart($service_name, $_GET); break; case "startservice": - $savemsg = service_control_start($_GET['service'], $_GET); + $savemsg = service_control_start($service_name, $_GET); break; case "stopservice": - $savemsg = service_control_stop($_GET['service'], $_GET); + $savemsg = service_control_stop($service_name, $_GET); break; } sleep(5); diff --git a/usr/local/www/system_firmware_restorefullbackup.php b/usr/local/www/system_firmware_restorefullbackup.php index d671fc2..6fa7041 100755 --- a/usr/local/www/system_firmware_restorefullbackup.php +++ b/usr/local/www/system_firmware_restorefullbackup.php @@ -59,9 +59,9 @@ if($_GET['backupnow']) mwexec_bg("/etc/rc.create_full_backup"); if($_GET['downloadbackup']) { - $filename = $_GET['downloadbackup']; + $filename = basename($_GET['downloadbackup']); $path = "/root/{$filename}"; - if(file_exists("/root/{$filename}")) { + if(file_exists($path)) { session_write_close(); ob_end_clean(); session_cache_limiter('public'); diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index d3d20cb..2e605b5 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -506,12 +506,6 @@ function monitor_change() { echo " selected='selected'"; echo ">" . htmlspecialchars($ifacename) . "</option>"; } - if (is_package_installed("openbgpd") == 1) { - echo "<option value=\"bgpd\""; - if ($pconfig['interface'] == "bgpd") - echo " selected='selected'"; - echo ">" . gettext("Use BGPD") . "</option>"; - } ?> </select><br/> <span class="vexpl"><?=gettext("Choose which interface this gateway applies to."); ?></span> diff --git a/usr/local/www/widgets/widgets/log.widget.php b/usr/local/www/widgets/widgets/log.widget.php index e4114e0..fc0f67e 100644 --- a/usr/local/www/widgets/widgets/log.widget.php +++ b/usr/local/www/widgets/widgets/log.widget.php @@ -1,34 +1,34 @@ <?php /* - $Id$ - Copyright 2007 Scott Dale - Part of pfSense widgets (https://www.pfsense.org) - originally based on m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net> - and Jonathan Watt <jwatt@jwatt.org>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + $Id$ + Copyright 2007 Scott Dale + Part of pfSense widgets (https://www.pfsense.org) + originally based on m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net> + and Jonathan Watt <jwatt@jwatt.org>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ $nocsrf = true; @@ -40,33 +40,28 @@ require_once("functions.inc"); /* In an effort to reduce duplicate code, many shared functions have been moved here. */ require_once("filter_log.inc"); -if($_POST['filterlogentries']) { - unset($config['widgets']['filterlogentries']); - if( ($_POST['filterlogentries']) and ($_POST['filterlogentries'] != ' ') ) $config['widgets']['filterlogentries'] = $_POST['filterlogentries']; +if(is_numeric($_POST['filterlogentries'])) { + $config['widgets']['filterlogentries'] = $_POST['filterlogentries']; - unset($config['widgets']['filterlogentriesacts']); - if($_POST['actpass']) $config['widgets']['filterlogentriesacts'] .= $_POST['actpass'] . " "; - if($_POST['actblock']) $config['widgets']['filterlogentriesacts'] .= $_POST['actblock'] . " "; - if($_POST['actreject']) $config['widgets']['filterlogentriesacts'] .