From 65e3fb58c01778942cb85438ff96201c88b721bc Mon Sep 17 00:00:00 2001 From: Rodrigo Osorio Date: Fri, 31 May 2019 12:58:28 +0000 Subject: Fix net/rtg with modern perl and php * Fix runtime PHP errors if short_opentag is disabled (default) * Remove most PHP warnings/notices that go to error_log * Fix HTML output to be valid * Fix quoting of SQL objects * Fix escaping of user-provided SQL data (potential sql injection) * Widen fields in 95.php and 95.pl for interface and router names * Fix warnings in perl modules in newer perl versions * Fix createdb script to use CREATE USER/GRANT not manipulate user db directly * Add "Update_desc" config entry to auto-update port descriptions from snmp * Update default SNMP version to 2 PR: 227376 Submitted by: (maintainer) --- net/rtg/files/patch-etc_view.php | 258 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 258 insertions(+) create mode 100644 net/rtg/files/patch-etc_view.php (limited to 'net/rtg/files/patch-etc_view.php') diff --git a/net/rtg/files/patch-etc_view.php b/net/rtg/files/patch-etc_view.php new file mode 100644 index 000000000000..31afc067ffe7 --- /dev/null +++ b/net/rtg/files/patch-etc_view.php @@ -0,0 +1,258 @@ +--- etc/view.php.orig 2003-09-26 15:58:34 UTC ++++ etc/view.php +@@ -8,154 +8,163 @@ + header("Cache-Control: no-cache, must-revalidate"); + header("Pragma: no-cache"); + +- print "\n\n\n"; ++ print "\n\n\n"; + + /* Connect to RTG MySQL Database */ +- $dbc=@mysql_connect ($host, $user, $pass) or +- $dbc=@mysql_connect ("$host:/var/lib/mysql/mysql.sock", $user, $pass) or ++ $dbc=@mysqli_connect ($host, $user, $pass, $db) or + die ("MySQL Connection Failed, Check Configuration."); +- mysql_select_db($db,$dbc); + + # Global variables off by default in newer versions of PHP +- if (!$PHP_SELF) { ++ if (!isset($PHP_SELF) || ($PHP_SELF == "")) { + $PHP_SELF = "view.php"; +- $rid = $_GET['rid']; +- $iid = $_GET['iid']; ++ $rid = isset($_GET['rid'])?$_GET['rid']:""; ++ $iid = isset($_GET['iid'])?$_GET['iid']:""; + } + + # Determine router, interface names as necessary +- if ($rid && $iid) { +- $selectQuery="SELECT a.name, a.description, a.speed, b.name AS router FROM interface a, router b WHERE a.rid=b.rid AND a.rid=$rid AND a.id=$iid"; +- $selectResult=mysql_query($selectQuery, $dbc); +- $selectRow=mysql_fetch_object($selectResult); +- $interfaces = mysql_num_rows($selectResult); ++ if (($rid != "") && ($iid != "")) { ++ $selectQuery="SELECT `a`.`name`, `a`.`description`, `a`.`speed`, `b`.`name` " . ++ "AS `router` FROM `interface` `a`, `router` `b` WHERE `a`.`rid`=`b`.`rid` " . ++ "AND `a`.`rid`=" . mysqli_real_escape_string($dbc, $rid) . " AND `a`.`id`=" . ++ mysqli_real_escape_string($dbc, $iid); ++ $selectResult=mysqli_query($dbc, $selectQuery); ++ $selectRow=mysqli_fetch_object($selectResult); ++ $interfaces = mysqli_num_rows($selectResult); + $name = $selectRow->name; + $description = $selectRow->description; + $speed = ($selectRow->speed)/1000000; + $router = $selectRow->router; +- } else if ($rid && !$iid) { +- $selectQuery="SELECT name AS router from router where rid=$rid"; +- $selectResult=mysql_query($selectQuery, $dbc); +- $selectRow=mysql_fetch_object($selectResult); ++ } else if (($rid != "")&& ($iid == "")) { ++ $selectQuery="SELECT `name` AS `router` FROM `router` WHERE `rid`=" . ++ mysqli_real_escape_string($dbc, $rid); ++ $selectResult=mysqli_query($dbc, $selectQuery); ++ $selectRow=mysqli_fetch_object($selectResult); + $router = $selectRow->router; + } + + # Generate Title +- echo "RTG: "; +- if ($rid && $iid) echo "$router: $name"; +- else if ($rid && !$iid) echo "$router"; +- echo "\n"; ++ echo "RTG: "; ++ if (($rid != "") && ($iid != "")) echo "$router: $name"; ++ else if (($rid != "")&& ($iid == "")) echo "$router"; ++ echo "\n"; + +- print "\n"; +- print "\n"; +- print "\n"; +- print "\n"; +- print "\n"; +- print "\n"; +- print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; + ?> + +- +- +- +-

++ ++ ++

+ + \n"; ++ echo "
\n"; + + $et = time(); + +- if (!$rid) { ++ if ($rid == "") { + print "Monitored Devices:

