aboutsummaryrefslogtreecommitdiff
path: root/net-mgmt/cacti
diff options
context:
space:
mode:
authorSergey Matveychuk <sem@FreeBSD.org>2013-09-14 17:06:54 +0000
committerSergey Matveychuk <sem@FreeBSD.org>2013-09-14 17:06:54 +0000
commit60d7c5f2d4f8796dd7e4b402e49be3c1d8bd9acf (patch)
treecaf58cc83dc24decd0ea5fc776be8595fcccc394 /net-mgmt/cacti
parentae36914d6cec16431cec8270255978dc59a7a569 (diff)
downloadports-60d7c5f2d4f8796dd7e4b402e49be3c1d8bd9acf.tar.gz
ports-60d7c5f2d4f8796dd7e4b402e49be3c1d8bd9acf.zip
Notes
Diffstat (limited to 'net-mgmt/cacti')
-rw-r--r--net-mgmt/cacti/Makefile2
-rw-r--r--net-mgmt/cacti/files/patch-lib-rrd.php37
2 files changed, 38 insertions, 1 deletions
diff --git a/net-mgmt/cacti/Makefile b/net-mgmt/cacti/Makefile
index ccd7ba82b362..0c6956ff0460 100644
--- a/net-mgmt/cacti/Makefile
+++ b/net-mgmt/cacti/Makefile
@@ -4,7 +4,7 @@
PORTNAME= cacti
PORTVERSION= 0.8.8b${PATCHLEVEL}
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net-mgmt www
MASTER_SITES= http://www.cacti.net/downloads/
DISTNAME= ${PORTNAME}-${SITEDISTVERSION}
diff --git a/net-mgmt/cacti/files/patch-lib-rrd.php b/net-mgmt/cacti/files/patch-lib-rrd.php
new file mode 100644
index 000000000000..422880209392
--- /dev/null
+++ b/net-mgmt/cacti/files/patch-lib-rrd.php
@@ -0,0 +1,37 @@
+Index: ./lib/rrd.php
+===================================================================
+--- ./lib/rrd.php (Revision 7407)
++++ ./lib/rrd.php (Arbeitskopie)
+@@ -1343,20 +1343,20 @@
+ $need_rrd_nl = TRUE;
+
+ if ($graph_item_types{$graph_item["graph_type_id"]} == "COMMENT") {
++ # perform variable substitution first (in case this will yield an empty results or brings command injection problems)
++ $comment_arg = rrd_substitute_host_query_data($graph_variables["text_format"][$graph_item_id], $graph, $graph_item);
++ # next, compute the argument of the COMMENT statement and perform injection counter measures
++ if (trim($comment_arg) == '') { # an empty COMMENT must be treated with care
++ $comment_arg = cacti_escapeshellarg(' ' . $hardreturn[$graph_item_id]);
++ } else {
++ $comment_arg = cacti_escapeshellarg($comment_arg . $hardreturn[$graph_item_id]);
++ }
++
++ # create rrdtool specific command line
+ if (read_config_option("rrdtool_version") != "rrd-1.0.x") {
+- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id])) . " ";
+- if (trim($comment_string) == 'COMMENT:"\n"') {
+- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+- } else if (trim($comment_string) != "COMMENT:\"\"") {
+- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+- }
++ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . str_replace(":", "\:", $comment_arg) . " ";
+ }else {
+- $comment_string = $graph_item_types{$graph_item["graph_type_id"]} . ":" . cacti_escapeshellarg($graph_variables["text_format"][$graph_item_id] . $hardreturn[$graph_item_id]) . " ";
+- if (trim($comment_string) == 'COMMENT:"\n"') {
+- $txt_graph_items .= 'COMMENT:" \n"'; # rrdtool will skip a COMMENT that holds a NL only; so add a blank to make NL work
+- } else if (trim($comment_string) != "COMMENT:\"\"") {
+- $txt_graph_items .= rrd_substitute_host_query_data($comment_string, $graph, $graph_item);
+- }
++ $txt_graph_items .= $graph_item_types{$graph_item["graph_type_id"]} . ":" . $comment_arg . " ";
+ }
+ }elseif (($graph_item_types{$graph_item["graph_type_id"]} == "GPRINT") && (!isset($graph_data_array["graph_nolegend"]))) {
+ $graph_variables["text_format"][$graph_item_id] = str_replace(":", "\:", $graph_variables["text_format"][$graph_item_id]); /* escape colons */