From: Max Sikström
No macros should be escaped because of which macros is resolved, but for where
the macros is put.
URL-encoding macros should be done when building an URL, not if the URL is
included in the macro. Therefore, encoding options should only be brought
downwards, and only one level in the encoding.
An example:
notes: this is a string escaped with & and other chars for $HOSTADDRESS$
notes_url: http://wiki.example.org/?notes=$HOSTNOT ... OSTADDRESS$
action_url: http://example.org/?notes_url=$HOSTNOTE ... $HOSTNOTES$
The result should be something like:
notes:
address should be included, but not escaped. It should be readable by a person
notes_url:
both notes and address should be url-encoded, because they are a part of the
url, but shouldn't change the structure of the url (like including new
variables)
action_url:
should urlencode notes_url, which means parts is double-encoded, because the
notes_url-attribute should, when unpacked by the web server, contain the
notes_url, and the notes should be encoded, so the same applies to notes
Signed-off-by: Max Sikström
---
common/macros.c | 101 ++++++++++++++++++++++--------------------------------
1 files changed, 41 insertions(+), 60 deletions(-)
diff --git a/common/macros.c b/common/macros.c
index e76acef..b544dbb 100644
--- a/common/macros.c
+++ b/common/macros.c
@@ -38,7 +38,6 @@ char *macro_user[MAX_USER_MACROS]; /* $USERx$ macros */
struct macro_key_code {
char *name; /* macro key name */
int code; /* numeric macro code, usable in case statements */
- int clean_options;
char *value;
};
@@ -110,9 +109,7 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe
char *selected_macro = NULL;
char *original_macro = NULL;
int result = OK;
- int clean_options = 0;
int free_macro = FALSE;
- int macro_options = 0;
log_debug_info(DEBUGL_FUNCTIONS, 0, "process_macros_r()\n");
@@ -164,13 +161,10 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe
/* looks like we're in a macro, so process it... */
else {
- /* reset clean options */
- clean_options = 0;
-
/* grab the macro value */
free_macro = FALSE;
- result = grab_macro_value_r(mac, temp_buffer, &selected_macro, &clean_options, &free_macro);
- log_debug_info(DEBUGL_MACROS, 2, " Processed '%s', Clean Options: %d, Free: %d\n", temp_buffer, clean_options, free_macro);
+ result = grab_macro_value_r(mac, temp_buffer, &selected_macro, NULL, &free_macro);
+ log_debug_info(DEBUGL_MACROS, 2, " Processed '%s', Free: %d\n", temp_buffer, free_macro);
/* an error occurred - we couldn't parse the macro, so continue on */
if(result == ERROR) {
@@ -201,15 +195,10 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe
/* insert macro */
if(selected_macro != NULL) {
- log_debug_info(DEBUGL_MACROS, 2, " Processed '%s', Clean Options: %d, Free: %d\n", temp_buffer, clean_options, free_macro);
-
- /* include any cleaning options passed back to us */
- macro_options = (options | clean_options);
-
- log_debug_info(DEBUGL_MACROS, 2, " Cleaning options: global=%d, local=%d, effective=%d\n", options, clean_options, macro_options);
+ log_debug_info(DEBUGL_MACROS, 2, " Processed '%s', Free: %d, Cleaning options: %d\n", temp_buffer, free_macro, options);
/* URL encode the macro if requested - this allocates new memory */
- if(macro_options & URL_ENCODE_MACRO_CHARS) {
+ if(options & URL_ENCODE_MACRO_CHARS) {
original_macro = selected_macro;
selected_macro = get_url_encoded_string(selected_macro);
if(free_macro == TRUE) {
@@ -219,11 +208,11 @@ int process_macros_r(nagios_macros *mac, char *input_buffer, char **output_buffe
}
/* some macros are cleaned... */
- if(macro_options & STRIP_ILLEGAL_MACRO_CHARS || macro_options & ESCAPE_MACRO_CHARS) {
+ if((options & STRIP_ILLEGAL_MACRO_CHARS) || (options & ESCAPE_MACRO_CHARS)) {
char *cleaned_macro = NULL;
/* add the (cleaned) processed macro to the end of the already processed buffer */
- if(selec
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]