Re: [Nagios-devel] Variables encoded twice

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Guest

Re: [Nagios-devel] Variables encoded twice

Post by Guest »

--========GMX42091218291303642851
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

In statusmap.c, layout_method is an int and therefore shouldn't be escaped (the compiler put a message since int was passed as parameter where a char* is expected). File escape_string-2.diff, lines 271/273.

The HTML was broken when using apostrophs in the host name and/or the host alias (statusmap.cgi) and having escape_html_tags=0 in cgi.cfg. This is corrected in the patch. (escape_html_tags should only influence the plugin output.)

I've patched cmd.cgi to escape host, service and author names and the comment data. The call of url_encode is replaced by escape_string there. As a side effect, the author's name is displayed correctly now ("Nagios+Admin" before, "Nagios Admin" with the patch).

The file escape_string-3.diff includes Armin's patches (escape_string-2.diff) and my patches described above.

> cgiutils.h is generated from cgiutils.h.in by autoconf and is not in CVS.

Thanks. I've used the configure script to generate the cgiutils.h file after your patch.

Regards
Bernd

--
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser

--========GMX42091218291303642851
Content-Type: application/octet-stream; name="escape_string-3.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="escape_string-3.diff"

SW5kZXg6IGNnaS9hdmFpbC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9jdnNyb290L25hZ2lvcy9u
YWdpb3MvY2dpL2F2YWlsLmMsdgpyZXRyaWV2aW5nIHJldmlzaW9uIDEuNTAKZGlmZiAtVTMgLXIx
LjUwIGF2YWlsLmMKLS0tIGNnaS9hdmFpbC5jCTIzIEp1biAyMDA4IDIwOjQ3OjQyIC0wMDAwCTEu
NTAKKysrIGNnaS9hdmFpbC5jCTkgQXVnIDIwMDggMTM6MzI6MTYgLTAwMDAKQEAgLTUxMCwxMyAr
NTEwLDEzIEBACiAJCQlpZihmdWxsX2xvZ19lbnRyaWVzPT1UUlVFKQogCQkJCXByaW50ZigiPGlu
cHV0IHR5cGU9J2hpZGRlbicgbmFtZT0nZnVsbF9sb2dfZW50cmllcycgdmFsdWU9Jyc+XG4iKTsK
IAkJCWlmKGRpc3BsYXlfdHlwZT09RElTUExBWV9IT1NUR1JPVVBfQVZBSUwpCi0JCQkJcHJpbnRm
KCI8aW5wdXQgdHlwZT0naGlkZGVuJyBuYW1lPSdob3N0Z3JvdXAnIHZhbHVlPSclcyc+XG4iLGhv
c3Rncm91cF9uYW1lKTsKKwkJCQlwcmludGYoIjxpbnB1dCB0eXBlPSdoaWRkZW4nIG5hbWU9J2hv
c3Rncm91cCcgdmFsdWU9JyVzJz5cbiIsZXNjYXBlX3N0cmluZyhob3N0Z3JvdXBfbmFtZSkpOwog
CQkJaWYoZGlzcGxheV90eXBlPT1ESVNQTEFZX0hPU1RfQVZBSUwgfHwgZGlzcGxheV90eXBlPT1E
SVNQTEFZX1NFUlZJQ0VfQVZBSUwpCi0JCQkJcHJpbnRmKCI8aW5wdXQgdHlwZT0naGlkZGVuJyBu
YW1lPSdob3N0JyB2YWx1ZT0nJXMnPlxuIix1cmxfZW5jb2RlKGhvc3RfbmFtZSkpOworCQkJCXBy
aW50ZigiPGlucHV0IHR5cGU9J2hpZGRlbicgbmFtZT0naG9zdCcgdmFsdWU9JyVzJz5cbiIsZXNj
YXBlX3N0cmluZyhob3N0X25hbWUpKTsKIAkJCWlmKGRpc3BsYXlfdHlwZT09RElTUExBWV9TRVJW
SUNFX0FWQUlMKQotCQkJCXByaW50ZigiPGlucHV0IHR5cGU9J2hpZGRlbicgbmFtZT0nc2Vydmlj
ZScgdmFsdWU9JyVzJz5cbiIsc3ZjX2Rlc2NyaXB0aW9uKTsKKwkJCQlwcmludGYoIjxpbnB1dCB0
eXBlPSdoaWRkZW4nIG5hbWU9J3NlcnZpY2UnIHZhbHVlPSclcyc+XG4iLGVzY2FwZV9zdHJpbmco
c3ZjX2Rlc2NyaXB0aW9uKSk7CiAJCQlpZihkaXNwbGF5X3R5cGU9PURJU1BMQVlfU0VSVklDRUdS
T1VQX0FWQUlMKQotCQkJCXByaW50ZigiPGlucHV0IHR5cGU9J2hpZGRlbicgbmFtZT0nc2Vydmlj
ZWdyb3VwJyB2YWx1ZT0nJXMnPlxuIix1cmxfZW5jb2RlKHNlcnZpY2Vncm91cF9uYW1lKSk7CisJ
CQkJcHJpbnRmKCI8aW5wdXQgdHlwZT0naGlkZGVuJyBuYW1lPSdzZXJ2aWNlZ3JvdXAnIHZhbHVl
PSclcyc+XG4iLGVzY2FwZV9zdHJpbmcoc2VydmljZWdyb3VwX25hbWUpKTsKIAogCQkJcHJpbnRm
KCI8aW5wdXQgdHlwZT0naGlkZGVuJyBuYW1lPSdhc3N1bWVpbml0aWFsc3RhdGVzJyB2YWx1ZT0n
JXMnPlxuIiwoYXNzdW1lX2luaXRpYWxfc3RhdGVzPT1UUlVFKT8ieWVzIjoibm8iKTsKIAkJCXBy
aW50ZigiPGlucHV0IHR5cGU9J2hpZGRlbicgbmFtZT0nYXNzdW1lc3RhdGVyZXRlbnRpb24nIHZh
bHVlPSclcyc+XG4iLChhc3N1bWVfc3RhdGVfcmV0ZW50aW9uPT1UUlVFKT8ieWVzIjoibm8iKTsK
QEAgLTY0NSwxMyArNjQ1LDEzIEBACiAJICAgICAgICBwcmludGYoIjxmb3JtIG1ldGhvZD1cImdl
dFwiIGFjdGlvbj1cIiVzXCI+XG4iLEFWQUlMX0NHSSk7CiAJCXByaW50ZigiPGlucHV0IHR5cGU9
J2hpZGRlbicgbmFtZT0nc2hvd19sb2dfZW50cmllcycgdmFsdWU9Jyc+XG4iKTsKIAkJaWYoZGlz
cGxheV90eXBlPT1ESVNQTEFZX0hPU1RHUk9VUF9BVkFJTCkKLQkJCXByaW50ZigiPGlucHV0IHR5
cGU9J2hpZGRlbicgbmFtZT0naG9zdGdyb3VwJyB2YWx1ZT0nJXMnPlxuIixob3N0Z3JvdXBfbmFt
ZSk7CisJCQlwcmludGYoIjxpbnB1dCB0eXBlPSdoaWRkZW4nIG5hbWU9J2hvc3Rncm91cCcgdmFs
dWU9JyVzJz5cbiIsZXNjYXBlX3N0cmluZyhob3N0Z3JvdXBf

...[email truncated]...


This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Top
Locked

Return to “Open Source Nagios Projects”