= $_POST['actreject'] . " "; - if (isset($config['widgets']['filterlogentriesacts'])) $config['widgets']['filterlogentriesacts'] = trim($config['widgets']['filterlogentriesacts']); + $acts = array(); + if ($_POST['actpass']) $acts[] = "Pass"; + if ($_POST['actblock']) $acts[] = "Block"; + if ($_POST['actreject']) $acts[] = "Reject"; - unset($config['widgets']['filterlogentriesinterfaces']); - if( ($_POST['filterlogentriesinterfaces']) and ($_POST['filterlogentriesinterfaces'] != "All") ) $config['widgets']['filterlogentriesinterfaces'] = $_POST['filterlogentriesinterfaces']; - if (isset($config['widgets']['filterlogentriesinterfaces'])) $config['widgets']['filterlogentriesinterfaces'] = trim($config['widgets']['filterlogentriesinterfaces']); + if (!empty($acts)) + $config['widgets']['filterlogentriesacts'] = implode(" ", $acts); + else + unset($config['widgets']['filterlogentriesacts']); + unset($acts); + + if( ($_POST['filterlogentriesinterfaces']) and ($_POST['filterlogentriesinterfaces'] != "All") ) + $config['widgets']['filterlogentriesinterfaces'] = trim($_POST['filterlogentriesinterfaces']); + else + unset($config['widgets']['filterlogentriesinterfaces']); write_config("Saved Filter Log Entries via Dashboard"); - $filename = $_SERVER['HTTP_REFERER']; - if(headers_sent($file, $line)){ - echo '<script type="text/javascript">'; - echo '//<![CDATA['; - echo 'window.location.href="'.$filename.'";'; - echo '//]]>'; - echo '</script>'; - echo '<noscript>'; - echo '<meta http-equiv="refresh" content="0;url='.$filename.'" />'; - echo '</noscript>'; - } Header("Location: /"); + exit(0); } $nentries = isset($config['widgets']['filterlogentries']) ? $config['widgets']['filterlogentries'] : 5; @@ -76,9 +71,10 @@ $nentries = isset($config['widgets']['filterlogentries']) ? $config['widgets'][' $nentriesacts = isset($config['widgets']['filterlogentriesacts']) ? $config['widgets']['filterlogentriesacts'] : 'All'; $nentriesinterfaces = isset($config['widgets']['filterlogentriesinterfaces']) ? $config['widgets']['filterlogentriesinterfaces'] : 'All'; -$filterfieldsarray = array("act", "interface"); -$filterfieldsarray['act'] = $nentriesacts; -$filterfieldsarray['interface'] = $nentriesinterfaces; +$filterfieldsarray = array( + "act" => $nentriesacts, + "interface" => $nentriesinterfaces +); $filter_logfile = "{$g['varlog_path']}/filter.log"; $filterlog = conv_log_filter($filter_logfile, $nentries, 50, $filterfieldsarray); //Get log entries @@ -111,7 +107,7 @@ function format_log_line(row) { '<td class="listMRr ellipsis" title="' + row[1] + '">' + row[1].slice(0,-3) + '<\/td>' + '<td class="listMRr ellipsis" title="' + row[2] + '">' + row[2] + '<\/td>' + '<td class="listMRr ellipsis" title="' + row[3] + '">' + row[3] + '<\/td>' + - '<td class="listMRr ellipsis" title="' + row[4] + '">' + row[4] + '<\/td>'; + '<td class="listMRr ellipsis" title="' + row[4] + '">' + row[4] + '<\/td>'; var nentriesacts = "<?php echo $nentriesacts; ?>"; var nentriesinterfaces = "<?php echo $nentriesinterfaces; ?>"; @@ -131,25 +127,24 @@ function format_log_line(row) { <div id="log-settings" class="widgetconfigdiv" style="display:none;"> <form action="/widgets/widgets/log.widget.php" method="post" name="iforma"> - Number of lines to display: + Number of lines to display: <select name="filterlogentries" class="formfld unknown" id="filterlogentries"> <?php for ($i = 1; $i <= 20; $i++) { ?> <option value="<?php echo $i;?>" <?php if ($nentries == $i) echo "selected=\"selected\"";?>><?php echo $i;?></option> <?php } ?> </select> -<?php - $Include_Act = explode(",", str_replace(" ", ",", $nentriesacts)); +<?php + $Include_Act = explode(" ", $nentriesacts); if ($nentriesinterfaces == "All") $nentriesinterfaces = ""; ?