> On 2010-08-28 15:59, Ethan Galstad egalstad-at-nagios.org |Lists/Send to
> lists| wrote:
>> Thanks for pointing this discrepancy out. Custom macros should be
>> cleaned IMO, so I opted to update the docs instead.
>
> During the weekend I haven't been able to understand the rationale
> behind this. Could you help me understand it?
>
[snip]
>
> But the values of Custom Object Variables come from the config files, so
> why aren't they to be trusted? I don't (yet) see the conceptual
> difference between allowing special/illegal characters in Custom Object
> Variables and allowing them in $ARGn$ definitions. If we don't trust the
> author of the config files, shouldn't we cleanse $ARGn$ definitions in
> "check_command"s too then? Why one and not the other?
>
> Peter
Good point. I've changed the code to not clean/strip custom macros.
Since they're user-defined, they should be trusted (unlike variable data
returned from plugins). Fix is in CVS now. Thanks!
--
Ethan Galstad
Father of Nagios
___
Email: [email protected]|com
Web: www.nagios.com
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]