Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion database.php
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,17 @@ function syslog_db_fetch_cell($sql, $col_name = '', $log = TRUE) {
return db_fetch_cell($sql, $col_name, $log, $syslog_cnn);
}

/* syslog_db_fetch_assoc_prepared - run a 'select' sql query and return all rows found
@arg $sql - the sql query to run
@arg $params - the parameters to bind to the query
@arg $log - whether or not to log the query to the cacti log
@returns - the complete result set as an associative array */
function syslog_db_fetch_assoc_prepared($sql, $params = array(), $log = TRUE) {
global $syslog_cnn;

return db_fetch_assoc_prepared($sql, $params, $log, $syslog_cnn);
}

/* syslog_db_fetch_cell_prepared - run a 'select' sql query and return the first column of the
first row found
@param $sql - the sql query to execute
Expand Down Expand Up @@ -128,4 +139,3 @@ function syslog_sql_save($array_items, $table_name, $key_cols = 'id', $autoinc =
global $syslog_cnn;
return sql_save($array_items, $table_name, $key_cols, $autoinc, $syslog_cnn);
}

7 changes: 6 additions & 1 deletion functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,12 @@ function syslog_remove_items($table, $uniqueID) {

if (sizeof($rows)) {
foreach($rows as $remove) {
/* SQL expressions are legacy, untrusted input and cannot be safely bound
* as prepared-statement values. Ignore them rather than executing raw SQL. */
if ($remove['type'] == 'sql') {
cacti_log('Syslog SQL removal rules are disabled for safety.', false, 'SYSTEM');
continue;
}
$sql = '';
$sql1 = '';
if ($remove['type'] == 'facility') {
Expand Down Expand Up @@ -800,4 +806,3 @@ function syslog_manage_items($from_table, $to_table) {

return array('removed' => $removed, 'xferred' => $xferred);
}

2 changes: 0 additions & 2 deletions setup.php
Original file line number Diff line number Diff line change
Expand Up @@ -928,7 +928,6 @@ function syslog_config_arrays () {
'messagee' => __('Ends with', 'syslog'),
'host' => __('Hostname is', 'syslog'),
'facility' => __('Facility is', 'syslog'),
'sql' => __('SQL Expression', 'syslog')
);

$syslog_freqs = array(
Expand Down Expand Up @@ -1093,4 +1092,3 @@ function syslog_utilities_list() {
</tr>
<?php
}

5 changes: 2 additions & 3 deletions syslog.php
Original file line number Diff line number Diff line change
Expand Up @@ -291,10 +291,10 @@ function syslog_statistics() {
$time = date($date_format, strtotime($r['insert_time']));

form_alternate_row();
echo '<td>' . (get_request_var('host') != '-2' ? $r['host']:'-') . '</td>';
echo '<td>' . (get_request_var('host') != '-2' ? htmlspecialchars($r['host'], ENT_QUOTES, 'UTF-8'):'-') . '</td>';
echo '<td>' . (get_request_var('facility') != '-2' ? ucfirst($r['facility']):'-') . '</td>';
echo '<td>' . (get_request_var('priority') != '-2' ? ucfirst($r['priority']):'-') . '</td>';
echo '<td>' . (get_request_var('program') != '-2' ? ucfirst($r['program']):'-') . '</td>';
echo '<td>' . (get_request_var('program') != '-2' ? htmlspecialchars(ucfirst($r['program']), ENT_QUOTES, 'UTF-8'):'-') . '</td>';
//echo '<td class="right">' . $r['insert_time'] . '</td>';
echo '<td class="right">' . $time . '</td>';
echo '<td class="right">' . number_format_i18n($r['records'], -1) . '</td>';
Expand Down Expand Up @@ -1667,4 +1667,3 @@ function get_ajax_programs($include_any = true, $sql_where = '') {

print json_encode($return);
}

47 changes: 30 additions & 17 deletions syslog_process.php
Original file line number Diff line number Diff line change
Expand Up @@ -272,43 +272,56 @@
$smsalert = '';
$th_sql = '';

$params = array();
if ($alert['type'] == 'facility') {
$sql = 'SELECT * FROM `' . $syslogdb_default . '`.`syslog_incoming`
WHERE ' . $syslog_incoming_config['facilityField'] . "='" . $alert['message'] . "'
AND status=" . $uniqueID;
WHERE ' . $syslog_incoming_config['facilityField'] . '=?
AND status=?';
$params[] = $alert['message'];
$params[] = $uniqueID;
} else if ($alert['type'] == 'messageb') {
$sql = 'SELECT * FROM `' . $syslogdb_default . '`.`syslog_incoming`
WHERE ' . $syslog_incoming_config['textField'] . "
LIKE '" . $alert['message'] . "%'
AND status=" . $uniqueID;
WHERE ' . $syslog_incoming_config['textField'] . '
LIKE ?
AND status=?';
$params[] = $alert['message'] . '%';
$params[] = $uniqueID;
} else if ($alert['type'] == 'messagec') {
$sql = 'SELECT * FROM `' . $syslogdb_default . '`.`syslog_incoming`
WHERE ' . $syslog_incoming_config['textField'] . "
LIKE '%" . $alert['message'] . "%'
AND status=" . $uniqueID;
WHERE ' . $syslog_incoming_config['textField'] . '
LIKE ?
AND status=?';
$params[] = '%' . $alert['message'] . '%';
$params[] = $uniqueID;
} else if ($alert['type'] == 'messagee') {
$sql = 'SELECT * FROM `' . $syslogdb_default . '`.`syslog_incoming`
WHERE ' . $syslog_incoming_config['textField'] . "
LIKE '%" . $alert['message'] . "'
AND status=" . $uniqueID;
WHERE ' . $syslog_incoming_config['textField'] . '
LIKE ?
AND status=?';
$params[] = '%' . $alert['message'];
$params[] = $uniqueID;
} else if ($alert['type'] == 'host') {
$sql = 'SELECT * FROM `' . $syslogdb_default . '`.`syslog_incoming`
WHERE ' . $syslog_incoming_config['hostField'] . "='" . $alert['message'] . "'
AND status=" . $uniqueID;
WHERE ' . $syslog_incoming_config['hostField'] . '=?
AND status=?';
$params[] = $alert['message'];
$params[] = $uniqueID;
} else if ($alert['type'] == 'sql') {
$sql = 'SELECT * FROM `' . $syslogdb_default . '`.`syslog_incoming`
WHERE (' . $alert['message'] . ')
AND status=' . $uniqueID;
WHERE (?)
AND status=?';
$params[] = $alert['message'];
$params[] = $uniqueID;
}
Comment thread
somethingwithproof marked this conversation as resolved.

if ($sql != '') {
if ($alert['method'] == '1') {
$th_sql = str_replace('*', 'count(*)', $sql);
$count = syslog_db_fetch_cell($th_sql);
$count = syslog_db_fetch_cell_prepared($th_sql, $params);
}

if (($alert['method'] == '1' && $count >= $alert['num']) || ($alert['method'] == '0')) {
$at = syslog_db_fetch_assoc($sql);
$at = syslog_db_fetch_assoc_prepared($sql, $params);

/* get a date for the repeat alert */
if ($alert['repeat_alert']) {
Expand Down