> <input id="actpass" name="actpass" type="checkbox" value="Pass" <?php if (in_arrayi('Pass', $Include_Act)) echo "checked=\"checked\""; ?> /> Pass <input id="actblock" name="actblock" type="checkbox" value="Block" <?php if (in_arrayi('Block', $Include_Act)) echo "checked=\"checked\""; ?> /> Block <input id="actreject" name="actreject" type="checkbox" value="Reject" <?php if (in_arrayi('Reject', $Include_Act)) echo "checked=\"checked\""; ?> /> Reject <br/> - Interfaces: - <input id="filterlogentriesinterfaces" name="filterlogentriesinterfaces" class="formfld unknown" type="text" size="20" value="<?= $nentriesinterfaces ?>" /> - - + Interfaces: + <input id="filterlogentriesinterfaces" name="filterlogentriesinterfaces" class="formfld unknown" type="text" size="20" value="<?= htmlspecialchars($nentriesinterfaces) ?>" /> + <input id="submita" name="submita" type="submit" class="formbtn" value="Save" /> </form> </div> diff --git a/usr/local/www/widgets/widgets/rss.widget.php b/usr/local/www/widgets/widgets/rss.widget.php index 4ec4b7f..53166bc 100644 --- a/usr/local/www/widgets/widgets/rss.widget.php +++ b/usr/local/www/widgets/widgets/rss.widget.php @@ -33,10 +33,10 @@ require_once("pfsense-utils.inc"); require_once("functions.inc"); if($_POST['rssfeed']) { - $config['widgets']['rssfeed'] = str_replace("\n", ",", $_POST['rssfeed']); - $config['widgets']['rssmaxitems'] = str_replace("\n", ",", $_POST['rssmaxitems']); - $config['widgets']['rsswidgetheight'] = $_POST['rsswidgetheight']; - $config['widgets']['rsswidgettextlength'] = $_POST['rsswidgettextlength']; + $config['widgets']['rssfeed'] = str_replace("\n", ",", htmlspecialchars($_POST['rssfeed'], ENT_QUOTES | ENT_HTML401)); + $config['widgets']['rssmaxitems'] = str_replace("\n", ",", htmlspecialchars($_POST['rssmaxitems'], ENT_QUOTES | ENT_HTML401)); + $config['widgets']['rsswidgetheight'] = htmlspecialchars($_POST['rsswidgetheight'], ENT_QUOTES | ENT_HTML401); + $config['widgets']['rsswidgettextlength'] = htmlspecialchars($_POST['rsswidgettextlength'], ENT_QUOTES | ENT_HTML401); write_config("Saved RSS Widget feed via Dashboard"); Header("Location: /"); } @@ -48,10 +48,10 @@ if($config['widgets']['rssfeed']) if($config['widgets']['rssmaxitems']) $max_items = $config['widgets']['rssmaxitems']; -if($config['widgets']['rsswidgetheight']) +if(is_numeric($config['widgets']['rsswidgetheight'])) $rsswidgetheight = $config['widgets']['rsswidgetheight']; -if($config['widgets']['rsswidgettextlength']) +if(is_numeric($config['widgets']['rsswidgettextlength'])) $rsswidgettextlength = $config['widgets']['rsswidgettextlength']; // Set a default feed if none exists diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php index ee8d521..86fa7f3 100644 --- a/usr/local/www/widgets/widgets/services_status.widget.php +++ b/usr/local/www/widgets/widgets/services_status.widget.php @@ -41,7 +41,7 @@ require_once("/usr/local/www/widgets/include/services_status.inc"); $services = get_services(); if(isset($_POST['servicestatusfilter'])) { - $config['widgets']['servicestatusfilter'] = $_POST['servicestatusfilter']; + $config['widgets']['servicestatusfilter'] = htmlspecialchars($_POST['servicestatusfilter'], ENT_QUOTES | ENT_HTML401); write_config("Saved Service Status Filter via Dashboard"); header("Location: ../../index.php"); } |