\n"; +- $selectQuery="SELECT rid, name FROM router"; +- $selectResult=mysql_query($selectQuery, $dbc); +- if (mysql_num_rows($selectResult) <= 0) +- print "
No Routers Found.
\n"; ++ $selectQuery="SELECT `rid`, `name` FROM `router`"; ++ $selectResult=mysqli_query($dbc, $selectQuery); ++ if (mysqli_num_rows($selectResult) <= 0) ++ print "
No Routers Found.
\n"; + else { +- print "

\n"; + } + } + +- if ($rid && $iid) { ++ if (($rid != "") && ($iid != "")) { + if ($interfaces <= 0) +- print "
Interface $iid Not Found for Router $router (ID: $rid).
\n"; ++ print "
Interface $iid Not Found for Router $router (ID: $rid).
\n"; + else { +- print "\n"; +- print "
System:$router\n"; +- print "
Interface:$name\n"; +- print "
Description:$description\n"; +- print "
Speed:$speed Mbps\n"; +- print "
Page Generated:".gmdate('D, d M Y H:i:s \G\M\T', time())."\n"; +- print "
\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "
System:$router
Interface:$name
Description:$description
Speed:$speed Mbps
Page Generated:".gmdate('D, d M Y H:i:s \G\M\T', time())."
\n"; + + $bt = $et - (60*60*24); +- print "Day View:
\n"; +- print "\n"; +- print "
$router: $name ($description)\n"; +- print "
\n"; ++ print "Day View:
\n"; ++ print "\n"; ++ print "
$router: $name ($description)\n"; ++ print "
\n"; + + $bt = $et - (60*60*24*7); +- print "Week View:
\n"; +- print "\n"; +- print "
$router: $name ($description)\n"; +- print "
\n"; ++ print "Week View:
\n"; ++ print "\n"; ++ print "
$router: $name ($description)\n"; ++ print "
\n"; + + $bt = $et - (60*60*24*30); +- print "Month View:
\n"; +- print "\n"; +- print "
$router: $name ($description)\n"; +- print "

\n"; ++ print "Month View:
\n"; ++ print "\n"; ++ print "
$router: $name ($description)\n"; ++ print "

\n"; + } +- print "\n"; ++ print "\n"; + } + +- if ($rid && !$iid) { +- $selectQuery="SELECT id, name, description FROM interface WHERE rid=$rid"; +- $selectResult=mysql_query($selectQuery, $dbc); +- $interfaces = mysql_num_rows($selectResult); ++ if (($rid != "") && ($iid == "")) { ++ $selectQuery="SELECT `id`, `name`, `description` FROM `interface` WHERE " . ++ "`rid`=" . mysqli_real_escape_string($dbc, $rid); ++ $selectResult=mysqli_query($dbc, $selectQuery); ++ $interfaces = mysqli_num_rows($selectResult); + if ($interfaces <= 0) +- print "
No Interfaces Found for Router $router (ID: $rid).
\n"; ++ print "
No Interfaces Found for Router $router (ID: $rid).
\n"; + else { + $bt = $et - (60*60*12); +- print "\n"; +- print "
System:$router\n"; +- print "
Interfaces:$interfaces\n"; +- print "
Page Generated:"; +- print gmdate('D, d M Y H:i:s \G\M\T', time())."\n"; +- print "
\n"; +- print "\n"; +- while ($selectRow=mysql_fetch_object($selectResult)){ ++ print "
\n"; ++ print "\n"; ++ print "\n"; ++ print "\n"; ++ print "
System:$router
Interfaces:$interfaces
Page Generated:"; ++ print gmdate('D, d M Y H:i:s \G\M\T', time())."
\n"; ++ print "\n"; ++ print "\n"; ++ while ($selectRow=mysqli_fetch_object($selectResult)){ + $ids[$selectRow->id] = $selectRow->name; + $desc[$selectRow->id] = $selectRow->description; + $iid = $selectRow->id; +- print "\n"; ++ print "\n"; + } + else $even = 1; + } +- print "
\n"; +- print "\n"; +- print "
\n"; +- print "$selectRow->name ($selectRow->description)\n"; +- if ($even) { ++ print "		\n"; ++ print "name . " (" . $selectRow->description . ")"); ++ print "&t1_name=" . urlencode("Input Octets") . "&t2_name=" . urlencode("Output Octets"); ++ print "&iid=$iid&begin=$bt&end=$et&units=bits/s&factor=8&filled=yes\" border=\"0\" />\n"; ++ print "
\n"; ++ print "$selectRow->name ($selectRow->description)\n"; ++ if ($even == 1) { + $even = 0; +- print "
\n"; ++ print "\n"; + } +- print "\n"; ++ print "\n"; + } + +- if ($dbc) mysql_close($dbc); +- echo "
\n"; ++ if ($dbc) mysqli_close($dbc); ++ echo "\n"; + ?> + +-
+- ++
++ + RTG Version $VERSION"; ++ print "RTG Version $VERSION"; + ?> +- +- ++ ++ -- cgit v1.2.3