Syntax Error Host Description

[cetzel]

So I am in CCM, Hosts -> Add New.

If I put an apostrophe in the Description field: i.e. Chris's Foobar Server it throws an error:

Error while inserting data into the database:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Foobar Server', `address`='192.168.0.1', `parents`=0, `parent' at line 1

If I remove the apostrophe it works fine.

Anybody else experience this ? Do we know if Nagios has a fix for this ? It appears the form data isn't sanitized.

Nagios XI 2012R1.3 RHEL 5

[abrist]

It does not write to the DB, and rolls back any other changes made to the host including the illegal char. It does look like the config name is sanitized at the time of save, though the illegal char in the description does get the error.

[cetzel]

Odd that a single quote in the Description field would be an illegal character but a single double-quote as an apostrophe is OK.

Chris's Q Server = bad
Chris"s Q Server = OK

You are correct - it does not write to the database and does roll back changes.

I wonder if this single-quote as illegal char decision is recent ? Our test of 2011R1.3 works fine with single quotes in the Description field.

[abrist]

This is a bug. One of our devs is working on the fix as we speak, and should be ready for the next release. In the meantime, try not to name any of your hosts/services

Code: Select all

'DROP TABLE . . . .

To recap, you should change those config names as they are no longer valid.