Re: [Nagios-devel] Bug in statuswml.cgi with Acknowledging Services
Posted: Tue Aug 19, 2008 11:20 am
On Thu, 14 Aug 2008 13:42:55 -0500, Jon Angliss
wrote:
>On Wed, 13 Aug 2008 11:27:12 +0200, Armin Wolfermann
>wrote:
>
>>* Jon Angliss [12.08.2008 23:52]:
>>> I read the thread, and it looks like the variables are being double
>>> encoded, which is fine, but the issue here is that a variable being
>>> fed into url_encode is coming out as a different variable.
>>
>>Ok, now I see the problem. url_encode() uses a static buffer and calling
>>it twice in a row overwrites the first result. Half of a fix for this
>>problem was committed in May introducing a second buffer but the code is
>>only using the first.
>
>I figured it had something to do with that, but my C skills are rather
>rusty.
>
>>I attached a patch against current CVS using dynamic buffers like
>>html_encode() does. Lightly tested but works for me.
>
>Seems to work quite nicely against CVS HEAD from last night.
Partially mistaken here. It seems the application doesn't handle the
encoded strings very well. I have a space char in the description of
a service, and it's being posted as "Disk+D", and it throws the same
unauthorized message. Otherwise it at least posts the service name
now.
--
Jon Angliss
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
wrote:
>On Wed, 13 Aug 2008 11:27:12 +0200, Armin Wolfermann
>wrote:
>
>>* Jon Angliss [12.08.2008 23:52]:
>>> I read the thread, and it looks like the variables are being double
>>> encoded, which is fine, but the issue here is that a variable being
>>> fed into url_encode is coming out as a different variable.
>>
>>Ok, now I see the problem. url_encode() uses a static buffer and calling
>>it twice in a row overwrites the first result. Half of a fix for this
>>problem was committed in May introducing a second buffer but the code is
>>only using the first.
>
>I figured it had something to do with that, but my C skills are rather
>rusty.
>
>>I attached a patch against current CVS using dynamic buffers like
>>html_encode() does. Lightly tested but works for me.
>
>Seems to work quite nicely against CVS HEAD from last night.
Partially mistaken here. It seems the application doesn't handle the
encoded strings very well. I have a space char in the description of
a service, and it's being posted as "Disk+D", and it throws the same
unauthorized message. Otherwise it at least posts the service name
now.
--
Jon Angliss
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]